CSF – Cooperative Security Fabric
Cooperative Security Fabric (CSF) – also known as a Fortinet Security Fabric – spans across an entire network linking different security sensors and tools together to collect, coordinate, and respond to malicious behavior in real time. CSF can be used to coordinate the behavior of different Fortinet products in your network, including FortiGate, FortiAnalyzer, FortiClient, FortiSandbox, FortiAP, FortiSwitch, and FortiClient Enterprise Management Server (EMS). CSF supports FortiOS 5.4.1+, FortiSwitchOS 3.3+, and FortiClient 5.4.1+.
Port TCP/8009 is the port FortiGate uses for incoming traffic from the FortiClient Portal, as user information (such as IP address, MAC address, avatar, and other profile information) is automatically synchronized to the FortiGate and EMS.
The brief example below assumes that FortiTelemetry has been enabled on the top-level FortiGate (FGT1), OSPF routing has been configured, and that policies have been created for all FortiGate units to access the
Internet.
For more details on how to configure a security fabric between FortiGate units, see Installing internal FortiGates and enabling a security fabric on the Fortinet Cookbook website.
CSF – Cooperative Security Fabric
Enabling CSF on the FortiGate:
- On the upstream FortiGate (FGT1), go to System > Cooperative Security Fabric and enable Cooperative Security Fabric (CSF).
- Enter a Group name and Group password for the fabric.
- On a downstream FortiGate (such as FGT2 or FGT3), configure the same fabric settings as were set on FGT1.
- Enable Connect to upstream FortiGate.
Be sure you do not enable this on the topmost-level FortiGate (in this example, FGT1).
- In FortiGate IP, enter the FGT1 interface that has FortiTelemetry The FortiTelemetry port (set to 8013) can be changed as required.
Once set up, you can view your network’s CSF configuration under FortiView through two topology dashboards.
- On top-level FortiGate, go to FortiView > Physical Topology. This dashboard shows a vizualization of all access layer devices in the fabric.
- Go to FortiView > Logical Topology to view information about the interfaces (logical or physical) that each device in the fabric is connected to.
Other CSF configurations for your network are available through the Fortinet Cookbook Cooperative Security Fabric page.