AlienVault® USM Anywhere™

Configuring the FortiGate App

Role Availability Read-Only Analyst Manager

To use the FortiGate App in USM Anywhere, you first need to log in to FortiGate to create the connected app and obtain the access token.

To create the connected app in FortiGate

  1. Log in to the FortiGate graphical user interface (GUI).
  2. From the Status dashboard, click the Administrators widget.
  3. Click your user ID and select Show active administrator sessions.
  4. Write down or copy the source address of the user ID.

    This will be used for the API's Trusted Host field in step 8.

  5. Go to System > Administrators > Create New > REST API Admin.

Connecting the FortiGate App in USM Anywhere

After you obtain the credentials, you must configure the connection within USM Anywhere.

To enable the AlienApp for FortiGate

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Available Apps tab

  3. On the AlienApps page, click the FortiGate tile.

  4. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.

  5. Click the Settings tab.
  6. Enter your information into the following fields:

    • FortiGate Firewall IP Address/Host Name
    • Port
    • FortiGate Access Token
  7. (Optional) Select Validate HTTPS host name and Require CA certificate checkboxes and enter the certificate authority (CA) certificate if you want to use this option.

  8. Click Save.

Uploading a CA Certificate (Optional)

If you leave the Require CA Certificate checkbox deselected, the AlienApp uses the browser's default browser trust store. When you select the Require CA Certificate checkbox, the certificate entered in the CA Certificate field takes precedence and is the only certificate trusted by the client.

There are two major use cases that might require you to upload your own certificate in the CA Certificate field:

  • The firewall was deployed with a self-signed Secure Sockets Layer (SSL) certificate. A certificate like this is typically generated on the firewall at the time of deployment. In this case, you need to export that self-signed certificate from the firewall and import it into the app's CA Certificate.
  • You have deployed the firewall with a SSL certificate signed by your own CA. In this case, you need to import the root or intermediate certificate from your CA so that the client has a trust chain that can include the SSL certificate and its chained intermediates that are deployed on the firewall.