Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhdganji
Contributor

Automatic rule creation based on traffic in a specific time

Hi,

I know that with detailed reporting capabilities I can find the traffic and create rules but involving in a new mid-large environment and in order to expedite and accelerate rules creation, I'd like to know if it is possible make FortiOS or FortiAnalyzer to suggest or even create automated rules between network elements or not?

 

A simple example:

The traffic between backup servers and ESXi hosts (or let's say between this and that interface) sensed in the past week shows that a rule with these details will handle the traffic and disables all other unnecessary ones.

 

Is something similar to this possible using the Fortigate and FortiAnalyzer capabilities?

Especially in these days which AI, ML, etc are hot topics ;)

 

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
6 REPLIES 6
adambomb1219
Contributor III

With the Security Rating license some of this can be done.  Especially around suggesting rules that allow all/unsecure protocols or rules that have no hit counts.  I am not aware of a way to automatically create rules though.  That being said I don't think I would leave firewall rule creation up to automation.  Firewall rules should be purposeful, concise, and based on defined requirements.

mhdganji

Thanks

and what about the auto generating temporary or permanent block rule? Is that possible to block a source IP to a destination for example if it exceeds a number of connections or data size moving through the firewall?

 

I know about the DDOS rules but I need some more flexible ones.

 

Regards,

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
adambomb1219

DDoS Policies would be your threshold based.  If you need something more intelligent, then FortiDDoS would be the product you would place in front of the FortiGate.

fredery
Staff
Staff

Maybe you need to look at FortiPolicy.

 

https://docs.fortinet.com/product/fortipolicy/7.2

 

Did not use the product yet, seems to match a few of your objectives.

mhdganji
Contributor

Thanks to all

the FortiOS and learning mode are wonderful although it seems both of them need two other products to be purchased (Fortimanager, Fortipolicy)

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
Top Kudoed Authors