Announcing Fortinet FortiGate Support

Indeni automation platform delivers a level of proactiveness that easily prevents IT outages. Check Point and Palo Alto Networks firewall users have been enjoying this benefit for year. We’re excited to announce the release of Fortinet FortiGate support. With automation, Fortinet users can have the same ability to resolve costly issues before they arise.


See below for five runbook automation best practices that make sure your FortiGate firewalls are up and running.

Situation 1: Policy Violation

Symptom

Users are suddenly able to get to sites that they are not supposed to, or all traffic is blocked.

Root Cause

Website categorization leverages FortiGuard, which is a DNS server that accepts specially formatted DNS queries to obtain the categorization of a website that an end-user is visiting. This can be set to ‘fail closed’ or ‘fail open’, if it’s set to ‘fail closed’ and the DNS goes down, all web traffic will be blocked. If it is set to ‘fail opened’ and the DNS goes down, all traffic will be allowed.

How Can Indeni Proactively Avoid This Chaotic Situation?

Indeni regularly checks the status of the DNS to ensure that the DNS resolution is working properly.

Situation 2: The Network Is Down

Symptom

Users report issues with accessing resources behind a firewall (or on the Internet). Attempting to modify the firewall configuration to fix the issue results in an error message.

Root Cause

When a Fortinet NGFW goes over 80% memory utilization, the firewall enters conserve mode, possibly disabling features and no configuration changes can be made. This could be very disruptive because often you need to make configuration changes in order to fix the issue. The only way to exit conserve mode is to reboot.

How Does Indeni Prevent FortiGate From Entering Conserve Mode?

Indeni regularly checks memory utilization and generates preemptive alerts.

Situation 3: The Firewall Dies

Symptom

The firewall is no longer passing traffic, management is inaccessible.

Root Cause

Fortinet had several production runs that included SSDs from a batch that were prematurely failing. When the SSD fails, management is no longer able to load and eventually the firewall crashes.

How Does Indeni Proactively Avoid The Firewall From Crashing?

Indeni regularly checks to see if logging to local disk is enabled. It is recommended that this be disabled as it causes excessive wear and tear on the SSDs leading to premature failure of the SSDs.

Situation 4: Lost Internet Connectivity

Symptom

Users have completely lost internet connectivity and are getting a “License Expired” page.

Root Cause

When a Fortinet NGFW has web filtering enabled and the license expires, all web traffic is dropped and users are presented with a ”License Expired” page in their browsers.

How Does Indeni Proactively Avoid This Issue?

Checking license expiration can be a time consuming task and easily forgotten. Indeni automates this task by regularly checking license expiration dates and alerts if it is close to expiration.

Situation 5: Compliance Violation

Symptom

FortiManager shows a device out of sync and the management connection appears to be down. FortiAnalyzer is no longer receiving logs from the firewall (potentially required for compliance).

Root Cause

The management connections back to the FortiManager and FortiAnalyzer have dropped.

How Can Indeni Ensure Compliance?

Indeni regularly checks the status of management communication to each of these management servers.

 

About the author
Ulrica de Fort-Menares