Login
    Contents x
    Fortinet FortiGate
    • 10 Apr 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Fortinet FortiGate

    • Updated on 10 Apr 2024
    • 3 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Fortinet FortiGate is a next-generation firewall providing security and visibility for end-to-end protection across the entire enterprise network.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices

    Parameters

    1. Host Name (required) - The hostname or IP address of the Fortinet FortiGate server.
    2. Port (optional) - If not supplied, Axonius will use TCP port 443.
    3. User Name and Password (required) - The credentials for a user account that has the Required Permissions to fetch assets.
    4. Virtual Domain (optional) - Specify a comma-separated list of Virtual Domains (VDOMs).
      • If supplied, Axonius will fetch data from specified virtual domains.
      • If not supplied, Axonius will use 'vdom' value.
    5. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
    6. Is FortiManager Server - Select whether the Fortinet Fortigate is a FortiManager server.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    image.png

    Advanced Settings

    Note:

    Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

    1. DHCP lease time (seconds) (required, default: 604800) - Specify the DHCP lease time, that refers to the life of an IP address remains assigned to a device.
    2. Interfaces exclude list (optional) - Specify a comma-separated list of Fortinet FortiGate interfaces.
      • If supplied, all connections for this adapter will only fetch devices that are not associated with the specified interfaces.
      • If not supplied, all connections for this adapter will fetch devices associated with any interface.
    3. VMware Interfaces exclude list (optional) - Specify a comma-separated list of Fortinet FortiGate interfaces.
      • If supplied, all connections for this adapter will only fetch virtual devices that are not associated with the specified interfaces.
      • If not supplied, all connections for this adapter will fetch virtual devices associated with any interface.
    4. Do not fetch OS Type field (optional) - Select to exclude fetching data from the OS Type field.
    5. Allow IPSEC VPN devices - Select to allow fetching IPSEC VPN devices.
    6. Fetch managed Fortigate devices - Select to fetch managed FortiGate devices.
    7. Use Fortigate new OS version parser - Select this option to fetch the OS minor version from another field on a FortiOS device instance.
    8. Fetch firewall rules - Select this option to fetch all the firewall rules, as well as their policies and addresses.
    9. Maximum number of chunks (default:50) - Enter a number to set the maximum number of parallel chunks to fetch information from the ADOMs. This can be a value between 50 and 100. Select the number of parallel calls that works best with your system.
    10. Fetch VPN SSL Sessions as Devices - Select this option to fetch VPN SSL sessions as Devices.


    Note:

    For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.


    Required Permissions

    The value supplied in User Name must have read access to devices.

    To create a user

    1. Connect to your FortiGate router as admin.

    2. In the global virtual domain, click System and then Admin Profiles.
      Create a new profile that grants only Read Only access control for the following:

      • System Configuration.
      • User and Device
      • System Configuration
      • Network Configuration
      • Log & Report
      • Firewall Configuration
      • VPN Configuration
      • Security Profile Configuration

    3. Set JSON API Access to Read Only.

    4. Click OK. Then select the Administrators tab. Create a new user and fill in the details.

    5. Apply the following permissions:

      • Admin Profile
      • Administrative Domain
      • JSON API Access.

    Note that Auth Type does not have to be RADIUS>

    FortigaePermissions

    1. From the Administrator Profile dropdown, select the recently created profile.

    2. From the Virtual Domains dropdown, select which virtual domains you want to grant access.

      image.png

    3. Log out of the admin panel and log in again to create the user.
      image.png


    Version Matrix

    This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.

    VersionSupportedNotes
    5.3.0Yes

    Supported From Version

    Supported from Axonius version 4.5


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout