Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Infotech22
Contributor

Fortinet Infrastructure

Hello people,

I would like to get some "best practice" "advices" on how would be better to have everything setup and if our current infrastructure is okay.

 

Fortinet Infrastructure:

  • 4 Locations with HA Cluster (200F, 100F)
  • FortiSwtiches in all locations (MC-LAG)
  • FortiAPs
  • Central Management via FortiManager, Logging via FortiAnalyzer
  • FortiEMS, licenses that have ZTNA.

 

I implemented FortiManager few days ago, added all FortiGates to newly created ADOM (7.2, Fortigates on Best Recommended Firmware 7.2.7)


Questions:

  • FortiAnalyzer is not provisioned to FortiManager, is this a good approach, which benefits we get from this and how it need's to be setup.
  • Security Fabric is not configured, is this a way to go also, to have an Root Fortigate on HQ office, and rest connect to them?
  • FortiEMS, how to manage this, is there a way to utilize everything trough FortiManager?
    • Planning to implement ZTNA soon

Any advice could help, I'm currently NSE4 certified, after I finish my study for CCNA and pass it I can then continue with Fortinet certificates which will get me more knowledge about this stuff

3 REPLIES 3
ozkanaltas
Valued Contributor III

Hello @Infotech22 ,

 

All your questions depend on your needs. 

 

- I didn't see any customer manage FortiAnalyzer with FortiManager. Generally, everyone manages FortiAnalyzer from its own GUI.

-Security Fabric has some useful features, if you want to use them you can set up Security Fabric infrastructure. If you want to get more information about Security Fabric, you can visit this solution hub website.

 

https://docs.fortinet.com/security-fabric

 

- FortiManager does not support FortiClientEMS. Because of that, you can't manage FortiClientEMS with FortiManager. 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Infotech22

Hey @ozkanaltas,

Thank you for answering my question.
- What would be the base case for Security Fabric? Do I have mutliple Security Fabrics for each location or to create it centrally.
- Didn't have any experience with it.

ozkanaltas
Valued Contributor III

Hi @Infotech22 ,

 

Security fabric is generally used for central visibility and control.

 

For example, you saw a threat on one fabric device and want to take action. You can take action on fabric root and distribute this action to all devices. Or you can configure automation on the security fabric root and you can apply action on the fabric edge device.

 

On the visibility side, you can see all devices in one topology. These are simple examples. If you want to get more information you can review this link.

 

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/286973/fortinet-security-fab...

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors