Fabric Connectors
Fabric connectors provide integration with Fortinet products to automate the process of managing dynamic security updates without manual intervention.
In HA and DR setup, the EMS configuration, such as server name and IP, can be synced to secondary and DR nodes. However, secondary and DR nodes need to be authorized by EMS individually. It is recommended that after configuring HA, admin test failover, log in to the new primary, and follow the same procedure to authorize secondary and DR nodes on the EMS server.
To create a FortiClient EMS fabric connector:
- Go to Security Fabric > Fabric Connectors.
- In the Core Network Security pane, select FortiClient EMS and then select Edit.
The New Fabric Connector pane opens.
- Enter the following information:
Type
Select from the following two options:
FortiClient EMS
FortiClient EMS Cloud
The FortiClient EMS Cloud option requires FortiClient EMS Cloud entitlement.
Name
The name of the FortiClient EMS connector.
IP/Domain name
The IP address or the domain name of the FortiClient EMS.
HTTPS port
The HTTPS port number for the FortiClient EMS (default = 443, 1 - 65535).
EMS Threat Feed
Enable to allow FortiPAM to pull FortiClient malware hash from FortiClient EMS.
Note: The option is enabled by default.
Synchronize firewall addresses
Enable to automatically create and synchronize firewall addresses for all EMS tags.
Note: The option is enabled by default.
- Click OK.
FortiPAM attempts to verify the EMS server certificate.
To delete a fabric connector, select Delete to delete the selected fabric connector.
- Relogin to the EMS server.
Fabric Device Authorization Requests prompt appears.
- In Fabric Device Authorization Requests, click Authorize to authorize FortiPAM connection.
- In the Edit Fabric Connector pane on FortiPAM (for the newly configured connector), click Authorize in FortiClient EMS Status.
Verify EMS Server Certificate window appears.
- In the Verify EMS Server Certificate window, select Accept to accept the certificate from the EMS-side.
FortiPAM is now successfully connected to the EMS server.