Fortinet FortiGate गाइड

Is guide ka upyog karke FortiGate me External Connectors ke through Cybora add karein. FortiGate feed ko dynamic external object ke roop me import karta hai aur aapke feed URL se sync me rakhta hai.

What FortiGate can do with a Cybora feed

• IP address feeds ko firewall policies, proxy policies, local-in policies aur ZTNA rules me source ya destination object ke roop me use kiya ja sakta hai. Ye DNS filter profiles me external IP block list ke roop me bhi use ho sakte hain.
• Domain feeds DNS filter profiles me Remote Categories ban jate hain aur matching domains ko block ya monitor karne ke liye use kiye ja sakte hain.
• Agar aap URL-style indicators use karte hain, to apni FortiOS release ke supported URL ya FortiGuard Category style feed ka use karein. Practically, IP feeds zyada tar firewall policy objects ke through enforce hote hain, jabki domain feeds DNS filtering ke through.

Before you start

• Aisi FortiGate ya FortiOS release use karein jo Security Fabric > External Connectors ko support karti ho.
• Ensure karein ki FortiGate aapke Cybora feed URL ko HTTP ya HTTPS ke through reach kar sakta ho.
• Apne plan aur use case ke hisab se sahi Cybora feed type use karein.
• Feed file plain text me honi chahiye, ek entry per line.
• Agar aap multi-VDOM mode use karte hain, to pehle decide karein ki connector global VDOM me banana hai ya kisi specific VDOM me.

Create the external connector

1. Security Fabric > External Connectors par jayen aur Create New click karein.
2. Wahi feed type select karein jo aapke Cybora feed se match karti ho. IP indicators ke liye IP Address aur domain indicators ke liye Domain Name use karein.
3. Connector ka clear naam dein.
4. Update method ko External Feed par set karein.
5. Apna Cybora feed URL, URL of external resource me paste karein.
6. HTTP basic authentication ko disabled rakhein, jab tak aapke specific feed ko iski zarurat na ho.
7. Refresh Rate ko apne Cybora plan ke bilkul hisab se set karein. Allowed interval ke andar sirf ek request permitted hai. Agar FortiGate plan se zyada frequently poll karega, to feed block ho sakta hai.
8. Connector save karein aur confirm karein ki wo enabled hai.

Apply the feed in FortiGate

1. IP address feeds ke liye imported object ko relevant firewall policy me source ya destination ke roop me use karein.
2. Domain feeds ke liye imported feed ko DNS filter profile me Remote Category ke roop me use karein.
3. Agar aap matching traffic block karna chahte hain, to ensure karein ki consuming policy ya security profile imported feed ke adhar par traffic deny ya block kare.
4. Logging enable karein taaki matches validate karna aur troubleshoot karna aasaan ho.

Validation

1. External connector khol kar Last Update aur connection status check karein.
2. View Entries use karke confirm karein ki FortiGate ne expected indicators import kiye hain.
3. Verify karein ki connector intended policy ya DNS filter profile me referenced hai.
4. Known matching traffic ke saath test karein aur related policy, DNS filter ya security logs review karein.

Agar FortiGate temporary taur par external server tak connectivity kho deta hai, to existing imported list kuch samay tak kaam karti reh sakti hai, lekin connectivity restore hone tak refresh nahi hoga.

Further reading

• Configuring a threat feed
• External feeds
• IP address threat feed
• Domain name threat feed
• External feed connectors per VDOM