Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Current »

Overview

Fortinet / FortiGate is a network firewall , delivering networking and security capabilities in a single platform. We here providing you the steps to ingest the device with Seceon SIEM to have a better visibility of threats happening in your environment .

Steps Of Configuration

  • Log in to the firewall User Interface

  • Change VDOM

    • By default, user would logon to “root” vdom.

    • They need to make sure that Global vdom is selected.

    • User can do that by clicking on the dropdown on top left side and select the vdom root.

For Logs Configuration:

  •  Click and expand "Log & Report" then click on 'Log Settings'

  •  Add the CCE IP address

  •  Check the option 'send logs to syslog'

  •  Click Apply to save your settings.

NetFlow configuration steps for version 7.0.0 onwards :

  • To Configure NetFlow, Login into CLI with correct privileges.

    • config system netflow

    • Description: Configure NetFlow.

    • set collector-ip {ipv4-address}

    • set collector-port {integer}

    • set source-ip {ipv4-address}

    • set active-flow-timeout {integer}

    • set inactive-flow-timeout {integer}

    • set template-tx-timeout {integer}

    • set template-tx-counter {integer}

    • end

Parameter

Description

Type

Size

Default

collector-ip

Collector IP - Seceon CCE IP Address

ipv4-address

Not Specified

0.0.0.0

collector-port

NetFlow collector port number.

integer

Minimum value: 0 Maximum value: 65535

9995

source-ip

Source IP address for communication with the NetFlow agent.

ipv4-address

Not Specified

0.0.0.0

active-flow-timeout

Timeout to report active flows.

integer

Minimum value: 60 Maximum value: 3600

1800

inactive-flow-timeout

Timeout for the periodic report of finished flows.

integer

Minimum value: 10 Maximum value: 600

15

template-tx-timeout

Timeout for periodic template flow set transmission.

integer

Minimum value: 60 Maximum value: 86400

1800

template-tx-counter

The counter flow set records before resending a template flow set the record.

integer

Minimum value: 10 Maximum value: 6000

20

For Netflow configuration older version of FortiOS.

  • Click on the dashboard and scroll down to the CLI console

  • Click on the CLI console to connect.

  • To Configure Netflow, type the following commands on the console one after another. Make sure to replace <ipv4_addr> with CCE IP Address

    • config global Firewall  (This step might not be required in some versions of FortiGate firewall) 

    • config system netflow 

    • set collector-ip <ipv4_address>

    • set collector-port 9995

    • end

  • To Enable Netflow, type the following

    • config system interface 

    • edit <interface name>    ....with all the interfaces to be configured

    • set netflow-sampler both

    • end

Verification

Verification can be done in two ways

On CCE:

Run the command on CCE server to check if you start getting logs and flows from firewall:

To check the logs :

sudo tcpdump -i any port 514 and host <Firewall IP>

To check the flows:

sudo tcpdump -i any port 9995 and host <Firewall IP>

On UI

STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.


  • No labels

Seceon Inc. All rights reserved. https://www.seceon.com