FortiGate Administration Guide - FirewallShop.com

More documents

Recommendations

Info

FortiGuard Analysis Service Log&Report You can customize the level that the FortiGate unit logs these events at as well as where the FortiGate unit stores the logs. The level these events are logged at, or the severity level, is defined when configuring the logging location. There are six severity levels to choose from. See “Log severity levels” on page 471 for more information. For better log storage and retrieval, the FortiGate unit can send log messages to a FortiAnalyzer unit. FortiAnalyzer units are network appliances that provide integrated log collection, analysis tools and data storage. Detailed log reports provide historical as well as current analysis of network and email activity. Detailed log reports also help identify security issues, reducing network misuse and abuse. The FortiGate unit can send all log message types, as well as quarantine files, to a FortiAnalyzer unit for storage. The FortiAnalyzer unit can upload log files to an FTP server for archival purposes. See “Logging to a FortiAnalyzer unit” on page 472 for details on configuring the FortiGate unit to send log messages to a FortiAnalyzer unit. The FortiGate unit can send log messages to either a Syslog server or WebTrends server for storage and archival purposes. You can also configure the FortiGate unit to send log messages to its hard disk, if available. Configuring the FortiGate unit to send log messages to the hard disk is only available in the CLI. See the FortiGate CLI Reference for configuring logging to the hard disk. The FortiGate unit enables you to view log messages available in memory, on a FortiAnalyzer unit running firmware version 3.0 or higher, including the hard disk if available. Customizable filters enable you to easily locate specific information within the log files. See the FortiGate Log Message Reference for details and descriptions of log messages and formats. FortiGuard Analysis Service FortiGuard Analysis Service is a subscription-based service that provides logging and reporting solutions for FortiGate-100A units and lower. The FortiGuard Analysis Service is available on FortiGate-100A units and lower running FortiOS 3.0MR4 and higher. The FortiGuard Analysis network is made up of two types of servers, the primary analysis server and the secondary analysis server. The primary analysis server stores logs generated from the FortiGate unit. The secondary analysis server provides redundancy, ensuring log data is available at all times. There are several secondary analysis servers available for redundancy for each FortiGate unit. The network also includes the main analysis server, which is responsible for monitoring and maintaining the primary and secondary analysis servers. When the FortiGate unit connects for the first time to the FortiGuard Analysis network, the FortiGate unit retrieves its assigned primary analysis server, contract term, and storage space quota from the main analysis server. The main analysis server contains this information so it can maintain and monitor the status of each of the servers. After configuring logging to the assigned primary analysis server, the FortiGate unit begins logging to that primary analysis server. The FortiGate unit sends encrypted logs to the primary analysis server using TCP port 514. The connection to the main analysis server is secured by SSL using port 443. FortiGate Version 3.0 MR5 Administration Guide 470 01-30005-0203-20070830
Log&Report Log severity levels Note: After upgrading to FortiOS 3.0MR5, you need to re-enter your account ID and then update the service to re-connect to the FortiGuard Analysis network. FortiGuard Analysis Service portal website The portal website provides a central location for registering your contract information as well as viewing logs and reports. Contracts provide access to the FortiGuard Analysis Service and are purchased through your sales representative. Before purchasing a contract, you require registering for a trial contract. The trial contract provides the contract number for registering for the FortiGuard Analysis Service on the FortiGuard Analysis Service website. After the trial contract expires, you can then purchase a full contract from your sales representative. After purchasing a full contract, you only require registering at the portal. See the FortiGuard Analysis and Management Services Administration Guide if you require more information about FortiGuard Analysis Service. Note: The portal also includes FortiGuard Management Services features. See “System Maintenance” on page 179 for more information about FortiGuard Management Services. Log severity levels You can define what severity level the FortiGate unit records logs at when configuring the logging location. The FortiGate unit logs all messages at and above the logging severity level you select. For example, if you select Error, the unit logs Error, Critical, Alert and Emergency level messages. Table 44: Log severity levels Levels Description Generated by 0 - Emergency The system has become unstable. Event logs, specifically administrative events, can generate an emergency severity level. 1 - Alert Immediate action is required. Attack logs are the only logs that generate an Alert severity level. 2 - Critical Functionality is affected. Event, Antivirus, and Spam filter logs. 3 - Error An error condition exists and Event and Spam filter logs. functionality could be affected. 4 - Warning Functionality could be affected. Event and Antivirus logs. 5 - Notification Information about normal events. Traffic and Web Filter logs. 6 - Information General information about system operations. Content Archive, Event, and Spam filter logs. The Debug severity level, not shown in Table 44, is rarely used. It is the lowest log severity level and usually contains some firmware status information that is useful when the FortiGate unit is not functioning properly. Debug log messages are only generated if the log severity level is set to Debug. Debug log messages are generated by all types of FortiGate features. FortiGate Version 3.0 MR5 Administration Guide 01-30005-0203-20070830 471
Page 1 and 2:
ADMINISTRATION GUIDE FortiGate Vers
Page 3 and 4:
Contents Contents Introduction ....
Page 5 and 6:
Contents Enabling VDOMs............
Page 7 and 8:
Contents Replacement messages......
Page 9 and 10:
Contents Router Static ............
Page 11 and 12:
Contents Firewall Virtual IP ......
Page 13 and 14:
Contents User .....................
Page 15 and 16:
Contents Content block.............
Page 17 and 18:
Contents Configuring FortiGuard Ana
Page 19 and 20:
Introduction What’s new in this r
Page 21 and 22:
MANAGEMENT E2 14 12 10 8 6 4 2 0 CL
Page 23 and 24:
Esc Esc Enter Enter Introduction In
Page 25 and 26:
PWR INTERNAL EXTERNAL DMZ HA 1 2 3
Page 27 and 28:
POWER STATUS INTERNAL EXTERNAL DMZ
Page 29 and 30:
Introduction Fortinet family of pro
Page 31 and 32:
Introduction About this document Yo
Page 33 and 34:
Introduction FortiGate documentatio
Page 35 and 36:
Introduction Customer service and t
Page 37 and 38:
Web-based manager Web-based manager
Page 39 and 40:
Web-based manager Button bar featur
Page 41 and 42:
Web-based manager Button bar featur
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
System Status Status page System St
Page 51 and 52:
System Status Status page System in
Page 53 and 54:
System Status Status page Web Filte
Page 55 and 56:
System Status Status page History i
Page 57 and 58:
System Status Status page FortiGate
Page 59 and 60:
System Status Changing the FortiGat
Page 61 and 62:
System Status Viewing operational h
Page 63 and 64:
System Status Viewing Statistics Vi
Page 65 and 66:
System Status Viewing Statistics Vi
Page 67 and 68:
System Status Topology viewer Topol
Page 69 and 70:
System Status Topology viewer Addin
Page 71 and 72:
Using virtual domains Virtual domai
Page 73 and 74:
Using virtual domains Virtual domai
Page 75 and 76:
Using virtual domains Configuring V
Page 77 and 78:
Using virtual domains Configuring V
Page 79 and 80:
System Network Interface System Net
Page 81 and 82:
System Network Interface Name IP/Ne
Page 83 and 84:
System Network Interface Interface
Page 85 and 86:
System Network Interface Administra
Page 87 and 88:
System Network Interface When an in
Page 89 and 90:
System Network Interface Figure 40:
Page 91 and 92:
System Network Interface Status Dis
Page 93 and 94:
System Network Interface Name Virtu
Page 95 and 96:
System Network Interface Use secure
Page 97 and 98:
System Network Interface IP/Netmask
Page 99 and 100:
System Network Network Options Netw
Page 101 and 102:
System Network Routing table (Trans
Page 103 and 104:
System Network Configuring the mode
Page 105 and 106:
System Network Configuring the mode
Page 107 and 108:
System Network VLAN overview VLAN o
Page 109 and 110:
System Network VLANs in NAT/Route m
Page 111 and 112:
System Network VLANs in Transparent
Page 113 and 114:
System Network VLANs in Transparent
Page 115 and 116:
System Network FortiGate IPv6 suppo
Page 117 and 118:
System Wireless About FortiWiFi-50B
Page 119 and 120:
System Wireless Channel assignments
Page 121 and 122:
System Wireless FortiWiFi-50B, 60A,
Page 123 and 124:
System Wireless FortiWiFi-50B, 60A,
Page 125 and 126:
System Wireless Wireless MAC Filter
Page 127 and 128:
System Wireless Wireless Monitor MA
Page 129 and 130:
System DHCP FortiGate DHCP servers
Page 131 and 132:
System DHCP Configuring DHCP servic
Page 133 and 134:
System DHCP Viewing address leases
Page 135 and 136:
System Config HA System Config This
Page 137 and 138:
System Config HA Figure 75: FortiGa
Page 139 and 140:
System Config HA Cluster members li
Page 141 and 142:
System Config HA Viewing HA statist
Page 143 and 144:
System Config SNMP Interface IP/Net
Page 145 and 146:
System Config SNMP Figure 83: SNMP
Page 147 and 148:
System Config SNMP FortiGate traps
Page 149 and 150:
System Config SNMP Fortinet MIB fie
Page 151 and 152:
System Config SNMP Table 24: Virtua
Page 153 and 154:
System Config Replacement messages
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
System Config Operation mode and VD
Page 161 and 162:
System Administrators Administrator
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
System Administrators Access profil
Page 171 and 172:
System Administrators Access profil
Page 173 and 174:
System Administrators Central Manag
Page 175 and 176:
System Administrators Settings Diff
Page 177 and 178:
System Administrators Monitoring ad
Page 179 and 180:
System Maintenance Maintenance Syst
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
System Maintenance Revision Control
Page 187 and 188:
System Maintenance FortiGuard Cente
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
System Maintenance License To confi
Page 201 and 202:
System Chassis (FortiGate-5000 seri
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
Switch (FortiGate-224B only) Overvi
Page 209 and 210:
Switch (FortiGate-224B only) Viewin
Page 211 and 212:
Page 213 and 214:
Switch (FortiGate-224B only) Config
Page 215 and 216:
Switch (FortiGate-224B only) Using
Page 217 and 218:
Switch (FortiGate-224B only) Using
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Router Static Routing concepts Rout
Page 233 and 234:
Router Static Routing concepts All
Page 235 and 236:
Router Static Static Route Static R
Page 237 and 238:
Router Static Static Route • Devi
Page 239 and 240:
Router Static Policy Route Policy R
Page 241 and 242:
Router Static Policy Route Moving a
Page 243 and 244:
Router Dynamic Router Dynamic This
Page 245 and 246:
Router Dynamic RIP Figure 152:Basic
Page 247 and 248:
Router Dynamic RIP Redistribute Gar
Page 249 and 250:
Router Dynamic OSPF Defining an OSP
Page 251 and 252:
Router Dynamic OSPF Networks Interf
Page 253 and 254:
Router Dynamic OSPF Defining OSPF a
Page 255 and 256:
Router Dynamic OSPF Selecting opera
Page 257 and 258:
Router Dynamic BGP BGP updates adve
Page 259 and 260:
Router Dynamic Multicast To view an
Page 261 and 262:
Router Dynamic Bi-directional Forwa
Page 263 and 264:
Router Monitor Displaying routing i
Page 265 and 266:
Router Monitor Searching the FortiG
Page 267 and 268:
Firewall Policy About firewall poli
Page 269 and 270:
Firewall Policy Viewing the firewal
Page 271 and 272:
Firewall Policy Configuring firewal
Page 273 and 274:
Page 275 and 276:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Firewall Policy Firewall policy exa
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Firewall Address About firewall add
Page 291 and 292:
Firewall Address Configuring addres
Page 293 and 294:
Firewall Service Viewing the predef
Page 295 and 296:
Firewall Service Viewing the predef
Page 297 and 298:
Firewall Service Viewing the custom
Page 299 and 300:
Firewall Service Viewing the servic
Page 301 and 302:
Firewall Schedule Viewing the one-t
Page 303 and 304:
Firewall Schedule Configuring recur
Page 305 and 306:
Firewall Virtual IP Virtual IPs Fir
Page 307 and 308:
Firewall Virtual IP Virtual IPs If
Page 309 and 310:
Firewall Virtual IP Configuring vir
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Firewall Virtual IP Configuring VIP
Page 325 and 326:
Firewall Virtual IP IP pools IP Poo
Page 327 and 328:
Firewall Virtual IP Configuring IP
Page 329 and 330:
Firewall Protection Profile What is
Page 331 and 332:
Firewall Protection Profile Configu
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
VPN IPSEC Overview of IPSec interfa
Page 345 and 346:
VPN IPSEC Auto Key Auto Key Two VPN
Page 347 and 348:
VPN IPSEC Auto Key Mode Authenticat
Page 349 and 350:
VPN IPSEC Auto Key Enable IPSec Int
Page 351 and 352:
VPN IPSEC Auto Key Figure 225:New P
Page 353 and 354:
VPN IPSEC Auto Key Quick Mode Selec
Page 355 and 356:
VPN IPSEC Manual Key Encryption Alg
Page 357 and 358:
VPN IPSEC Concentrator Concentrator
Page 359 and 360:
VPN IPSEC Monitor Proxy ID Destinat
Page 361 and 362:
VPN PPTP PPTP Range VPN PPTP FortiG
Page 363 and 364:
VPN SSL Configuring SSL VPN VPN SSL
Page 365 and 366:
VPN SSL Monitoring SSL VPN sessions
Page 367 and 368:
VPN SSL Viewing the SSL VPN Bookmar
Page 369 and 370:
VPN Certificates Local Certificates
Page 371 and 372:
Page 373 and 374:
Page 375 and 376:
VPN Certificates CA Certificates Im
Page 377 and 378:
VPN Certificates CRL CRL A Certific
Page 379 and 380:
User Configuring user authenticatio
Page 381 and 382:
User RADIUS servers RADIUS servers
Page 383 and 384:
User LDAP servers Configuring an LD
Page 385 and 386:
User Windows AD servers Configuring
Page 387 and 388:
User User groups User group types Y
Page 389 and 390:
User User groups User group list Go
Page 391 and 392:
User User groups Configuring FortiG
Page 393 and 394:
User User groups Enable Web Applica
Page 395 and 396:
User Authentication settings When y
Page 397 and 398:
AntiVirus Order of operations AntiV
Page 399 and 400:
AntiVirus Antivirus settings and co
Page 401 and 402:
AntiVirus File pattern Creating a n
Page 403 and 404:
AntiVirus Quarantine Note: If virtu
Page 405 and 406:
AntiVirus Quarantine Note: To enabl
Page 407 and 408:
AntiVirus Config Config Config disp
Page 409 and 410:
AntiVirus Antivirus CLI configurati
Page 411 and 412:
Intrusion Protection About intrusio
Page 413 and 414:
Intrusion Protection Predefined sig
Page 415 and 416:
Intrusion Protection Predefined sig
Page 417 and 418:
Intrusion Protection Custom signatu
Page 419 and 420: Intrusion Protection Protocol Decod
Page 421 and 422: Intrusion Protection Anomalies View
Page 423 and 424: Web Filter Order of web filtering W
Page 425 and 426: Web Filter Web filter controls Tabl
Page 427 and 428: Web Filter Content block Select web
Page 429 and 430: Web Filter Content block Viewing th
Page 431 and 432: Web Filter URL filter Configuring t
Page 433 and 434: Web Filter URL filter To view the U
Page 435 and 436: Web Filter FortiGuard - Web Filter
Page 443 and 444: Antispam Antispam Antispam This sec
Page 445 and 446: Antispam Antispam Table 41: AntiSpa
Page 447 and 448: Antispam Banned word Creating a new
Page 449 and 450: Antispam Black/White List Black/Whi
Page 451 and 452: Antispam Black/White List Action De
Page 453 and 454: Antispam Black/White List Name Comm
Page 455 and 456: Antispam Using Perl regular express
Page 457 and 458: Antispam Using Perl regular express
Page 459 and 460: IM, P2P & VoIP Overview IM, P2P & V
Page 461 and 462: IM, P2P & VoIP Configuring IM/P2P p
Page 463 and 464: IM, P2P & VoIP Statistics Statistic
Page 465 and 466: IM, P2P & VoIP User Messages File T
Page 467 and 468: IM, P2P & VoIP User Configuring a p
Page 469: Log&Report FortiGate Logging Log&Re
Page 473 and 474: Log&Report Storing Logs Figure 326:
Page 475 and 476: Log&Report Storing Logs Disk Space
Page 477 and 478: Log&Report Configuring FortiGuard A
Page 479 and 480: Log&Report Configuring FortiGuard A
Page 481 and 482: Log&Report Log types Page Navigatio
Page 483 and 484: Log&Report Log types Pattern update
Page 485 and 486: Log&Report Accessing Logs VoIP log
Page 487 and 488: Log&Report Accessing Logs View icon
Page 489 and 490: Log&Report Customizing the display
Page 491 and 492: Log&Report Content Archive Content
Page 493 and 494: Log&Report Alert Email Alert Email
Page 495 and 496: Log&Report Reports Figure 335:Viewi
Page 497 and 498: Log&Report Reports 6 Enter a title
Page 499 and 500: Log&Report Reports Destination(s) I
Page 501 and 502: Log&Report Reports When configuring
Page 503 and 504: Log&Report Reports Customize Chart
Page 505 and 506: Index Index Numerics 802.1X authent
Page 507 and 508: Index IPSec VPN, phase 1 347 channe
Page 509 and 510: Index virtual IP list 308 firewall
Page 511 and 512: Index service 294 group name HA 138
Page 513 and 514: Index attack 484 event 482 IM, P2P
Page 515 and 516: Index Phase 1 advanced options IPSe
Page 517 and 518: Index apply 403 date 403 DC 403 dow
Page 519 and 520: Index signature custom IPS signatur
Page 521 and 522:
Index VDOM configuration settings 7
Page 523 and 524:
www.fortinet.com
show all

FortiGate Administration Guide - FirewallShop.com

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?