FortiGate Connector Setup Requirements
When the firewall operates within a private network without public access, an App Connector is necessary to establish connection. To obtain the App Connector Identifier, refer to the documentation titled Setting up App Connector.
- Navigate to Policy & Objects > Firewall Policy.
- Create a deny rule with HH-XDR-Blocklist-address as the destination.
- Add a block rule with HH-XDR-Blocklist-address as the source to block inbound traffic as well.
- Proceed to Security Profiles > Web Filter.
- Create a new Web Filter Security Profile or clone/edit an existing one.
- Ensure that FortiGuard Category Based Filter is enabled.
- Under Remote Categories, for HH-XDR-Blocklist-category, set the action to Block.
- Save the settings.
- Go back to Policy & Objects > Firewall Policy and enable the newly created/edited Web Filter Policy.
- Access Security Profiles > AntiVirus.
- Create a new AntiVirus Security Profile or clone/edit an existing one.
- Under Virus Outbreak Prevention, enable Use external malware blocklist with Block action.
- Specify the list HH-XDR-Blocklist-malware or select All.
- Save the settings.
- To activate the policy, navigate to the Firewall Policy section and enable the newly created or edited AntiVirus Policy.
- To create a new access token, navigate to System > Administrators.
- Create a New REST API Admin, providing the Username and Comment (optional).
- In Administrator profile, click +create, provide Name, and assign required permissions (Read access to Log & Report for pulling events, Read/Write access to system for response actions).
- Disable the PKI Group.
- Click OK to generate a new API key. Copy the API key and save it for later use as the Access Token.
Configuration of FortiGate Event Downloader Connector
- Under the connector, navigate to Ingestion.
- Select FortiGate Event Downloader Connector and click on Configure.
- Enter the Server URL, AccessToken, Trust any certificate (true/false), has public access? (yes/no), and App connector identifier.
- Select Validate and then Save.
Configuration of FortiGate Response Connector
- Under the connector, navigate to Response.
- Select FortiGate Event Downloader Connector and click on Configure.
- Enter the Server URL, AccessToken, Trust any certificate (true/false), has public access? (yes/no), and App connector identifier.
- Select Validate and then Save.