Seqrite XDR

FortiGate Connector

Print Friendly, PDF & Email

FortiGate Connector Setup Requirements

When the firewall operates within a private network without public access, an App Connector is necessary to establish connection. To obtain the App Connector Identifier, refer to the documentation titled Setting up App Connector.

  1. Navigate to Policy & Objects > Firewall Policy.
  2. Create a deny rule with HH-XDR-Blocklist-address as the destination.
    FortiGate Configuration Step1
  3. Add a block rule with HH-XDR-Blocklist-address as the source to block inbound traffic as well.
  4. Proceed to Security Profiles > Web Filter.
  5. Create a new Web Filter Security Profile or clone/edit an existing one.
  6. Ensure that FortiGuard Category Based Filter is enabled.
  7. Under Remote Categories, for HH-XDR-Blocklist-category, set the action to Block.
  8. Save the settings.
  9. Go back to Policy & Objects > Firewall Policy and enable the newly created/edited Web Filter Policy.
    FortiGate Configuration Step2
  10. Access Security Profiles > AntiVirus.
  11. Create a new AntiVirus Security Profile or clone/edit an existing one.
  12. Under Virus Outbreak Prevention, enable Use external malware blocklist with Block action.
  13. Specify the list HH-XDR-Blocklist-malware or select All.
  14. Save the settings.
  15. To activate the policy, navigate to the Firewall Policy section and enable the newly created or edited AntiVirus Policy.

    16. FortiGate Configuration Step3

  16. To create a new access token, navigate to System > Administrators.
  17. Create a New REST API Admin, providing the Username and Comment (optional).
  18. In Administrator profile, click +create, provide Name, and assign required permissions (Read access to Log & Report for pulling events, Read/Write access to system for response actions).
    FortiGate Configuration Step4
    FortiGate Configuration Step5
  19. Disable the PKI Group.
  20. Click OK to generate a new API key. Copy the API key and save it for later use as the Access Token.

Configuration of FortiGate Event Downloader Connector

  1. Under the connector, navigate to Ingestion.
  2. Select FortiGate Event Downloader Connector and click on Configure.
  3. Enter the Server URL, AccessToken, Trust any certificate (true/false), has public access? (yes/no), and App connector identifier.
  4. Select Validate and then Save.

Configuration of FortiGate Response Connector

  1. Under the connector, navigate to Response.
  2. Select FortiGate Event Downloader Connector and click on Configure.
  3. Enter the Server URL, AccessToken, Trust any certificate (true/false), has public access? (yes/no), and App connector identifier.
  4. Select Validate and then Save.
Was this page helpful?
Yes No