Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 5.3.1 Administration Guide
    5.3.1
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Integrate with Checkpoint Firewall

    Integrate with Checkpoint Firewall

    All the configurations for CheckPoint Firewall are done with the SmartConsole.

    1. Configure the REST API permissions.

    1. Open the SmartConsole and go to Management API and click Advanced Settings > All IP addresses.
    2. Click Publish.
    3. Use SSH to log in to the manager server, then type api restart.
    4. Create a domain object named .quarantine.com.
    5. Create a network group object named fdc-block-ip.
    6. Add the domain object named .quarantine.com to the network group object named fdc-block-ip.
    7. Create a new policy rule.
      1. Create a new policy rule named quarantine.
      2. Set the policy Source to fdc-block-ip.
      3. Set Destination to Any.

      4. Set Action to Inline Layer > New Layer. Give the layer a name such as Cleanup Rule and click OK.

      5. Set Action to Drop.
      6. You can use the default settings for the other fields.
    8. (Optional) Make the CheckPoint Fire Wall pingable.
      1. Log in to the SmartConsole.
      2. Go to Global Properties and enable Accept ICMP requests.
      3. Install the policy.

    2. Configure FortiDeceptor

    1. On FortiDeceptor go to Fabric > Quarantine Integration, and click +Quarantine Integration with New Device.
    2. Configure the new device based on the following recommendations and click Save.

      Integrate Method

      Select CheckPoint-FW-Isolation.

      IP Block Policy (network Group Name)Enter the group object name you created (fdc-block-ip).
      Username

      Enter the Username for the management account in CheckPoint Fire Wall.

      You can create new admin with API permissions or use Admin.

      PasswordEnter the Password for the management account in CheckPoint Fire Wall.
      Verify SSLDisable.
      Install Policy After PublishEnable.

    Previous
    Next

    Integrate with Checkpoint Firewall

    Integrate with Checkpoint Firewall

    All the configurations for CheckPoint Firewall are done with the SmartConsole.

    1. Configure the REST API permissions.

    1. Open the SmartConsole and go to Management API and click Advanced Settings > All IP addresses.
    2. Click Publish.
    3. Use SSH to log in to the manager server, then type api restart.
    4. Create a domain object named .quarantine.com.
    5. Create a network group object named fdc-block-ip.
    6. Add the domain object named .quarantine.com to the network group object named fdc-block-ip.
    7. Create a new policy rule.
      1. Create a new policy rule named quarantine.
      2. Set the policy Source to fdc-block-ip.
      3. Set Destination to Any.

      4. Set Action to Inline Layer > New Layer. Give the layer a name such as Cleanup Rule and click OK.

      5. Set Action to Drop.
      6. You can use the default settings for the other fields.
    8. (Optional) Make the CheckPoint Fire Wall pingable.
      1. Log in to the SmartConsole.
      2. Go to Global Properties and enable Accept ICMP requests.
      3. Install the policy.

    2. Configure FortiDeceptor

    1. On FortiDeceptor go to Fabric > Quarantine Integration, and click +Quarantine Integration with New Device.
    2. Configure the new device based on the following recommendations and click Save.

      Integrate Method

      Select CheckPoint-FW-Isolation.

      IP Block Policy (network Group Name)Enter the group object name you created (fdc-block-ip).
      Username

      Enter the Username for the management account in CheckPoint Fire Wall.

      You can create new admin with API permissions or use Admin.

      PasswordEnter the Password for the management account in CheckPoint Fire Wall.
      Verify SSLDisable.
      Install Policy After PublishEnable.

    Previous
    Next