Fortinet FortiWeb
- Aparna Rr
About the Device
FortiWeb is a web application firewall (WAF) that protects hosted web applications from attacks that target known and unknown exploits. Using AI-enhanced multi-layer and correlated detection methods, FortiWeb defends applications from known vulnerabilities and from zero-day threats. FortiWeb Block known and zero-day threats to applications without blocking legitimate users. Stop malicious bot activity without blocking bots that support legitimate business needs. Protect the APIs that enable B2B communications and support your mobile applications.
Device Information
 Entity | Particulars |
|---|---|
Vendor Name | Fortinet |
Product Name | Fortiweb |
Type of Device | Cloud / Hosted |
Collection Method
Log Type | Â Ingestion label | Preferred Logging Protocol - Format | Log collection method |
|---|---|---|---|
Fortinet Web Application Firewall | FORTINET_FORTIWEB | Syslog - KV | CyberHub |
Port Requirements
Source | Destination | Port |
|---|---|---|
Fortinet Fortiweb | CyberHub | 514 (UDP) |
To facilitate secure communication and align with our best practice, we strongly encourage the use of Transport Layer Security (TLS) between your security devices and our Adaptive MxDR platform for event forwarding.
While we understand that TLS support may not be available on all devices, if your devices do support TLS communication, we recommend utilizing port 6514 for seamless integration.
In some cases, the upgraded version of the device might incorporate TLS support without prior notice. If you come across such a scenario or for further assistance in configuring TLS, we kindly ask you to reach out to your dedicated Adaptive MxDR Service Delivery Lead.
Device Configuration
To enable logging
Log into Fortiweb as a Administrator.
Navigate to Log&Report > Log Config > Other Log Settings.
To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Log & Report category.
Enable below Log types.
Enable Attack Log
Enable Event Log
Ignore SSL Errors
Enable Packet Adjustment
Retain Packet Payload For
CPU Utilization
Memory Utilization
Log Disk Utilization
Trigger Policy
Click Apply.
Traffic Log and packet payloads can only be enabled via CLI command.
config log traffic-log set packet-log {enable | disable} set status {enable | disable} end
To avoid unnecessary resource consumption, the system will not generate traffic log for all server policies unless specified. After enabling status in config log traffic-log, you also need to enable the traffic log setting in Server Policy through GUI or CLI config server-policy policy.
To create a Syslog Policy
Log in to Fortinet FortiWeb.
Navigate to Log&Report > Log Policy > Syslog Policy.
Your administrator’s account access profile must have Read and Write permission to items in the Log & Report category.
Click Create New.
If the policy is new, in Policy Name, type the name of the policy as it will be referenced in the configuration.
Click Create New.
In IP Address, enter the <CYBERHUB> IP Address.
In Port, enter the listening port number 514 of the <CYBERHUB>.
Â
To enable log types and log level for Syslog
Navigate to Log&Report > Log Config > Global Log Settings. A Global Log Settings page is displayed.
Select the Syslog check box and specify the following required information:
Syslog Policy | Select your syslog policy |
|---|---|
Log Level | Select the default value: (default value - Information). |
Facility | Select the default value:(default value - "reserved for local use 7") |
Click Apply.
To create a trigger
Navigate to Log&Report > Log Policy > Trigger Policy.
Click Create New. A New Trigger Policy page is displayed.
Specify the following required information and click OK.
Policy Name | Type a name of the policy that is to be used in the further configuration |
|---|---|
Syslog Policy | Select your Syslog policy which you have created in To create a Syslog Policy steps from the drop-down list. |
Apply the trigger created for all event types to your policies that are required to be logged in to Syslog.
Integration Parameters
Parameters required from customer for Integration.
Property | Default Value | Description |
|---|---|---|
IP Address | Fortinet Fortiweb interface IP address | Hostname or IP address of the device which forwards logs to the CyberHub |
Â
About Accenture:
Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent and innovation led company with 738,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology with unmatched industry experience, functional expertise and global delivery capability. We are uniquely able to deliver tangible outcomes because of our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Accenture Song. These capabilities, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients succeed and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities. Visit us at www.accenture.com.
About Accenture Security
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Legal notice: Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. This document is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.