Hot!Security Fabric VDOM Support?

Author
Kenundrum
Gold Member
  • Total Posts : 150
  • Scores: 17
  • Reward points: 0
  • Joined: 2008/05/15 10:25:50
  • Location: Rhode Island, US
  • Status: offline
2017/09/07 08:23:18 (permalink)
5 (2)

Security Fabric VDOM Support?

So the security fabric functions are currently not supported on devices running with VDOMs enabled.
Has anyone heard any info on when this is going to be fixed?
You would think that a function that is designed to help multiple devices work together would be supported on devices that within the same chassis have multiple firewalls that need help working together! It doesn't seem like it is too much of a stretch to make it work- just set fabric settings per VDOM and treat every VDOM as a unique device (just like they are intended). I know it's not an API problem because the API is totally capable of handling multiple VDOMs. At this point the only thing the fabric function does with VDOMs is allow you to offload traffic to a FortiWeb/Mail/Sandbox device for further inspection. This is really annoying!

NSE4
Some FGT500Es, 500Ds, 60Ds at work
FWF60E, FWF80CM at home
#1

13 Replies Related Threads

    Steven.Usher
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/11/23 22:05:17
    • Status: offline
    Re: Security Fabric VDOM Support? 2017/11/23 22:08:46 (permalink)
    0
    I must say I was disappointed to discover you cannot use the Security Fabric on a FortiGate where a VDOM is in use :-(
    I would say this is a rather big over site and i am surprised there are not more comments on this page.
     
    #2
    tanr
    Platinum Member
    • Total Posts : 685
    • Scores: 31
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: Security Fabric VDOM Support? 2017/11/25 16:02:33 (permalink)
    0
    Make sure to request Security Fabric VDOM support from your Fortinet contacts. 
    Makes it more likely we'll actually get it one day.
    #3
    Malefunk
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/03/01 05:17:18
    • Status: offline
    Re: Security Fabric VDOM Support? 2018/04/26 05:58:44 (permalink)
    0
    I just spent some hours trying to discover why there are no Security Fabric options .. here i found the solution - we use vdoms on every FW...


    This should definitively be possible!
    #4
    virtualj
    Bronze Member
    • Total Posts : 29
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/09/16 06:56:51
    • Status: offline
    Re: Security Fabric VDOM Support? 2018/06/01 07:00:15 (permalink)
    0
    I'm very disappointed for this. In FortiOS 6.0.0 same limitation.
    #5
    jishanalli
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/17 23:54:16
    • Status: offline
    Re: Security Fabric VDOM Support? 2018/07/18 00:01:18 (permalink)
    0
    This is very strange they are saying that you should configure security fabric in your edge device but it should not have VDOM enabled then what is the use of security fabric. Of course, security fabric will not enable the branch device. It's really annoying. I think Fortinet should think about this seriously. At one point they marketing that they are having security fabric where other does not have.
    #6
    walvis
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/30 06:49:39
    • Status: offline
    Re: Security Fabric VDOM Support? 2018/07/30 06:54:34 (permalink)
    0
    I'm deeply disappointed that vdoms are not supporting CSF, I don't really understand why Fortinet Sales are putting so much effort on something that most of the deployments won't support(In my case 80% of installations have vdoms enabled..)
     
    #7
    bommi
    Gold Member
    • Total Posts : 146
    • Scores: 12
    • Reward points: 0
    • Joined: 2016/08/03 03:42:49
    • Location: Germany
    • Status: offline
    Re: Security Fabric VDOM Support? 2018/07/30 08:19:09 (permalink)
    0
    Hi,
     
    in 6.0.x I have the "Security Fabric" menu in every VDOM.
    Some of the Security Fabric Features are only listed in the Global Section.
     
    Regards
    bommi
    #8
    Kenundrum
    Gold Member
    • Total Posts : 150
    • Scores: 17
    • Reward points: 0
    • Joined: 2008/05/15 10:25:50
    • Location: Rhode Island, US
    • Status: offline
    Re: Security Fabric VDOM Support? 2018/07/30 08:32:38 (permalink)
    0
    6.0.x has the same problem as the other versions. You see the security fabric menu. When you try to enable it with VDOMs turned on, the only items you can do is offload scanning to dedicated devices. You do not have the option of enabling fortitelemetry between fortigate devices. The documentation clearly states that security fabric is not supported on devices with VDOMs enabled.
     
    For what it's worth, i have ended up re-architecting in a way that I need less VDOMs overall. I'm on a path to remove the need for VDOMs based on current usage without actually needing to buy more firewalls. The primary driver was for easier management, but the ability to see all the traffic in the FGT interface with the telemetry going between devices is a plus.

    NSE4
    Some FGT500Es, 500Ds, 60Ds at work
    FWF60E, FWF80CM at home
    #9
    walvis
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/30 06:49:39
    • Status: offline
    Re: Security Fabric VDOM Support? 2018/07/30 08:35:34 (permalink)
    0
    Hi Bommi,
     
    yes, even in version 5.6 you have the menus for Security Fabric but apart of showing the Topology, you can not enable the useful features to have visibility of your Fortinet devices and the Security Audit. That is due to the vdom limitation for CSF.
     
    Regards,
    Walvis
    #10
    mike_dp
    Bronze Member
    • Total Posts : 34
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/02/22 12:26:22
    • Status: offline
    Re: Security Fabric VDOM Support? 2018/09/17 11:00:42 (permalink)
    0
    any updates for security fabric with vDoms?
    #11
    Heyro
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/01/13 14:14:30
    • Status: offline
    Re: Security Fabric VDOM Support? 2018/10/24 09:01:55 (permalink)
    0
    i'm running version 6.03 and was hoping they would add this feature. Most high end firewall end up being configured in vDom mode, so i still don't understand they're approach on the security fabric.
    #12
    alantz@rogersar.gov
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/01/16 08:03:43
    • Status: offline
    Re: Security Fabric VDOM Support? 2019/11/04 11:56:04 (permalink)
    0
    OMG, I can't believe this. I'm running 6.2.2 and have spend hours on this trying to figure out why I can't see telemetry in my fabric settings. I have a ticket submitted as well, but I guess now I know what the answer will be. Not having Compliance because I use vdom's is rediculious ! 
     
    --Alan--
     
    #13
    emnoc
    Expert Member
    • Total Posts : 5366
    • Scores: 351
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Security Fabric VDOM Support? 2019/11/04 21:39:10 (permalink)
    0
    The notes clearing states this is disabled, not sure why the complaints. Instead of opening tickets open a NFR ( New Feature Request ). 
     
    https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-security-fabric-54/1-fabric-introduction/2-overview.htm
     
    The fortiOS also spits out a warning about it also ;
     
    Can not set Security Fabric when vdom mode is enabled.
    object check operator error, -651, discard the setting
    Command fail. Return code -651
     
    So complaining over spilled milk is not going to accomplish much of anything. They might get it added but in a multi-tenant env, but  I highly doubt it would come very soon. Request a NFR thru your sales team.
     
    Ken Felix

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #14
    Jump to:
    © 2019 APG vNext Commercial Version 5.5