Configure Fortinet FortiGate NGFW Connection

A Fortinet FortiGate NGFW connection securely stores reusable authentication credential information for integrations between Alert Logic and your Fortinet FortiGate Next-Generation Firewall (NGFW).

To create the connection, Alert Logic requires the following information about your FortiGate:

  • Host —Hostname or IP address of the FortiGate that you want Alert Logic to connect to.
  • Username and password—Administrative credentials of the user that allows Alert Logic to access your FortiGate. Alert Logic recommends that you set up a dedicated user, rather than use one that is shared by human users or other software integrations.
  • Virtual Domains—If your FortiGate is divided into multiple virtual domains (VDOMs), you need the names of the VDOMs you want Alert Logic to connect to. For more information, see Identify the Fortigate virtual domains you want to connect to.

This connection also requires an Alert Logic IDS appliance. You specify a network where the appliance is located, and Alert Logic chooses the appropriate appliance to connect to the specified hostname or IP address. Choosing the network instead of a specific appliance prevents you from needing to update the connection as appliances are added to or removed from the network. The IDS appliances in the selected network must be able to connect to the firewall using the TCP port selected, 443 by default. Any routing, network segmentation, cloud security groups, and other network access controls must allow outbound communication from all IDS appliances in the selected network to the firewall.

Alert Logic provides the following steps to help you create the connection. For further questions about the steps performed in Fortinet FortiGate NGFW, contact Fortinet support.

  1. Identify the FortiGate virtual domains you want to connect to
  2. Create the Fortinet FortiGate NGFW connection in the Alert Logic console
  3. Use the connection in automated response

Identify the FortiGate virtual domains you want to connect to

If your FortiGate is divided into multiple virtual domains (VDOMs) and they are enabled, you need the names of the VDOMs you want Alert Logic to connect to. Alert Logic connects to the root domain if you leave the Virtual Domains field blank when you configure the connection in the Alert Logic console. The following additional considerations apply depending on the Fortinet VDOM mode:

  • If your FortiGate is in split-task VDOM mode, Alert Logic needs to connect to the management VDOM (root). You can leave the Virtual Domains field blank to connect to root automatically. For more information, see the Fortinet document Split-task VDOM Mode.
  • If your FortiGate is in multi VDOM mode, you can specify any of the VDOMs you set up or leave the Virtual Domains field blank to connect to root. If your VDOMs are set up as management or meshed VDOMs, connecting to root affects all VDOMs. For more information, see the Fortinet document Multi VDOM mode.

Create the Fortinet FortiGate NGFW connection in the Alert Logic console

The next step is to create the Fortinet FortiGate NGFW connection in the Alert Logic console.

To create a Fortinet FortiGate NGFW connection:

  1. In the Alert Logic console, click the navigation menu icon (), click Configure, and then click Connections.
  2. On the Connections page, click the add icon (), and then click Fortinet FortiGate NGFW.
  3. On the Create a Fortinet FortiGate NGFW Connection page, type a descriptive name for the connection (example: Fortinet FortiGate NGFW Connection).
  4. In Host, type the hostname or IP address of the FortiGate that you want to connect to.
  5. In Port, leave the default TCP port number 443 for secure incoming connection requests, or change it if you have a custom configuration.
  6. In Username, enter the username for the administrative account that provides Alert Logic access to your FortiGate (example: Alert_Logic_Intelligent_Response).
  7. In Password, enter the password for the specified username.
  8. In Network ID, select the network that contains an Alert Logic IDS appliance that can connect to your firewall.
  9. If you want Alert Logic to verify SSL certificates for requests it makes to the firewall, select the Verify SSL check box.
  10. (Optional) In Virtual Domains, enter a comma-separated list of the FortiGate virtual domain names that you want Alert Logic to connect to. If your FortiGate does not have virtual domains enabled or if you want to connect to root in a multiple virtual domain setup, leave the field blank. For more information, see Identify the FortiGate virtual domains you want to connect to.
  11. Click SAVE.

Use the connection in automated response

After you save the connection, you can use it for the simple response Fortinet FortiGate NGFW: Block External IP Address.

For more information about automated response, see Get Started with Automated Response.

Manage connections

You can view the list of connections and edit or delete an existing one. For more information, see Manage Connections.