Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Firewall Training » Fortigate Automation and Devops

Fortigate Automation and Devops

Fortigate Automation and Devops

FortiOS 6.0 introduces Automation Stitches as part of the Security Fabric. Automation Stitches can be used to automate certain actions in response to certain triggers. In addition, Automation Stitches can automate activities between the different components in the Fortinet Security Fabric. This new feature can drastically decrease the response times to security events, operation tasks, and network problems.

This article is a part of the series of Fortinet technical articles. In brief, the main configuration components of an automation stitch (Trigger and Action) are reviewed. The configuration methodology is presented and tested via indicative configuration examples. Finally, we will discuss how Indeni can significantly simplify operations and eliminate service outages in parallel with the deployment of automation to the Fortinet Security Fabric.

Are you a network administrator, system engineer, software engineer, Indeni Knowledge Expert (IKEs), or tech geek? If yes, then read on! This article is for you!

FortiGate Automation Stitches Methodology

An automation stitch consists of two main tasks, the trigger and the actions.  The trigger is the condition or event on the FortiGate that activates the action. For instance, a trigger could be a specific log message such as BGP neighbor status change. The action is what the FortiGate does in response to a trigger, e.g. send an email message or run a command script. Finally, it should be considered that automation stitches can only be created on the root FortiGate in a Security Fabric.

Creating Automation Stitches

The creation of an automation stitch requires a trigger event as well as a response action or actions to be selected. Most automation stitches support the option to be triggered with a false positive, e.g. create a fake log message to be able to simulate and test it. The following default automation stitches are included in FortiOS:

  • Compromised Host Quarantine
  • Incoming Webhook Quarantine
  • HA Failover
  • Network Down
  • Reboot
  • FortiAnalyzer Connection Down
  • License Expired Notification
  • Security Rating Notification

Triggers

A large number of available pre-configured triggers is supported. List of security fabric triggers:re included in FortiOS:

  • Compromised Host 
  • Security Rating Summary
  • FortiAnalyzer Event Handler
  • Fabric Connector Event
  • FortiGate Cloud-Based IOC

List of system triggers: 

  • Reboot
  • HA Failover
  • Conserve Mode
  • Configuration Change
  • License Expiry
  • AV & IPS DB Update
  • High CPU

Finally, triggers can be set also for the next cases. In particular, the FortiOS Log Event is common since multiple event log id can be used, e.g. OSPF status change or link status log messages. 

  • FortiOS Event Log
  • Incoming Webhook
  • Schedule (very helpful for common operation tasks like configuration backups)

Actions

Multiple actions can be configured for an automation stitch. 

Available actions for the Security category:

  • Access Layer Quarantine
  • FortiClient Quarantine
  • FortiNAC Quarantine
  • VMware NSX Security Tag
  • IP Ban

Sales Number : +91 9582 90 7788
Support Number : +91-9654016484
Sales Email : sales@itmonteur.net
Support Email : support@itmonteur.net

Register & Request Quote
Submit Support Ticket

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Juniper Firewall
Cisco Firewall
Checkpoint Firewall
paloalto Firewall
Fortinet Firewall
Forcepoint Firewall

 

Sophos Firewall
WatchGuard Firewall
Barracuda Firewall
Sonicwall Firewall
GajShield Firewall
Seqrite Firewall

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket

Firewall Firm is a Managed Firewall Security Solution Provider Company in India | Digital Marketing by SEO Company India | Powered by IT Monteur