Log Configuration Using FortiGate GUI
- In FortiGate, go to Log & Report > Log Settings.
- Enable Send Logs to FortiAnalyzer/FortiManager.
- In Server, enter the FortiCASB receiver's IP address.
- Test the connectivity by clicking Test Connectivity.
The FortiCASB receiver IP address can be found by pressing the Device button from the FortiCASB Shadow IT dashboard. It will be one of the following addresses:
Global and US Users | 52.89.162.108 or 52.24.189.163 |
EU Users | 54.155.112.218 or 34.240.128.139 |
You can also configure and check the connection by using the following CLI.
Please only choose one method(CLI or GUI) to configure FortiCASB connection. If you have already done it through GUI, do not configure it again through CLI. |
Log configuration using FortiGate CLI
Obtain the Application Control ID from FortiGate:
Go to FortiGate > Security Events > Application Control > Other
Then continue with the log configuration using FortiGate CLI mode.
- Login to the FortiGate's CLI mode.
- Configure log settings for the FortiCASB device on the FortiGate.
- (Optional) Configure the log filter to only forward application-ctrl logs using the application control ID obtained earlier:
- Test the connection using the following CLI command:
#config log fortianalyzer setting
#set status enable
#set server <FortiCASB server IP>
#set enc-algorithm high-medium
#set upload-option realtime
#set reliable enable
#end
#config log fortianalyzer filter
#config free-style
#edit 1
#set filter-type include
#set filter "logid <Application Control ID>"
#end
#execute log fortianalyzer test-connectivity
If the connection is successful, the FortiGate will return the following:
Registration: registered
Connection: allow
Otherwise, the FortiGate will return an error code