Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Fortinet FortiGate

 

The JSA for Fortinet collects events from Fortinet FortiGate and FortiAnalyzer products.

The following table identifies the specifications for the Fortinet FortiGate DSM:

Table 1: Fortinet FortiGate DSM Specifications

Specification

Value

Manufacturer

Fortinet

DSM name

Fortinet FortiGate

RPM file name

DSM-FortinetFortiGate-JSA_version-build_number.noarch.rpm

Supported versions

FortiOS v2.5

Protocol

Syslog

Syslog Redirect

Recorded event types

All events

Auto discovered?

Yes

Includes identity?

Yes

Includes custom properties?

Yes

More information

Fortinet website (http://www.fortinet.com)

To integrate Fortinet FortiGate DSM with JSA, complete the following steps:

  1. If automatic updates are not enabled, download the most recent version of the Fortinet FortiGate RPM on your JSA console:

  2. Download and install the Syslog Redirect protocol RPM to collect events through Fortigate FortiAnalyzer. When you use the Syslog Redirect protocol, JSA can identify the specific Fortigate firewall that sent the event.

  3. For each instance of Fortinet FortiGate, configure your Fortinet FortiGate system to send syslog events to JSA.

  4. If JSA does not automatically detect the log source for Fortinet FortiGate, you can manually add the log source. For the protocol configuration type, select Syslog, and then configure the parameters.

  5. If you want JSA to receive events from Fortinet FortiAnalyzer, manually add the log source. For the protocol configuration type, select Syslog Redirect, and then configure the parameters.

    The following table lists the specific parameter values that are required for Fortinet FortiAnalyzer event collection:

    Parameter

    Value

    Log Source Identifier RexEx

    devname=([\w-]+)

    Listen Port

    517

    Protocol

    UDP