Configure Fortinet FortiGate

Configure Guardian firewall integration with the Fortinet FortiGate firewall.

Make sure that:
  • You have administrator privileges
  • You have generated the REST application programming interface (API) access token from the firewall admin Web user interface (UI)
  • You have added the Guardian address subnet to trusted hosts
    Note: The access token needs to have permission to insert, read, and delete entities such as:
    • Addresses
    • Addrgroups
    • Routes
    • Sessions
    • Policies

Guardian integration supports FortiOS versions 6.2, 6.4, 7.0, 7.2. This integration uses the REST API.

  1. In the top navigation bar, select Administration icon - which looks like a gear cog
    The administration page opens.
  2. In the Settings section, select Firewall integration.
    The Firewall integration page opens.
  3. In the top right section, select +
    A dialog shows.
  4. From the Choose firewall dropdown, select Fortinet FortiGate.
    A dialog shows.
  5. If it is not populated already, in the Host (CA-Emitted TLS Certificate) field, enter the host internet protocol (IP) address.
  6. Optional: In the vdom (optional) field, enter one or more Virtual DOM (vdom)s. Use a comma to separate multiple entries.
  7. In the Access token field, enter the access token.
  8. Optional: If necessary, in the Options section, select one or more of these options:
    1. Select Insert a new policy on top of all policies.
    2. Select Enable nodes blocking.
    3. Select Enable links blocking.
    4. Select Enable session kill. Then select the specific alert type(s).
    5. Select Keep on selecting sessions.
    6. Select Enable ports check.
    7. Select Enable transparent mode.
    8. Select Policies are sent as enabled.
  9. Select Save.
The firewall integration has been configured.