In this example, you learn how to use your FortiManager and a third party blacklist provider workFlow.
Overview
You must create a script that will handle the entire workflow. Make sure the script can convert the Third Party Blacklist into a FortiManager XML File.
From an external server, you must schedule the periodic execution of that script. Using the communication tools provided by the Third Party Blacklist Provider, the script will fetch the Blacklist from the Third Party.
1. Converting the Blacklist to a FortiManager XML File
The script will convert the Blacklist to a FortiManager XML File. This XML file allows you to assign a category to each URL in the list, in addition to a default category. The default category is used as the return value when there is no match.
Example of the FortiManager XML file format:
<custom_url_list version="1.0"> <head> <default_cate>142</default_cate> <description>the description</description> </head> <body> <url_entry> <url>http://www.url-0000001.com</url> <cate>79</cate> </url_entry> <url_entry> <url>http://www.url-0000001.com</url> <cate>28</cate> [...] </body>
The category value in <cate></cate> could be either a normal Web Filter Category or a Local Category.
2. Upload the XML File into FortiManager
The script uses SSH to connect to FortiManager and upload the XML file.
CLI command:
execute fmupdate <ftp|scp|tftp> import custom-url <xml filename> <ftp|scp|tftp details> Example: # execute fmupdate scp import custom-url 20M-custom-url.xml 000.000.000.000 00 tmp/FORTIGUARD my_login my_password This operation will replace the current <custom-url> package! Do you want to continue? (y/n)y Start getting file from remote SCP Host... SCP transfer successful. Packing installation is in process...This could take some time. lccclient command result:Response=202| Update successfully
In this example, FortiManager will upload the file from the following file:
scp://my_login:my_password@000.000.000.000:00/temp/FORTIGUARD/20M-custom-url.xml
3. Configure FortiManager to use only its Local FortiGuard Database or Local Blacklist Database
Use the following command to use only its:
- Local FortiGuard Database
- Local Blacklist Database
- Or Both
config fmupdate custom-url-list set db_selection <fortiguard-db|custom-url|both> end
4. Testing Custom URLs managed by FortiManager
Using the CLI in FortiManager, you can send categorization requests for custom URLs managed by FortiManager.
Example of the CLI command set:
# diagnose fmupdate fgd-url-rating FGT SN 1 www.foo.com url rating flags: 0x2 (2:EXACT_MATCH, 1:PREFIX_MATCH) rates according to url: 0x37 0x00 0x00 0x00 rates according to ip: 0x00 0x00 0x00 0x00 num_dots:-1, num_slash:-1 database version: 16.45562 0 ms
The FGT SN can be any FortiGate SN.
The returned category is in a hexadecimal output: 0x37.
In decimal format, the category is 56 or Web Hosting.
 |
The number of URLs FortiManager can manage is determined by the memory capacity of the unit. |
5. Specify FortiManager as the FortiGuard Server in FortiGate
Go to your FortiGate CLI console and execute the following commands:
config system centralmanagement
set type fortimanager
set fmg "ip"
config serverlist
edit 1
set servertype
update rating
set serveraddress FMG ip
next
end
set includedefaultservers disable
end
For further FortiManager information, refer to the FortiManager Administration Guides available on the Fortinet Document Library.
The post FortiManager: Third Party Blacklist Provider Workflow appeared first on Fortinet Cookbook.