Technical Tip: FortiEDR - 'Block on FireWall' action for Fortigate VDOM & ADOM
| Description | This article describes how to configure VDOM and ADOM to work with FortiEDR. |
| Scope | FortiEDR. |
| Solution | FortiManager integration is not possible in the current Cloud version 5.0.2v environment.
Request the Iso files from Support. For the Jumpbox installation, here are the requirements for the on-prem VM:
-> 2x CPU Core.
Support FortiGate VDOM -
1). Download the script that is saved here: https://storage.googleapis.com/fortiedr-soar-custom-connectors/PbFabricActionBlock_Fortigate_custom.py
2). Save it under a different name.
3). Edit it:
- Look for the string 'root' and replace it with the VDOM name (vdom='root' should be vdom=%VDOM_NAME%).
- Look for the string 'POLICY_GROUP_NAME' and set as its value the name of the group with the VDOM.
4). At the FortiEDR Console, do the following: - Go to Administration -> Integration. - Choose Add Connector -> Custom Connector. - Provide the VDOM details. - Choose jumpbox. - Select Add action. - Select the [+] button for loading the Action Manager. - Provide Name and Description. - Upload the edited script. - Save and Close.
Support FortiManager ADOM -
1). Download the script that is saved here: https://storage.googleapis.com/fortiedr-soar-custom-connectors/FortiManager_PbFabricActionBlock_custom_adom.py
2). Save it under a different name.
3). Edit it: look for the string 'CHANGEME' and replace it with the ADOM name and address group.
4). At the FortiEDR Console, do the following: - Go to Administration -> Integration. - Choose Add Connector -> Custom Connector. - Provide the ADOM details. - Choose jumpbox. - Select Add action. - Select the [+] button for loading the Action Manager. - Provide Name and Description. - Upload the edited script. - Save and Close. |