Automatic rule creation based on traffic in a specific time
I know that with detailed reporting capabilities I can find the traffic and create rules but involving in a new mid-large environment and in order to expedite and accelerate rules creation, I'd like to know if it is possible make FortiOS or FortiAnalyzer to suggest or even create automated rules between network elements or not?
A simple example:
The traffic between backup servers and ESXi hosts (or let's say between this and that interface) sensed in the past week shows that a rule with these details will handle the traffic and disables all other unnecessary ones.
Is something similar to this possible using the Fortigate and FortiAnalyzer capabilities?
Especially in these days which AI, ML, etc are hot topics ;)
With the Security Rating license some of this can be done. Especially around suggesting rules that allow all/unsecure protocols or rules that have no hit counts. I am not aware of a way to automatically create rules though. That being said I don't think I would leave firewall rule creation up to automation. Firewall rules should be purposeful, concise, and based on defined requirements.
and what about the auto generating temporary or permanent block rule? Is that possible to block a source IP to a destination for example if it exceeds a number of connections or data size moving through the firewall?
I know about the DDOS rules but I need some more flexible ones.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.