Fortinet FortiGate Security Gateway
The JSA for Fortinet collects events from Fortinet FortiGate Security Gateway and FortiAnalyzer products.
The following table identifies the specifications for the Fortinet FortiGate Security Gateway DSM:
Specification |
Value |
---|---|
Manufacturer |
Fortinet |
DSM name |
Fortinet FortiGate Security Gateway |
RPM file name |
DSM-FortinetFortiGate-JSA_version-build_number.noarch.rpm |
Supported versions |
FortiOS v6.4 and earlier |
Protocol |
Syslog Syslog Redirect |
Recorded event types |
All events |
Auto discovered? |
Yes |
Includes identity? |
Yes |
Includes custom properties? |
Yes |
More information |
Fortinet website (http://www.fortinet.com) |
To integrate Fortinet FortiGate Security Gateway DSM with JSA, complete the following steps:
If automatic updates are not enabled, download the most recent version of the Fortinet FortiGate Security Gateway RPM on your JSA console:
Download and install the Syslog Redirect protocol RPM to collect events through Fortigate FortiAnalyzer. When you use the Syslog Redirect protocol, JSA can identify the specific Fortigate Security Gateway firewall that sent the event.
For each instance of Fortinet FortiGate Security Gateway, configure your Fortinet FortiGate Security Gateway system to send syslog events to JSA.
If JSA does not automatically detect the log source for Fortinet FortiGate Security Gateway, you can manually add the log source. For the protocol configuration type, select Syslog, and then configure the parameters.
If you want JSA to receive events from Fortinet FortiAnalyzer, manually add the log source. For the protocol configuration type, select Syslog Redirect, and then configure the parameters.
The following table lists the specific parameter values that are required for Fortinet FortiAnalyzer event collection:
Parameter
Value
Log Source Identifier RexEx
devname=([\w-]+)
Listen Port
517
Protocol
UDP