DEPLOYMENT GUIDE

FORTINET FORTISIEM AND CYBERARK INTEGRATION

2

DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION

FORTINET FORTISIEM AND CYBERARK INTEGRATION

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Deployment Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Architecture Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

FortiSIEM Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

3

DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION

OVERVIEW

Fortinet (NASDAQ: FTNT) is a global provider of high-performance network security and specialized security solutions that provide our customers with the power to protect and control their IT infrastructure. Our purpose-built, integrated security technologies, combined with our FortiGuard security intelligence services, provide the high performance and complete content protection our customers need to stay abreast of a constantly evolving threat landscape.

The Fortinet Security Fabric brings together all components in your network. It is Broad, Powerful and Automated. In addition to Fortinet products, the Security Fabric also integrates with 3rd Party partners to extend the power of the Security Fabric to other parts of an organization. For more information regarding our Security Fabric Partners, please refer to our Technology Alliances here: https://www.fortinet.com/partners/partnerships/alliance-partners.html

The Application Identity Manager™ (AIM), part of CyberArk’s Privileged Account Security solution, eliminates the need to store App2App passwords in applications, scripts or configuration files, and allows these highly-sensitive passwords to be centrally stored, logged and managed with CyberArk’s patented Vaulting Technology®. Using AIM, organizations can comply with internal and regulatory requirements for regularly replacing passwords and securely monitoring privileged access across all systems, databases and applications. AIM fully addresses the need to assure the highest availability for applications running the enterprise business, independent of network availability and with the highest performance.

To address the needs of large enterprises, AIM supports a variety of systems, applications, Application Servers, scripts, jobs and more. It provides simple and intuitive tools for eliminating hard coded passwords, as well as a structured framework for addressing the challenges of App2App projects based on CyberArk’s vast experience with large enterprise deployments.

DEPLOYMENT PREREQUISITES

1. Fortinet FortiSIEM version 4.6.1 or newer (tested with version 5.0.1)

2. CyberArk Application Identity Manager version 9.9.5 Credential Provider

ARCHITECTURE OVERVIEW

4

DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION

FORTISIEM CONFIGURATION – INSTALL CYBERARK CREDENTIAL PROVIDER

Install the redhat-lsb package on FortiSIEM before installing the Credential Provider.

Note: you may also be required to install Dependencies prior to redhat-lsb.

Download the Credential Provider Software from CyberArk. The installation files will look like this:

Create a new directory for the installation files.

Copy the following installation files to this directory:

CARKaim-9.50-<build number>.i386.rpm – The Linux installation packages

CreateCredFile – The CyberArk utility that creates credentials files

Vault.ini – The Vault parameter file

aimparms.sample – A sample of the parameter file used for installation

EULA – The Credential Provider end user license agreement.

icudt42b.dat – A file required to run the CreateCredFile utility

Open Vault.ini and enter the correct Address and Port, similar to the example below. Save the file when done.

5

DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION

Edit the aimparms.sample file as follows.

AcceptCyberArkEULA should be set to yes

Uncomment (remove the # symbol) from the beginning of the CreateVaultEnvironment line

LicensedProducts should be set to AIM

CredFilePath should be set to the full path of the admin.cf file (created in the next step)

VaultFilePath should be set to the full path of the Vault.ini file

Save the aimparms.sample file. It should look something like this:

Copy the aimparms.sample file to /var/tmp/aimparms:

6

DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION

Enter the following to specify the administrative user that will create the Vault environment during installation:

./CreateCredFile admin.cf Password

Enter the Username and Password when prompted.

Install the Credential Provider for RHELinux x64

FORTISIEM CONFIGURATION – DEVICE DISCOVERY EXAMPLE

From the FortiSIEM GUI go to Admin > Setup > Credentials and click New

7

DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION

Give it a Name. Select the Device Type from the drop-down menu, in this example a Windows Server. Set the Access Protocol to WMI.

For the Password config change from the default of Manual to CyberArk.

You must configure the App ID, Safe, Folder and Object specific to your CyberArk account. Note that the Object is referred to as a Name in CyberArk.

Click Save.

Test Credential Retrieval in Step 2 – First click New

8

DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION

Enter the Name, IP Address or IP Range of a device you want to test. In this example it’s a single IP address, 10.101.32.68.

For Credentials select the Name defined in the previous step.

Click Save.

Note: The username, password and type of device should already be configured in CyberArk.

Highlight the new entry and click Test > Test Connectivity.

Click Close.

Congratulations, you’re done!

DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION

Copyright © 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

GLOBAL HEADQUARTERSFortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales

EMEA SALES OFFICE905 rue Albert Einstein06560 ValbonneFranceTel: +33.4.8987.0500

APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: +65.6513.3730

LATIN AMERICA HEADQUARTERSSawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430Sunrise, FL 33323Tel: +1.954.368.9990

July 30, 2018 8:20 AM

dg-fortinet-cyberark-integration

CONCLUSION

You are now ready to use the CyberArk Application Identity Manager with FortiSIEM. Use CyberArk to securely provide admin credentials when FortiSIEM is discovering network devices.

FortiSIEM User Guide: https://docs.fortinet.com/uploaded/files/4438/fortisiem-5-0-1-user-guide-html.pdf

FortiSIEM External Systems Configuration Guide: https://docs.fortinet.com/uploaded/files/4340/fortisiem-external-systems-configuration-guide.pdf

CyberArk Credential Provider and ASCP Implementation Guide:

https://support.cyberark.com/SFE/directaccess.ashx?pageid=downloadfile&Safe=CyberArk+Documentation&Folder=Root%5cPAS+and+S

IM%5cRelease-Specific%5cV9.9%5cPAS&Name=Credential+Provider+and+ASCP+Implementation+Guide.pdf