Hi,
I've just implemented the automated stitch on Fortigate to auto block the attacker's IP that are trying to connect IP Sec VPN and it is working perfectly fine.
The problem is that, since we are using FortiManager Cloud where all the policies and objects are synced and we are managing the configuration from it, at every new creation of IP object in Fortigate the Fortimanager becomes out of sync and need to re import the policy. Is it possible to automate it? OR Can we exclude some address objects, groups and policies from sync?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
By default auto-update should automatically push any change made on the FortiGate to the FortiManager. See: https://docs.fortinet.com/document/fortimanager/7.6.0/administration-guide/229356/auto-update-and-au...
Are you able to confirm if you have this option disabled?
Just to be more specific, I've automate the script to add the remote IP fetched from the log event and append it to the group that has been declared in local-in policy to block the external IPs.
Yes, I've already enabled it but it is only for configuration changes while policy and objects will remain unchanged, as also mentioned in this link.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.