---
title: "Fortinet integration"
slug: "fortinet-integration"
description: "Integrating Fortinet Web Application Firewall (WAF) with Traceable boosts API security by combining Fortinet’s protection against threats like SQL injection and XSS with Traceable’s API observability and AI-driven insights. This integration enables real-time detection and enhanced rule management, offering robust protection for web applications and APIs."
updated: 2026-05-14T06:49:59Z
published: 2026-05-14T06:49:59Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Fortinet integration

##### Updates (April 2026 to June 2026)

- *May 2026*— Updated the topic to add information about the availability of the enable and disable options for configured Fortinet integration. For more information, see [Manage configured integration](/v1/docs/fortinet-integration#viewing-configured-integration1).

Fortinet Web Application Firewall (WAF) is a powerful security solution designed to protect web applications from various cyber threats, including SQL injection, cross-site scripting (XSS), and other vulnerabilities commonly exploited by attackers. Integrating Traceable with Fortinet WAF enables organizations to bolster their security by combining Fortinet's advanced web application protection with Traceable's deep API observability and AI-driven insights. This integration allows for enhanced visibility into API traffic, real-time detection of security anomalies, and comprehensive protection for modern web applications and APIs against sophisticated attacks. Together, Traceable and Fortinet WAF provide a unified solution that enhances detection and prevention capabilities, ensuring robust security for dynamic API environments.

## What will you learn in this topic?

By the end of this topic, you will be able to understand:

- An overview of the steps required to set up the integration.
- The prerequisites for setting up the Fortinet integration with Traceable.
- The steps to integrate Fortinet with Traceable.
- The view of the created custom rules.

---

## Integration overview

This section provides high-level information on integrating AWS WAF with Traceable and managing threats.

1. **Installation** — Traceable allows you to choose from an agent-less or agent-based deployment option. For more information on Traceable agents, see [Installation](https://docs.traceable.ai/docs/installation).
2. **Integration Setup** — After deploying the agent, you can retrieve the credentials and configure the Fortinet integration. To do so, you must complete the following steps:
  1. **Prerequisites** — Log in to your Fortinet and fetch the required credentials to configure the integration. For more information, see [Before you begin](/v1/docs/fortinet-integration#before-you-begin).
  2. **Integration** — After obtaining the credentials from the previous steps, navigate to the Traceable platform and configure the integration. For more information, see [Set up the integration](/v1/docs/fortinet-integration#set-up-the-integration).
3. **Threat Management** — After setting up the integration, you can establish rules to allow, block, or monitor IP addresses according to your specific requirements. Traceable’s integration with Fortinet supports the following types of rules:
  1. **Threat Actors**— Any status change of the threat actor on the Traceable Platform is propagated to Fortinet. For example, if Traceable detects a threat actor and changes it to a deny state, Fortinet can block requests from that threat actor. Moreover, if you make any changes, such as adding a threat actor to the denylist or resolving the status, these changes are reflected in Fortinet within a few minutes. Traceable allows creating allowlists using *allowed* and *snoozed* states, and supports blocking using deny and suspended states under threat actors. For more information, see [Threat Actors](https://docs.traceable.ai/docs/threat-actors-new).
  2. **Malicious Source Rules (IP range only)** — If you configure any custom rules to enforce blocking, the action is to be executed through Fortinet.
  3. **Custom Signature Rules** —****You can set up the Custom Signature rules to block incoming requests from a specific URL by matching the corresponding endpoints. For more information, see [Custom Policy](https://docs.traceable.ai/docs/custom-policy#creating-custom-rules).

The following is a high-level integration diagram:

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/Traceable_Fortinet_High_level-integration_diagram.png)

Traceable Fortinet Integration Diagram

---

## Before you begin

Make a note of the following before you proceed with the integration:

- Ensure that you have the list of supported attributes and operators for Custom Signature rules. For more information, see [Support Matrix for Custom Signature Rules](https://docs.traceable.ai/docs/support-matrix-custom-signature-rules).
- Ensure that you have the API Key. To retrieve your API Key, contact your Fortinet WAF administrator to obtain access to the key. Alternatively, you can navigate to **System Settings** → **Settings** to fetch the API key. If you are creating multiple integrations, you can use the same API key for all of them.

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_waf_fortinet_api_key_nav.png)
- Ensure that you have the **Application** or **Template** ID. You can retrieve it from the URL. The screenshot below shows the **Template ID**:

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_waf_fortinet_template_ID(1).png)

Template ID Retrieval

---

## Set up the integration

To set up the Fortinet integration, log in to your Traceable account, navigate to **Integrations** ( ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/2025-07-09_12-58-50.png) ), and do one of the following:

- Search for *Fortinet*in the search bar.
- Under **All Integrations**, navigate to**WAF** → **Fortinet**.

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/Traceable_fortinet_nav(2).gif)

Fortinet Integration Navigation

In the Fortinet widget, click **Configure**,****and in the **Add New Fortinet Integration** slide-out panel, complete the following steps:

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/Traceable_Integrations_Fortinet_ADD_new_integration(1).png)

Add new Fortinet integration

1. **Integration Name**— A unique name for your integration, for example, *Fortinet_Traceable*.
2. (Optional) **Description**— A summary for your integration, for example, *Traceable_WAF_int*.
3. **Environment**— The environment for which you wish to integrate Fortinet. You can also choose **All Environments** to integrate Fortinet across all available environments.
4. **API Key** — The API key generated and fetched above. For more information, see [Before you begin](/v1/docs/fortinet-integration#before-you-begin).
5. **Rule scope**— The scope of the rule that you wish to apply this integration at an **Application** or **Template** level. A template-level integration will be applied to all applications that use the template. This means that all the rules applicable to the template will also apply to applications that inherit from it. Meanwhile, application-level integration applies to a specific Fortinet application.
6. **Target(s)** — The target for which you wish to apply this integration, for example, *Threat Actors.*
7. Click **Test Connection**, and after verification, **Save** is enabled.
8. Click **Save** to save the integration.

---

## Manage configured integration

After configuring the integration, you can view **Fortinet WAF Integration** under **Configured WAF Integrations**. Traceable gives you the flexibility to control how the integration operates. You can choose either of the following actions using the drop-down, according to your requirements:

- **Enabled** — You allow Traceable to actively update the WAF with the latest rules to enforce protection and monitor or block threats. When enabled, Traceable continuously sends new rules and updates to the WAF based on policy activity, helping enforce protections with the latest threat information and block suspicious traffic.
- **Disabled** — You stop Traceable from updating the WAF, so it no longer enforces new protections for that environment or region. When disabled, Traceable stops sending new rules and updates to the WAF for the selected environment or region, while other environments continue using their existing integration settings without impact. The WAF continues to enforce existing rules based on their last applied state, without receiving new updates. Traceable continues to detect and evaluate threats, but it does not enforce them through WAF.

---

## View the rules

You can view the custom rules by navigating to **Advanced Applications**→ **Custom rules**.

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_waf_Fortinet_view_rules.png)

Viewing Custom Rules

> [!NOTE]
> Note
> 
> - If a rule is deleted from a template, it is automatically deleted from all the applications that inherit that template.
> - Traceable adds all the threat actors to a single rule and synchronizes with Fortinet WAF.
> - A maximum of 24 rules can be created in Fortinet WAF. To view which rules have been synchronized, navigate to **Integrations** → **Integration Events**.
> - When you delete an integration in Traceable, all the rules are deleted from Fortinet.
> - If you have more than one Template in Fortinet and wish to integrate them, you must create multiple integrations in Traceable.
> - If you wish to block a request, you must manually enable blocking in Fortinet.

![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/Integration_events_fotinet.gif)

Integration Events

Custom Signature rules allow you to define precise conditions for evaluating incoming requests by examining attributes, such as headers, cookies, parameters, or payloads. By specifying operators and values for these attributes, you can detect and block malicious or unwanted traffic that may bypass default security protections. These rules provide fine-grained control over threat detection, enabling you to enforce security policies according to your requirements. Using these rules, you can improve your API and application security, reducing false positives, and address attack patterns that standard signatures may not cover.