Skip to main content
All CollectionsIntegration Guide
FortiGate NGFW Integration
FortiGate NGFW Integration
Ali Murtaza avatar
Written by Ali Murtaza
Updated over 2 years ago

About FortiGate NGFW

FortiGate NGFWs enable security-driven networking and consolidate industry-leading security capabilities such as intrusion prevention system (IPS), web filtering, secure sockets layer (SSL) inspection, and automated threat protection. Fortinet NGFWs meet the performance needs of highly scalable, hybrid IT architectures, enabling organizations to reduce complexity and manage security risks.

SIRP’s integration with FortiGate NGFW allows security teams to execute response actions right from SIRP.

Supported Actions

SIRP’s FortiGate integration app allows you to execute the following actions:

Action

Description

Block IP as Source

Block an IP address as Source on NGFW

Block IP as Destination

Block an IP address as Destination on NGFW

Unblock IP as Source

Whitelist an IP Address as Source on NGFW

Unblock IP as Destination

Whitelist an IP Address as Destination on NGFW

Enable and Configure the FortiGate Firewall

Create API Admin User on FortiGate Firewall

1. Log in to the FortiGate.

2. Create new API Admin role with permissions: Policy configuration and Address Configuration. Enable Read Write Permissions on both.

3. Create a new Admin account with the API Admin role.

Collect Policy ID from FortiGate Firewall

Go to Policy & Objects to copy Policy Sequence Number which is equivalent to Policy ID.

  • Source-Policy-ID has to be the policy where traffic direction is incoming from Destination to Source.

  • Destination-Policy-ID must be the policy where traffic direction is outgoing from Source to Destination

Configure SIRP App

1. Next, log in to SIRP, then go to Apps from the left navigation bar

2. Locate the app named FortiGate Firewall

3. Enable the FortiGate app by clicking on the toggle button under the Status

4. As soon as you enable the App, you will get an option to add the configuration details.

Note: SIRP API uses HTTPS protocol by default.

5. Add following details and click Save:

  1. IP: <IP address of FortiGate Firewall>

  2. Port: <Fortigate Web Console Port>

  3. Username: <API Admin Usernamel>

  4. Password: <API Admin Password>

  5. Source-Policy-ID: <ID of the Source policy on FortiGate Firewall>

  6. Destination-Policy-ID: <ID of the Destination policy on FortiGate Firewall>

  7. VDOM by default is root. Different customer uses different value use correct VDOM.

6. After the last step, you should be able to execute the FortiGate actions on-demand or through Playbooks to block and unblock IP addresses.


Did this answer your question?