FORTINET FORTIGATE

Instructions for forwarding Fortinet FortiGate logs to your Log Management device

PREREQUISITES

FortiGate Next Generation (NGFW) Firewall UTM Appliance
  • The IP Address for the FortiGate appliance
  • Credentials to access the FortiGate appliance
  • Secure Shell (SSH) access configured on the FortiGate appliance
Clone Systems Log Management Device
  • The IP Address for the Clone Systems Log Management device
Instructions

1. Open a command prompt and SSH into the Fortinet FortiGate using a tool like PuTTY.

2. Configure the FortiGate unit to send logs to a remote computer running a syslog server.

  • FortiGate # config log syslogd setting

3. Set the IP address of the Clone Systems Log Management device.

  • FortiGate (setting) # set server { IP Address of Clone Systems Log collector }
  • EXAMPLE: Fortigate (setting) # set server 10.1.1.1

4. Set the source IP address for the Fortinet FortiGate.

  • FortiGate (setting) # set source-ip {internal IP of Fortigate}

Note: This is the source IP that will be displayed in the logs.

5. Enable logging to the Clone Systems Log Management device.

  • FortiGate (setting) # set status enable

6. Save the changes you have made in the current table’s fields, and exit the edit command to the object prompt.

  • FortiGate (setting) # next

7. Save the changes to the current object and exit the config command. This returns you to the top-level command prompt.

  • FortiGate (setting) # end