Fortinet integration

Updated
  • 5 minute(s) read
Prev Next
Updates (April 2026 to June 2026)

  • May 2026 — Updated the topic to add information about the availability of the enable and disable options for configured Fortinet integration. For more information, see Manage configured integration.

Fortinet Web Application Firewall (WAF) is a powerful security solution designed to protect web applications from various cyber threats, including SQL injection, cross-site scripting (XSS), and other vulnerabilities commonly exploited by attackers. Integrating Traceable with Fortinet WAF enables organizations to bolster their security by combining Fortinet's advanced web application protection with Traceable's deep API observability and AI-driven insights. This integration allows for enhanced visibility into API traffic, real-time detection of security anomalies, and comprehensive protection for modern web applications and APIs against sophisticated attacks. Together, Traceable and Fortinet WAF provide a unified solution that enhances detection and prevention capabilities, ensuring robust security for dynamic API environments.

What will you learn in this topic?

By the end of this topic, you will be able to understand:

  • An overview of the steps required to set up the integration.

  • The prerequisites for setting up the Fortinet integration with Traceable.

  • The steps to integrate Fortinet with Traceable.

  • The view of the created custom rules.

Integration overview

This section provides high-level information on integrating AWS WAF with Traceable and managing threats.

  1. Installation — Traceable allows you to choose from an agent-less or agent-based deployment option. For more information on Traceable agents, see Installation.

  2. Integration Setup — After deploying the agent, you can retrieve the credentials and configure the Fortinet integration. To do so, you must complete the following steps:

    1. Prerequisites — Log in to your Fortinet and fetch the required credentials to configure the integration. For more information, see Before you begin.

    2. Integration — After obtaining the credentials from the previous steps, navigate to the Traceable platform and configure the integration. For more information, see Set up the integration.

  3. Threat Management — After setting up the integration, you can establish rules to allow, block, or monitor IP addresses according to your specific requirements. Traceable’s integration with Fortinet supports the following types of rules:

    1. Threat Actors — Any status change of the threat actor on the Traceable Platform is propagated to Fortinet. For example, if Traceable detects a threat actor and changes it to a deny state, Fortinet can block requests from that threat actor. Moreover, if you make any changes, such as adding a threat actor to the denylist or resolving the status, these changes are reflected in Fortinet within a few minutes. Traceable allows creating allowlists using allowed and snoozed states, and supports blocking using deny and suspended states under threat actors. For more information, see Threat Actors.

    2. Malicious Source Rules (IP range only) — If you configure any custom rules to enforce blocking, the action is to be executed through Fortinet.

    3. Custom Signature Rules You can set up the Custom Signature rules to block incoming requests from a specific URL by matching the corresponding endpoints. For more information, see Custom Policy.

The following is a high-level integration diagram:

Traceable Fortinet Integration Diagram

Before you begin

Make a note of the following before you proceed with the integration:

  • Ensure that you have the list of supported attributes and operators for Custom Signature rules. For more information, see Support Matrix for Custom Signature Rules.

  • Ensure that you have the API Key. To retrieve your API Key, contact your Fortinet WAF administrator to obtain access to the key. Alternatively, you can navigate to System SettingsSettings to fetch the API key. If you are creating multiple integrations, you can use the same API key for all of them.

  • Ensure that you have the Application or Template ID. You can retrieve it from the URL. The screenshot below shows the Template ID:

Template ID Retrieval

Set up the integration

To set up the Fortinet integration, log in to your Traceable account, navigate to Integrations ( ), and do one of the following:

  • Search for Fortinet in the search bar.

  • Under All Integrations, navigate to WAFFortinet.

    Fortinet Integration Navigation

In the Fortinet widget, click Configure, and in the Add New Fortinet Integration slide-out panel, complete the following steps:

Add new Fortinet integration

  1. Integration Name — A unique name for your integration, for example, Fortinet_Traceable.

  2. (Optional) Description — A summary for your integration, for example, Traceable_WAF_int.

  3. Environment — The environment for which you wish to integrate Fortinet. You can also choose All Environments to integrate Fortinet across all available environments.

  4. API Key — The API key generated and fetched above. For more information, see Before you begin.

  5. Rule scope — The scope of the rule that you wish to apply this integration at an Application or Template level. A template-level integration will be applied to all applications that use the template. This means that all the rules applicable to the template will also apply to applications that inherit from it. Meanwhile, application-level integration applies to a specific Fortinet application.

  6. Target(s) — The target for which you wish to apply this integration, for example, Threat Actors.

  7. Click Test Connection, and after verification, Save is enabled.

  8. Click Save to save the integration.

Manage configured integration

After configuring the integration, you can view Fortinet WAF Integration under Configured WAF Integrations. Traceable gives you the flexibility to control how the integration operates. You can choose either of the following actions using the drop-down, according to your requirements:

  • Enabled — You allow Traceable to actively update the WAF with the latest rules to enforce protection and monitor or block threats. When enabled, Traceable continuously sends new rules and updates to the WAF based on policy activity, helping enforce protections with the latest threat information and block suspicious traffic.

  • Disabled — You stop Traceable from updating the WAF, so it no longer enforces new protections for that environment or region. When disabled, Traceable stops sending new rules and updates to the WAF for the selected environment or region, while other environments continue using their existing integration settings without impact. The WAF continues to enforce existing rules based on their last applied state, without receiving new updates. Traceable continues to detect and evaluate threats, but it does not enforce them through WAF.

View the rules

You can view the custom rules by navigating to Advanced Applications Custom rules.

Viewing Custom Rules

Note

  • If a rule is deleted from a template, it is automatically deleted from all the applications that inherit that template.

  • Traceable adds all the threat actors to a single rule and synchronizes with Fortinet WAF.

  • A maximum of 24 rules can be created in Fortinet WAF. To view which rules have been synchronized, navigate to IntegrationsIntegration Events.

  • When you delete an integration in Traceable, all the rules are deleted from Fortinet.

  • If you have more than one Template in Fortinet and wish to integrate them, you must create multiple integrations in Traceable.

  • If you wish to block a request, you must manually enable blocking in Fortinet.

Integration Events

©2025 Traceable by Harness | Terms of Service | Privacy Policy | OSS Disclosures