FortiSIEM Microsoft PPTP VPN Gateway Configuration

Microsoft PPTP VPN Gateway Configuration
Configuring Microsoft PPTP

Windows 2003 Server

  1. Logon with administrative rights
  2. Configure PPTP VPN
  3. Go to Start | All Programs | Administrative Tools | Configure Your Server Wizard, select the Remote Access/VPN Server role. The click the next button which runs the the Routing and Remote Access Wizard.
  4. Configure Server Logging – Enable authentication and accounting logging from the Settings tab on the properties of the Local File object in the Remote Access Logging folder in the Routing and Remote Access snap-in. The authentication and accounting information is stored in a configurable log file or files stored in the SystemRoot\System32\LogFiles folder. The log files are saved in Internet Authentication Service (IAS) or database-compatible format, meaning that any database program can read the log file directly for analysis.
  5. Configure Snare agent to send logs to Accelops.

Sample syslog messages

<13>Apr  1 09:28:03 dev-v-win03-vc MSPPTPLog 0

192.168.24.11,administrator,04/01/2009,09:28:00,RAS,DEV-V-WIN03-VC,44,29

,4,192.168.24.11,6,2,7,1,5,129,61,5,64,1,65,1,31,192.168.20.38,66,192.16 8.20.38,4108,192.168.24.11,4147,311,4148,MSRASV5.20,4155,1,4154,Use

Windows authentication for all users,4129,DEV-V-WIN03-VC\administrator,4130,DEV-V-WIN03-VC\administrato r,4127,4,25,311 1 192.168.24.11 04/01/2009 16:12:12 3,4149,Connections to Microsoft Routing and Remote Access server,4136,1,4142,0

PulseSecure Configuration

What is Discovered and Monitored

Configuration

Settings for Access Credentials

What is Discovered and Monitored
Protocol Information Discovered Metrics Collected Used For
Syslog   Security and Performance alerts Security and performance monitoring

Event Types

In CMDB > Event Types, search for “PulseSecure”  to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Syslog

Sample PulseSecure Syslog Messages

Settings for Access Credentials

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.