Technical Tip: Add FortiManager to Security Fabric
Description
When a FortiManager is added to the Security Fabric, it automatically synchronizes with any connected downstream units.
To add a FortiManager to the Security Fabric, configure it on the root FortiGate.
The root FortiGate then pushes this configuration to downstream FortiGates.
The FortiManager provides remote management of FortiGates over TCP port 541.
The FortiManager has to have internet access for it to join the Security Fabric.
Once configured, the FortiGate can receive antivirus and IPS updates, and allows remote management through FortiManager or the FortiGate Cloud service.
The FortiGate management option has to be enabled so that the FortiGate can accept management updates to its firmware and FortiGuard service.
This article describes how to add FortiManager to Security Fabric.
Solution
To add a FortiManager to the Security Fabric from CLI.
# config system central-management
set type fortimanager
set fmg {<IP_address> | <FQDN_address>}
end
To add a FortiManager to the Security Fabric from GUI.
1) On the root FortiGate, go to Security Fabric -> Fabric Connectors and select the FortiManager card.
2) For Status, select 'Enable'.
3) For Type, select 'Premise'.
5) Select 'OK'.
6) On the FortiManager, go to Device Manager and find the FortiGate in the Unauthorized units list.
7) Select the FortiGate or units, and select 'Authorize' in the toolbar.
8) In the Authorize unit pop-up, adjust the unit names as needed, then select 'OK'.