FortiGate Fabric Integration
Introduction
Fabric Integration applies to users with access to both FortiCNP and FortiGate. This Fabric integration is essentially FortiGate IPS log integration with FortiCNP.
FortiGate IPS (Intrusion Prevention System) detects and block external network attack before it can compromise the internal network. When such attack occurs, the FortiGate IPS logs integration deliver the IPS logs to FortiCNP as risk findings to provide additional layer threat management.
For additional details on FortiGate IPS, please see https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/565562/intrusion-prevention
FortiGate virtual machine is capable to monitor network traffic between multiple virtual machine instances and the public internet.
In this example, a FortiGate VM is installed in the AWS EC2 virtual network to protect a Linux server EC2 instance.
Prerequisite
- A FortiGate virtual machine instance should be installed on the cloud platform. For details on deploying FortiGate VM in a cloud platform (AWS), please see https://docs.fortinet.com/document/fortigate-public-cloud/7.0.0/aws-administration-guide/403036/deploying-fortigate-vm-on-aws
- The virtual machine instance that will be protected by FortiGate has to be in the same region as the FortiGate virtual machine in the cloud platform.
- The virtual machine that FortiGate protects should be onboarded onto FortiCNP before potential attack findings can be triggered. Only when connectivity is established between the FortiGate and the virtual machine can the attack logs be sent from FortiGate to FortiCNP.
- FortiCNP IPS Integration requires FortiOS version 6.4.0 or later.
In our example, the Linux server EC2 instance is in the same AWS account region as the FortiGate VM instance.
Configure FortiGate to Add to FortiCNP
Before adding the FortiGate VM on FortiCNP, there are some configuration steps required on FortiGate.
Create SSL/SSH Inspection Profile on FortiGate
Create FortiGate Firewall Policy
Add FortiGate VM on FortiCNP
Add Google Cloud Hosted FortiGate