Cooperative Security Fabric over VPN for simple configs without FortiManager - any point?

Hi all,

I'm considering enabling the Fortinet Cooperative Security Fabric for our couple of FortiGates at two sites with always on VPN. Devices include a FortiAnalyzer and FortiAuthenticator at the main office, FortiAPs and non-Fortinet managed switches at both sites, etc.  No FortiManager.  The only FortiClients in use are for testing only, though this might change.  Currently don't have any ISFW FGTs, with future plans including at most a single ISFW.

Questions:

1. Do I really get much benefit from the CSF without a FortiManager?  About all I see it doing for my scenario is partially automating adding a new downstream FGT to the FAZ, which I can just do myself.  Anybody using it without a FortiManager?

2. Maybe I'm missing something in the docs, but the only example I find for connecting FortiGates is for OSPF routing, with no mention of vpns. If I do this, it would be with static routes over the IPSec vlan connection between sites.  It looks like this isn't a problem, since I explicitly specify the upstream FortiGate IP for the downstream FGT.  Any other gotchas with security fabric over vpn (no non-vpn CSF or FortiManager public IPs exposed)?

Thanks as always for your advice.