I have an environment with 3 Azure datacenters (US, EU and APAC) and over 60 branch offices spread among the US, EU and APAC. I have been trying, futilely, to get a definitive answer on the best way to deploy the security fabric in this environment. The key hangup in the 35 maximum downstream devices statement in the FortiOS and Best Practices doc. In my mind I envision a single fabric with our Azure US Fortigate as the root, but this doesn't square with the doc, unless I'm reading it wrong. Does anyone have experience with deploying the fabric in larger distributed environments?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Qaajak,
How remote fortigate is going to join security fabric of root fortigate. over ipsec tunnel or internet?
Please click on below link and reference document to connect security fabric over ipsec tunnel.
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/453842/security-fabric-over-ipsec-vpn
Another way is over internet using public ip address of fortigate wan interface. Connect security fabric over wan interface.
Over IPsec. How to do it is not the question I'm posing.
Hello
Please refer to the document regarding deploying security fabric
Again, HOW to do it is not something I need help with.
From the same doc you linked me to: Fortinet Security Fabric | FortiGate / FortiOS 7.6.0 | Fortinet Document Library
"A maximum of 35 downstream FortiGates is recommended."
That is what I'm seeking clarification on.
Hello
This is the best practice General considerations to deploy the security fabric using FortiGate.
When there are multiple Fortinet devices in the topology, use the Fortinet Security Fabric to easily manage the devices together. A Fortinet Security Fabric includes a root FortiGate, downstream FortiGates, and other Fortinet Fabric devices. It is recommended to use a maximum of 35 downstream FortiGates .
https://docs.fortinet.com/document/fortigate/6.4.0/best-practices/133704/general-considerations
Please, no more copying and pasting doc I've already read. I'll repost my question: Does anyone have experience with deploying the fabric in larger distributed environments?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.