Recently, I have faced a challenge in creating the address objects in the Fortigate 2201E as the limitation is over 65000 firewall address objects. Since we are using multiple VDOMs the address object resource got exhausted.
The object creations are mainly contributed by the IOC blocks at the firewall itself.
Now we are left with the option of having the IOC blocks via external threat feed. But I would like to know if the Fortimanager integration would help in holding the address objects at the Fortimanager itself and cached at Fortigate, such a watch the objects wouldn't consume the fortigate resources.
Kindly let me know the feasibility of the same.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The external thread feed is a good choice.
Also using FortiGuard bad IP addresses DB may be the best way (if this is what you need).
You can find them under: Internet Service Database > IP Reputation Database.
You can use them in your firewall rules as source or destination.
Fortimanager only pushes the config changes and keeps track of them on Fortigate (in general terms).
If the objects are not on FortiGate, the config is not applied. Creating IOC blocks on FortiGate as address objects is not a good practice, as you have noticed, and external threat feeds is the way to go.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.