Technical Tip: FortiEDR - 'Block on FireWall' action for Fortigate VDOM & ADOM

kwernecke · ‎06-09-2022

Description

This article describes how to configure VDOM and ADOM to work with FortiEDR.

Scope

FortiEDR.

Solution

FortiManager integration is not possible in the current Cloud version 5.0.2v environment.

In 5.0.3v non-default ADOM & VDOM FortiManager integration can supported by adding a py script in the integration section. Also deploying an on-prem Jumpbox server is needed to do this.

Request the Iso files from Support.

For the Jumpbox installation, here are the requirements for the on-prem VM:

-> 2x CPU Core.
-> 8GB Of RAM.
-> 160GB HDD (SSD recommended).
-> External connection to connect to the FortiEDR Cloud environment.
-> And allow internal connection with the devices to be integrated (FortiManager).

Some custom scripts for configuration of VDOM and ADOM has been created to intergrate with FortiEDR Product.

Support FortiGate VDOM -

1). Download the script that is saved here: https://storage.googleapis.com/fortiedr-soar-custom-connectors/PbFabricActionBlock_Fortigate_custom....

2). Save it under a different name.

3). Edit it:

- Look for the string 'root' and replace it with the VDOM name (vdom='root' should be vdom=%VDOM_NAME%).

- Look for the string 'POLICY_GROUP_NAME' and set as its value the name of the group with the VDOM.

4). At the FortiEDR Console, do the following:

- Go to Administration -> Integration.

- Choose Add Connector -> Custom Connector.

- Provide the VDOM details.

- Choose jumpbox.

- Select Add action.

- Select the [+] button for loading the Action Manager.

- Provide Name and Description.

- Upload the edited script.

- Save and Close.

Support FortiManager ADOM -

1). Download the script that is saved here: https://storage.googleapis.com/fortiedr-soar-custom-connectors/FortiManager_PbFabricActionBlock_cust...