Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Fortinet FortiOS

 

JSA Risk Manager adapter for Fortinet FortiOS supports Fortinet FortiGate appliances that run the Fortinet operating system (FortiOS).

The following features are available with the Fortinet FortiOS adapter:

  • Static NAT

  • Static routing

  • Telnet and SSH connection protocols

The Fortinet FortiOS adapter interacts with FortiOS over Telnet or SSH. The following list describes some limitations of JSA Risk Manager and the Fortinet FortiOS adapter:

  • Geography-based addresses and referenced policies are not supported by JSA Risk Manager.

  • Identity-based, VPN, and Internet Protocol Security policies are not supported by JSA Risk Manager.

  • Policies that use Unified Threat Management (UTM) profiles are not supported by the Fortinet FortiOS adapter. Layer 3 firewall policies only are supported.

  • Policy Routes are not supported.

  • Virtual Domains with Virtual Links that have partial IP addresses or no IP addresses are not supported.

The integration requirements for the Fortinet FortiOS adapter are described in following table:

Table 1: Integration Requirements for the Fortinet FortiOS Adapter

Integration Requirement

Description

Version

4.0 MR3 to 5.2.4

SNMP discovery

No

Required credential parameters

To add credentials in JSA, log in as an administrator and use Configuration Source Management on the Admin tab.

Username

Password

Supported connection protocols

To add protocols in JSA, log in as an administrator and use Configuration Source Management on the Admin tab.

Use any one of the following supported connection protocols:

Telnet

SSH

User access level requirements

Read-write access for Fortinet firewalls that have VDOMs enabled

Read-only access for Fortinet firewalls that don't have VDOMs enabled

Commands that the adapter requires to log in and collect data

config system console

set output standard

Note: The config system console and set output standard commands require a user with read/write access to system configuration. If you use a read-only user with pagination enabled when you back up a Fortigate device, the performance is impaired significantly.

show system interface

get hardware nic <variable>

get system status

get system performance status

get router info routing-table static

get test dnsproxy 6

show firewall addrgrp

show firewall address

show full-configuration

get firewall service predefined <variable>

show firewall service custom

show firewall service group

show firewall policy

show system zone

show firewall vip

show firewall vipgrp

show firewall ippool

Commands to use with VDOMs

config global to enter global configuration mode

config vdom; edit <vdom-name> to switch between VDOMs