Network Automation with Infoblox, Tufin and Fortinet

26.09.2022

Network Segmentation in Transition

Networks today should be fast, reliable and secure. To manage the growing number of network segments, it is helpful to automate certain processes.

Single Source of Truth

Automated data reconciliation can ensure data consistency, even when networks are added or removed on a daily basis. This can be reliably achieved with the single source of truth approach. Network segments are defined in a source of truth and then reconciled in all necessary target systems such as firewall management or SIEM. We have already implemented various automations for customers from Infoblox, CMDB or Netbox to Tufin SecureTrack, SecureApp, Fortimanager, Checkpoint SCM. The processes can even be integrated into Jira, ServiceNow or Tufin SecureChange.

Source of Truth - Network Automation

This approach is also being increasingly pursued and supported by our partners. In order to offer out-of-the-box automation, vendors are increasingly collaborating and leveraging synergies:

Infoblox – Tufin: Infoblox integration with Tufin
Tufin – Infoblox: Tufin integration with Infoblox
Infoblox – Fortinet: Infoblox integration with Fortinet FortiGate

Out-of-the-box Solutions

These out-of-the-box solutions are suitable for 1:1 alignments. However, in our experience, customer environments often do not require strict 1:1 matching. It is much more a matter of enhancing and verifying the data before it is automatically synchronized into other systems. For data enhancement and verification, we use the REST APIs that are standard with every maintained product today. We usually implement the logic with Python or Ansible.

Automation requires machine-readable information. Manually managing and maintaining network segments in an Excel file is tedious and error-prone. Excel files are therefore not suitable as a source of truth. One of the most popular DDI systems and sources of truth is Infoblox. Since a well-maintained CMDB is often not available, Infoblox is the most reliable source of information. We have already had the privilege of implementing several customer projects in which Infoblox was integrated with Tufin or Fortinet.

We would be happy to discuss possible scenarios for a successful network automation with you as well.

For more information, please contact us at support@sidarion.ch or +41 43 544 10 66.

22.11.2023

FortiOS & FortiProxy – Update on security vulnerabilities

What are the vulnerabilities all about?

14.06.2023

FortiOS & FortiProxy – Heap buffer overflow in sslvpn pre-authentication (CVE-2023-27997)

What is this vulnerability all about?

10.03.2023

Critical Heap buffer underflow in administrative interface in FortiOS (CVE-2023-25610)