Fortinet black logo

Agentless ZTNA with FortiSIEM UEBA and FortiGate

Home FortiSIEM 7.1.2 Agentless ZTNA with FortiSIEM UEBA and FortiGate
7.1.2
7.1.6
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2

Configure local-in Policy to Block Access From Devices in the IP Threat Feed

Configure local-in Policy to Block Access From Devices in the IP Threat Feed

On both the Enterprise Core and 1st Floor ISFW FortiGates, configure local-in policies that block access from devices on the IP Threat Feed (FSM_Threat_Feed). Packets arriving on the interface will be dropped and logged.

  1. On the Enterprise Core FortiGate’s CLI, configure the following rule:

    config firewall local-in-policy
    edit 1
        set intf "port3"
        set srcaddr "FSM_Threat_Feed"
        set dstaddr "all"
        set service "ALL"
        set schedule "always"
    next
end

  2. On the 1st Floor FortiGate’s CLI, configure the following rule:

    config firewall local-in-policy
    edit 1
        set intf "port1"
        set srcaddr "g-FSM_Threat_Feed"
        set dstaddr "all"
        set service "ALL"
        set schedule "always"
    next
end

  3. On both FortiGate, navigate to Log & Report > Log Settings.

  4. Under Global Settings, set Log denied unicast traffic to enable.

  5. Click Apply.

Previous
Next

Configure local-in Policy to Block Access From Devices in the IP Threat Feed

On both the Enterprise Core and 1st Floor ISFW FortiGates, configure local-in policies that block access from devices on the IP Threat Feed (FSM_Threat_Feed). Packets arriving on the interface will be dropped and logged.

  1. On the Enterprise Core FortiGate’s CLI, configure the following rule:

    config firewall local-in-policy
    edit 1
        set intf "port3"
        set srcaddr "FSM_Threat_Feed"
        set dstaddr "all"
        set service "ALL"
        set schedule "always"
    next
end

  2. On the 1st Floor FortiGate’s CLI, configure the following rule:

    config firewall local-in-policy
    edit 1
        set intf "port1"
        set srcaddr "g-FSM_Threat_Feed"
        set dstaddr "all"
        set service "ALL"
        set schedule "always"
    next
end

  3. On both FortiGate, navigate to Log & Report > Log Settings.

  4. Under Global Settings, set Log denied unicast traffic to enable.

  5. Click Apply.

Previous
Next