Fortinet white logo
Fortinet white logo

Deployment Overview

Deployment Overview

This document provides the steps necessary to configure FortiSIEM to provide the FortiGate with IP addresses that have been associated with suspicious or malicious activity.

Reading the concept guide prior to this document will ensure familiarity of the use case, terminology and methods that will be implemented.

The deployment expects that the customer has deployed FortiSIEM (either on premise or FortiSIEM Cloud) and a FortiGate that will consume the FortiSIEM watchlist for network enforcement.

Intended Audience

This guide is primarily created for a technical audience who may be new to configuring FortiSIEM, but familiar with FortiGate. The scenario can be applied to all size and types of organizations. Networking and security fundamentals are assumed. While best practices are applied, customization by the administrator will be required to ensure the final configuration meets a business’ needs.

About this Guide

The deployment guide serves the purpose of going through the design and deployment steps involved in deploying a specific architecture. Readers should first evaluate their environment to determine whether the architecture and design outlined in this guide is suitable for them. It is advisable to review the Reference Architecture Guide(s) if readers are still in the process of selecting the right architecture.

This deployment guide presents one of possibly many ways to deploy the solution. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in product admin guides and release notes and other documents where appropriate.

The term event or log can be used interchangeably and describes a text log generated by a computer operating system or application.

For comments and feedback, please visit Agentless ZTNA with FortiSIEM UEBA and FortiGate.

Deployment Overview

Deployment Overview

This document provides the steps necessary to configure FortiSIEM to provide the FortiGate with IP addresses that have been associated with suspicious or malicious activity.

Reading the concept guide prior to this document will ensure familiarity of the use case, terminology and methods that will be implemented.

The deployment expects that the customer has deployed FortiSIEM (either on premise or FortiSIEM Cloud) and a FortiGate that will consume the FortiSIEM watchlist for network enforcement.

Intended Audience

This guide is primarily created for a technical audience who may be new to configuring FortiSIEM, but familiar with FortiGate. The scenario can be applied to all size and types of organizations. Networking and security fundamentals are assumed. While best practices are applied, customization by the administrator will be required to ensure the final configuration meets a business’ needs.

About this Guide

The deployment guide serves the purpose of going through the design and deployment steps involved in deploying a specific architecture. Readers should first evaluate their environment to determine whether the architecture and design outlined in this guide is suitable for them. It is advisable to review the Reference Architecture Guide(s) if readers are still in the process of selecting the right architecture.

This deployment guide presents one of possibly many ways to deploy the solution. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in product admin guides and release notes and other documents where appropriate.

The term event or log can be used interchangeably and describes a text log generated by a computer operating system or application.

For comments and feedback, please visit Agentless ZTNA with FortiSIEM UEBA and FortiGate.