Waterloo Systems Service Center


Fortigate FortiOS 3.0 Configuration
Knowledge Base

Vanguard Monitor Configuration for Fortigate FortiOS 3.0

Pre-Configuration Check List

1)  Confirm the UTM has a valid and active default route to the Internet, and that port 514 UDP is open on any firewall that is in front of the Fortigate if present.

2)  Confirm that your login is either the main admin account or a user account with admin privileges.

3)  Prepare the firewall policies and protection profile items that will be applied on the UTM firewall.  The steps below will require some choices for these settings in advance.


Firewall Protection Profile Configuration

The UTM firewall is capable of filtering events on a granular level using the Protection Profile settings.  The Protection Profile allows configuration of Antivirus, IPS, Web filtering, and Spam.

1) Log in to the UTM and from the main menu list select, Firewall -> Protection Profile.

Fortinet protection profile


2) Either select an existing profile to edit, or create a new profile.

3) In the Edit Protection Profile view, select the profile categories as shown in the screenshot below and check the associated check boxes under the Logging option.

Other sections of the Protection Profile may be set according to the policies decided in Pre-Configuration Check List item #3.

Fortinet protection profile

4) When completed, click 'Return' to return to the Protection Profile list.

5) The Protection Profile that you edited, or created, will be applied to a Firewall Policy in the next section, "Firewall Policies", to enable specific event filtering and logging.


Firewall Policy Configuration

The UTM firewall must have firewall policies that allow traffic through the firewall, filter the desired elements of that traffic, and create an event log for the traffic.

1) Log in to the UTM and from the main menu list select, Firewall -> Policy.

Fortinet firewall policy

2) Verify that policies exist for the filtering and logging behavior you desire.  For example, policies for internal -> wan1 and for wan1 -> internal.  

3) For each policy that you wish to log, click the 'edit' button to the right of its listing.

Fortinet edit policy 

4) In the Edit Policy view, check the Protection Profile check box, and from the adjacent pulldown, select the Protection Profile that you configured in the above ("Firewall Protection Profiles") section.

5) Check the Log Allowed Traffic check box. This will apply logging to all events that are handled by this policy and enabled in the "Event Log Configuration" section.


Syslog Setting Configuration

Directing syslog from the UTM to the Vanguard Monitor service at Waterloo Systems requires that port 514 UDP have a route to the Internet.  The following instructions will enable syslog forwarding.

1) Log in to the UTM and from the main menu list select, navigate to Log&Report -> Log Config.

Fortigate log config

2) Configure Log Settings. Click the Log Settings tab. Enter the following settings:

a) Check the Memory checkbox, and select Information from the pulldown.

b) Check the Syslog checkbox, and enter the following.

Syslog Name/IP: provided by Account Activation Email
Port:514
Minimum Security Level: Information
Facility: local7 
Do not check Enable CSV format.

3) When finished you may return to the main status page.


Log Filter Configuration

Configuring the UTM to send data requires that the syslog events be filtered for the data that is analyzed by Vanguard.  

1) Log in to the UTM and from the main menu list select, navigate to Log&Report -> Log Config.

2) Configure Log Settings. Click the Event Log tab. Enter the following check box settings as shown in the screenshot:

Fortigate log filter

3) When finished you may return to the main status page.
Copyright 2007 Waterloo Systems. All Rights Reserved. Created and Designed by VisionLine Media
Waterloo Systems Products Solutions Managed Security Our Company Service Center Home