Create FortiGate Policies

The FortiGate integration allows you to use certain OT Security Events to create firewall policies/rules in the FortiGate Next Generation Firewall. The Event types that allow this capability (supported events) are Baseline Deviation, Unauthorized Conversation, Intrusion Detection, and RDP Connection (authenticated and not authenticated). The FortiGate policy is set to automatically apply to the source and destination assets involved in the OT Security Event. By default, the policy causes FortiGate to deny (that is block) traffic of the specified type. A FortiGate administrator can adjust the policy settings in the FortiGate application.

Before you suggest FortiGate policies, you need to set up the integration for your FortiGate Firewall server with OT Security. See FortiGate Firewalls.

To suggest a FortiGate policy:

  1. In the relevant Events page (Configuration Events, SCADA Events, Network Threats, or Network Events), select the event for which you want to create a FortiGate policy.

  2. In the header bar, click Actions or right-click the event.

    A drop-down menu appears.

  3. Select Create FortiGate Policy.

    The Create Policy on FortiGate panel opens, with the Source Address and Destination Address of the assets involved in the OT Security Event already filled in.

  4. In the FortiGate Server drop-down box, select the required server.

  5. Click Create.

    The policy is created in FortiGate and the panel closes. You can view the new policy in the FortiGate application. A FortiGate administrator can adjust the settings as needed.