Fortinet black logo

User Guide

Home FortiAIOps 2.0.0 User Guide
2.0.0
2.0.1
2.0.0

Adding a FortiGate

Adding a FortiGate

The communication between the FortiAIOps application and FortiGate is secured by SSL/TLS encryption. Therefore, FortiAIOps can successfully discover a FortiGate only if a valid certificate is installed in FortiGate. However, FortiAIOps can also discover FortiGates with a default certificate over a trusted connection.

If a 3rd party certificate is installed in FortiGate for HTTPS/web server then the corresponding CA certificate should be Installed in FortiAIOps for successful discovery. For more information see Certificates and FortiGate Certificates.

The managed FortiGate IP address/FQDN configured in FortiAIOps must match the Subject Alternative Name (SAN) in the FortiGate certificate, else, the FortiGate discovery fails.

  • If the FortiGate IP address is configured in FortiAIOps then the SAN attribute in the certificate should be the FortiGate IP address.

  • If the FortiGate FQDN is configured in FortiAIOps then the SAN attribute is the certificate should be the FortiGate FQDN.

  • If the FortiGate IP address or FQDN are configured in FortiAIOps then the SAN attribute in the certificate should include both the FortiGate IP address and FQDN.

Notes:

  • FortiGate discovery fails if a certificate is from an unknown authority. Ensure to install specific CA certificate of FortiGate in FortiAIOps.

  • If a new certificate is installed in a managed FortiGate then Fortinet recommends to re-add the FortiGate in FortiAIOps.

  • For self-signed CA certificates generated in FortiGate, valid CA certificate should be installed in FortiAIOps.

  • To use a Let's Encrypt certificate, ensure to download and install the CA certificate of Let's Encrypt in FortiAIOps. For more information see Automated Certificate Management Environment (ACME).

To manually add a FortiGate controller, click Add and provide the following details.

  1. Select Standalone or HA Cluster if the FortiGate is an HA cluster.

  2. Enter the IP Address or FQDN of the controller and an optional Description.
    Note: If a 3rd party certificate is used by FortiGate then ensure to install a valid CA certificate in FortiAIOps.

  3. Enter the Username and Password for the controller.

  4. Select the Device Group. Controllers in the selected device group are added.

  5. Specify the HTTPS port. The default is 443.

  6. Specify the Timeout duration (milliseconds), that is, the maximum time allowed to establish a connection with FortiGate and obtain a response. The default value is 3000 milliseconds.

The added FortiGate controller is now listed.

Previous
Next

Adding a FortiGate

The communication between the FortiAIOps application and FortiGate is secured by SSL/TLS encryption. Therefore, FortiAIOps can successfully discover a FortiGate only if a valid certificate is installed in FortiGate. However, FortiAIOps can also discover FortiGates with a default certificate over a trusted connection.

If a 3rd party certificate is installed in FortiGate for HTTPS/web server then the corresponding CA certificate should be Installed in FortiAIOps for successful discovery. For more information see Certificates and FortiGate Certificates.

The managed FortiGate IP address/FQDN configured in FortiAIOps must match the Subject Alternative Name (SAN) in the FortiGate certificate, else, the FortiGate discovery fails.

  • If the FortiGate IP address is configured in FortiAIOps then the SAN attribute in the certificate should be the FortiGate IP address.

  • If the FortiGate FQDN is configured in FortiAIOps then the SAN attribute is the certificate should be the FortiGate FQDN.

  • If the FortiGate IP address or FQDN are configured in FortiAIOps then the SAN attribute in the certificate should include both the FortiGate IP address and FQDN.

Notes:

  • FortiGate discovery fails if a certificate is from an unknown authority. Ensure to install specific CA certificate of FortiGate in FortiAIOps.

  • If a new certificate is installed in a managed FortiGate then Fortinet recommends to re-add the FortiGate in FortiAIOps.

  • For self-signed CA certificates generated in FortiGate, valid CA certificate should be installed in FortiAIOps.

  • To use a Let's Encrypt certificate, ensure to download and install the CA certificate of Let's Encrypt in FortiAIOps. For more information see Automated Certificate Management Environment (ACME).

To manually add a FortiGate controller, click Add and provide the following details.

  1. Select Standalone or HA Cluster if the FortiGate is an HA cluster.

  2. Enter the IP Address or FQDN of the controller and an optional Description.
    Note: If a 3rd party certificate is used by FortiGate then ensure to install a valid CA certificate in FortiAIOps.

  3. Enter the Username and Password for the controller.

  4. Select the Device Group. Controllers in the selected device group are added.

  5. Specify the HTTPS port. The default is 443.

  6. Specify the Timeout duration (milliseconds), that is, the maximum time allowed to establish a connection with FortiGate and obtain a response. The default value is 3000 milliseconds.

The added FortiGate controller is now listed.

Previous
Next