Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.2
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiWeb 7.6.2 Administration Guide
    7.6.2
    8.0.5
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Receiving quarantined source IP addresses from FortiGate

    Receiving quarantined source IP addresses from FortiGate

    FortiGate can maintain a list of source IPs that it prevents from interacting with the network and protected systems. You can configure FortiWeb to receive this list of IP addresses at intervals you specify. You can then configure an inline protection profile to detect the IP addresses in the list and take an appropriate action.

    This feature is available only if the operating mode is Reverse Proxy or True Transparent Proxy.

    The IP Quarantine feature can be configured through two places:

    Please note that the System > Config > FortiGate Integration page will soon be discontinued. We advise transitioning to Security Fabric for Quarantine IPs retrieval configurations.

    Configuring IP Quarantine in both places is not supported; you must choose one.

    To enable IP Quarantine feature through Security Fabric > Fabric Connectors
    1. Log in to FortiGate.
    2. Enable Allow downstream device REST API access in Security Fabric > Fabric Connectors > Security Fabric Setup.
    3. Log in to FortiWeb.
    4. Go to Security Fabric > Fabric Connectors.
    5. Click FortiGate, then click Edit.
    6. Select Join Existing Fabric for Security Fabric Role.
    7. Configure the following settings. At this point, the Connection Status shows Unauthorized.

      StatusEnable it.
      Upstream IP

      The FortiGate IP. If you have multiple FortiGate appliances and they are deployed as Fabric net, enter the IP address of the Fabric root.

      This IP would be the IP of the interface that is selected in the Allow other Security Fabric devices to join field on the FortiGate.

      Upstream Port Use the default 8013.
      Configuration Sync

      Set it to default.

      Default means when Fabric connection with FortiGate is established, the Single Sign-On mode would be enabled automatically and FortiGate would enable synchronizing SAML Single-Sign-On related settings to the FortiWeb device.

      Local means when Fabric connection with the FortiGate is established, you need to manually enable Single Sign-On mode and manually configure the SAML Single-Sign-On settings.

      It's recommended to set it as Default.

      Management IPEnter FortiWeb GUI management IP.
      Management Port Enter FortiWeb GUI management HTTPS port. This must be the same as the setting of the HTTPS in System > Admin > Settings in FortiWeb.
    8. Log in to FortiGate.
    9. Authorize the FortiWeb.
    10. Log in to FortiWeb.
    11. You will see the Connection Status is now Authorized.
    12. Switch on the Status.
    13. Set the interval for the Quarantine IP retrieval.
    14. Click OK.
    To enable IP Quarantine feature through System > Config > FortiGate Integration

    Before you can begin configuring FortiGate integration, you have to enable it first.

    1. Go to System > Config > Feature Visibility.
      To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see "Permissions" on page 1.
    2. Locate Security Features.
    3. Enable FortiGate Integration.
    4. Click Apply.
    5. Go to System > Config > FortiGate Integration.
    6. Configure these settings:
      7. Enable Select to enable transmission of quarantined source IP address information from the specified FortiGate.
      FortiGate IP/Domain Name Specify the FortiGate IP address or domain name that is used for administrative access.
      FortiGatePort Specify the port that the FortiGate uses for administrative access via HTTPS.

      In most cases, this is port 443.
      Protocol Specify whether the FortiGate and FortiWeb communicate securely using HTTPS.

      Server Verification

      Enable this option to verify the TLS certificates used for the HTTPS connection between FortiWeb and FortiGate.

      Available only if HTTPS is selected for Protocol.

      CA

      Select the certificate for the HTTPS connection between FortiWeb and FortiGate. It should be uploaded in System > Admin > Certificates > Admin Cert CA.
      Administrator Name Specify the name of the administrator account that FortiWeb uses to connect to the FortiGate.
      Administrator Password Specify the password for the FortiGate administrator account that FortiWeb uses.
      Schedule Frequency Specify how often FortiWeb checks the FortiGate for an updated list of banned source IP addresses per hour, for example, once or twice per hour. The valid range is 1 to 5.
    7. Click Apply to save your changes.
    8. To configure FortiWeb to detect the quarantined IP addresses and take the appropriate action, configure the FortiGate Quarantined IPs settings in an inline protection profile. For details, see Configuring a protection profile for inline topologies.
    See also
    Previous
    Next

    Related Videos

    sidebar video

    FortiWeb: Automatically Retrieving FortiGate’s Quarantined IP list using the Security Fabric

    • 401 views
    • 1 years ago

    Receiving quarantined source IP addresses from FortiGate

    Receiving quarantined source IP addresses from FortiGate

    FortiGate can maintain a list of source IPs that it prevents from interacting with the network and protected systems. You can configure FortiWeb to receive this list of IP addresses at intervals you specify. You can then configure an inline protection profile to detect the IP addresses in the list and take an appropriate action.

    This feature is available only if the operating mode is Reverse Proxy or True Transparent Proxy.

    The IP Quarantine feature can be configured through two places:

    Please note that the System > Config > FortiGate Integration page will soon be discontinued. We advise transitioning to Security Fabric for Quarantine IPs retrieval configurations.

    Configuring IP Quarantine in both places is not supported; you must choose one.

    To enable IP Quarantine feature through Security Fabric > Fabric Connectors
    1. Log in to FortiGate.
    2. Enable Allow downstream device REST API access in Security Fabric > Fabric Connectors > Security Fabric Setup.
    3. Log in to FortiWeb.
    4. Go to Security Fabric > Fabric Connectors.
    5. Click FortiGate, then click Edit.
    6. Select Join Existing Fabric for Security Fabric Role.
    7. Configure the following settings. At this point, the Connection Status shows Unauthorized.

      StatusEnable it.
      Upstream IP

      The FortiGate IP. If you have multiple FortiGate appliances and they are deployed as Fabric net, enter the IP address of the Fabric root.

      This IP would be the IP of the interface that is selected in the Allow other Security Fabric devices to join field on the FortiGate.

      Upstream Port Use the default 8013.
      Configuration Sync

      Set it to default.

      Default means when Fabric connection with FortiGate is established, the Single Sign-On mode would be enabled automatically and FortiGate would enable synchronizing SAML Single-Sign-On related settings to the FortiWeb device.

      Local means when Fabric connection with the FortiGate is established, you need to manually enable Single Sign-On mode and manually configure the SAML Single-Sign-On settings.

      It's recommended to set it as Default.

      Management IPEnter FortiWeb GUI management IP.
      Management Port Enter FortiWeb GUI management HTTPS port. This must be the same as the setting of the HTTPS in System > Admin > Settings in FortiWeb.
    8. Log in to FortiGate.
    9. Authorize the FortiWeb.
    10. Log in to FortiWeb.
    11. You will see the Connection Status is now Authorized.
    12. Switch on the Status.
    13. Set the interval for the Quarantine IP retrieval.
    14. Click OK.
    To enable IP Quarantine feature through System > Config > FortiGate Integration

    Before you can begin configuring FortiGate integration, you have to enable it first.

    1. Go to System > Config > Feature Visibility.
      To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the System Configuration category. For details, see "Permissions" on page 1.
    2. Locate Security Features.
    3. Enable FortiGate Integration.
    4. Click Apply.
    5. Go to System > Config > FortiGate Integration.
    6. Configure these settings:
      7. Enable Select to enable transmission of quarantined source IP address information from the specified FortiGate.
      FortiGate IP/Domain Name Specify the FortiGate IP address or domain name that is used for administrative access.
      FortiGatePort Specify the port that the FortiGate uses for administrative access via HTTPS.

      In most cases, this is port 443.
      Protocol Specify whether the FortiGate and FortiWeb communicate securely using HTTPS.

      Server Verification

      Enable this option to verify the TLS certificates used for the HTTPS connection between FortiWeb and FortiGate.

      Available only if HTTPS is selected for Protocol.

      CA

      Select the certificate for the HTTPS connection between FortiWeb and FortiGate. It should be uploaded in System > Admin > Certificates > Admin Cert CA.
      Administrator Name Specify the name of the administrator account that FortiWeb uses to connect to the FortiGate.
      Administrator Password Specify the password for the FortiGate administrator account that FortiWeb uses.
      Schedule Frequency Specify how often FortiWeb checks the FortiGate for an updated list of banned source IP addresses per hour, for example, once or twice per hour. The valid range is 1 to 5.
    7. Click Apply to save your changes.
    8. To configure FortiWeb to detect the quarantined IP addresses and take the appropriate action, configure the FortiGate Quarantined IPs settings in an inline protection profile. For details, see Configuring a protection profile for inline topologies.
    See also
    Previous
    Next