Help
Blogs

Quick Guide to FortiGuard Advanced Bot Protection (ABP) Deployment

ggenard
Staff
Staff
‎01-30-2024 09:29 AM

Quick Guide to FortiGuard Advanced Bot Protection(ABP) Deployment

A significant portion of internet traffic is generated by Bot, and they can have both legitimate and malicious purposes. Enhancing application security with machine-learning capabilities is a proactive approach to detect and block sophisticated Bots. This can help protect against various threats, including data theft, account takeovers, and network resource overload. Machine learning allows security systems to adapt and identify new patterns of Bot behavior, making it a valuable tool in the ongoing battle against cyber threats.

 

Fortinet recently released FortiABP to detect and mitigate sophisticated Bot to prevent fraudulent activities, spamming, scraping, or other attacks on websites, applications, or APIs.​ FortiGuard ABP SaaS incorporates behavioral analysis and deep learning​ to protect businesses from financial losses, reputational damage, and regulatory penalties.​

 

With FortiABP protection is simplified by a few steps to follow. FortiABP is fully integrated and supported using FortiADC and FortiWeb as a reverse proxy. FortiADC and FortiWeb integration is based on API connector (attack query) with JS insertion to the HTTP/S responses. Via fabric connector FortiADC and FortiWeb shares metadata information such as IP, header, fingerprint and more) to the FortiGuard ABP engine for data analysis.

 

ggenard_0-1706635335923.png

Diagram 1: FortiABP Overview

 

With Fortinet machine learning algorithms, the FortiABP engine determines whether the client originates from a  Bot or a human. FortiABP makes the decision to either block, allow or initiates a Captcha validation.

 

Benefits and Importance of Advanced Bot Protection

FortiGuard Advanced Bot Protection is a SaaS (Software as a Service) solution designed to protect your online applications from malicious Bot and automated attacks. By incorporating FortiGuard Advanced Bot Protection (FortiGuard ABP) into FortiWeb's server policy, client traffic will be directed to the FortiGuard ABP service deployed on Google Cloud. It can analyze the traffic to identify any malicious Bot behavior and suggest appropriate actions in response. FortiGuard ABP builds up a machine learning model to protect against a wide range of threats, including Data harvesting, Credential stuffing attacks, Account takeover attempts, and DDoS attacks.

 

Advanced Bot Protection Cloud Licensing

To deploy FortiABP a few requirements are required such as Bot Cloud License and access to forticloud.com. When you receive the Bot Cloud license, find the Contract Registration Code under the Service Entitlement Summary. Login to your fortiCloud account or register.

 

ggenard_1-1706635335931.png

Diagram 2: FortiCloud Licensing

 

Once you completed the registration process, navigate to https://fortiabp.forticloud.com/ to configure your applications. Prior to configuring your applications, there are a few configurations to be made from the FortiADC or FortiWeb must be in the following release version 7.4.1.

 

  1. For FortiADC or FortiWeb navigate to the GUI and make sure the advanced-bot-domain configuration is disabled.

                           config system global
                           unset advanced-bot-domain
                           end

     2. Then navigate to fortiabp.forticloud.com and create a New Application.

 

ggenard_2-1706635335938.png

Diagram 3: Application Creation

 

Enter the domain name, choose the application region and application name. Then click save.

Once saved, copy the Application ID within the list of applications below to be added to the FortiADC or FortiWeb configuration.

ggenard_3-1706635335948.png

Diagram 4: Application ID List

 

Once a FortiGuard ABP Application is created, the Pre-Provisioning process begins, which triggers a request to the Professional Engagement Team (PET) to analyze your application details and to identify URLs to protect and insert the required JavaScript to enable the Advanced Bot Protection functionality. This process is currently conducted internally by the PET and requires 2 to 3 days to complete. If you wish to modify or add entries, please submit a request with Fortinet Support.


FortiADC Configuration

In the FortiADC portal navigate to Web Application Firewall>Bot Mitigation>Advanced Bot Protection> Create New

 

ggenard_4-1706635335963.png

Diagram 5:FortiADC Configuration

 

Note: In order to configure FortiADC with FortiABP, you must have a licensed FortiADC instance and Advanced Bot Protection licenses are valid. Check the status of Advanced Bot Protection in the Licenses widget on the Dashboard > Status page. It should display as Valid.

 

  1. Add a name of the ABP Rule and enable Status option.
  2. Add the Application ID that came from the ABP portal
  3. Select action type to Block, Deny, Silent-Deny, Alert or Captcha options.
  4. Select the Severity options
  5. Create a new Rule Exception or use an existing.

That completes the FortiADC to FortiABP configuration.

 

FortiWeb Configuration ABP Configuration

Note: In order to configure FortiWeb with FortiABP, you must have a licensed FortiWeb instance and Advanced Bot Protection licenses are valid. Check the status of Advanced Bot Protection in the Licenses widget on the Dashboard > Status page. It should display as Valid.

ggenard_5-1706635335966.png

Diagram 6: FortiABP Licensing

 

First is to navigate to the Dashboard>Status and the Advanced Bot Protection should be enabled. Without prior registration and licensing of the FortiABP, the configuration menus for ABP will not be enabled.

Validate and install license prior to configuration. Once license is configured on the FortiWeb, navigate to Bot Mitigation>Advanced Bot Protection and create new.

     

ABP Configuration

  1. Create new Name
  2. Copy the Application ID from the ABP portal that was generated and paste it within the configuration menu.
  3. Select action type to Block, Deny, Silent-Deny, Alert or Captcha options.
  4. Select the Severity Options
  5. create a new Rule Exception or use an existing and Save.
  6. Finally, Apply the ABP policy in a web protection protection after the configuration the advanced Bot protection policy.

ggenard_6-1706635335969.png

Diagram 7: FortiABP Settings

 

Policy Configuration

Navigate to Policy > Web Protection Profile.

  1. Select the Inline Protection Profile tab. 
  2. Select an existing web protection profile to which you want to include the Advanced Bot Protection policy. Click Edit.
  3. For Bot Mitigation > Advanced Bot Protection, select the Advanced Bot Protection policy from the drop-down list.
  4. Then Click OK.

Notes: The FortiWeb Advanced Bot Protection policy does not activate until the FortiGuard ABP Application is fully analyzed and Pre-Provisioned to protect the Application. Pre-Provisioning is required to identify all URLs that should be protected in your Application domain (such as login URLs), and the locations to which JavaScript need to be inserted to collect client information. Without these resources, FortiWeb will not be able to insert the necessary JavaScript for Bot detection. Pre-Provisioning is triggered upon creating the Application, and requires 2 to 3 days to complete. During this process, your FortiGuard ABP Application will be in Pending status until Pre-Provisioning is complete. When the Application status is Ready, Advanced Bot Protection can be activated in your FortiWeb.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

0 Kudos
Popular Articles
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.