Hello,
I got interested by Forti Fabric but I see that there is not a lot of data for the communication that Forti fabric uses.
I know that the device discovery is based on LLDP (https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/224074/leveraging-lldp-to-si... ) but after that there is not a lot of info if the communication is encrypted by SSL/TLS or like SSH.
I found the below article but it is only that the log transmission to fortianalyzer can be encrypted but I know fortianalyzer is a crucial part for Security Fabric.
Also it is interesting when doing an automation on the fabric is the REST API used or the forti fabric protocol as for example I see that automation Stitches are only configured under the security fabric and from what I read an automation Stitch can involve multiple forti devices that are part of the fabric like stopping the source ip and mac on the firewalls but also on the forti switches and cool stuff like that.
Cool article that I found:
I am starting to wonder if forti fabric is not LLDP for discovery then forti analyzer for logging (also the devices probably share in the logs with the analyzer what they discovered by LLDP) and the REST-API for automating stuff (expecially if there is forti manager added as an optional component to the fabric). Maybe there is no propriotory protocol involved.
Any info is appreciated :)
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The "Fabric" is not just one protocol. As you've already discovered it uses LLDP for Switch and AP discovery as well as FortiLink (proprietary CAPWAP) for control. There's also the API integrations using HTTPS. And others...
To answer your quesiton though, yes all communications are secured and encrypted. Specifically FortiLink
I found this article below and now I see that the root firewall (this makes me ask what happens if the root firewalls goes down but maybe this is a question for another time and if I do not find a well documented answer :) ) is the only one where automation stiches can be created (strange that fortimanager lacks this option) and maybe "enable 'Allow access' to FortiGate REST API " should also be checked in the security fabric for the automations to work, so I am starting to think that the automations use the API to trigger stuff on the security fabric.
Still interesting what protocol is used for communication between the security fabric devices and its encryption outside of the logging to analyzer that can be encrypted of the API that I think is for automation stiches to work.
FortiManager would not have any role in automation stitch creation—it is responsible for config management only. FortiAnalyzer, on the other hand (which is required part of the Fabric) will do Automation stitches and playbooks.
If you are asking what protocol is used for the FortiGate fabric sync between other FortiGates it is using UDP port 8014. https://docs.fortinet.com/document/fortigate/7.2.0/fortios-ports/637075/incoming-ports
Created on 04-05-2023 10:40 PM Edited on 04-05-2023 10:41 PM
Thanks for the fast reply.
Then the FortiAnalyzer is the one using the API to manage the automations and this is why "enable 'Allow access' to FortiGate REST API " needs to be clicked, or I am wrong?
Also I suspect the forti fabric communication is secured encrypted, so no MITM attacks can capture see the traffic in clear text?
You are correct on both points, yes.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.