Versions Compared

Old Version 6

changes.mady.by.user KS

Saved on

compared with

New Version Current

changes.mady.by.user Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

...

minLevel1
maxLevel6
outlinefalse
styledisc
typelist
printablefalse

About The Device

FortiGate combines a number of security features to protect your network from threats. As a whole, these features, when included in a single Fortinet security appliance, are referred to as Unified Threat Management (UTM).

Device Information

 Entity

Particulars

Vendor Name

Fortinet

Product Name

Next-Generation Firewall (NGFW)

Type of Device

OnPremHosted

Collection Method

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log Collection Method

FortiGate

FORTINET_FIREWALL

Syslog

CyberHub

...

Source

Destination

Port

Fortinet NGFW

CyberHub

601 (TCP)

Fortianalyzer

CyberHub

514 (UDP)

To facilitate secure communication and align with our best practice, we strongly encourage the use of Transport Layer Security (TLS) between your security devices and our Adaptive MxDR platform for event forwarding.

While we understand that TLS support may not be available on all devices, if your devices do support TLS communication, we recommend utilizing port 6514 for seamless integration.

In some cases, the upgraded version of the device might incorporate TLS support without prior notice. If you come across such a scenario or for further assistance in configuring TLS, we kindly ask you to reach out to your dedicated Adaptive MxDR Service Delivery Lead.

Device Configuration

To configure Fortigate to send logs to CyberHub

...

Code Block
 config system aggregation-client  
 edit 1
 set mode realtime  [Note: #mode is set to realtime, so that the realtime  events can be forwarded to the CyberHub]
 set fwd-remote-server syslog  [Note: #Real time syslog traffic is configured  to forward to a remote server]
 set server-ip <Cyberhub<CyberHub IP>   [Note: #CyberHub IP has to be given here]
 set server-name <"name ">  [Note: #The name of the CyberHub server , its user defined>] 
 set server-port <server port : 514>
 next
 end

...

Property

Default Value

Description

IP Address

Fortinet NGFW interface IP address

List of logging device IP address / Hostname details shared in the Techstack.

Note: If the device sends logs using multiple interfaces, contact the onboarding teamHostname or IP address of the device which forwards logs to the CyberHub.