Fortinet FortiGate Firewall Integration

Overview

Enterprise customers who have deployed Fortinet Fortigate Firewall want to protect their network against high and critical severity malware threats detected by BlueHex Secure, industry's first Real-time Deep Learning Platform for Network and Email Threat Protection. BlueHex Secure appliance deployed at the network ingress detects known and unknown malicious payloads including EXE, PDF, DLL, MS Office, ZIP, etc. as well as Deep Learning derived IOCs for malicious IPs/domains/URLs. The Fortinet integration enables customers to immediately update the Extended Block List Policy FW for malware or C&C detected by BlueHex Secure. Once updated the firewall will block and protect the network against the impending known and unknown/zero-day threats.

Open

Configuration

1. Inform Blue Hexagon Customer Support at support@bluehexagon.ai to enable Fortinet FortiGate FW integration on your BlueHex Secure appliance.

2. BlueHex Secure appliance includes a web server that hosts block list files at http://<Appliance IP>:8081 This is the External Block List that enables Fortinet FortiGate FW to block the web malware from getting downloaded. Malware: /hash_list URLs: /url_list Domains: /domain_list IPs: /ip_list

3. Configure External Block List policy on FortiGate - for blocking. Set refresh rate to desired minimum e.g. 5 minutes

4. Verify that BlueHex Secure is updating new SHA256 malware threats in the External Block List.

5. Verify that Forti FW is blocking the payloads corresponding to the SHA256 published by BlueHex Secure.