Fortinet black logo

Online Help

Home FortiCNP 22.4.a Online Help
22.4.a
22.4.a
22.3.b
22.3.a

AWS Traffic Configuration

AWS Traffic Configuration

FortiCNP consolidates AWS traffic logs of all virtual private cloud resources and present in a graphical user interface. By enabling traffic log, FortiCNP lets you be able to monitor all inbound and outbound traffic visually, and remediate suspicious activities on AWS Cloud. To activate Traffic feature on FortiCNP, AWS flow logs needs to be enabled.

Prerequisite

An active Amazon AWS account installed on FortiCNP is required to enable Traffic logging.

Create log group on AWS

  1. Log into AWS portal: https://console.aws.amazon.com/
  2. Click on Services and search for "cloudwatch".
  3. Click on Logs from left menu.
  4. Click on Get Started. then click on Create log group in welcome page.
  5. Give a log group name and keep the log group name for later use.
  6. Click OK to finish creating log group.

Enable flow log in VPC

  1. Click on Services and search for "VPC".
  2. In VPC Dashboard, click Your VPCs.
  3. Select all the VPC that you want to create flow log, right click, and select Create flow log.

  4. In Filter field, click on drop down menu to select All.
  5. Make sure Destination has Send to CloudWatch Logs selected.
  6. In Destination log group, enter the log group name created earlier.
  7. Under IAM role click on Set Up Permissions to grant permission.

  8. In the new pop-up screen, click Create role.

  9. Under Trusted entity type select Custom trust policy.
  10. Inside Principal add "Service": "vpc-flow-logs.amazonaws.com".

  11. Click Next.
  12. In Add permissions page click Create policy.

  13. In the new pop-up screen, click JSON tab and replace the content with the code below.

    14. {

    "Version": "2012-10-17",

    "Statement": [

    {

    "Effect": "Allow",

    "Action": [

    "logs:CreateLogGroup",

    "logs:CreateLogStream",

    "logs:PutLogEvents",

    "logs:DescribeLogGroups",

    "logs:DescribeLogStreams"

    ],

    "Resource": "*"

    }

    ]

    }

  14. Your code should be like the image below. Click Next: Tags and Next: Review.

  15. In Review policy page, type a Name, for example: "flowlogspolicy".
  16. Click Create policy.
  17. Go back to Add permissions page in Role creation and click the refresh button.

  18. Select the new flow logs policy created in step#16 and click Next.
  19. Choose a Role name, for example, "flowlogsrole" and click Create role.
  20. Go back to Create flow log page, next to IAM role, click the refresh button and select flowlogsrole.

  21. Click Create flow log to finish.

FortiCNP is now able to extract cloud traffic data from AWS and integrate in FortiCNP Traffic view.

Enable Policy for Traffic Inspection

In this example, a Threat Detection policy will be enabled to track suspicious botnet activity in cloud traffic.

  1. Go to Policies > Threat Detection > Network tab.
  2. Expand Suspicious instances involved in botnet activity.
  3. Enable the policy, and click Save Changes.

Previous
Next

AWS Traffic Configuration

FortiCNP consolidates AWS traffic logs of all virtual private cloud resources and present in a graphical user interface. By enabling traffic log, FortiCNP lets you be able to monitor all inbound and outbound traffic visually, and remediate suspicious activities on AWS Cloud. To activate Traffic feature on FortiCNP, AWS flow logs needs to be enabled.

Prerequisite

An active Amazon AWS account installed on FortiCNP is required to enable Traffic logging.

Create log group on AWS

  1. Log into AWS portal: https://console.aws.amazon.com/
  2. Click on Services and search for "cloudwatch".
  3. Click on Logs from left menu.
  4. Click on Get Started. then click on Create log group in welcome page.
  5. Give a log group name and keep the log group name for later use.
  6. Click OK to finish creating log group.

Enable flow log in VPC

  1. Click on Services and search for "VPC".
  2. In VPC Dashboard, click Your VPCs.
  3. Select all the VPC that you want to create flow log, right click, and select Create flow log.

  4. In Filter field, click on drop down menu to select All.
  5. Make sure Destination has Send to CloudWatch Logs selected.
  6. In Destination log group, enter the log group name created earlier.
  7. Under IAM role click on Set Up Permissions to grant permission.

  8. In the new pop-up screen, click Create role.

  9. Under Trusted entity type select Custom trust policy.
  10. Inside Principal add "Service": "vpc-flow-logs.amazonaws.com".

  11. Click Next.
  12. In Add permissions page click Create policy.

  13. In the new pop-up screen, click JSON tab and replace the content with the code below.

    14. {

    "Version": "2012-10-17",

    "Statement": [

    {

    "Effect": "Allow",

    "Action": [

    "logs:CreateLogGroup",

    "logs:CreateLogStream",

    "logs:PutLogEvents",

    "logs:DescribeLogGroups",

    "logs:DescribeLogStreams"

    ],

    "Resource": "*"

    }

    ]

    }

  14. Your code should be like the image below. Click Next: Tags and Next: Review.

  15. In Review policy page, type a Name, for example: "flowlogspolicy".
  16. Click Create policy.
  17. Go back to Add permissions page in Role creation and click the refresh button.

  18. Select the new flow logs policy created in step#16 and click Next.
  19. Choose a Role name, for example, "flowlogsrole" and click Create role.
  20. Go back to Create flow log page, next to IAM role, click the refresh button and select flowlogsrole.

  21. Click Create flow log to finish.

FortiCNP is now able to extract cloud traffic data from AWS and integrate in FortiCNP Traffic view.

Enable Policy for Traffic Inspection

In this example, a Threat Detection policy will be enabled to track suspicious botnet activity in cloud traffic.

  1. Go to Policies > Threat Detection > Network tab.
  2. Expand Suspicious instances involved in botnet activity.
  3. Enable the policy, and click Save Changes.

Previous
Next