Overview
Enterprise customers who have deployed Fortinet Fortigate Firewall want to protect their network against high and critical severity malware threats detected by BlueHex Secure, industry's first Real-time Deep Learning Platform for Network and Email Threat Protection. BlueHex Secure appliance deployed at the network ingress detects known and unknown malicious payloads including EXE, PDF, DLL, MS Office, ZIP etc. The Fortinet integration enables customers to immediately update the Extended Block List Policy FW for High and Critical severity malware detected by BlueHex Secure. Once updated the firewall will block the hash and protect the network against the impending known and unknown/zero-day threats. BlueHex Secure does not block by Domain or IP address since that method can be prone to false positives. It presently is limited to blocking the specific hash of a malicious file that enters through the firewall.
Configuration
Inform Blue Hexagon Customer Support at support@bluehexagon.ai to enable Fortinet FortiGate FW integration on your BlueHex Secure appliance.
BlueHex Secure appliance includes a web server that hosts block list files at http://<Appliance IP>:8081 This is the External Block List that enables Fortinet FortiGate FW to block the web malware from getting downloaded. Malware: /hash_list URLs: /url_list Domains: /domain_list IPs: /ip_list
Configure External Block List policy on FortiGate - for blocking. Set refresh rate to desired minimum e.g. 5 minute
Verify that BlueHex Secure is updating new SHA256 malware threats in the External Block List.
Verify that Forti FW is blocking the payloads corresponding to the SHA256 published by BlueHex Secure.