When to use it
- Store a FortiGate’s API token securely, scoped to a tenant/company.
- Test connectivity to a firewall before or after saving credentials.
- Auto-configure a FortiGate to forward logs to the SIEM over TLS.
- Approve or reject AI-proposed remediations (block IPs, deny policies, IPS).
- Keep an audit trail of every automated firewall change.
Encrypted credential vault
On save, the API key, username, and password are AES-256-GCM encrypted before storage — only the encrypted blob is kept, and list responses never return secrets. Credentials are decrypted only when building a client to call the firewall.FortiGate automation
Supported actions include: block IP (address object + deny policy, optionally both directions), create address object / deny policy, enable IPS signatures, configure TLS syslog forwarding to the SIEM, and upload the tenant CA.Nexie security tasks
Actions are created as tasks inpending_approval, then a technician approves
(optionally selecting a subset of actions) and NEXOS CORE executes them in the
background — writing a posture snapshot and audit rows. Task types cover TLS
syslog setup and firewall remediation plans (block IP, address/deny objects, IPS
signatures).
Good to know
- FortiGate is the only supported vendor today despite the generic name.
- Set the platform encryption key (
SIEM_ENCRYPTION_KEY) in production — if it’s not configured, credentials are stored in plaintext. - The FortiGate client skips TLS verification by default (enable
verify_tlson the credential for strict checking).
