Seqrite XDR

Fortigate Connector and Its response Connector

Print Friendly, PDF & Email

FortiGate Connector

1. Connector Types & Use Cases

  • Public Network (Accessible over the internet):
    Configure using the FortiGate Event Downloader & Response Connector directly.

  • Private Network (No internet access):
    Use App Connector to bridge the firewall with the XDR platform.
    👉 App Connector Setup Guide

2. FortiGate Security Configuration

a. Blocklist Configuration

  1. Go to Policy & Objects > Firewall Policy.

  2. Create a deny rule:

    • Destination: HH-XDR-Blocklist-address
    • Action: Deny

  3. Create another deny rule:

    • Source: HH-XDR-Blocklist-address
    • Action: Deny (for inbound traffic)

b. Web Filter Profile

  1. Navigate to Security Profiles > Web Filter.
  2. Create or edit a profile.

  3. Under FortiGuard Category Based Filter:

    • Ensure it’s enabled.
    • For HH-XDR-Blocklist-category under Remote Categories, set Action = Block.
  4. Save the profile.
  5. Apply the profile in the Firewall Policy.

c. AntiVirus Profile

  1. Go to Security Profiles > AntiVirus.
  2. Create or edit a profile.

  3. Under Virus Outbreak Prevention:

    • Enable Use external malware blocklist.
    • Set Action = Block.
    • Select HH-XDR-Blocklist-malware (or All).
  4. Save the profile.
  5. Apply the profile in the Firewall Policy.

3. API Token Configuration

  1. Navigate to System > Administrators.
  2. Click Create New > REST API Admin.

  3. Fill in:

    • Username
    • Comment (optional)

  4. Click +Create under Administrator Profile:

    • Assign:

      • Read access to Log & Report
      • Read/Write access to System
  5. Disable PKI Group.
  6. Click OK to generate the API Key.
  7. Copy and save the API key (used as the Access Token in connector setup).

4. FortiGate Event Downloader Connector Configuration

Location: XDR Portal → Connectors → Ingestion

  1. Select FortiGate Event Downloader Connector.
  2. Click Configure.

  3. Provide:

    • Server URL
    • Access Token (API key)
    • Trust Any Certificate (true/false)
    • Has Public Access? (yes/no)
    • App Connector Identifier (if public access = no)
  4. Click Validate and Save.

5. FortiGate Response Connector Configuration

Location: XDR Portal → Connectors → Response

  1. Select FortiGate Response Connector.
  2. Click Configure.

  3. Provide:

    • Server URL
    • Access Token
    • Trust Any Certificate (true/false)
    • Has Public Access? (yes/no)
    • App Connector Identifier (if applicable)
  4. Click Validate and Save.

Let me know if you’d like a downloadable format (PDF, DOCX, Markdown) or if you want the App Connector setup instructions included inline.

Was this page helpful?
Yes No