FortiManager: Third Party Blacklist Provider Workflow

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, you learn how to use your FortiManager and a third party blacklist provider workFlow.

Overview

You must create a script that will handle the entire workflow. Make sure the script can convert the Third Party Blacklist into a FortiManager XML File.

From an external server, you must schedule the periodic execution of that script. Using the communication tools provided by the Third Party Blacklist Provider, the script will fetch the Blacklist from the Third Party.

1. Converting the Blacklist to a FortiManager XML File

The script will convert the Blacklist to a FortiManager XML File. This XML file allows you to assign a category to each URL in the list, in addition to a default category. The default category is used as the return value when there is no match. 

Example of the FortiManager XML file format:

<custom_url_list version="1.0">
 <head>
 <default_cate>142</default_cate>
 <description>the description</description>
 </head>
 <body>
 <url_entry>
 <url>http://www.url-0000001.com</url>
 <cate>79</cate>
 </url_entry>
 <url_entry>
 <url>http://www.url-0000001.com</url>
 <cate>28</cate>
 [...]
 </body>

The category value in <cate></cate> could be either a normal Web Filter Category or a Local Category.

2. Upload the XML File into FortiManager

The script uses SSH to connect to FortiManager and upload the XML file.
CLI command:

execute fmupdate <ftp|scp|tftp> import custom-url <xml filename> <ftp|scp|tftp details>
 
 Example:
 #     execute fmupdate scp import custom-url 20M-custom-url.xml 000.000.000.000 00 tmp/FORTIGUARD my_login my_password
 This operation will replace the current <custom-url> package!
 Do you want to continue? (y/n)y
 
 Start getting file from remote SCP Host...
 SCP transfer successful.
 Packing installation is in process...This could take some time. 
 lccclient command result:Response=202|
 
 Update successfully

In this example, FortiManager will upload the file from the following file:

scp://my_login:my_password@000.000.000.000:00/temp/FORTIGUARD/20M-custom-url.xml

3. Configure FortiManager to use only its Local FortiGuard Database or Local Blacklist Database

Use the following command to use only its:

  • Local FortiGuard Database
  • Local Blacklist Database
  • Or Both
config fmupdate custom-url-list
 set db_selection <fortiguard-db|custom-url|both>
 end

4. Testing Custom URLs managed by FortiManager

Using the CLI in FortiManager, you can send categorization requests for custom URLs managed by FortiManager.

Example of the CLI command set: 

#     diagnose fmupdate fgd-url-rating FGT SN 1 www.foo.com
 url rating flags: 0x2 (2:EXACT_MATCH, 1:PREFIX_MATCH)
 rates according to url: 0x37 0x00 0x00 0x00
 rates according to ip: 0x00 0x00 0x00 0x00
 num_dots:-1, num_slash:-1
 database version: 16.45562
      0 ms

The FGT SN can be any FortiGate SN.
The returned category is in a hexadecimal output: 0x37.
In decimal format, the category is 56 or Web Hosting.

The number of URLs FortiManager can manage is determined by the memory capacity of the unit.

5. Specify FortiManager as the FortiGuard Server in FortiGate

Go to your FortiGate CLI console and execute the following commands:

config system centralmanagement
  set type fortimanager
  set fmg "ip"
  config serverlist
    edit 1
       set servertype
       update rating
       set serveraddress FMG ip
    next
  end
  set includedefaultservers disable
end

For further FortiManager information, refer to the FortiManager Administration Guides available on the Fortinet Document Library.

  • Was this helpful?
  • Yes   No