Fortinet integration
  • 23 Oct 2024
  • 3 Minutes to read
  • PDF

Fortinet integration

  • PDF

Article summary

Fortinet Web Application Firewall (WAF) is a powerful security solution designed to protect web applications from various cyber threats, including SQL injection, cross-site scripting (XSS), and other vulnerabilities commonly exploited by attackers. Integrating Traceable with Fortinet WAF enables organizations to bolster their security by combining Fortinet's advanced web application protection with Traceable's deep API observability and AI-driven insights. This integration allows for enhanced visibility into API traffic, real-time detection of security anomalies, and comprehensive protection for modern web applications and APIs against sophisticated attacks. Together, Traceable and Fortinet WAF provide a unified solution that enhances detection and prevention capabilities, ensuring robust security for dynamic API environments.

Traceable’s integration with Fortinet supports the following types of rules:

  • IP range rules

  • Threat actor

  • Custom signature rules

The following is a high-level integration diagram:

Make a note of the following points regarding threat actor and IP range blocking:

  • Threat actor — Any status change of the threat actor on the Traceable Platform is propagated to Fortinet. For example, if Traceable detects a threat actor and changes it to a deny state, then the requests from this threat actor can be blocked using Fortinet. Moreover, if you make any changes, such as adding a threat actor to the denylist or resolving the status, then such changes are reflected in Fortinet in a few minutes.

  • IP-range blocking — If you configure any custom rules to enforce blocking, action is to be executed through Fortinet.


Before you begin

Make a note of the following before you proceed with the integration:

Custom signature attributes

Supported/Not supported

Request URL

Supported.

Request header name

Supported (Only supports “Contains” expression).

Request header value

Not supported.

Request parameter name

Supported (Only the “Does not match pattern” operator is not supported).

Request parameter value

Supported (Only the “Does not match pattern” operator is not supported).

Request HTTP method

Supported.

Request host

Supported.

Request user agent

Supported

Request body

Not supported.

Request cookie name

Not supported.

Request cookie value

Not supported.

Request header

Supported. The request header only allows the "contains" operator for the header name, while it supports all operators for the header value. However, in Traceable, the header name should be configured as the “Matches Exactly” operator since “contains” is not supported in Traceable for the request header.

Request cookie

Not supported.

Request parameter

Supported. The request parameter supports all operators except for "does not match pattern." If there are multiple conditions, Fortinet uses OR expressions instead of AND.


Configuration

Complete the following steps to integrate Fortinet with Traceable:

  1. Log into your Traceable account and navigate to IntegrationsWAF.

  2. Configure the options in the Add New Fortinet Integration window. Provide the following:

    1. Integration name — Provide a name for the integration.

    2. Description (optional) — Describe the type of integration, such as dev, production, etc. This is an optional field.

    3. Environments — Choose the environment for which you wish to integrate Fortinet. You can also choose All Environments, which will integrate Fortinet with all the available environments.

    4. API Key — The API Key in Fortinet. Check with your Fortinet WAF administrator to get access to the key. Alternatively, you can navigate to System SettingsSettings to fetch the API key. If you are creating more than one integration, you can use the same API key in all the integrations.

    5. Rule scope — You can apply this integration at an Application or Template level. A template-level integration will be applied to all the applications using the template. This means that all the rules that apply to the template would be applied to applications that inherit that template. Meanwhile, application-level integration applies to a specific application in Fortinet. Fetch the Application or Template ID from their URL. The screenshot below shows the Template ID:

  3. Test the connection and click on Save.

You can view the custom rules by navigating to Advanced Applications Custom rules.
Make a note of the following points:

  • If a rule is deleted from a template, it is automatically deleted from all the applications that inherit that template.

  • Traceable adds all the threat actors to a single rule and synchronizes with Fortinet WAF.

  • A maximum of 24 rules can be created in Fortinet WAF. To view which rules have synchronized, you can navigate to IntegrationsIntegration Events.

  • When you delete an integration in Traceable, all the rules are deleted from Fortinet.

  • If you have more than one Template in Fortinet and wish to integrate them, you must create multiple integrations in Traceable.

  • If you wish to block a request, you must manually enable blocking in Fortinet.


Was this article helpful?