FortiSIEM Discovery for Multi-Tenant Deployments

Discovery for Multi-Tenant Deployments

In multi-tenant deployments with organizations, the discovery process differs depending on whether or not you are using Collectors. This is because of the way in which IP addresses are used to establish the relationship between devices and organizations.

If you are using Collectors, IP address overlap between organizations is allowed

If you are not using Collectors, then each organization must have a unique IP address

These two requirements determine which administrative account you will use for discovery.

For organizations with collectors, you must initiate discovery using the administrative account associated with the organization. Every device discovered by a collector is automatically assigned to the organization that the collector belongs to.

For organizations without collectors, you must initiate discovery using the Super/Global administrative account. Devices for all organizations are discovered at the same time, and are assigned to organizations based on the IP address assignments you set up for the organization.


If a device matches only one organization’s IP address assignment, then it is assigned to that organization

If a device matches multiple organization definitions, then it is assigned to the Super/Global organization. These would typically be devices that are part of the Super/Global organization’s network backbone.

Related Links

How Devices are Added to Organizations

Managing Organizations for Multi-Tenant Deployments


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU