Log View – FortiManager 5.2

Log view

Logging and reporting can help you determine what is happening on your network, as well as informing you of certain network activity, such as the detection of a virus, or IPsec VPN tunnel errors. Logging and reporting go hand in hand, and can become a valuable tool for information gathering, as well as displaying the activity that is happening on the network.

Your FortiManager device collects logs from managed FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiSandbox, FortiWeb, FortiClient, and syslog servers.

Collected logs

Device Type	Log Type
FortiGate	Traffic Event: Endpoint, HA, System, Router, VPN, User, WAN Opt. & Cache, and Wireless Security: Vulnerability Scan, AntiVirus, Web Filter, Application Control, Intrusion Prevention, Email Filter, Data Leak Prevention FortiClient VoIP Content logs are also collected for FortiOS 4.3 devices.
FortiCarrier	Traffic, Event
FortiCache	Traffic, Event, Antivirus, Web Filter
FortiClient	Traffic , Event
FortiMail	History, Event, Antivirus, Email Filter
FortiManager	Event
FortiSandbox	Malware, Network Alerts
FortiWeb	Event, Intrusion Prevention, Traffic
Syslog	Generic

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5 6 7 8 9 10 11 12

FortiView – FortiManager 5.2

16 Replies

FortiView

The FortiView tab allows you to access both FortiView drill down and Log view menus. FortiView in FortiManager collects data from FortiView in FortiGate. In order for information to appear in the FortiView dashboards in FortiGate, disk logging must be selected for the FortiGate unit. Select the FortiView tab and select the ADOM from the dropdown list.

When rebuilding the SQL database, FortiView will not be available until after the rebuild is completed. Select the Show Progress link in the message to view the status of the SQL rebuild.

FortiView

Use FortiView to drill down real-time and historical traffic from log devices by sources, applications, destinations, web sites, threats, cloud applications, cloud users, system and admin events, SSL and dialup IPsec, site to site IPsec, rogue APs, and resource usage. Each FortiView summary view can be filtered by a variety of attributes, as well as by device and time period. These attributes can be selected using the right-click context menu. Results can also be filtered using the various columns. The following summary views are available:

Top Sources l Top Applications l Top Destinations l Top Web Sites l Top Threats l Top Cloud Applications/Users l System Events l Admin Logins l SSL & Dialup IPsec l Site-to-Site IPsec
Rogue APs l Resource usage

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13

High Availability – FortiManager 5.2

Leave a reply

High Availability

This section provides a general description of FortiManager High Availability (HA). This section also describes all HA configuration options and includes some basic HA configuration and maintenance procedures.

This section describes: l HA overview l Configuring HA options l Monitoring HA status

l Upgrading the FortiManager firmware for an operating cluster

HA overview

FortiManager high availability (HA) provides a solution for a key requirement of critical enterprise management and networking components: enhanced reliability. Understanding what’s required for FortiManager reliability begins with understanding what normal FortiManager operations are and how to make sure that these normal operations continue if a FortiManager unit fails.

Most of the FortiManager operations involve storing FortiManager, and FortiGate configuration and related information in the FortiManager database on the FortiManager unit hard disk. A key way to enhance reliability of FortiManager is to protect the data in the FortiManager database from being lost if the FortiManager unit fails. This can be achieved by dynamically backing up FortiManager database changes to one or more backup FortiManager units. Then if the operating FortiManager unit fails, a backup FortiManager unit can take the place of the failed unit.

A FortiManager HA cluster consists of up five FortiManager units of the same FortiManager model. One of the FortiManager units in the cluster operates as a primary or master unit and the other one to four units operate as backup units. All of the units are visible on the network. The primary unit and the backup units can be at the same location. FortiManager HA also supports geographic redundancy so the primary unit and backup units can be in different locations attached to different networks as long as communication is possible between them (for example over the Internet, over a WAN, or through a private network).

Administrators connect to the primary unit Web-based Manager or CLI to perform FortiManager operations. Managed devices connect with the primary unit for configuration backup and restore. If FortiManager is used to distribute firmware updates and FortiGuard updates to managed devices, the managed devices can connect to the primary unit or one of the backup units.

If the primary FortiManager unit fails you must manually configure one of the backup units to become the primary unit.

The new primary unit will have the same IP addresses as it did when it was the backup unit.

HA overview

Pages: 1 2 3 4 5 6

FortiGuard Management – FortiManager 5.2

Leave a reply

FortiGuard Management

The FortiGuard Distribution Network (FDN) provides FortiGuard services for your FortiManager system and its managed devices and FortiClient agents. The FDN is a world-wide network of FortiGuard Distribution Servers (FDS) which update the FortiGuard services on your FortiManager system on a regular basis so that your FortiManager system is protected against the latest threats.

The FortiGuard services available on the FortiManager system include:

l Antivirus and IPS engines and signatures l Web filtering and email filtering rating databases and lookups (select systems) l Vulnerability scan and management support for FortiAnalyzer

To view and configure these services, go to FortiGuard > FortiGuard Management > Advanced Settings.

In FortiGuard Management, you can configure the FortiManager system to act as a local FDS, or use a web proxy server to connect to the FDN. FortiManager systems acting as a local FDS synchronize their FortiGuard service update packages with the FDN, then provide FortiGuard these updates and look up replies to your private network’s FortiGate devices. The local FDS provides a faster connection, reducing Internet connection load and the time required to apply frequent updates, such as antivirus signatures, to many devices.

As an example, you might enable FortiGuard services to FortiGate devices on the built-in FDS, then specify the FortiManager system’s IP address as the override server on your devices. Instead of burdening your Internet connection with all the devices downloading antivirus updates separately, the FortiManager system would use the Internet connection once to download the FortiGate antivirus package update, then redistribute the package to the devices.

FortiGuard Management also includes firmware revision management. To view and configure firmware options, go to FortiGuard Management > Firmware Images. You can download these images from the Customer Service & Support portal to install on your managed devices or on the FortiManager system.

Before you can use your FortiManager system as a local FDS, you must:

Register your devices with Fortinet Customer Service & Support and enable the FortiGuard service licenses. See your device documentation for more information on registering your products.
If the FortiManager system’s Unregistered Device Options do not allow service to unregistered devices, add your devices to the device list, or change the option to allow service to unregistered devices. For more information, see the FortiManagerCLI Reference.

For information about FDN service connection attempt handling or adding devices, see Device Manager.

Enable and configure the FortiManager system’s built-in FDS. For more information, see Configuring network interfaces. l Connect the FortiManager system to the FDN.

The FortiManager system must retrieve service update packages from the FDN before it can redistribute them to devices and FortiClient agents on the device list. For more information, see Connecting the built-in FDS to the FDN.

Configure each device or FortiClient endpoint to use the FortiManager system’s built-in FDS as their override server. You can do this when adding a FortiGate system. For more information, see Adding a device.

This section contains the following topics:

Advanced settings l Configuring devices to use the built-in FDS l Configuring FortiGuard services l Logging events related to FortiGuard services l Restoring the URL or antispam database l Package management l Query server management l Firmware images

For information on current security threats, virus and spam sample submission, and FortiGuard service updates available through the FDN, including antivirus, IPS, web filtering, and email filtering, see the FortiGuard Center website, http://www.fortiguard.com/.

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Central VPN Console – FortiManager 5.2

Leave a reply

Central VPN Console

When Central VPN Console is selected for VPN Management when creating an ADOM, a VPN Console tree menu item will appear in the Policy & Objects tab under Policy Package. You will need to enable the Show VPN Console option in System Settings > Admin > Admin Settings. You can create VPN topologies in this page. Once you have configured a VPN topology and gateway, you can configure the related firewall policies, preview and install. For more information, see Managing policies.

VPN topology

You can create full meshed, star, and dial up VPN topologies. Once you have created the topology, you can create the VPN gateway.

Create VPN Topology

Configure the following settings:

Name	Type a name for the VPN topology.
Description	Type an optional description.
Topology	Select the topology type from the drop-down list. Select one of: l Full Meshed: Each gateway has a tunnel to every other gateway. l Star: Each gateway has one tunnel to a central hub gateway. l Dial up: Some gateways, often mobile users, have dynamic IP addresses and contact the gateway to establish a tunnel.
IKE Profile	Define the IKE Profile. Configure IKE Phase 1, IKE Phase 2, Advanced settings, and Authentication settings.
IKE Phase 1	Define the IKE Phase 1 proposal settings .

Pages: 1 2 3 4 5 6

Policy and Objects – FortiManager 5.2

9 Replies

Policy & Objects

The Policy & Objects tab enables you to centrally manage and configure the devices that are managed by the FortiManager unit. This includes the basic network settings to connect the device to the corporate network, antivirus definitions, intrusion protection signatures, access rules, and managing and updating firmware for the devices.

If the administrator account you logged on with does not have the appropriate permissions, you will not be able to edit or delete settings, or apply any changes. Instead you are limited to browsing. To modify these settings, see Profile.

If workspace is enabled, all policies and objects are read-only until you lock the ADOM. After making any changes you must select the save icon. When unlocking the ADOM, before the save action has been selected, a warning message will open advising you that you have unsaved configuration changes. You can select to save the changes from the warning message dialog box. Alternatively, you can select to lock and edit a specific policy package in the ADOM.

ADOM level policies and objects

The following options are available:

policy package

Select to access the policy package menu. The menu options are the same as the the right-click menu options.

About policies

Policy

Select to create a new policy.

Tools

Select and then select either ADOM Revisions or Display Options from the menu.

Collapse All / Expand

All

Select to collapse or expand all policies.

In v5.0.5 and earlier, if workspace is enabled, an ADOM must be locked before any changes can made to policy packages or objects. See Concurrent ADOM access for information on enabling or disabling workspace.

In v5.2.0 and later, if workspace is enabled, you can select to lock and edit the policy package in the right-click menu. You do not need to lock the ADOM first. The policy package lock status is displayed in the toolbar.

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

Scripts – FortiManager 5.2

Leave a reply

Scripts

Scripts must be configured to be displayed to be accessible as described in this chapter. Go to System Settings > Admin > Admin Settings and select Show Script from the Display Options on GUI section to make it visible in the Web-based Manager. For more information, see Administrator settings.

Additional configuration options and short-cuts are available using the right-click menu. Right-click the mouse on different navigation panes in the Web-based Manager page to access these options.

FortiManager scripts enable you to create, execute, and view the results of scripts executed on FortiGate devices, policy packages, the ADOM database, the global policy package, or the DB. Scripts can also be filtered based on different device information, such as OS type and platform.

At least one FortiGate device must be configured in the FortiManager system for you to be able to use scripts.

Scripts can be written in one of two formats:

A sequence of FortiGate CLI commands, as you would type them at the command line. A comment line starts with the number sign (#). A comment line will not be executed.
Tcl scripting commands to provide more functionality to your scripts including global variables and decision structures.

When writing your scripts, it is generally easier to write them in a context-sensitive editor, and then cut and paste them into the script editor on your FortiManager system. This can help avoid syntax errors and can reduce the amount of troubleshooting required for your scripts.

For information about scripting commands, see the FortiGate CLI reference.

Configuring scripts

To configure, import, export, or run scripts, go to the Device Manager tab, expand an ADOM view in the tree menu, and then select Scripts > Script. To configure script groups, go to Scripts > CLI Script Group. The script list for the selected ADOM will be displayed.

Script list

The following information is displayed:

Name	The user-defined script name.
Type	The script type.
Target	The script target. One of the following: l Device Database l Policy Package, ADOM Database l Remote FortiGate Directly (via CLI)
Comments	User defined comment for the script.
Last Modified	The date and time that the script was last modified.

The following options are available:

Create New	Select to create a new script.
Import	Select to import a script from your management computer. Type a name, description, select Tcl type if applicable, and browse for the file on your management computer. Select submit to import the script to FortiManager.
Run	Select a script in the table, right-click, and select Run in the menu to run the script against the target selected. When selecting to run a script against a policy package, select the policy package from the drop-down list in the dialog window. When selecting to run a script against a device or database, select the device in the tree menu in the dialog window.
New		Select a script in the table, right-click, and select New in the menu to create a new script.
Edit		Select a script in the table, right-click, and select Edit in the menu to clone the script selected.
Clone		Select a script in the table, right-click, and select Clone in the menu to clone the script selected.
Delete		Select a script in the table, right-click, and select Delete in the menu to delete the script selected.
Export		Select a script in the table, right-click, and select Export in the menu to export the script as a .txt file to your management computer.
Select All		Select Select All in the right-click menu to select all scripts in the table and select Delete to delete all selected scripts.
Search		Search the scripts by typing a search term in the search field.

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13

Device Configurations – FortiManager 5.2

Leave a reply

Device Configurations

The FortiManager system maintains a configuration repository to manage device configuration revisions. After modifying device configurations, you can save them to the FortiManager repository and install the modified configurations to individual devices or device groups. You can also retrieve the current configuration of a device, or revert a device’s configuration to a previous revision.

This section contains the following topics: l Checking device configuration status l Managing configuration revision history

Checking device configuration status

In the Device Manager tab, when you select a device, you can view that device’s basic information under the device dashboard. You can also check if the current configuration file of the device stored in the FortiManager repository is in sync with the one running on the device.

If you make any configuration changes to a device directly, rather than using the FortiManager system, the configuration on the device and the configuration saved in the FortiManager repository will be out of sync. In this case, you can re synchronize with the device by retrieving the configuration from the device and saving it to the FortiManager repository.

You can use the following procedures when checking device configuration status on a FortiGate, FortiCarrier, or FortiSwitch.

To check the status of a configuration installation on a FortiGate unit:

Go to the Device Manager tab, then select the ADOM and device group.
In the All FortiGate page, select the FortiGate unit that you want to check the configuration status of. The device dashboardof for that unit is shown in the right content pane.
In the dashboard, locate the Configuration and Installation Status
Verify the status in the Installation Tracking

Configuration and installation status widget

Checking device configuration status

The following information is shown:

Device Profile	The device profile associated with the device. Select Change to set this value.
Database Configuration	Select View to display the configuration file of the FortiGate unit.
Total Revisions	Displays the total number of configuration revisions and the revision history. Select Revision History to view device history.
Sync Status	The synchronization status with the FortiManager. l Synchronized: The latest revision is confirmed as running on the device. l Out_of_sync: The configuration file on the device is not synchronized with the FortiManager system. l Unknown: The FortiManager system is unable to detect which revision (in revision history) is currently running on the device. Select Refresh to update the Installation Status.
Warning	Displays any warnings related to configuration and installation status. l None: No warning. l Unknown configuration version running on FortiGate: FortiGate configuration has been changed!: The FortiManager system cannot detect which revision (in Revision History) is currently running on the device. l Unable to detect the FortiGate version: Connectivity error! l Aborted: The FortiManager system cannot access the device.
Installation Tracking
Device Settings Status		l Modified: Some configuration on the device has changed since the latest revision in the FortiManager database. Select Save Now to install and save the configuration. l UnModified: All configuration displayed on the device is saved as the latest revision in the FortiManager database.
Installation Preview		Select icon to display a set of commands that will be used in an actual device configuration installation in a new window.
Last Installation		Last Installation: The FortiManager system sent a configuration to the device at the time and date listed.
Scheduled Installation		Scheduled Installation: A new configuration will be installed on the device at the date and time indicated.
Script Status		Select Configure to view script execution history.
Last Script Run		Displays the date when the last script was run against the managed device.
Scheduled Script		Displays the date when the next script is scheduled to run against the managed device.

Pages: 1 2 3