Tenable and Fortinet Integration

Guide
Last Revised: December 24, 2024

Copyright © 2024 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other
products or services are trademarks of their respective owners.
Table of Contents

Tenable and Fortinet Integration Guide 1

Introduction 3

Integration Overview 4

Integrate with Fortinet 5

Fortinet NGFW Configuration Audit 5

Import Fortinet NGFW Logs 14

Dashboards and Reports 16

-2-
Introduction
This document describes how to deploy Tenable Security Center and Nessus® for integration with
the FortiGate next-generation firewall (NGFW) platform by Fortinet. Please email any comments and
suggestions to Tenable Support.

Monitoring the security settings of your Fortinet firewalls is critical for maintaining your network’s
security posture. Unless your vulnerability management (VM) platform is equipped with
configuration assessment checks specifically designed for Fortinet firewalls, your network may be
exposed to unnecessary risk.

Additionally, better VM platforms offer continuous listening through passive vulnerability monitoring
to help bridge the vulnerability intelligence gap in between periodic active scans and audits.
However, placing passive monitors on every network segment throughout a global enterprise can be
impractical. Although more organizations are turning to SIEMs (security information and event
management) to uncover hidden threats, most SIEMs take months to deploy and are costly to
acquire and maintain.

Benefits of integrating Tenable Tenable Security Center with Fortinet include:

l Maintain compliance with industry best practices for firewall hardening

l Achieve real-time, 100% asset discovery by detecting new hosts connected to network
segments not monitored by Nessus Network Monitor

l Discover system vulnerabilities and security misconfigurations of mobile devices and virtual
machines not present during the last periodic full-network scan

l Maintain compliance with government and industry regulations that mandate log aggregation,
such as PCI, HIPAA, FISMA and more

l Uncover advanced cyberthreats

-3-
Integration Overview
Tenable Security Center and Nessus offer a series of plugins specifically designed to audit Fortinet
physical and virtual firewalls to identify security misconfigurations and ensure best-practice
hardening guidelines are followed. To perform the audit, Tenable Security Center (via Nessus)
initiates a credentialed scan of the Fortinet firewall, authenticating credentials through the Fortinet
XML API. Once completed, detailed findings of the Fortinet audit can be reviewed within Tenable
Security Center scan results, dashboards and reports.

In addition to configuration audits, Tenable can also import real-time log data from Fortinet
firewalls into its Log Correlation Engine® (LCE®) to help identify assets on networks not monitored
by Nessus Network Monitor. Once hosts are identified they can be automatically assigned to
dynamic asset lists and audited with Nessus to detect any possible vulnerabilities or
misconfigurations.

Nessus Manager version 6.x, Tenable Vulnerability Management, and Tenable Security Center
version 4.8 and higher support Fortinet integration. Nessus, Tenable Vulnerability Management and
Tenable Security Center solutions work with Fortinet FortiOS versions 4.3 and above.

-4-
Integrate with Fortinet
Fortinet NGFW Configuration Audit

Import Fortinet NGFW Logs

Dashboards and Reports

Fortinet NGFW Configuration Audit

To begin the integration configuration, log in to Tenable Security Center, click Scans and select
Audit Files.

Click +Add and select FortiGate FortiOS from the list of available audit file templates.

-5-
In the “General” section, enter a name for the audit file and a description (optional).

-6-
Click Credentials and click +Add.

In the “General” section, enter a name for the SNMP credentials and a description (optional). Under
the “Credential” section, click the drop-down and select SNMP. In the “Community” box, enter the
SNMP community string. Click Submit.

-7-
Next, create the scan policy by navigating to “Policies” and clicking +Add.

Select the Policy Compliance Auditing template.

-8-
In the “Setup” section, enter a name for the audit policy and a description (optional). The options
under “Configuration” can be left as “Default” or set to “Custom.” If the configuration options are set
to “Custom,” the “Advanced” and “Host Discovery” categories will be enabled in the left-hand menu.
Leaving the options as “Default” will keep those items hidden.

-9-
Navigate to the “Compliance” section and click +Add Audit File. In the “Compliance” section, click
the Select a Type drop-down and select FortiGate FortiOS. Next, click the Select an Audit File
drop-down and select the previously configured FortiGate audit file. Click the checkmark to finalize
the settings. Click Submit.

In the “Policies” section, navigate to Credentials.

- 10 -
In the “General” section, enter a name and description (optional).

Within the “Credential” section, click the drop-down next to “Type” and select SSH. Click the
Authentication Method drop-down and select the correct option for your environment. Enter the
SSH username used to authenticate to the Foritnet firewall and then click Choose File to select the
Private Key file. Next, enter the Passphrase and then click the Privilege Escalation drop-down and
select None. Click Submit.

- 11 -
To create an audit scan of Fortinet NGFWs, click on Scans and select Active Scans. Click on +Add.

In the “General” section, enter a scan name and description (optional). Click the Select a Policy
drop-down and select the previously configured FortiGate FortiOS audit policy. In the “Schedule”
section, the scan can be configured to run “On Demand” (default), or it can be configured to run on a
custom schedule as required.

- 12 -
Navigate to the “Targets” section and click the Target Type drop-down. Select IP/DNS Name and
enter the Fortinet NGFW IP address or DNS name.

- 13 -
Navigate to “Credentials” and click + Add Credential. Click the drop-down and select SSH. Once SSH
is selected, a second drop-down box will appear. Click the box and select the previously configured
SSH credentials for FortiOS. Click the checkmark to finalize the settings. Click Submit.

Note: Integrating Tenable Security Center and Fortinet to perform audit checks requires configuration in
both Tenable Security Center and FortiOS. For detailed instruction on configuring FortiOS for integration,
please refer to the Fortinet FortiGate/FortiOS Admin Guide.

Import Fortinet NGFW Logs

Real-time log data from Fortinet NGFWs can be imported into Tenable Security Center (via LCE).
Integration requires configuration changes within FortiOS and within Tenable Security Center, as
well as the installation and configuration of Tenable NetFlow Monitor.

To begin the integration, download the Tenable NetFlow Monitor LCE client from the Tenable
Downloads page.

Install the Tenable NetFlow Monitor LCE client. Please refer to the Log Correlation Engine 4.4 Client
Guide for detailed installation instructions.

Note: The Tenable NetFlow Monitor LCE client can be run directly on the LCE server. It must be configured
to connect to either the localhost (127.0.0.1) or the IP address of the LCE server. Multiple LCE Client types
(such as the LCE Log Agent and the Tenable NetFlow Monitor) can be run at the same time as well.

Log in to Tenable Security Center using an admin account and navigate to “Resources.” Select LCE
Clients.

- 14 -
Click the drop-down arrow to the right of the “netflowclient” and select Authorize. If successful, a
pop-up message stating it has been successfully authorized will appear.

To complete the Tenable Security Center configuration, click on the netflowclient to edit the LCE
client and assign a policy. Click the Policy drop-down to select the desired policy. Click Submit. If
successful, a pop-up message stating “LCE Client Edited Successfully” will appear.

- 15 -
 Note: To complete the integration, please refer to the Fortinet FortiGate/FortiOS Admin Guide for detailed
instructions on how to configure a syslog server and enable log forwarding.

Once configured, log data from the Fortinet NGFW will be imported into Tenable Security Center to
help achieve 100% asset discovery. The log data can also be correlated against other data sources
to uncover any potential advanced threats and to help organizations meet compliance obligations.

Dashboards and Reports

Information obtained through Fortinet NGFW configuration audits and the collection of log data can
be easily viewed and analyzed through Tenable Security Center’s pre-defined, customizable
dashboards and reports.

- 16 -
FortGate FortiOS Audit Results Dashboard Template

- 17 -
FortiGate FortiOS Audit Report Title Page

- 18 -
FortiGate FortiOS Audit Report Table of Contents

- 19 -