Coder Social home page Coder Social logo

forti-ids-gcp's Introduction

Fortinet IDS for Google Cloud

FortiGate virtual appliances are capable of detecting and blocking threats using the FortiLabs-powered IDS/IPS system as well as the built-in antivirus engine. While it is recommended to deploy FortiGates inline, so the threats can be blocked as soon as they are detected, it is not possible to do so for the network traffic inside a Google Cloud VPC Network. In this case, one can utilize GCP Packet Mirroring feature together with FortiGate one-arm-sniffer mode to detect malicious or infected traffic and alert the administrators. For multiple sensors it's best to use FortiAnalyzer as the correlation and aggregation engine providing single pane of glass insights into the traffic patterns as well as detected threats or compromised VMs.

This template fully automates the deployment and configuration of a mesh of FortiGate IDS sensors connected to a FortiAnalyzer.

Design

FortiGate IDS for GCP Design

Configuration

To use this Deployment Manager template you need to define your own configuration (YAML) file. A sample configuration is provided, but you have to modify it to point to your own resources. Unlike most of example configs published in this repository, this one will NOT work without customization.

sensors section

Scaling the sensor instance pool

As mirrored traffic in Google Cloud cannot be sent outside the region, a pool (Managed Instance Group) of FortiGate instances must be created in each region defined in the mirroring policies. The sizes of these groups are governed by regional instance group managers (compute-v1:regionInstanceGroupManagers) and defined by the properties in the configuration file. By default each region is assigned 2 instances. This global default can be changed by using sensors.defaultSensorCount property of the template. If changing target group sizes to equal value in each region is not what you need, you can affect group sizes in individual regions by assigning a sensorCount property in individual mirroring policies. All sensorCount values defined in policies referencing the same region will be added and the sum will be applied as the target size of the shared regional IDS sensors pool.

Note: sensorCount property must be greater than 0 or not defined.

forti-ids-gcp's People

Contributors

bartekmo avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.