FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
SimranRana
Staff
Staff
Article Id 367533
Description

This article describes how to connect FortiGate to FortiWeb Device.

Scope FortiWeb and FortiGate
Solution

On the FortiGate: Setup Security Fabric.

  • Navigate to Security Fabric -> Fabric Connectors.

 

SimranRana_0-1735634323431.jpeg

 

  • Go to Security Fabric Setup.

 

SimranRana_1-1735634323435.jpeg

 

  • Select 'Security Fabric role' as 'Serve as Fabric Root'.

Note:

FortiAnalyzer or Cloud Logging is essential for the Security Fabric.

 

  • Enable 'Allow other Security Fabric devices to join' and select the interface having connectivity to the FortiWeb (in this case, port3).
  • Enter the Fabric Name (here, FortiWeb_Integration).
  • (Optional) Pre-authorization of FortiWeb can be configured to enable the device to join the Security Fabric as soon as it connects.
  • (Optional) SAML SSO can be enabled.

 

SimranRana_3-1735634323438.jpeg

 

On the FortiWeb: Setup FortiGate:

  • Navigate to Security Fabric -> Fabric Connectors.
  • Select FortiGate.

 

SimranRana_4-1735634323441.jpeg

 

  • Enable 'Status'.
  • Set the 'Upstream IP' of the interface that was selected on 'Allow other Security Fabric devices to join' in FortiGate (in this case, 172.30.17.193 for port3).
  • 'Upstream Port' can be kept as default i.e., 8013.
  • Enter the 'Management IP' as the FortiWeb GUI management IP.

 

SimranRana_5-1735634323442.jpeg

 

  • Enter the 'Management Port' as the FortiWeb GUI management HTTPS port, which can be verified under System -> Admin -> Settings.

 

SimranRana_6-1735634323444.jpeg

 

  • Select OK.

 

On the FortiWeb: Connection Status:

  • Navigate again to Security Fabric -> Fabric Connectors -> FortiGate.

 

SimranRana_7-1735634323446.jpeg

 

  • The Connection Status will display as 'Authorize pending.'

Note:

If pre-authorization for FortiWeb on FortiGate (Step 1-f) is configured, FortiWeb will be authenticated right away.

 

On the FortiGate: Authorization of FortiWeb.

  • Navigate to Security Fabric -> Fabric Connectors.
  • The FortiWeb connector will now appear with a status of 'Waiting for Authorization.'

 

SimranRana_8-1735634323448.jpeg

 

  • Select FortiWeb and an option to 'Authorize' will be presented.

 

SimranRana_9-1735634323448.jpeg

 

  • Upon selecting 'Authorize,' a window will appear to 'Verify Pending Device Certificate.'

 

SimranRana_10-1735634323451.jpeg

 

  • Verify the certificate and select 'Accept'.
  • The FortiWeb Connector Status will show as 'Online' after some time.

 

Note:

If the device does not come online in 6-8 minutes, verify the connection between devices.

 

SimranRana_11-1735634323451.jpeg

 

On the FortiWeb: Verification of Authorization

  • Navigate to Security Fabric -> Fabric Connectors -> FortiGate.
  • The 'Connection Status' will now be updated to 'Authorized'.

 

SimranRana_12-1735634323453.jpeg

 

SimranRana_13-1735634323455.jpeg

 

On the FortiGate: Verification of Integration.

  • Navigate to Security Fabric -> Physical Topology or Security Fabric -> Logical Topology to verify and check details.

 

SimranRana_14-1735634323457.jpeg

 

SimranRana_15-1735634323460.jpeg
Contributors