This document help with information on how to operate ATP and provide recommendations to improve the visibility and detection capabilities of ATP.
From our side comment from Mcafee Partner and FortiGate Partner.
3.2ATP cloud connection is missingCommon mistake: ATP lack cloud connection.
The Pre-definies address FQDN/IP objects Forti guard has in their list for MCAFEE and GTI are often not 100% accurate. Esp. with provider who offer Round robin (Where one FQDN gives back 30 single IP in lookup). We over months tracked the issue because of GTI problems with several customers (Not TIE customers).
The only current solution is to:
* Fetch the IP List you publish at Mcafee and check it each day? Or check SNS alerts?
* Define single Address Objects or whole net blocks based on your IP ranges (Not FQDN)
* Then use those and custom Policy on FortiGate
This hangs together with FortiGate Address Cache but also that often 2 of like 100 are missing.
I don't have to explain what this means > You have LAG/Latency and stutter on Applications that are sporadic and hard to re-create in labs or IT.
The issues is the MOST important if you use ENS with GTI and don't have a TIE server localy.
It's so important it should be on the FIRST line of the ATP Module Docu in ENS.
If you don't watch the point > People say Mcafee makes systems slow. But it just a mismatch in some IP-list that FortiGate does not manage right.
This KB has an updated and sorted list of the IP addresses used by GTI service. This might help with the Proxy / firewall configuration
out of curiosity, is there a final version or another, later, draft version? i mean, this draft is very good and i'm happy to use it. just wondering if there is anything newer.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: