In this article:
Take the following integration steps to provide ISS Internal Security with necessary information to communicate with your Fortinet FortiGate firewall product.
When integrated, Internal Security extracts the following information from FortiGate:
- System firmware data
- Anomalies in the system
- Rate-based intrusion prevention signals
- Intrusion prevention rules
- Intrusion prevention global settings
- Intrusion prevention sensor data
- FortiGate routing table entry
- FortiGate subnet data
- Antivirus profiles
- Control enforced on applications installed on systems behind FortiGate
- Antivirus settings
- Threat traffic
- FortiGate security rating data
- WAF Firewall profiles
- WAF Firewall signatures
- DNS filter settings and data
Prepare for your integration
Before configuring the integration do the following:
- To enable communication with Internal Security, add the IP address 220.127.116.11 to your allowlist.
- Install Internal Security from Integrate360°: Marketplace. See ISS Internal Security module for guidance.
- Make sure you have administrative permissions in FortiGate or access to an administrator.
The Internal Security integration requires the following configuration values:
|Access token (API key)||A token provides permission to perform the GET request.|
|Base product URL||
The public IP address and port number of the FortiGate installation.
Note: It is only necessary to specify the port number if it is not 80 or 443.
Note: Contact your internal Support or Engineering team if you are unable to provide the information required for this integration.
Step 1: Create an API key
Create a key that will provide Internal Security with read-only access to FortiGate data:
- Log into FortiGate.
- Select Administrators from the System tab.
- Select REST API Admin from the Create New drop-down list.
- Enter a new username and select Create to make a new administrative profile.
- Set Read permissions for all access control settings and click OK.
- Select the newly created profile from the drop-down list.
Note: Make sure the PKI Group and CORS Allow Origin profile settings are disabled.
- In the profile, click Regenerate for API Key.
- Copy the generated key for use in the next step. Then, click Close.
Note: Make sure the administrator you created appears in the REST API Administrator table.
Step 2: Add a FortiGate integration in Internal Security
Provide Internal Security with the required information for communicating with FortiGate:
- In your Scorecard header, select the Internal Security tab. Then, select Internal Security again.
- Click Add integrations.
- Select Fortinet FortiGate from the drop-down list.
- Enter the required information from the preceding step and then click Save Configuration:
- The access token (API Key in FortiGate)
- The base product URL for the API
Note: Make sure to precede the URL with http:// or https://, depending on which protocol applies. Also, It is only necessary to specify the port number for the base product URL if it is not 80 or 443.
Your new integration appears in a table on the Internal Security page. Start viewing your Internal Security score and findings within 24 hours.
Note: Internal Security starts to provide data within 24 hours for each new integration as it syncs with SecurityScorecard's scanning and scoring cycles.