Skip to main content
qaajak
qaajak
New Member
September 3, 2024
Question

Deploying security fabric in multiple datacenters and branch offices

  • September 3, 2024
  • 4 replies
  • 2743 views

I have an environment with 3 Azure datacenters (US, EU and APAC) and over 60 branch offices spread among the US, EU and APAC.  I have been trying, futilely, to get a definitive answer on the best way to deploy the security fabric in this environment.  The key hangup in the 35 maximum downstream devices statement in the FortiOS and Best Practices doc.  In my mind I envision a single fabric with our Azure US Fortigate as the root, but this doesn't square with the doc, unless I'm reading it wrong.  Does anyone have experience with deploying the fabric in larger distributed environments?

    4 replies

    tpatel
    Staff
    tpatel
    Staff
    September 3, 2024

    Hello Qaajak, 

    How remote fortigate is going to join security fabric of root fortigate. over ipsec tunnel or internet? 
    Please click on below link and reference document to connect security fabric over ipsec tunnel. 

    https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/453842/security-fabric-over-ipsec-vpn

    Another way is over internet using public ip address of fortigate wan interface. Connect security fabric over wan interface.

    https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/327890/deploying-the-security-fabric

     

    qaajak
    qaajakAuthor
    New Member
    September 3, 2024

    Over IPsec.  How to do it is not the question I'm posing.

    Shashwati
    Staff
    Shashwati
    Staff
    September 3, 2024

    Hello 

     

    Please refer to the document  regarding deploying security fabric

     

    https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/788897/configuring-the-root-fortigate-and-downstream-fortigates

    qaajak
    qaajakAuthor
    New Member
    September 3, 2024

    Again, HOW to do it is not something I need help with.

     

    From the same doc you linked me to: Fortinet Security Fabric | FortiGate / FortiOS 7.6.0 | Fortinet Document Library

     

    "A maximum of 35 downstream FortiGates is recommended."

     

    That is what I'm seeking clarification on.

     

     

    Shashwati
    Staff
    Shashwati
    Staff
    September 3, 2024

    Hello 

    This is the best practice General considerations to deploy the security fabric using FortiGate.

     

    When there are multiple Fortinet devices in the topology, use the Fortinet Security Fabric to easily manage the devices together. A Fortinet Security Fabric includes a root FortiGate, downstream FortiGates, and other Fortinet Fabric devices. It is recommended to use a maximum of 35 downstream FortiGates .

     

    https://docs.fortinet.com/document/fortigate/6.4.0/best-practices/133704/general-considerations

    qaajak
    qaajakAuthor
    New Member
    September 4, 2024

    Please, no more copying and pasting doc I've already read.  I'll repost my question: Does anyone have experience with deploying the fabric in larger distributed environments?

    Terms & ConditionsAccessibility statement