New Member

Question

Security Fabric VDOM Support?

Forum|Forum|8 years ago
September 7, 2017
3 replies
19917 views

So the security fabric functions are currently not supported on devices running with VDOMs enabled.

Has anyone heard any info on when this is going to be fixed?

You would think that a function that is designed to help multiple devices work together would be supported on devices that within the same chassis have multiple firewalls that need help working together! It doesn't seem like it is too much of a stretch to make it work- just set fabric settings per VDOM and treat every VDOM as a unique device (just like they are intended). I know it's not an API problem because the API is totally capable of handling multiple VDOMs. At this point the only thing the fabric function does with VDOMs is allow you to offload traffic to a FortiWeb/Mail/Sandbox device for further inspection. This is really annoying!

Steven_Usher

New Member

I must say I was disappointed to discover you cannot use the Security Fabric on a FortiGate where a VDOM is in use :(

I would say this is a rather big over site and i am surprised there are not more comments on this page.

tanr

New Member

Make sure to request Security Fabric VDOM support from your Fortinet contacts.

Makes it more likely we'll actually get it one day.

Malefunk

New Member

I just spent some hours trying to discover why there are no Security Fabric options .. here i found the solution - we use vdoms on every FW...

This should definitively be possible!

walvis

New Member

I'm deeply disappointed that vdoms are not supporting CSF, I don't really understand why Fortinet Sales are putting so much effort on something that most of the deployments won't support(In my case 80% of installations have vdoms enabled..)

bommi

New Member

Hi,

in 6.0.x I have the "Security Fabric" menu in every VDOM.

Some of the Security Fabric Features are only listed in the Global Section.

Regards

bommi

KenundrumAuthor

New Member

6.0.x has the same problem as the other versions. You see the security fabric menu. When you try to enable it with VDOMs turned on, the only items you can do is offload scanning to dedicated devices. You do not have the option of enabling fortitelemetry between fortigate devices. The documentation clearly states that security fabric is not supported on devices with VDOMs enabled.

For what it's worth, i have ended up re-architecting in a way that I need less VDOMs overall. I'm on a path to remove the need for VDOMs based on current usage without actually needing to buy more firewalls. The primary driver was for easier management, but the ability to see all the traffic in the FGT interface with the telemetry going between devices is a plus.

walvis

New Member

Hi Bommi,

yes, even in version 5.6 you have the menus for Security Fabric but apart of showing the Topology, you can not enable the useful features to have visibility of your Fortinet devices and the Security Audit. That is due to the vdom limitation for CSF.

Regards,

Walvis

mike_dp

New Member

any updates for security fabric with vDoms?

Heyro

New Member

i'm running version 6.03 and was hoping they would add this feature. Most high end firewall end up being configured in vDom mode, so i still don't understand they're approach on the security fabric.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded