About FortiGate NGFW
FortiGate NGFWs enable security-driven networking and consolidate industry-leading security capabilities such as intrusion prevention system (IPS), web filtering, secure sockets layer (SSL) inspection, and automated threat protection. Fortinet NGFWs meet the performance needs of highly scalable, hybrid IT architectures, enabling organizations to reduce complexity and manage security risks.
SIRP’s integration with FortiGate NGFW allows security teams to execute response actions right from SIRP.
SIRP’s FortiGate integration app allows you to execute the following actions:
Block IP as Source
Block an IP address as Source on NGFW
Block IP as Destination
Block an IP address as Destination on NGFW
Unblock IP as Source
Whitelist an IP Address as Source on NGFW
Unblock IP as Destination
Whitelist an IP Address as Destination on NGFW
Enable and Configure the FortiGate Firewall
Create API Admin User on FortiGate Firewall
1. Log in to the FortiGate.
2. Create new API Admin role with permissions: Policy configuration and Address Configuration. Enable Read Write Permissions on both.
3. Create a new Admin account with the API Admin role.
Collect Policy ID from FortiGate Firewall
Go to Policy & Objects to copy Policy Sequence Number which is equivalent to Policy ID.
Source-Policy-ID has to be the policy where traffic direction is incoming from Destination to Source.
Destination-Policy-ID must be the policy where traffic direction is outgoing from Source to Destination
Configure SIRP App
1. Next, log in to SIRP, then go to Apps from the left navigation bar
2. Locate the app named FortiGate Firewall
3. Enable the FortiGate app by clicking on the toggle button under the Status
4. As soon as you enable the App, you will get an option to add the configuration details.
Note: SIRP API uses HTTPS protocol by default.
5. Add following details and click Save:
IP: <IP address of FortiGate Firewall>
Port: <Fortigate Web Console Port>
Username: <API Admin Usernamel>
Password: <API Admin Password>
Source-Policy-ID: <ID of the Source policy on FortiGate Firewall>
Destination-Policy-ID: <ID of the Destination policy on FortiGate Firewall>
VDOM by default is root. Different customer uses different value use correct VDOM.
6. After the last step, you should be able to execute the FortiGate actions on-demand or through Playbooks to block and unblock IP addresses.