Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

FortiCloud – MultiTenancy Account

Is anyone using FortiCloud Multi Tenancy service for a Managed Service Provider (MSP) to be able to create and manage multiple SubAccounts? I would like to use a FortiManager for customers FortiGate and FortiAP units but the cost is fairly high. I was told that the FortiCloud – MultiTenancy Account might be useful in lieu of the FortiManager. Are others using this? How effective is it?

1 Solution
romanr
Valued Contributor

Hi,

 

we use the Forticloud multi tenancy feature. But only for SME cutomers utilizing the free Forticloud version. This is nice for use for those customers who can live with the limited logging & reporting.

 

For a proper installation to manage Fortigates it is cheaper to use a real Fortimanager & FAZ.... at least if there are >20 boxes involved as the yearly charges of Forticloud are quite pricy...

 

Br,

Roman

View solution in original post

9 REPLIES 9
SecurityPlus
Contributor II

Does anyone have any feedback on FortiCloud – MultiTenancy?
tanr
Valued Contributor II

Haven't used it, but am interested in how it has worked for others.  From reading the brief it looked like overkill if you're just managing a few FortiGates, but possibly quite useful if you have a number of customers with many Fortinet devices.  Don't support Fortinet has a demo of it?

SecurityPlus

I have not asked about a trial yet. It would not surprise me if they do offer a trial. Hope to hear from one or more people familiar with this service.
tanr
Valued Contributor II

@SecurityPlus, just a comment on usability of log filtering with FortiCloud.

 

I've just spent the last week managing a new client's single FortiGate through paid FortiCloud, which has worked fine for management (I'm just remoting in).

 

What has been frustrating using FortiCloud, is trying to filter or sort logs, or generate more complicated reports.  Compared to a FortiAnalyzer, the FortiCloud offering is pretty sparse, and I've been unable to do some pretty simple log filtering. 

 

It's been limiting enough that I'm considering using Loggly or similar to handle my logs instead.  The catch being that the FortiGates and such don't do encrypted logging except to a FAZ or FortiCloud so it means putting in my own syslog server to collect logs and send them to Loggly encrypted.  If I had a bunch of clients I'd consider the AWS/Azure FortiAnalyzer option, but for just a few that doesn't work out price wise.

 

If you come up with a good solution for management and log filtering let us know.

SecurityPlus

Thanks for the feedback. Curious how the FortiCloud reporting compares to the reporting via the FortiGate directly. I don’t have experience with the FortiAnalyzer yet. Use case is the routine monitoring and management of multiple firewalls without having to VPN in to each firewall one by one.
tanr
Valued Contributor II

FortiCloud report generation (for paid version) looks okay, though I haven't tried creating many reports yet.  They give you a bunch of chart types (nothing as many as the ForitAnalyzer) but only a couple actual pre-made reports, so you have to create your own.  No datasets that I'm aware of.  Unlike the FortiAnalyzer you have much more limited control and can't do things like write your own custom queries.  However, their supplied charts seem to cover the common cases.  The FortiCloud FortiView is similar to what you get from the FortiGate version.

 

 

romanr
Valued Contributor

Hi,

 

we use the Forticloud multi tenancy feature. But only for SME cutomers utilizing the free Forticloud version. This is nice for use for those customers who can live with the limited logging & reporting.

 

For a proper installation to manage Fortigates it is cheaper to use a real Fortimanager & FAZ.... at least if there are >20 boxes involved as the yearly charges of Forticloud are quite pricy...

 

Br,

Roman

Brady_R__Houser

romanr wrote:

Hi,

 

we use the Forticloud multi tenancy feature. But only for SME cutomers utilizing the free Forticloud version. This is nice for use for those customers who can live with the limited logging & reporting.

 

For a proper installation to manage Fortigates it is cheaper to use a real Fortimanager & FAZ.... at least if there are >20 boxes involved as the yearly charges of Forticloud are quite pricy...

 

Br,

Roman

Do you know of any way to import and existing client's FortiCloud Account into the Multi-tenant setup or do I need to remove them from their own free FortiCloud account and joint them to my multi-teant setup?  

 

I also have clients which have paid for the 1 year log retention so It would be great to be able to just join them into my account but leave them in their own paid account.

naturpur

Hi there,

we recently got a (full) trial for Multi-Tenancy Cloud Account from our forti partner manager for 1 year. 

It seems that there is no Manager in the cloud to manage the configs like with the on-prem manager...

 

Anyone know how to handle this for smaller customers with like 1-8 boxes?