Finish by clicking OK until you reach the Settings window again.

7. Open a new Command Prompt window and run the following command to test the installation.

You must get the following:

Unix-based systems

Most Unix-based distributions have OpenSSL installed. If your system doesn’t have it, you can install it using the package manager of your operating system.

To check if your Unix-based distribution has OpenSSL installed, use your distro package manager. To check this in Ubuntu, input the following command:

If you see the word installed between brackets at the end of the line, it means OpenSSL is already installed.

To install OpenSSL in case your distro doesn’t already have it, use your package manager to install it. To install it in Ubuntu, you must run the following command:

Generate the encryption keys

To configure the integration, you must generate a new encryption key pair, consisting of both a public and private key. These keys will be stored in a .pem file that will be created in the same folder your command prompt is in when you run the command. In the following example, the .pem file would be created in the Util folder under the C drive.

Input the following commands in a Command Prompt on Windows systems or a Terminal in Unix-based systems.

1. First, generate the private key. It will be needed to generate the public key. Run the following command:

Replace the parameters in red as follows:

PRIVATE_KEY. is the name of the .pem file where the private key will be stored.

KEY_LENGTH. is the length of the generated key. The recommended value is 2048, minimum.

2. Now, generate the public key using the private key. To do so, run the following command:

PRIVATE_KEY is the name of the .pem file where the private key was stored. It is the same name as in the previous step.

PUBLIC_KEY is the name of the .pem file where the public key will be stored.

Store the keys in a safe place. Both keys are required to configure the integration and for its proper operation.

The .pem files can be opened in a text editor to access the key stored within.

Preliminary setup - FortiGate Firewall

You must set up your FortiGate Firewall before proceeding to activate the integration. You must:

• Create the Integration Admin profile.
• Create a REST API user linked to the Admin profile for the integration.

Log in to your FortiGate Web UI with an admin user and follow the steps described in the following sections to fulfill these requirements.

Create the integration Admin profile

1. Head to the left navigation bar, and select the Admin Profiles (1) under the System section.

2. Click + Create new (1) to create a new Admin profile.

3. Fill in the New Admin Profile data following these guidelines:

1. Give your profile a distinctive Name.
2. Under the Access Permissions section, set the permissions as follows:
1. Set the Firewall permissions to Custom. Then, set the Address permissions to Read/Write.
2. Set the System permissions to Custom. Then, set the Configurations permissions to Read.
3. Leave the others in None.
3. Set the Permit usage of CLI commands to Disable.
4. When finished, click OK.
   

You must select Global (1) as the scope of your profile, located at the bottom of the page, if you are working in a FortiGate with Virtual Domains enabled.

Now, you can proceed to create the integration user.

Create the integration REST API user

Follow these steps from where you left off in the previous section.

1. Head to the left navigation bar, and select the Administrators (1) under the System section.

2. Click + Create new and select the REST API admin (1) to create a new Administrator user.

3. Fill in the New REST API Admin data following these guidelines, and copy the token given once you are done:

1. Type in the Username.
2. Select the Administrator profile created before.
3. Disable the PKI group toggle.
4. When finished, click OK.
   

For enhanced security, identify the IP address of the host you will be using to deploy the integration component and set it into the Trusted Hosts section.

Copy the access token and save it safely. This will be the only time you will have access to it. You must regenerate it if you lose or forget it.

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the Integrations screen.

2. Locate the FortiGate integration in the Response section on the available apps area. Click Add (1) to view its details.

3. Familiarize yourself with the integration details available in the app description and click Activate (1) to continue with the integration.

4. Select the Address group (1) mode in the Activate Integration window. Then, give the integration a distinctive Name, select the Threat Types you want to include, and if it applies, select the Include IP indicators toggle. When done, click the orange Next button.

Please note that you cannot modify the information on this screen. Exercise caution when selecting the Threat Types, and the Include IP Indicators option, as changes cannot be made later. To perform changes, you will need to remove the integration and repeat all the steps.

5. In the next window, you must enter the Public Key generated in Step 2 of the Generate the encryption keys section. You can do it in two different ways:

1. You can copy and paste the contents of the .pem file you generated by opening the file in a text editor and placing them in the text field that awaits your input.
2. You can upload it directly. To do so, click on the Upload from your device button under the text field. Then, simply locate and upload the .pem file.

This will be used by Lumu to safely store the secrets related to the integration. Click Next to continue.

This public key must be the pair of the private key you will use in later steps of the configuration process.

6. The next window will ask you to fill in the following information to connect to your FortiGate Firewall:

1. API Key: The API key you created in Step 3 of the Create the integration REST API user section.
2. Hostname or IP: The Firewall hostname or IP address. Ensure your integration device can resolve the hostname if you are using it.
3. API Port: The port used to connect to your API. The value will be 443 if you leave it blank.
4. When done, click on Activate.
   

7. The integration is now created and active. The Lumu Portal will display the details of the created integration.

Deploy and configure the integration component

Now, it is time to deploy and configure the FortiGate integration component. You can find detailed instructions on how to deploy it in our Docker Hub repository.

Final steps - Add the Address Group to the Firewall Policy

You will see new Address and Address Group objects in your FortiGate firewall as a result of the integration. You can check them by using the FortiGate Web UI.

Log in to your FortiGate Web UI. Click the Addresses (1) menu under the Policy & Objects section in the left navigation bar. You will see new Address objects, named with the prefix lumu_.

You can also see a new Address Group object named Lumu IOCs in the Address Group tab (1). You must add this address group to your Firewall Policy blocking rules. Follow the steps described in the FortiGate Administration Guide - Firewall policy document and use the Lumu IOCs address group in your policies.