Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiDAST 24.1.0 User Guide
    24.1.0
    24.3.a
    24.3.0
    24.2.0
    24.1.0
    23.4.0
    23.3.a
    23.3.0
    23.2.0
    23.1.a
    23.1.0

    Asset  Authorization

    Asset Authorization

    An asset must be successfully authorized to perform vulnerability scanning. The authorization process verifies asset ownership.

    1. Navigate to Scans Policy and click New Scan. Enter the IP address/FQDN and the Port of the asset.

      The maximum number of assets you can scan is displayed on the GUI as per your subscription. See Licensing.
    2. A unique asset token, UUID, is generated for each asset and is displayed on the page. Copy the UUID and configure it in any of the following methods.
      • Create a <UUID>.html file in the webroot of the asset's web server with no content. For example, a UUID ded8024f-54c1-4bd2-8d82-9ad30bf3e35e is generated for your asset, create an empty file named ded8024f-54c1-4bd2-8d82-9ad30bf3e35e.html.
      • Create a forti-uuid.html file in the webroot of the asset's web server with <forti-uuid hidden><UUID></forti-uuid> as the content. For example, a UUID ded8024f-54c1-4bd2-8d82-9ad30bf3e35e is generated for your asset, create a file named forti-uuid.html with <forti-uuid hidden>ded8024f-54c1-4bd2-8d82-9ad30b</forti-uuid> as content.
        #cat forti-uuid.html
        <forti-uuid hidden>ded8024f-54c1-4bd2-8d82-9ad30bf3e35e</forti-uuid>
      • Store the UUID as a custom attribute/create a DNS Text record with the data, forti-uuid=<UUID> in the domain management page.

        Add the DNS text record as per the configured asset URL. Consider the following examples.
        • If the configured asset is https://example.com then add the DNS text record in the root domain, example.com.
        • If the configured asset is https://web.example.com then add the DNS text record in the sub-domain, web.example.com. Authorization fails if the DNS text record is added in the root domain, example.com.
    3. Click on the Actions icon - and select Authorize. The status of the authorization process is displayed.


    Note: The licensing mechanism does not allow you to modify or delete an asset after it is authorized.

    Any variation in the FQDN, IP address, or port is considered as a separate asset. The following are some examples of such variations that are treated as separate assets.

    • http://example.com
    • http://fortinet.example.com
    • http://example.com:9020
    • http://10.34.222.202:8080

    If you have already authorized one of the root domains in your current license, you do not need to configure DNS TXT records or UUID for any new FQDN that is a subdomain for an existing authorized asset. You will not be required to authorize the subdomain again and the authorization will be bypassed.

    For example, if you have authorized the root domain fortinet.com, you do not need to configure DNS TXT records or UUID for the subdomains fortinet.com/subdomain1 and fortinet.com/subdomain2.

    Previous
    Next

    Asset  Authorization

    Asset Authorization

    An asset must be successfully authorized to perform vulnerability scanning. The authorization process verifies asset ownership.

    1. Navigate to Scans Policy and click New Scan. Enter the IP address/FQDN and the Port of the asset.

      The maximum number of assets you can scan is displayed on the GUI as per your subscription. See Licensing.
    2. A unique asset token, UUID, is generated for each asset and is displayed on the page. Copy the UUID and configure it in any of the following methods.
      • Create a <UUID>.html file in the webroot of the asset's web server with no content. For example, a UUID ded8024f-54c1-4bd2-8d82-9ad30bf3e35e is generated for your asset, create an empty file named ded8024f-54c1-4bd2-8d82-9ad30bf3e35e.html.
      • Create a forti-uuid.html file in the webroot of the asset's web server with <forti-uuid hidden><UUID></forti-uuid> as the content. For example, a UUID ded8024f-54c1-4bd2-8d82-9ad30bf3e35e is generated for your asset, create a file named forti-uuid.html with <forti-uuid hidden>ded8024f-54c1-4bd2-8d82-9ad30b</forti-uuid> as content.
        #cat forti-uuid.html
        <forti-uuid hidden>ded8024f-54c1-4bd2-8d82-9ad30bf3e35e</forti-uuid>
      • Store the UUID as a custom attribute/create a DNS Text record with the data, forti-uuid=<UUID> in the domain management page.

        Add the DNS text record as per the configured asset URL. Consider the following examples.
        • If the configured asset is https://example.com then add the DNS text record in the root domain, example.com.
        • If the configured asset is https://web.example.com then add the DNS text record in the sub-domain, web.example.com. Authorization fails if the DNS text record is added in the root domain, example.com.
    3. Click on the Actions icon - and select Authorize. The status of the authorization process is displayed.


    Note: The licensing mechanism does not allow you to modify or delete an asset after it is authorized.

    Any variation in the FQDN, IP address, or port is considered as a separate asset. The following are some examples of such variations that are treated as separate assets.

    • http://example.com
    • http://fortinet.example.com
    • http://example.com:9020
    • http://10.34.222.202:8080

    If you have already authorized one of the root domains in your current license, you do not need to configure DNS TXT records or UUID for any new FQDN that is a subdomain for an existing authorized asset. You will not be required to authorize the subdomain again and the authorization will be bypassed.

    For example, if you have authorized the root domain fortinet.com, you do not need to configure DNS TXT records or UUID for the subdomains fortinet.com/subdomain1 and fortinet.com/subdomain2.

    Previous
    Next