Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Fortinet: Digital I/O Configuration on FortiGate Rugged Firewalls

Fortinet
07/06/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


environment. Obviously, the physical environment differs greatly between a carpeted, air-conditioned office or retail store and a manufacturing floor, warehouse, power plant, or roadside cabinet. In addition, many operational environments either aren't staffed regularly or could involve a real physical danger to people that are present. Monitoring those hazards and responding to them is the role of physical monitoring. This is often something requiring a dedicated, specialized solution, but more and more operational architects are looking to network devices to provide some degree of physical I.O. for sensing conditions and responding to them. I'm Matt Bolick, Technical Marketing Engineer at Fortinet. Let's talk about digital I.O. Digital I.O. is the name for the physical interfaces on FortiGate rugged firewalls as well as some of the rugged Forti extenders. These include digital inputs for monitoring connected sensors as well as relay outputs for activating a physical alarm or triggering another device. We'll be looking at the FortiGate Rugged 70F today. This model has two digital inputs as well as a single output. Other models have different numbers of ins and outs, but behave the same way. These digital inputs can either sense an open-close contact between the reference and input pins or detect a voltage difference between the reference and input. Either way, this is still a digital input and can't actually measure the voltage levels. On the output side is a simple relay that switches the common pin between the normally open and normally closed contacts. This can handle both AC and DC, but continuous current should be limited to no more than one amp. This is the setup we'll be using today. From a wiring perspective, this is very simple and something you might find in a real-world industrial cabinet, where simple is a very good thing. We have an emergency stop button connected between input reference and input 1 pins, which will detect an open or closed circuit by default. On the output side, I have a green normal and a red emergency status light. These are connected to the same 24-volt source driving the controls network, with the ground wire connected to the output common pin. The normally closed output is connected to the green status light, while the red light is connected to the normally open output. On our demo system, you can see the emergency stop button, as well as the red and green status lights on top of the enclosure. In addition to the FortiGate Rugged 70F with digital I.O., our demo setup also includes a FortiSwitch Rugged 112D, as well as an industrial LED controller. This controller is driving a three-color LED light strip inside the case with Modbus TCP signals for red, green, and blue. I have a simple application on my desktop to drive the LED light strip using Modbus messages over that control network. This traffic has to traverse our FortiGate firewall where it is inspected and allowed to pass during normal operations. Let's start out by seeing what that normal operation looks like. With the LED app, I can change the light strip to any one of 65,000 colors directly. I also have an easy button to rotate between the primary red, green, and blue colors. Instead of LED lights, we could just as easily be controlling an autonomous vehicle, manufacturing robot, or blast furnace. The protocols work the same. Now let's see what happens when the emergency stop button is pressed. First, we see that the status LED flips from green to red, indicating an alert condition. You'll also notice that the light strip that was previously cycling between red, green, and blue now only has a blue and green cycle. If we go look at the console log for the application, we see that there's a Modbus timeout happening when we try to send the red control message. What's happening here is pretty powerful. When an emergency condition occurs, we're reconfiguring the FortiGate firewall to change the security posture of the network. Because of the deep application control in hardware on the FortiGate, we can be very specific about the traffic we're controlling. In this case, all three colors are using the same Modbus register write command. Those packets look identical at a high level. But digging deep into the Modbus protocol message, the firewall is able to differentiate between traffic to different registers representing different colors. Because this is a FortiGate, it's able to dig even deeper into the Modbus protocol and recognizes the values being sent to each register as well. In this case, we're allowing control to the blue and green registers through any value. But we're blocking traffic to the red register at any value other than zero. If I reset the emergency switch, you'll see the status light go from red to green, and the LED strip will now cycle between all three colors as we've reset the security posture back to normal. This is a very basic and safe example, but the capabilities of combining digital sensing with deep controls of industrial protocols is a powerful combination. Now that you know what's happening, let's take a look at how it's configured. We'll start out by defining our digital IOPins. We're using the default input configuration, but if we wanted to detect a voltage source rather than a simple open-close, here's the command line configuration for that. Combining a command line with the GUI configuration on a FortiGate is really simple when an unusual or advanced configuration is something that we need. To make use of this digital IOPin, we need to use the powerful automation engine on the FortiGate. Automations on the FortiGate are known as stitches, and consist of a trigger condition with one or more actions. We'll start by creating actions for our normal and emergency conditions. We have plenty of types of actions we can take in a stitch, but for digital IOPin control, we're going to use a CLI script. I'll call our emergency condition something really creative, like emergency. I could record a command line session for this, but I already have the commands, so I'll just paste them right in. The first line is pretty straightforward. We're just simply setting our digital output to the opposite state. Because this is a relay, it's going to make normally open closed, and the normally closed output open. In essence, that changes our status light from green to red. The rest of the script is switching between our normal and emergency firewall policies. We'll look more at those later, but this is how we're telling the firewall to block any red LED command other than off using Modbus. We also have an action restoring the normal condition that simply reverses all of this, so I'm not going to show it here. Next, let's create a trigger for input 1, our emergency switch. Whenever a physical input changes, it creates a log on the FortiGate. We can use that log as a trigger for our stitch. Let's use an imaginative name like button pressed. The event we're looking for in our logs is digitalIOInputStateChange. Within that log message, we want to filter for the input in one ref, connection, and the closed state. If you forget all these details, you can always press the button and look at the log message itself. All we're doing here is fine tuning which logs are going to trigger this stitch. I'll save this trigger and create an identical one with the open state. It's otherwise identical, so I'm not going to show it here. Now to tie the room together, we'll need a stitch. Let's give it a memorable name like safetyuhoh. I'll choose our button pressed trigger and our emergency action. With this stitch enabled and saved, it's now actively waiting for our trigger condition, a log message indicating our button was pressed, and it will automatically execute our list of actions, changing the status light and the active firewall policy. Again, there's an identical stitch going the other direction, looking for the normal trigger, executing the normal action. If you stuck with me this far, I owe you a look at the firewall policies. The policies we care about here are policies number 3 and 4. If you recall, our emergency stitch action enabled policy 3, labeled emergency here, and disabled policy 4, labeled normal. You can see that the emergency policy is currently disabled while the normal policy is active, meaning that we're currently in the normal state. Policy 3 is the more interesting policy, so let's look at that. Here we're looking at traffic coming from our wired or wireless networks going to our operational LED control network. I'm allowing all traffic through by default and enabling several security profiles used in other demos. The block red application control profile is what makes this emergency policy different from the normal policy, so let's look at that. If we're looking at the application control sensor, we see that we're monitoring and logging a lot of application categories. That's the same as our normal policy. What's unique here is our application and filter override for the Modbus write single register message. In that definition, I've defined the unit ID of our LED controller, the address of the register used for the color red, and the values we want to block for that register. In this case, anything from the values 1 to 255 will be blocked, which leaves the value of 0, or off, out of this control. If there were other Modbus or application messages we wanted to include in our override, we could enter those here. This is a pretty exhaustive list of application and protocol definitions continuously being updated by FortiGuard Labs. Modbus is just one example of an industrial protocol the FortiGate understands and can control at a very deep level. That's a quick introduction to digital I.O. with the FortiGate Rugged Firewalls, as well as using automation stitches to control deep application control in hardware. The example here is pretty basic, but the combination provides a powerful set of tools that can be used to automate actions between the physical world and the industrial control network. You can find more details on configuring digital I.O. or other features at docs.fortinet.com, as well as more information on the extensive industrial portfolio at fortinet.com. Thanks for watching.

TL;DR

  • FortiGate Rugged firewalls include digital inputs for monitoring sensors and relay outputs for triggering physical alarms or devices, enabling network hardware to interact directly with operational environments.
  • Digital I/O pins can detect open-close contacts or voltage differences on inputs, while outputs provide relay switching capable of handling AC or DC up to one amp continuous current.
  • Automation stitches combine trigger conditions with CLI script actions to automatically change firewall security posture when physical events like emergency stops occur.
  • Deep application control in FortiGate hardware can inspect industrial protocols like Modbus TCP at the register and value level, enabling granular blocking of specific commands while allowing others.

Physical I/O Capabilities for Industrial Environments

FortiGate Rugged firewalls bridge the gap between network security and physical operational technology by incorporating digital input and output ports directly into the firewall hardware. The FortiGate Rugged 70F demonstrated in this video features two digital inputs capable of sensing open-close contacts or voltage differences, plus a single relay output that can switch between normally open and normally closed states. This hardware integration allows network devices to monitor physical conditions like emergency stop buttons and respond by activating alarms or triggering other devices, eliminating the need for separate specialized monitoring solutions in many industrial scenarios.

Automation Stitches and Deep Protocol Inspection

The real power of digital I/O emerges when combined with FortiGate's automation engine and deep application control capabilities. Using automation stitches—which pair trigger conditions with actions—administrators can automatically reconfigure firewall security posture based on physical events. When an emergency stop button is pressed, the FortiGate can instantly switch between normal and emergency firewall policies. The demonstration shows how FortiGate's hardware-based application control can inspect Modbus TCP traffic at the protocol level, differentiating between commands to different registers and even specific values being written. This granular control allows blocking specific industrial commands (like setting an LED to red) while permitting others (blue and green), providing precise security responses to physical safety conditions in manufacturing, power generation, and other critical infrastructure environments.

Chapters

0:00 - OT Environment Challenges
0:44 - Digital I/O Introduction
1:40 - Demo Setup Overview
2:56 - Normal Operation Demo
3:19 - Emergency Stop Demonstration
5:05 - Digital I/O Pin Configuration
5:26 - Automation Stitch Setup
7:52 - Firewall Policy Configuration
9:39 - Summary and Resources

Key Quotes

3:47 "What's happening here is pretty powerful. When an emergency condition occurs, we're reconfiguring the FortiGate firewall to change the security posture of the network."
4:13 "But digging deep into the Modbus protocol message, the firewall is able to differentiate between traffic to different registers representing different colors."
4:54 "This is a very basic and safe example, but the capabilities of combining digital sensing with deep controls of industrial protocols is a powerful combination."
9:32 "Modbus is just one example of an industrial protocol the FortiGate understands and can control at a very deep level."

FAQ

What types of sensors can connect to FortiGate Rugged digital inputs?

The digital inputs can sense either open-close contacts between reference and input pins or detect voltage differences. This makes them compatible with simple switches like emergency stop buttons, door contacts, or any sensor that provides a binary on/off signal. However, they cannot measure actual voltage levels—they only detect presence or absence of a connection or voltage.

How does the FortiGate know which Modbus commands to block during an emergency?

The application control sensor includes filter overrides that specify the Modbus unit ID, register address, and value ranges to block. In the demonstration, the emergency policy blocks values 1-255 for the red LED register while allowing value 0 (off), permitting other colors to operate normally. This granular control is possible because FortiGate performs deep packet inspection on industrial protocols.


Categories:
  • » Webinar Library » Fortinet
  • » Cybersecurity » Network Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • OT
  • IoT Security
  • Network Security
  • Demo
  • Technical Deep Dive
  • How-To
  • Digital I
  • O
  • FortiGate Rugged Firewalls
  • OT Security
  • Industrial Protocol Inspection
  • Modbus TCP
  • Automation Stitches
  • Physical Security Integration
  • Application Control
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Fortinet: Digital I/O Configuration on FortiGate Rugged Firewalls

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version