Configure and use 3rd Party threat feeds on a Fortigate Firewall

Рет қаралды 21,050

GraniteDan

Күн бұрын

Пікірлер: 21

@Maverus 3 жыл бұрын

Excellent video. I've never explored this in depth but you've definitely opened my eyes to the possibilities.

@GraniteDan 3 жыл бұрын

I am glad that it was helpful

@johnnyfernandez994 Жыл бұрын

thank you so much! I have an End of Sale / End of support Fortigate in my home network and fortunately with this video I could take advantage filtering malicious traffic withous official fortinet license, thats great! thanks and regards from Costa Rica!

@taza1411 7 ай бұрын

Thank you for this video it was extremely informative

@anto5741 Жыл бұрын

Thank you very much for your video. Regards

@MaxKulik Жыл бұрын

Great Video! Thanks for sharing!

@philiponstwedder1868 2 жыл бұрын

Thanks Dan. Good explanation. This helps.

@ryanprosser1823 Жыл бұрын

Fantastic video thank you! Great note about being able to leverage this to examine and compare malware hash for internal traffic across VLANs. I've always wondered if my network would slow if I routed VLANs on the firewall rather than our core switch...

@deejayboziah9800 Жыл бұрын

Well done video tutorial, Kudos. You didnt mention url haus, does it not need a firewall policy?

@sammydemaertelaere6271 3 жыл бұрын

Can you add the URL page where to find all the Blacklists. Thx and Great Video !!

@capricornnnn Жыл бұрын

Thanks. How you can implement this with SSLVPN? Now that so much vulnerabilities with SSL VPN and people scanning the internet, with port 443 opened from outside. A use case will be to use this for SSL VPN. It will be nice to have some information about it :). Talos link doesnt work. I dont find any IP block list. May be they have changed it.

@oinkersable 3 жыл бұрын

Good stuff Dan, thanks. Have you looked at impact to resources on the FGT when the feeds get polled and ip lists refreshed or when the policies using the feeds are hit?

@GraniteDan 3 жыл бұрын

I have a pair of 1500D's sitting in front of a class B of publicly routable address space. They are ingesting several feeds, one of which is an IP blocklist that blocks about 1.5 Billion hits a week. I have not noticed any change in system resources.

@oinkersable 3 жыл бұрын

@@GraniteDan Nice!

@fransishummel Жыл бұрын

what should be the format if we are uploading ips from a notepad file , i have uploaded it to my drive and connected , its connected but on show entries its showing errors !!

@JasonMilczek 4 ай бұрын

Highly recommend 1.5x playback speed on this video.

@rafaelaraujo7384 Жыл бұрын

Hey bro. Since fortigate use FortiGuard to provide realtime "security blocks" while using ISDBs for example, WHY we should use an IP address Threat Feed Integration?

@GraniteDan Жыл бұрын

Lots of reasons. 1st would probably be that no one security vendor catches everything. No matter how good their sales pitches are. 3rd Party feeds can complement Fortiguard services. Second might be in-house or industry maintained feeds. I used to work in higher education and lots of institutions across Canada pooled threat intel into a common misp database and those feeds could be ingested into member firewalls regardless of vendor. Or like the example in the video if you are running a dual stack internet connection and you want to block all traffic from TOR exit nodes both ipv4 and ipv6 (fortiguard ISDBs are ipv4 only). You may want to use a feed as an allowlist rather than a blocklist and you can do that using a feed because it just acts like an address object in a firewall policy. There are a lot of possibilities for this.

@rafaelaraujo7384 Жыл бұрын

@@GraniteDan great... Thanks for the answer... Do we haver a risk tô block falar positives? How would we deal with that?