JSA Risk Manager adapter for Fortinet FortiOS supports Fortinet FortiGate appliances that run the Fortinet operating system (FortiOS).
The following features are available with the Fortinet FortiOS adapter:
Telnet and SSH connection protocols
The Fortinet FortiOS adapter interacts with FortiOS over Telnet or SSH. The following list describes some limitations of JSA Risk Manager and the Fortinet FortiOS adapter:
Geography-based addresses and referenced policies are not supported by JSA Risk Manager.
Identity-based, VPN, and Internet Protocol Security policies are not supported by JSA Risk Manager.
Policies that use Unified Threat Management (UTM) profiles are not supported by the Fortinet FortiOS adapter. Layer 3 firewall policies only are supported.
Policy Routes are not supported.
Virtual Domains with Virtual Links that have partial IP addresses or no IP addresses are not supported.
The integration requirements for the Fortinet FortiOS adapter are described in following table:
Table 1: Integration Requirements for the Fortinet FortiOS Adapter
4.0 MR3 to 5.2.4
Required credential parameters
To add credentials in JSA, log in as an administrator and use Configuration Source Management on the Admin tab.
Supported connection protocols
To add protocols in JSA, log in as an administrator and use Configuration Source Management on the Admin tab.
Use any one of the following supported connection protocols:
User access level requirements
Read-write access for Fortinet firewalls that have VDOMs enabled
Read-only access for Fortinet firewalls that don't have VDOMs enabled
Commands that the adapter requires to log in and collect data
config system console
set output standard
Note: The config system console and set output standard commands require a user with read/write access to system configuration. If you use a read-only user with pagination enabled when you back up a Fortigate device, the performance is impaired significantly.
show system interface
get hardware nic <variable>
get system status
get system performance status
get router info routing-table static
get test dnsproxy 6
show firewall addrgrp
show firewall address
get firewall service predefined <variable>
show firewall service custom
show firewall service group
show firewall policy
show system zone
show firewall vip
show firewall vipgrp
show firewall ippool
Commands to use with VDOMs
config global to enter global configuration mode
config vdom; edit <vdom-name> to switch between VDOMs