IBM Security QRadar SOAR

Actually I'm confused regarding "IP Ban" function and other functions in Fortigate firewall app. The Firewall app comes with functions and no workflows.

 I had discussion with my network team and they want me to tell them back-end working of function, i mean we will just configure app using API token of fortigate and nothing else, So my question is how the IP Ban function will identify that where it will navigate in Firewall to block IP and what policy it will tamper with to block IP.

Would appreciate if someone explain this to me. Thanks

The Fortigate app comes with functions only out of box. You will need to create your own workflows using these functions. The only thing you need is the server address of your Fortigate firewall and a token from the Fortigate firewall (in app.config). You can configure the app for multiple Fortigate firewall servers if you like. The BanIP function calls the corresponding Fortigate API using the IP address you want to ban.

Actually I'm confused regarding "IP Ban" function and other functions in Fortigate firewall app. The Firewall app comes with functions and no workflows.

 I had discussion with my network team and they want me to tell them back-end working of function, i mean we will just configure app using API token of fortigate and nothing else, So my question is how the IP Ban function will identify that where it will navigate in Firewall to block IP and what policy it will tamper with to block IP.

Would appreciate if someone explain this to me. Thanks

Good day Guys

Hope all is well

We are using the Forti BAN IP and it is working well.. however I am now struggling to push the banned ip to multiple Fortigates.

I do add the secondary forti as suggested in the config but when I run the push it does not push the second one but only the first one.

Any ideas on where or how I should specify for it to use both?

Regards

The Fortigate app comes with functions only out of box. You will need to create your own workflows using these functions. The only thing you need is the server address of your Fortigate firewall and a token from the Fortigate firewall (in app.config). You can configure the app for multiple Fortigate firewall servers if you like. The BanIP function calls the corresponding Fortigate API using the IP address you want to ban.

Actually I'm confused regarding "IP Ban" function and other functions in Fortigate firewall app. The Firewall app comes with functions and no workflows.

 I had discussion with my network team and they want me to tell them back-end working of function, i mean we will just configure app using API token of fortigate and nothing else, So my question is how the IP Ban function will identify that where it will navigate in Firewall to block IP and what policy it will tamper with to block IP.

Would appreciate if someone explain this to me. Thanks