Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

KalanaChandrasiri
New Contributor

Created on ‎09-30-2019 11:42 PM

Firewall Rules for SIEM Implementation

Dear People,

We need to knnow exact URL/IP address what FortiSIEM get feeds from Outside (Internet) ? According our environment we cannot open full internet access to device. We only allowed to give specific IP/URL.

Note - The port definition sheet on external data source configuration is not clearly mentioed these details.


Where We can get these details any link/official document ?


Regards,
Kalana


------------------------------
kalana
------------------------------
Labels:
392
0 Kudos
1 Solution
FSM_FTNT
Staff
Staff

Created on ‎10-02-2019 03:38 AM

It depends on what services you are using.

To access the OS repo:

https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/
https://os-pkgs.fortisiem.fortinet.com/centos6/


If you are using FortiGuard IOC feed with FSM you will need to allow access as well to:

https://update.fortiguard.net
https://fds1.fortinet.com

Any other threat feeds configured or lookups, you will also need to allow access to them. For example Whois, VirusTotal, RiskIQ, etc.

View solution in original post

368
0 Kudos
3 REPLIES 3
FSM_FTNT
Staff
Staff

Created on ‎10-02-2019 03:38 AM

It depends on what services you are using.

To access the OS repo:

https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/
https://os-pkgs.fortisiem.fortinet.com/centos6/


If you are using FortiGuard IOC feed with FSM you will need to allow access as well to:

https://update.fortiguard.net
https://fds1.fortinet.com

Any other threat feeds configured or lookups, you will also need to allow access to them. For example Whois, VirusTotal, RiskIQ, etc.

369
0 Kudos
KalanaChandrasiri
New Contributor
In response to FSM_FTNT

Created on ‎10-02-2019 08:40 AM

Daniel,
Thank you very much for your feedback.

May I know what is the URL/IP for FortiSIEM License activation is done ?


Regards,
Kalana
368
0 Kudos
FSM_FTNT
Staff
Staff
In response to KalanaChandrasiri

Created on ‎10-02-2019 08:42 AM

Hi Kalana,

This is a manual download of the license and then upload in the ForitSIEM GUI.

Thanks

Dan
368
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.