Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > Integrate FortiGate firewalls with SolarWinds LEM

Integrate FortiGate firewalls with SolarWinds LEM

Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 780 Votes: 0 Revisions: 29

Overview

This KB article describes how to configure your Fortinet® FortiGate firewall to send syslog events to your SolarWinds Log and Event Manager (LEM). 

To integrate your FortiGate firewall with SolarWinds LEM: 

  1. Configure your FortiGate firewall settings. 
  2. Configure the FortiGate connector in your LEM Console.

Environment

  • All LEM versions
  • FortiGate firewalls running FortiOS 4.x or 5.x

Configure your FortiGate firewall settings

Configure the FortiGate firewall settings for your specific FortiOS operating system.

Firewalls running FortiOS 4.x

Configure your FortiGate firewall running on FortiOS 4.x:

  1. Open your FortiGate Management Console.
  2. Navigate to Log & Report > Log Config > Log Settings. 
  3. Select the Syslog check box.
  4. Expand the Options section and complete all fields. 
    1. In the Name/IP field, enter the hostname or IP address of your LEM appliance.
    2. In the Port field, enter 514.
    3. In the Level field, select the logging level where FortiGate should generate log messages.

      SolarWinds recommends Level 6 - Information. This level provides the most comprehensive logging messages.

    4. In the Facility field, enter a specific syslog facility for the LEM appliance or accept the default.

      Do not select Enable CSV Format. Clear this option (if necessary).  

      The LEM connector matches the default value in FortiGate by default. If required, you can configure custom values in both areas. 

  5. Click Apply.

    Your firewall is configured. 

Firewalls running FortiOS 5.x

In FortiOS 5.x, you can only define a syslog server using a command line. If you defined virtual domains (VDOMs), run through the appropriate command for each VDOM. 

The system includes three sets of syslog settings you need to consider before conducting an overwrite. SolarWinds recommends identifying these settings first before you continue. 

config log {syslogd | syslogd2 | syslogd3} setting

config log {syslogd | syslogd2 | syslogd3} setting

config log {syslogd | syslogd2 | syslogd3} setting

show

end

See the FortiGate FortiOS CLI Reference for 5.0 Guide located on the Fortinet website for information about the following setting:

{syslogd |  syslogd2 | syslogd3}

To configure your firewall running FortiOS 5.x, open a command line and execute the following: 

config global

config log syslogd2 setting 

set status enable

set csv disable

set server <lem><lem/></lem>

set source-ip <ip><ip/></ip>

end

See the FortiGate FortiOS CLI Reference for FortiOS 5.0 Guide for more information.

Configure the FortiGate connector in your LEM Console

After you configure your FortiGate firewall settings, configure the appropriate FortiGate connector in your LEM Console. 

If you are running FortiOS 4.x, configure the FortiGate 2.8+ connector. If you are running FortiOS 5.x, configure the FortiGate 5.0+ connector. 

  1. Open your LEM Console and log in as an administrator.
  2. Click Manage and select Appliances.
  3. In the Appliances screen, click the "gear" drop-down menu next to your appliance and select Connectors.
  4. In the Search field, enter Fortigate.
  5. In the Connectors screen, locate the appropriate FortiGate connector for your FortiOS operating system.
  6. Click the "gear" drop-down menu next to the appropriate connector and select New. 

    The Connector Configuration window displays. 

  7. In the Alias field, enter a custom name or accept the default name. 
  8. In the Log field, verify that the path is pointed to the local facility configured in your device syslog settings.
  9. When you are finished, click Save.
  10. Click the "gear" drop-down menu next to your new connector (highlighted with an icon in the Status column) and select Start.
  11. Click Close to exit the Connector Configuration window. 

    Your FortiGate connector is configured in your LEM console. 

See Troubleshooting network devices logging to LEM for information about troubleshooting connectors and logging devices. 

Last modified
20:02, 22 Jun 2016

Tags

Classifications

Public