Hello people,I would like to get some "best practice" "advices" on how would be better to have everything setup and if our current infrastructure is okay. Fortinet Infrastructure:4 Locations with HA Cluster (200F, 100F)FortiSwtiches in all locations (MC-LAG)FortiAPsCentral Management via FortiManager, Logging via FortiAnalyzerFortiEMS, licenses that have ZTNA. I implemented FortiManager few days ago, added all FortiGates to newly created ADOM (7.2, Fortigates on Best Recommended Firmware 7.2.7)Questions:FortiAnalyzer is not provisioned to FortiManager, is this a good approach, which benefits we get from this and how it need's to be setup.Security Fabric is not configured, is this a way to go also, to have an Root Fortigate on HQ office, and rest connect to them?FortiEMS, how to manage this, is there a way to utilize everything trough FortiManager?Planning to implement ZTNA soonAny advice could help, I'm currently NSE4 certified, after I finish my study for CCNA and pass it I can then continue with Fortinet certificates which will get me more knowledge about this stuff

Explorer III

Question

Fortinet Infrastructure

Forum|Forum|1 year ago
May 23, 2024
1 reply
1424 views

Hello people,

I would like to get some "best practice" "advices" on how would be better to have everything setup and if our current infrastructure is okay.

Fortinet Infrastructure:

4 Locations with HA Cluster (200F, 100F)
FortiSwtiches in all locations (MC-LAG)
FortiAPs
Central Management via FortiManager, Logging via FortiAnalyzer
FortiEMS, licenses that have ZTNA.

I implemented FortiManager few days ago, added all FortiGates to newly created ADOM (7.2, Fortigates on Best Recommended Firmware 7.2.7)

Questions:

FortiAnalyzer is not provisioned to FortiManager, is this a good approach, which benefits we get from this and how it need's to be setup.
Security Fabric is not configured, is this a way to go also, to have an Root Fortigate on HQ office, and rest connect to them?
FortiEMS, how to manage this, is there a way to utilize everything trough FortiManager?
- Planning to implement ZTNA soon

Any advice could help, I'm currently NSE4 certified, after I finish my study for CCNA and pass it I can then continue with Fortinet certificates which will get me more knowledge about this stuff

ozkanaltas

Esteemed Contributor III

Hello @Infotech22 ,

All your questions depend on your needs.

- I didn't see any customer manage FortiAnalyzer with FortiManager. Generally, everyone manages FortiAnalyzer from its own GUI.

-Security Fabric has some useful features, if you want to use them you can set up Security Fabric infrastructure. If you want to get more information about Security Fabric, you can visit this solution hub website.

https://docs.fortinet.com/security-fabric

- FortiManager does not support FortiClientEMS. Because of that, you can't manage FortiClientEMS with FortiManager.

Infotech22Author

Explorer III

Hey @ozkanaltas,

Thank you for answering my question.
- What would be the base case for Security Fabric? Do I have mutliple Security Fabrics for each location or to create it centrally.
- Didn't have any experience with it.

ozkanaltas

Esteemed Contributor III

Hi @Infotech22 ,

Security fabric is generally used for central visibility and control.

For example, you saw a threat on one fabric device and want to take action. You can take action on fabric root and distribute this action to all devices. Or you can configure automation on the security fabric root and you can apply action on the fabric edge device.

On the visibility side, you can see all devices in one topology. These are simple examples. If you want to get more information you can review this link.

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/286973/fortinet-security-fabric

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded