Fortinet black logo

Agentless ZTNA with FortiSIEM UEBA and FortiGate

Home FortiSIEM 7.1.4 Agentless ZTNA with FortiSIEM UEBA and FortiGate
7.1.4
7.1.6
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2

Configure Firewall Policy to Control Access for Devices in the IP Threat Feed

Configure Firewall Policy to Control Access for Devices in the IP Threat Feed

On the 1st Floor ISFW FortiGate, configure firewall policies that block traffic coming from devices on the IP Threat Feed (FSM_Threat_Feed). Also configure Internet access using restrictive web filters and application control for devices on the IP Threat Feed.

  1. On the 1st floor FortiGate, navigate to Policy & Objects > Firewall Policy.

  2. Click Create New.

  3. Configure settings for blocking traffic to Fabric Devices if the source is in the g-FSM_Threat_Feed list.

  4. Click OK. Ensure this policy is above more general ACCEPT policies.

  5. Navigate to Security Profiles > Application Control.

  6. Create a strict-appctrl profile that blocks all categories except for a few categories which are monitored.


  7. Navigate to Security Profiles > Web filter.

  8. Create a strict-webfilter profile that blocks all FortiGuard categories except for News & Media.

  9. Create a new firewall policy. Allow traffic if source is in the g-FSM_Threat_Feed list, but apply a strict web filter and application control profile.

  10. Click OK. Ensure this policy is above more general ACCEPT policies.

Previous
Next

Configure Firewall Policy to Control Access for Devices in the IP Threat Feed

On the 1st Floor ISFW FortiGate, configure firewall policies that block traffic coming from devices on the IP Threat Feed (FSM_Threat_Feed). Also configure Internet access using restrictive web filters and application control for devices on the IP Threat Feed.

  1. On the 1st floor FortiGate, navigate to Policy & Objects > Firewall Policy.

  2. Click Create New.

  3. Configure settings for blocking traffic to Fabric Devices if the source is in the g-FSM_Threat_Feed list.

  4. Click OK. Ensure this policy is above more general ACCEPT policies.

  5. Navigate to Security Profiles > Application Control.

  6. Create a strict-appctrl profile that blocks all categories except for a few categories which are monitored.


  7. Navigate to Security Profiles > Web filter.

  8. Create a strict-webfilter profile that blocks all FortiGuard categories except for News & Media.

  9. Create a new firewall policy. Allow traffic if source is in the g-FSM_Threat_Feed list, but apply a strict web filter and application control profile.

  10. Click OK. Ensure this policy is above more general ACCEPT policies.

Previous
Next