Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 5.3.0 External Systems Configuration Guide
    5.3.0
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    Juniper Networks SSL VPN Gateway

    Juniper Networks SSL VPN Gateway

    What is Discovered and Monitored

    Protocol Information Discovered Metrics Collected Used For
    SNMP
    Syslog

    Event Types

    In ADMIN > Device Support > Event, search for "junos_dynamic_vpn" in the Name column to see the event types associated with this device.

    Rules

    There are no predefined rules for this device.

    Reports

    There are no predefined reports for this device.

    Configuration

    SNMP
    1. Log into your device with administrative credentials.
    2. Go to System > Log/Monitoring > SNMP.
    3. Under Agent Properties, enter public for Community.
    Syslog
    VPN Access Syslogs
    1. Go to System > Log/Monitoring > User Access > Settings.
    2. Under Select Events to Log, select Login/logout, User Settings, and Network Connect.
    3. Under Syslog Servers, enter the IP address of your FortiSIEM virtual appliance, and set the Facility to LOCAL0.
    4. Click Save Changes.
    Admin Access Syslogs
    1. Go to System > Log/Monitoring > Admin Access > Settings.
    2. Under Select Events to Log, select Administrator changes, License Changes, and Administrator logins.
    3. Under Syslog Servers, enter the IP address of your FortiSIEM virtual appliance, and set the Facility to LOCAL0.
    4. Click Save Changes.

    Sample Parsed Juniper Networks SSL VPN Syslog Messages

    <134>Juniper: 2008-10-28 04:34:53 - ive - [192.168.20.82] admin(Users)[] - Login failed using auth server SteelBelted (Radius Server).  Reason: Failed

<134>Juniper: 2008-10-28 03:12:03 - ive - [192.168.20.82] wenyong(Users)[Users] - Login succeeded for wenyong/Users from 192.168.20.82.
 
<134>Juniper: 2008-10-28 03:55:20 - ive - [192.168.20.82] wenyong(Users)[Users] - Network Connect: Session ended for user with IP 172.16.3.240

<134>Juniper: 2008-10-28 03:05:25 - ive - [172.16.3.150] admin(Admin Users)[] - Primary authentication successful for admin/Administrators from 172.16.3.150

<134>Juniper: 2008-10-28 05:33:02 - ive - [172.16.3.150] admin(Admin Users)[] - Primary authentication failed for admin/Administrators from 172.16.3.150

    Settings for Access Credentials

    SNMP Access Credentials for All Devices

    Set these Access Method Definition values to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

    SettingValue
    Name<set name>
    Device TypeGeneric
    Access ProtocolSNMP
    Community String<your own>
    Previous
    Next

    Juniper Networks SSL VPN Gateway

    Juniper Networks SSL VPN Gateway

    What is Discovered and Monitored

    Protocol Information Discovered Metrics Collected Used For
    SNMP
    Syslog

    Event Types

    In ADMIN > Device Support > Event, search for "junos_dynamic_vpn" in the Name column to see the event types associated with this device.

    Rules

    There are no predefined rules for this device.

    Reports

    There are no predefined reports for this device.

    Configuration

    SNMP
    1. Log into your device with administrative credentials.
    2. Go to System > Log/Monitoring > SNMP.
    3. Under Agent Properties, enter public for Community.
    Syslog
    VPN Access Syslogs
    1. Go to System > Log/Monitoring > User Access > Settings.
    2. Under Select Events to Log, select Login/logout, User Settings, and Network Connect.
    3. Under Syslog Servers, enter the IP address of your FortiSIEM virtual appliance, and set the Facility to LOCAL0.
    4. Click Save Changes.
    Admin Access Syslogs
    1. Go to System > Log/Monitoring > Admin Access > Settings.
    2. Under Select Events to Log, select Administrator changes, License Changes, and Administrator logins.
    3. Under Syslog Servers, enter the IP address of your FortiSIEM virtual appliance, and set the Facility to LOCAL0.
    4. Click Save Changes.

    Sample Parsed Juniper Networks SSL VPN Syslog Messages

    <134>Juniper: 2008-10-28 04:34:53 - ive - [192.168.20.82] admin(Users)[] - Login failed using auth server SteelBelted (Radius Server).  Reason: Failed

<134>Juniper: 2008-10-28 03:12:03 - ive - [192.168.20.82] wenyong(Users)[Users] - Login succeeded for wenyong/Users from 192.168.20.82.
 
<134>Juniper: 2008-10-28 03:55:20 - ive - [192.168.20.82] wenyong(Users)[Users] - Network Connect: Session ended for user with IP 172.16.3.240

<134>Juniper: 2008-10-28 03:05:25 - ive - [172.16.3.150] admin(Admin Users)[] - Primary authentication successful for admin/Administrators from 172.16.3.150

<134>Juniper: 2008-10-28 05:33:02 - ive - [172.16.3.150] admin(Admin Users)[] - Primary authentication failed for admin/Administrators from 172.16.3.150

    Settings for Access Credentials

    SNMP Access Credentials for All Devices

    Set these Access Method Definition values to allow FortiSIEM to communicate with your device over SNMP. Set the Name and Community String.

    SettingValue
    Name<set name>
    Device TypeGeneric
    Access ProtocolSNMP
    Community String<your own>
    Previous
    Next