FortiNDR Cloud for FortiManager

Home FortiNDR Cloud FortiNDR Cloud for FortiManager

FortiNDR Cloud for FortiManager

Through an integration with the FortiGate NGFW, analysts using FortiNDR Cloud can pivot from NDR Cloud's network-based detections to block malicious external traffic using NGFW tools, decreasing incident investigation and response times.

Requirements

Network	FortiManager must be accessible from the internet and running on port 443 FortiManager API interface is reachable from public cloud for FortiNDR Cloud.
Users	The FortiManager user needs to be an administrator with JSON API Access with Read-Write privileges. For information about creating FortiManager users, see Creating administrators in the FortiManager Administration Guide.
Certificates	FortiManager host should have valid CA signed certificate(s). Intermediate certificates must be configured in FortiManager. For information, see Validating SSL certificates.

Limitations

This integration does not support scenarios where there is an intermediate switch that introduces address translation or masking in between FortiGate, the individual assets, and the FortiNDR Cloud sensor.
Integration with FortiManager and FortiGate deployed within public cloud platforms such as AWS and Azure is not supported.
Self-signed certificates are not supported.

Enabling FortiNDR Cloud for FortiManager

To enable FortiNDR Cloud for FortiManager:

In FortiNDR Cloud click the gear icon at the top-right of the page and select Account Management. If you have multiple accounts, select an account .
Click the Modules tab.
Scroll to the bottom of the page to the FortiGate via FortiManager tile.
Click Enable. The Configure dialog opens.
Configure the integration and click Save.
Username Enter the FortiManager Username.
Password Enter the FortiManager Password.
URL Enter the URL for the FortiManager.

Viewing FortiManager in the Entity Panel

To view the FortiManager device details in FortiNDR Cloud, click the IP managed by FortiGate anywhere you see it in the portal. For more information, see Entity Panel.

Example

Click the Investigations tab.
Search for an investigation that contains an IP that is behind a managed FortiGate..
Click View Results.
Click the src ip. The Entity Panel opens.
Click the FortiManager link to view the device details.

Troubleshooting

Validating SSL certificates

To validate the certificate to ensure it will work with the integration, run the following command:

openssl s_client -debug -showcerts -connect <Fortimanager_host> |grep error

Replace <Fortimanager host> with your FortiMangers host without the https protocol.

For example:

openssl s_client -debug -showcerts -connect fortimanager.mydomain.com:443 |grep error

If you can access FortiManager from your browser, but not the openssl command, you are most likely missing intermediate certificates. For information about uploading intermediate CA certificates in FortiManager, see Upload the intermediate CA certificate to FortiManager in the FortiManager Examples Guide .

FortiNDR Cloud - FortiGate NGFW Integration

608 views
2 months ago

FortiNDR Cloud for FortiManager

Requirements

Network	FortiManager must be accessible from the internet and running on port 443 FortiManager API interface is reachable from public cloud for FortiNDR Cloud.
Users	The FortiManager user needs to be an administrator with JSON API Access with Read-Write privileges. For information about creating FortiManager users, see Creating administrators in the FortiManager Administration Guide.
Certificates	FortiManager host should have valid CA signed certificate(s). Intermediate certificates must be configured in FortiManager. For information, see Validating SSL certificates.

Limitations

This integration does not support scenarios where there is an intermediate switch that introduces address translation or masking in between FortiGate, the individual assets, and the FortiNDR Cloud sensor.
Integration with FortiManager and FortiGate deployed within public cloud platforms such as AWS and Azure is not supported.
Self-signed certificates are not supported.

Enabling FortiNDR Cloud for FortiManager

To enable FortiNDR Cloud for FortiManager:

In FortiNDR Cloud click the gear icon at the top-right of the page and select Account Management. If you have multiple accounts, select an account .
Click the Modules tab.
Scroll to the bottom of the page to the FortiGate via FortiManager tile.
Click Enable. The Configure dialog opens.
Configure the integration and click Save.
Username Enter the FortiManager Username.
Password Enter the FortiManager Password.
URL Enter the URL for the FortiManager.

Viewing FortiManager in the Entity Panel

To view the FortiManager device details in FortiNDR Cloud, click the IP managed by FortiGate anywhere you see it in the portal. For more information, see Entity Panel.

Example

Click the Investigations tab.
Search for an investigation that contains an IP that is behind a managed FortiGate..
Click View Results.
Click the src ip. The Entity Panel opens.
Click the FortiManager link to view the device details.

Troubleshooting

Validating SSL certificates

To validate the certificate to ensure it will work with the integration, run the following command:

openssl s_client -debug -showcerts -connect <Fortimanager_host> |grep error

Replace <Fortimanager host> with your FortiMangers host without the https protocol.

For example:

openssl s_client -debug -showcerts -connect fortimanager.mydomain.com:443 |grep error

Username	Enter the FortiManager Username.
Password	Enter the FortiManager Password.
URL	Enter the URL for the FortiManager.