Seqrite XDR

FortiGate Connector

Print Friendly, PDF & Email

System Configuration Requirements

  1. CPU and RAM:
    A configuration of 2 vCPUs and 4 GB of RAM is sufficient for deployments. For higher loads, consider scaling up the resources.
  2. Syslog System:
    The Syslog system must be operational 24/7 to ensure continuous monitoring and logging.
  3. IP Address:
    A static IP address is required for stable connectivity and configuration.

FortiGate Connector Setup Requirements

When the firewall operates within a private network without public access, an App Connector is necessary to establish connection. To obtain the App Connector Identifier, refer to the documentation titled Setting up App Connector.

  1. Navigate to Policy & Objects > Firewall Policy.
  2. Create a deny rule with HH-XDR-Blocklist-address as the destination.
    FortiGate Configuration Step1
  3. Add a block rule with HH-XDR-Blocklist-address as the source to block inbound traffic as well.
  4. Proceed to Security Profiles > Web Filter.
  5. Create a new Web Filter Security Profile or clone/edit an existing one.
  6. Ensure that FortiGuard Category Based Filter is enabled.
  7. Under Remote Categories, for HH-XDR-Blocklist-category, set the action to Block.
  8. Save the settings.
  9. Go back to Policy & Objects > Firewall Policy and enable the newly created/edited Web Filter Policy.
    FortiGate Configuration Step2
  10. Access Security Profiles > AntiVirus.
  11. Create a new AntiVirus Security Profile or clone/edit an existing one.
  12. Under Virus Outbreak Prevention, enable Use external malware blocklist with Block action.
  13. Specify the list HH-XDR-Blocklist-malware or select All.
  14. Save the settings.
  15. To activate the policy, navigate to the Firewall Policy section and enable the newly created or edited AntiVirus Policy.

    16. FortiGate Configuration Step3

  16. To create a new access token, navigate to System > Administrators.
  17. Create a New REST API Admin, providing the Username and Comment (optional).
  18. In Administrator profile, click +create, provide Name, and assign required permissions (Read access to Log & Report for pulling events, Read/Write access to system for response actions).
    FortiGate Configuration Step4
    FortiGate Configuration Step5
  19. Disable the PKI Group.
  20. Click OK to generate a new API key. Copy the API key and save it for later use as the Access Token.

FortiGate Event Downloader Connector Configuration in XDR

  1. Navigate to the Connector page in the XDR portal and select Ingestion.
  2. Select FortiGate Event Downloader Connector and click Configure.
  3. Enter the Server URL, AccessToken, Trust any certificate (true/false), has public access? (yes/no), and App connector identifier.
  4. Select Validate and then Save.

FortiGate Response Connector Configuration in XDR

  1. Navigate to the Connector page in the XDR portal and select Response.
  2. Select FortiGate Event Downloader Connector and click Configure.
  3. Enter the Server URL, AccessToken, Trust any certificate (true/false), has public access? (yes/no), and App connector identifier.
  4. Select Validate and then Save.
Was this page helpful?
Yes No