Fortinet black logo

Administration Guide

Configuring FortiGate Cloud

Configuring FortiGate Cloud

FortiGate Cloud is a hosted security management and log retention service for FortiGate devices. It provides centralized reporting, traffic analysis, configuration management, and log retention without the need for additional hardware or software.

FortiGate Cloud offers a wide range of features:

  • Simplified central management

    FortiGate Cloud provides a central GUI to manage individual or aggregated FortiGate and FortiWiFi devices. Adding a device to the FortiGate Cloud management subscription is straightforward. FortiGate Cloud has detailed traffic and application visibility across the whole network.

  • Hosted log retention with large default storage allocated

    Log retention is an integral part of any security and compliance program, but administering a separate storage system is onerous. FortiGate Cloud takes care of this automatically and stores the valuable log information in the cloud. Different types of logs can be stored, including Traffic, System Events, Web, Applications, and Security Events.

  • Monitoring and alerting in real time

    Network availability is critical to a good end-user experience. FortiGate Cloud enables you to monitor your FortiGate network in real time with different alerting mechanisms to pinpoint potential issues. Alerting mechanisms can be delivered via email.

  • Customized or pre-configured reporting and analysis tools

    Reporting and analysis are your eyes and ears into your network’s health and security. Pre-configured reports are available, as well as custom reports that can be tailored to your specific reporting and compliance requirements. The reports can be emailed as PDFs, and can cover different time periods.

  • Maintain important configuration information uniformly

    The correct configuration of the devices within your network is essential for maintaining optimum performance and security posture. In addition, maintaining the correct firmware (operating system) level allows you to take advantage of the latest features.

  • Service security

    All communication (including log information) between the devices and the cloud is encrypted. Redundant data centers are always used to give the service high availability. Operational security measures have been put in place to make sure your data is secure — only you can view or retrieve it.

For more information about FortiGate Cloud, see the FortiGate Cloud documentation.

Registration and activation

note icon

Before you can activate a FortiGate Cloud account, you must first register your device.

FortiGate Cloud accounts can be registered manually through the FortiGate Cloud website, https://www.forticloud.com, or you can easily register and activate your account directly from your FortiGate.

To activate your FortiGate Cloud account:
  1. On your device, go to Dashboard > Status.
  2. In the FortiGate Cloud widget, click the Not Activated > Activate button in the Status field.
  3. A pane will open asking you to register your FortiGate Cloud account. Click Create Account, enter your information, view and accept the terms and conditions, and then click OK.
  4. A second dialogue window open , asking you to enter your information to confirm your account. This sends a confirmation email to your registered email. The dashboard widget then updates to show that confirmation is required.
  5. Open your email, and follow the confirmation link it contains.

    A FortiGate Cloud page will open, stating that your account has been confirmed. The Activation Pending message on the dashboard will change to state the type of account you have, and will provide a link to the FortiGate Cloud portal.

Enabling logging to FortiGate Cloud

To enable logging to FortiGate Cloud:
  1. Go to Security Fabric > Fabric Connectors > Cloud Logging or Log & Report > Log Settings.
  2. Enable Cloud Logging.
  3. Select an upload option: Realtime, Every Minute, or Every 5 Minutes (default).
  4. Click Apply.

Logging into the FortiGate Cloud portal

Once logging has been configured and you have registered your account, you can log into the FortiGate Cloud portal and begin viewing your logging results. There are two methods to reach the FortiGate Cloud portal:

  • If you have direct network access to the FortiGate:
    1. Go to Dashboard > Status.
    2. In the FortiGate Cloud widget, in the Status field, click Activated > Launch Portal, or, in the Licenses widget, click FortiCare Support > Launch Portal.
  • If you do not have access to the FortiGate’s interface, visit the FortiGate Cloud website (https://www.forticloud.com) and log in remotely, using your email and password. It will ask you to confirm the FortiGate Cloud account you are connecting to and then you will be granted access.

Configuring a Security Fabric with FortiGate Cloud logging

A Security Fabric can be created on the root device using FortiGate Cloud for cloud logging. When the FortiCloud account enforcement is enabled (by default), members joining the Fabric must be registered to the same FortiCloud account. Devices that are not activated with FortiCloud are also allowed.

For example, the root FortiGate (FGT_10_101F) is configured with FortiGate Cloud logging. In the Security Fabric settings, the FortiCloud account enforcement option is enabled by default. The downstream FortiGate, FGT-F-VM, with the same FortiCloud account ID is able to join the Fabric.

To configure a Security Fabric with FortiCloud logging in the GUI:
  1. On the root FortiGate, configure FortiCloud logging:
    1. Go to Security Fabric > Fabric Connectors and double-click the Cloud Logging card.
    2. Set the Type to FortiGate Cloud.
    3. Set the Upload option to Real Time.

    4. Click OK.
  2. Configure the Security Fabric settings (see Configuring the root FortiGate and downstream FortiGates). The FortiCloud account enforcement setting is enabled by default.

  3. On the FGT-F-VM, check the FortiCloud logging settings:
    1. Go to Security Fabric > Fabric Connectors and double-click the Cloud Logging card. The settings are automatically retrieved from the root and the Account is the same.

  4. Configure the FGT-F-VM to join the Security Fabric:
    1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
    2. Set the Security Fabric role to Join Existing Fabric.
    3. Click OK. The FortiGate is authorized and successfully joins the Security Fabric.

To configure a Security Fabric with FortiCloud logging in the CLI:
config log fortiguard setting
    set status enable
    set upload-option realtime
end

The FortiCloud account enforcement setting is enabled by default in the Security Fabric settings:

show system csf
    config system csf
        set status enable
        set group-name "CSF_101"
        set forticloud-account-enforcement enable
    end

Cloud sandboxing

FortiGate Cloud can be used for automated sample tracking, or sandboxing, for files from a FortiGate. This allows suspicious files to be sent to be inspected without risking network security. If the file exhibits risky behavior, or is found to contain a virus, a new virus signature is created and added to the FortiGuard antivirus signature database.

See Configuring Sandboxing for instructions to configure FortiGate Cloud Sandbox. Sandboxing results are shown on the Sandbox tab in the FortiGate Cloud portal.

More Links

Configuring FortiGate Cloud

FortiGate Cloud is a hosted security management and log retention service for FortiGate devices. It provides centralized reporting, traffic analysis, configuration management, and log retention without the need for additional hardware or software.

FortiGate Cloud offers a wide range of features:

  • Simplified central management

    FortiGate Cloud provides a central GUI to manage individual or aggregated FortiGate and FortiWiFi devices. Adding a device to the FortiGate Cloud management subscription is straightforward. FortiGate Cloud has detailed traffic and application visibility across the whole network.

  • Hosted log retention with large default storage allocated

    Log retention is an integral part of any security and compliance program, but administering a separate storage system is onerous. FortiGate Cloud takes care of this automatically and stores the valuable log information in the cloud. Different types of logs can be stored, including Traffic, System Events, Web, Applications, and Security Events.

  • Monitoring and alerting in real time

    Network availability is critical to a good end-user experience. FortiGate Cloud enables you to monitor your FortiGate network in real time with different alerting mechanisms to pinpoint potential issues. Alerting mechanisms can be delivered via email.

  • Customized or pre-configured reporting and analysis tools

    Reporting and analysis are your eyes and ears into your network’s health and security. Pre-configured reports are available, as well as custom reports that can be tailored to your specific reporting and compliance requirements. The reports can be emailed as PDFs, and can cover different time periods.

  • Maintain important configuration information uniformly

    The correct configuration of the devices within your network is essential for maintaining optimum performance and security posture. In addition, maintaining the correct firmware (operating system) level allows you to take advantage of the latest features.

  • Service security

    All communication (including log information) between the devices and the cloud is encrypted. Redundant data centers are always used to give the service high availability. Operational security measures have been put in place to make sure your data is secure — only you can view or retrieve it.

For more information about FortiGate Cloud, see the FortiGate Cloud documentation.

Registration and activation

note icon

Before you can activate a FortiGate Cloud account, you must first register your device.

FortiGate Cloud accounts can be registered manually through the FortiGate Cloud website, https://www.forticloud.com, or you can easily register and activate your account directly from your FortiGate.

To activate your FortiGate Cloud account:
  1. On your device, go to Dashboard > Status.
  2. In the FortiGate Cloud widget, click the Not Activated > Activate button in the Status field.
  3. A pane will open asking you to register your FortiGate Cloud account. Click Create Account, enter your information, view and accept the terms and conditions, and then click OK.
  4. A second dialogue window open , asking you to enter your information to confirm your account. This sends a confirmation email to your registered email. The dashboard widget then updates to show that confirmation is required.
  5. Open your email, and follow the confirmation link it contains.

    A FortiGate Cloud page will open, stating that your account has been confirmed. The Activation Pending message on the dashboard will change to state the type of account you have, and will provide a link to the FortiGate Cloud portal.

Enabling logging to FortiGate Cloud

To enable logging to FortiGate Cloud:
  1. Go to Security Fabric > Fabric Connectors > Cloud Logging or Log & Report > Log Settings.
  2. Enable Cloud Logging.
  3. Select an upload option: Realtime, Every Minute, or Every 5 Minutes (default).
  4. Click Apply.

Logging into the FortiGate Cloud portal

Once logging has been configured and you have registered your account, you can log into the FortiGate Cloud portal and begin viewing your logging results. There are two methods to reach the FortiGate Cloud portal:

  • If you have direct network access to the FortiGate:
    1. Go to Dashboard > Status.
    2. In the FortiGate Cloud widget, in the Status field, click Activated > Launch Portal, or, in the Licenses widget, click FortiCare Support > Launch Portal.
  • If you do not have access to the FortiGate’s interface, visit the FortiGate Cloud website (https://www.forticloud.com) and log in remotely, using your email and password. It will ask you to confirm the FortiGate Cloud account you are connecting to and then you will be granted access.

Configuring a Security Fabric with FortiGate Cloud logging

A Security Fabric can be created on the root device using FortiGate Cloud for cloud logging. When the FortiCloud account enforcement is enabled (by default), members joining the Fabric must be registered to the same FortiCloud account. Devices that are not activated with FortiCloud are also allowed.

For example, the root FortiGate (FGT_10_101F) is configured with FortiGate Cloud logging. In the Security Fabric settings, the FortiCloud account enforcement option is enabled by default. The downstream FortiGate, FGT-F-VM, with the same FortiCloud account ID is able to join the Fabric.

To configure a Security Fabric with FortiCloud logging in the GUI:
  1. On the root FortiGate, configure FortiCloud logging:
    1. Go to Security Fabric > Fabric Connectors and double-click the Cloud Logging card.
    2. Set the Type to FortiGate Cloud.
    3. Set the Upload option to Real Time.

    4. Click OK.
  2. Configure the Security Fabric settings (see Configuring the root FortiGate and downstream FortiGates). The FortiCloud account enforcement setting is enabled by default.

  3. On the FGT-F-VM, check the FortiCloud logging settings:
    1. Go to Security Fabric > Fabric Connectors and double-click the Cloud Logging card. The settings are automatically retrieved from the root and the Account is the same.

  4. Configure the FGT-F-VM to join the Security Fabric:
    1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
    2. Set the Security Fabric role to Join Existing Fabric.
    3. Click OK. The FortiGate is authorized and successfully joins the Security Fabric.

To configure a Security Fabric with FortiCloud logging in the CLI:
config log fortiguard setting
    set status enable
    set upload-option realtime
end

The FortiCloud account enforcement setting is enabled by default in the Security Fabric settings:

show system csf
    config system csf
        set status enable
        set group-name "CSF_101"
        set forticloud-account-enforcement enable
    end

Cloud sandboxing

FortiGate Cloud can be used for automated sample tracking, or sandboxing, for files from a FortiGate. This allows suspicious files to be sent to be inspected without risking network security. If the file exhibits risky behavior, or is found to contain a virus, a new virus signature is created and added to the FortiGuard antivirus signature database.

See Configuring Sandboxing for instructions to configure FortiGate Cloud Sandbox. Sandboxing results are shown on the Sandbox tab in the FortiGate Cloud portal.