Fortinet black logo

Security Fabric Access Deployment Guide

Home FortiPAM 1.3.0 Security Fabric Access Deployment Guide
1.3.0
1.3.0
1.2.0
1.1.0

Deployment overview

Deployment overview

This document describes a FortiPAM deployment into an existing environment where multiple Fortinet devices have already been deployed in a Security Fabric.

In this scenario, we have a global super administrator making local configuration changes on FortiPAM.

Administrators in the IT department are allowed access to FortiPAM to "jump" to each fabric device. IT administrators are only allowed access to secrets. Secrets are core FortiPAM assets representing methods and credentials to access targets; in this case, targets are different fabric devices. IT administrators are allowed access to FortiPAM provided they pass authentication and ZTNA security checks.

Since this is role-based privileged access control, the IT administrators can access the target servers via the FortiPAM interface anywhere on-net, off-net, or off-fabric.

Using this FortiPAM Security Fabric Access Deployment Guide, you can:

  • Configure administrative access to the FortiPAM web interface

  • Configure ZTNA access to the FortiPAM

  • Configure remote LDAP authentication and user group

  • Configure a secrets policy and secrets folder

  • Configure secrets

  • Verify user access to the Security Fabric

Intended audience

The guide is aimed at companies that have deployed multiple Fortinet devices as part of the security fabric solution and are now interested in securing access to each Fortinet device. Midlevel network and security architects in companies of all sizes and verticals should find this guide helpful. A working knowledge of FortiOS, FortiClient, FortiClient EMS, and the Fortinet Security Fabric is useful.

About this guide

This guide walks you through a working solution to help familiarize you with the configuration steps needed for a FortiPAM use case. It presents one of many ways to deploy the solution. For information on various FortiPAM deployment scenarios, see FortiPAM deployment options.

It is recommended that readers also review supplementary material found in product administration guides, example guides, release notes, and other documents where appropriate on the Fortinet Document Library.

Previous
Next

Deployment overview

This document describes a FortiPAM deployment into an existing environment where multiple Fortinet devices have already been deployed in a Security Fabric.

In this scenario, we have a global super administrator making local configuration changes on FortiPAM.

Administrators in the IT department are allowed access to FortiPAM to "jump" to each fabric device. IT administrators are only allowed access to secrets. Secrets are core FortiPAM assets representing methods and credentials to access targets; in this case, targets are different fabric devices. IT administrators are allowed access to FortiPAM provided they pass authentication and ZTNA security checks.

Since this is role-based privileged access control, the IT administrators can access the target servers via the FortiPAM interface anywhere on-net, off-net, or off-fabric.

Using this FortiPAM Security Fabric Access Deployment Guide, you can:

  • Configure administrative access to the FortiPAM web interface

  • Configure ZTNA access to the FortiPAM

  • Configure remote LDAP authentication and user group

  • Configure a secrets policy and secrets folder

  • Configure secrets

  • Verify user access to the Security Fabric

Intended audience

The guide is aimed at companies that have deployed multiple Fortinet devices as part of the security fabric solution and are now interested in securing access to each Fortinet device. Midlevel network and security architects in companies of all sizes and verticals should find this guide helpful. A working knowledge of FortiOS, FortiClient, FortiClient EMS, and the Fortinet Security Fabric is useful.

About this guide

This guide walks you through a working solution to help familiarize you with the configuration steps needed for a FortiPAM use case. It presents one of many ways to deploy the solution. For information on various FortiPAM deployment scenarios, see FortiPAM deployment options.

It is recommended that readers also review supplementary material found in product administration guides, example guides, release notes, and other documents where appropriate on the Fortinet Document Library.

Previous
Next