CSF – Cooperative Security Fabric

Leave a reply

CSF – Cooperative Security Fabric

Cooperative Security Fabric (CSF) – also known as a Fortinet Security Fabric – spans across an entire network linking different security sensors and tools together to collect, coordinate, and respond to malicious behavior in real time. CSF can be used to coordinate the behavior of different Fortinet products in your network, including FortiGate, FortiAnalyzer, FortiClient, FortiSandbox, FortiAP, FortiSwitch, and FortiClient Enterprise Management Server (EMS). CSF supports FortiOS 5.4.1+, FortiSwitchOS 3.3+, and FortiClient 5.4.1+.

Port TCP/8009 is the port FortiGate uses for incoming traffic from the FortiClient Portal, as user information (such as IP address, MAC address, avatar, and other profile information) is automatically synchronized to the FortiGate and EMS.

The brief example below assumes that FortiTelemetry has been enabled on the top-level FortiGate (FGT1), OSPF routing has been configured, and that policies have been created for all FortiGate units to access the

Internet.

For more details on how to configure a security fabric between FortiGate units, see Installing internal FortiGates and enabling a security fabric on the Fortinet Cookbook website.

CSF – Cooperative Security Fabric

Enabling CSF on the FortiGate:

  1. On the upstream FortiGate (FGT1), go to System > Cooperative Security Fabric and enable Cooperative Security Fabric (CSF).
  2. Enter a Group name and Group password for the fabric.
  3. On a downstream FortiGate (such as FGT2 or FGT3), configure the same fabric settings as were set on FGT1.
  4. Enable Connect to upstream FortiGate.

Be sure you do not enable this on the topmost-level FortiGate (in this example, FGT1).

  1. In FortiGate IP, enter the FGT1 interface that has FortiTelemetry The FortiTelemetry port (set to 8013) can be changed as required.

Once set up, you can view your network’s CSF configuration under FortiView through two topology dashboards.

  1. On top-level FortiGate, go to FortiView > Physical Topology. This dashboard shows a vizualization of all access layer devices in the fabric.
  2. Go to FortiView > Logical Topology to view information about the interfaces (logical or physical) that each device in the fabric is connected to.

Other CSF configurations for your network are available through the Fortinet Cookbook Cooperative Security Fabric page.

This entry was posted in FortiOS, FortiOS 5.4 Handbook, FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.