Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
oriehl
New Contributor

Created on ‎07-26-2022 05:33 AM

Securing Fortimanager on Azure

Hi,

 

I wonder if connecting fortigates to a central management (Fortimanager VM on Azure) using Internet is a best practice about security. Would it be better to add an ipsec layer ? Surely right but only for this kind of traffic ?

 

Thanks for your point of view

Regards

Oliver

Labels:
703
0 Kudos
1 REPLY 1
Yurisk
SuperUser
SuperUser

Created on ‎07-29-2022 12:15 AM Edited on ‎07-29-2022 12:17 AM

It depends if you have some legal/compliance requirements to put anything inside IPSec. In case you don't have such limitations, I personally see no added value - all communication between Fortigate and Fortimanager is already encrypted with TLS using quite high encryption algos: by default the encryption set is set to "high" and if it is relatively recent versions of FGT/FMG (like 6.2 or later), it means the tunnel is encrypted with 

ECDHE-RSA-AES256-GCM-SHA384 , DHE-RSA-AES256-GCM-SHA384 , ECDHE-RSA-AES128-GCM- SHA256. 

 

Detailed discussion of the FGFM protocol can be found here https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/067f5236-ca6d-11e9-8977-005056... 

 

Edit: of course securing management access to the FMG is a must, either with Azure or your own means.

Yuri Slobodyanyuk
Yuri Slobodyanyuk
686
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.