- 23 Oct 2024
- 3 Minutes to read
- Print
- PDF
Fortinet integration
- Updated on 23 Oct 2024
- 3 Minutes to read
- Print
- PDF
Fortinet Web Application Firewall (WAF) is a powerful security solution designed to protect web applications from various cyber threats, including SQL injection, cross-site scripting (XSS), and other vulnerabilities commonly exploited by attackers. Integrating Traceable with Fortinet WAF enables organizations to bolster their security by combining Fortinet's advanced web application protection with Traceable's deep API observability and AI-driven insights. This integration allows for enhanced visibility into API traffic, real-time detection of security anomalies, and comprehensive protection for modern web applications and APIs against sophisticated attacks. Together, Traceable and Fortinet WAF provide a unified solution that enhances detection and prevention capabilities, ensuring robust security for dynamic API environments.
Traceable’s integration with Fortinet supports the following types of rules:
IP range rules
Threat actor
Custom signature rules
The following is a high-level integration diagram:
Make a note of the following points regarding threat actor and IP range blocking:
Threat actor — Any status change of the threat actor on the Traceable Platform is propagated to Fortinet. For example, if Traceable detects a threat actor and changes it to a deny state, then the requests from this threat actor can be blocked using Fortinet. Moreover, if you make any changes, such as adding a threat actor to the denylist or resolving the status, then such changes are reflected in Fortinet in a few minutes.
IP-range blocking — If you configure any custom rules to enforce blocking, action is to be executed through Fortinet.
Before you begin
Make a note of the following before you proceed with the integration:
Custom signature attributes | Supported/Not supported |
---|---|
Request URL | Supported. |
Request header name | Supported (Only supports “Contains” expression). |
Request header value | Not supported. |
Request parameter name | Supported (Only the “Does not match pattern” operator is not supported). |
Request parameter value | Supported (Only the “Does not match pattern” operator is not supported). |
Request HTTP method | Supported. |
Request host | Supported. |
Request user agent | Supported |
Request body | Not supported. |
Request cookie name | Not supported. |
Request cookie value | Not supported. |
Request header | Supported. The request header only allows the "contains" operator for the header name, while it supports all operators for the header value. However, in Traceable, the header name should be configured as the “Matches Exactly” operator since “contains” is not supported in Traceable for the request header. |
Request cookie | Not supported. |
Request parameter | Supported. The request parameter supports all operators except for "does not match pattern." If there are multiple conditions, Fortinet uses OR expressions instead of AND. |
Configuration
Complete the following steps to integrate Fortinet with Traceable:
Log into your Traceable account and navigate to Integrations → WAF.
Configure the options in the Add New Fortinet Integration window. Provide the following:
Integration name — Provide a name for the integration.
Description (optional) — Describe the type of integration, such as dev, production, etc. This is an optional field.
Environments — Choose the environment for which you wish to integrate Fortinet. You can also choose All Environments, which will integrate Fortinet with all the available environments.
API Key — The API Key in Fortinet. Check with your Fortinet WAF administrator to get access to the key. Alternatively, you can navigate to System Settings → Settings to fetch the API key. If you are creating more than one integration, you can use the same API key in all the integrations.
Rule scope — You can apply this integration at an Application or Template level. A template-level integration will be applied to all the applications using the template. This means that all the rules that apply to the template would be applied to applications that inherit that template. Meanwhile, application-level integration applies to a specific application in Fortinet. Fetch the Application or Template ID from their URL. The screenshot below shows the Template ID:
Test the connection and click on Save.
You can view the custom rules by navigating to Advanced Applications → Custom rules.
Make a note of the following points:
If a rule is deleted from a template, it is automatically deleted from all the applications that inherit that template.
Traceable adds all the threat actors to a single rule and synchronizes with Fortinet WAF.
A maximum of 24 rules can be created in Fortinet WAF. To view which rules have synchronized, you can navigate to Integrations → Integration Events.
When you delete an integration in Traceable, all the rules are deleted from Fortinet.
If you have more than one Template in Fortinet and wish to integrate them, you must create multiple integrations in Traceable.
If you wish to block a request, you must manually enable blocking in Fortinet.