Fabric Connectors
Fabric connectors provide integration with Fortinet products to automate the process of managing dynamic security updates without manual intervention.
To create a fabric connector:
- Go to Security Fabric > Fabric Connector.
- Click on one of the icons.
- Fill out the fields.
- Click OK.
Simplify EMS pairing with Security Fabric so one approval is needed for all devices
FortiClient EMS with Fabric authorization and silent approval capabilities is able to approve the root FortiProxy unit in a Security Fabric once and then silently approve remaining downstream FortiProxy units in the Fabric. Similarly in an HA scenario, an approval only needs to be made once to the HA primary unit. The remaining cluster members are approved silently.
To use EMS silent approval:
- Configure the EMS entry on the root FortiProxy unit or HA primary:
config endpoint-control fctems edit "ems139" set fortinetone-cloud-authentication disable set server "172.16.200.139" set https-port 443 set source-ip 0.0.0.0 set pull-sysinfo enable set pull-vulnerabilities enable set pull-avatars enable set pull-tags enable set pull-malware-hash enable unset capabilities set call-timeout 30 set websocket-override disable next end
When the entry is created, the capabilities are unset by default.
- Authenticate the FortiProxy unit with EMS:
# execute fctems verify ems_139 ...
The FortiProxy unit enables the Fabric authorization and silent approval based on the EMS supported capabilities.
config endpoint-control fctems edit "ems139" set server "172.18.62.12" set capabilities fabric-auth silent-approval websocket next end
- Configure a downstream device in the Security Fabric. The downstream device is silently approved.
- Configure a secondary device in an HA system. The secondary device is silently approved.