Fortinet black logo

Administration Guide

Home FortiProxy 7.0.0 Administration Guide
7.0.0
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Fabric Connectors

Fabric Connectors

Fabric connectors provide integration with Fortinet products to automate the process of managing dynamic security updates without manual intervention.

To create a fabric connector:
  1. Go to Security Fabric > Fabric Connector.
  2. Click on one of the icons.
  3. Fill out the fields.
  4. Click OK.

Simplify EMS pairing with Security Fabric so one approval is needed for all devices

FortiClient EMS with Fabric authorization and silent approval capabilities is able to approve the root FortiProxy unit in a Security Fabric once and then silently approve remaining downstream FortiProxy units in the Fabric. Similarly in an HA scenario, an approval only needs to be made once to the HA primary unit. The remaining cluster members are approved silently.

To use EMS silent approval:
  1. Configure the EMS entry on the root FortiProxy unit or HA primary:
    config endpoint-control fctems
    edit "ems139"
        set fortinetone-cloud-authentication disable
        set server "172.16.200.139"
        set https-port 443
        set source-ip 0.0.0.0
        set pull-sysinfo enable
        set pull-vulnerabilities enable
        set pull-avatars enable
        set pull-tags enable
        set pull-malware-hash enable
        unset capabilities
        set call-timeout 30
        set websocket-override disable
    next
end

    When the entry is created, the capabilities are unset by default.

  2. Authenticate the FortiProxy unit with EMS: 
    # execute fctems verify ems_139
...

    The FortiProxy unit enables the Fabric authorization and silent approval based on the EMS supported capabilities.

    config endpoint-control fctems
    edit "ems139"
        set server "172.18.62.12"
        set capabilities fabric-auth silent-approval websocket
    next
end
  3. Configure a downstream device in the Security Fabric. The downstream device is silently approved.
  4. Configure a secondary device in an HA system. The secondary device is silently approved.
Previous
Next

Fabric Connectors

Fabric connectors provide integration with Fortinet products to automate the process of managing dynamic security updates without manual intervention.

To create a fabric connector:
  1. Go to Security Fabric > Fabric Connector.
  2. Click on one of the icons.
  3. Fill out the fields.
  4. Click OK.

Simplify EMS pairing with Security Fabric so one approval is needed for all devices

FortiClient EMS with Fabric authorization and silent approval capabilities is able to approve the root FortiProxy unit in a Security Fabric once and then silently approve remaining downstream FortiProxy units in the Fabric. Similarly in an HA scenario, an approval only needs to be made once to the HA primary unit. The remaining cluster members are approved silently.

To use EMS silent approval:
  1. Configure the EMS entry on the root FortiProxy unit or HA primary:
    config endpoint-control fctems
    edit "ems139"
        set fortinetone-cloud-authentication disable
        set server "172.16.200.139"
        set https-port 443
        set source-ip 0.0.0.0
        set pull-sysinfo enable
        set pull-vulnerabilities enable
        set pull-avatars enable
        set pull-tags enable
        set pull-malware-hash enable
        unset capabilities
        set call-timeout 30
        set websocket-override disable
    next
end

    When the entry is created, the capabilities are unset by default.

  2. Authenticate the FortiProxy unit with EMS: 
    # execute fctems verify ems_139
...

    The FortiProxy unit enables the Fabric authorization and silent approval based on the EMS supported capabilities.

    config endpoint-control fctems
    edit "ems139"
        set server "172.18.62.12"
        set capabilities fabric-auth silent-approval websocket
    next
end
  3. Configure a downstream device in the Security Fabric. The downstream device is silently approved.
  4. Configure a secondary device in an HA system. The secondary device is silently approved.
Previous
Next