There is a use case where I want to Block Malicious IPs detected in InsightIDR on FortiGate firewalls. I am able to add connections to each firewall individually, Is there any way I can create a connection group to add the firewalls in it and use in the workflow ?
You would need to have the step duplicated for each unique firewall connection you need.
20 firewall connections, 20 firewall steps needed.
I would recommend using the FortiManager api instead. This would allow you to manage multiple firewalls with one connection.
We do not have a native plugin for this. You would accomplish it most easily using the Python plugin.
It’s far more future proof and scalable to use a blocklist file and get your Fortigates to pull from that instead. Your workflow just puts the IPs in the blocklist file, then you configure the firewalls to poll that on a period, and use that for your block rule on the FW
1 Like