Integration process between Suricata and FortiGate

Hello Team,

I am reaching out to seek your guidance and expertise regarding the configuration of Suricata and FortiGate Firewall integration. i’m currently working on enhancing our network security measures and would like to leverage Suricata’s capabilities to detect and prevent malicious activity.

Specifically, i’m interested in setting up Suricata to send alerts to our FortiGate Firewall, enabling it to automatically deny any identified malicious activity. By integrating these two powerful tools, we aim to enhance our network’s defense mechanisms and mitigate potential threats more effectively.

i’m are particularly interested in:

  1. Guidance on the integration process between Suricata and FortiGate Firewall.
  2. Configuration recommendations for Suricata to generate alerts for various types of malicious activity.
  3. Advice on establishing rules and policies within the FortiGate Firewall to automatically deny flagged activities from Suricata.
  4. Any potential challenges or considerations we should be aware of during the configuration process.


I would recommend to first get familiar with what Suricata can do, what type of output it can generate. In the end you would have to write your own tool or ask Fortigate to find a way to feed in the JSON events into Fortigate.