Configuring Fortinet Firewalls

Firewall Analyzer supports the following versions of FortiGate:

• FortiOS v2.5, 2.8, and 3.0
• Fortinet - 50,100, 200, 300, 400, 800
• Fortigate - 1000, 5000 series

Firmware v2.26 or later is required

If Firewall Analyzer is unable to receive the logs from the Fortigate after configuring from UI, please carryout the steps to configure it through command prompt

To determine the version number of the Fortigate that you are running, use the command: get system status

Configuring the FortiGate Firewall

Follow the steps below to configure the FortiGate firewall:

1. Log in to the FortiGate web interface
2. Select Log & Report > Log Setting or Log & Report > Log Config > Log Setting (depending on the version of FortiGate)
3. If you want to export logs in WELF format:
   • Select the Log in WebTrends Enhanced Log Format or the WebTrends checkbox (depending on the version of FortiGate)
   • Enter the IP address of the syslog server
   • Choose the logging level as Information or select the Log All Events checkbox (depending on the version of FortiGate)
4. If you want to export logs in the syslog format (or export logs to a different configured port):
   • Select the Log to Remote Host option or Syslog checkbox (depending on the version of FortiGate)
   • Enter the IP address and port of the syslog server
   • Select the logging level as Information or select the Log All Events checkbox (depending on the version of FortiGate)
   • Select the facility as local7
5. Click Apply

Configuring RuleSets for Logging Traffic

Follow the steps below to configure rulesets for logging all traffic from or to the FortiGate firewall:

1. Select Firewall > Policy
2. Choose a rule for which you want to log traffic and click Edit. You can configure any traffic to be logged separately if it is acted upon by a specific rule.
3. Select the Log Traffic checkbox
4. Click OK and then click Apply

Repeat the above steps for all rules for which you want to log traffic.

For more information, refer the Fortinet documentation.

If Firewall Analyzer is unable to receive the logs from the Fortigate after configuring from UI, please carryout the steps to configure it through command prompt

(For the models like Fortigate 60, Fortigate 200, etc.)

Please follow the steps to enable the device to send the logs to Firewall Analyzer.

• Start CLI on the Fortigate firewall.
• Execute the following commands to enable Syslog:

Enable syslog:

config log syslogd setting<cr>

set server (ip address)<cr>

set status enable<cr>

end<cr>

• Execute the following commands to enable Traffic:

Enable traffic:

config log syslogd filter<cr>

set severity information<cr>

set traffic enable<cr>

set web enable<cr>

set email enable<cr>
set attack enable<cr>
set im enable<cr>

set virus enable<cr>

end <cr>

Type "show log syslogd filter" to list all available traffic.

 

• Stop and start the Firewall Analyzer application/service and check if you are able to receive the Fortigate Firewall packets in Firewall Analyzer.