Also specify the source interface through which Firewall Analyzer connects to Firewall. If you already have a SNMP community, edit it to provide Firewall Analyzer (SNMP Manager) IP address. Enter Description, Location and Contact information.To allow SNMP traffic through the source interface use the below command: config system interface internal To ensure the source interface that connects Firewall Analyzer to Firewall device allows SNMP traffic, execute the below command: get system interface To enable the SNMP Manager running in Firewall Analyzer to make queries to SNMP Agent running in the firewall: config system snmp If it is disabled, enable it by using the below commands: config system snmp sysinfo Configure/Enable SNMP Protocol for Fortigate Firewall deviceĮnsure SNMP is enabled in Fortigate box by using the below command: get system snmp sysinfo The extended-traffic-log enable command would also cause traffic hitting a deny policy (or the implicit deny policy) to be logged regardless if logging is enable or not on the deny policy. When disabled, a log is only generated upon a session stop. When enabled, traffic logging volume is doubled because a log is generated when the sessions starts and stops. This feature is for ICSA compliance and is enabled by default. If further memory reduction or increase of logging rate are required, there are several optimization possibilities. Syslog setting can only be done through CLI mode. If it is v5.0 or above, ensure option 'reliable' is disabled in syslog config. If FirewallAnalyzer is not getting logs from Fortigate, please check Fortigate OS version. In Fortigate OS v5.0, there is an option to send syslog using TCP. Stop and start the Firewall Analyzer application/service and check if you are able to receive the Fortigate Firewall packets in Firewall Analyzer. Type " show log syslogd filter" to list all available traffic. Execute the following commands to enable Traffic:.Execute the following commands to enable Syslog:.Please follow the steps to enable the device to send the logs to Firewall Analyzer. (For the models like Fortigate 60, Fortigate 200, etc.) If Firewall Analyzer is unable to receive the logs from the Fortigate after configuring from UI, please carryout the steps to configure it through command prompt Repeat the above steps for all rules for which you want to log traffic.įor more information, refer the Fortinet documentation. You can configure any traffic to be logged separately if it is acted upon by a specific rule. Choose a rule for which you want to log traffic and click Edit.Select the logging level as Information or select the Log All Events checkbox (depending on the version of FortiGate)ĭo not select CSV format for exporting the logs.įollow the steps below to configure rulesets for logging all traffic from or to the FortiGate firewall:.Enter the IP address and port of the syslog server.
Select the Log to Remote Host option or Syslog checkbox (depending on the version of FortiGate) Syslog format is preffered over WELF, in order to support vdom in Fortigate firewalls.If you want to export logs in the syslog format (or export logs to a different configured port):.Choose the logging level as Information or select the Log All Events checkbox (depending on the version of FortiGate).Enter the IP address of the syslog server.Select the Log in WebTrends Enhanced Log Format or the WebTrends checkbox (depending on the version of FortiGate).If you want to export logs in WELF format:.Select Log & Report > Log Setting or Log & Report > Log Config > Log Setting (depending on the version of FortiGate).To determine the version number of the Fortigate that you are running, use the command: get system status Configuring the FortiGate Firewallįollow the steps below to configure the FortiGate firewall: In order to get the vdom support for Fortigate Firewall, ensure that the log format selected is Syslog instead of WELF. For configuring High Availablity for FortiGate Firewall with vdoms, refer the procedure given below. There is no separate configuration required in Firewall Analyzer for receving logs from Virtual Firewalls of the Fortinet physical device. Ensure Application Control service in their Fortigate firewall is enabled to generate the Application report. This report is available for Fortigate only.
Information about Applications like Skype, FaceBook, YouTube and application categories accessed by users will be available in this report.
Firewall Analyzer supports the following versions of FortiGate: