Fortinet FortiOS
IBM® QRadar® Risk Manager adapter for Fortinet FortiOS supports Fortinet FortiGate appliances that run the Fortinet operating system (FortiOS).
- Static NAT
- Static routing
- Telnet and SSH connection protocols
The Fortinet FortiOS adapter interacts with FortiOS over Telnet or SSH. The following list describes some limitations of QRadar Risk Manager and the Fortinet FortiOS adapter:
- Geography-based addresses and referenced policies are not supported by QRadar Risk Manager.
- Identity-based, VPN, and Internet Protocol Security policies are not supported by QRadar Risk Manager.
- Policies that use Unified Threat Management (UTM) profiles are not supported by the Fortinet FortiOS adapter. Only layer 3 firewall policies are supported.
- Policy Routes are not supported.
- Virtual Domains with Virtual Links that have partial IP addresses or no IP addresses are not supported.
The integration requirements for the Fortinet FortiOS adapter are described in following table:
| Integration Requirement | Description |
|---|---|
|
Version |
6.4.6 or earlier |
|
SNMP discovery |
No |
|
Required credential parameters To add credentials in QRadar, log in as an administrator and use Configuration Monitor on the Risks tab. |
Username Password |
| Supported connection protocols To add protocols in QRadar, log in as an administrator and use Configuration Monitor on the Risks tab. |
Use any one of the following supported connection
protocols: Telnet SSH |
| User access level requirements |
Read-write access for Fortinet firewalls that have VDOMs enabled. Read-only access for Fortinet firewalls that don't have VDOMs enabled. |
|
Commands that the adapter requires to log in and collect data |
config system console set output standard Note: The config system console and set output
standard commands require a user with read/write access to system configuration. If you
use a read-only user with pagination enabled when you back up a Fortigate device, the performance is
impaired significantly.
show system interface get hardware nic <variable> get system status get system performance status get router info routing-table static get test dnsproxy 6 show firewall addrgrp show firewall address show full-configuration get firewall service predefined <variable> show firewall service custom show firewall service group show firewall policy show system zone show firewall vip show firewall vipgrp show firewall ippool |
| Commands to use with VDOMs |
config global to enter global configuration mode config vdom; edit <vdom-name> to switch between VDOMs |