Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 5.3.1 External Systems Configuration Guide
    5.3.1
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    Juniper Networks SSG

    Juniper Networks SSG Firewall

    What is Discovered and Monitored

    Protocol

    Information Discovered

    Metrics collected

    Used for

    SNMP

    Host name, Hardware model, Network interfaces, Operating system version

    Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Firewall connection count

    Availability and Performance Monitoring

    Telnet/SSH

    Running configuration

    Configuration Change

    Performance Monitoring, Security and Compliance

    Syslog

    Device type

    Traffic log, Admin login activity logs, Interface up/down logs

    Availability, Security and Compliance

    Event Types

    In ADMIN > Device Support > Event, search for "SSG" in the Device Type column to see the event types associated with this device.

    Rules

    There are no predefined rules for this device.

    Reports

    There are no predefined reports for this device.

    Configuration

    SNMP and SSH
    Enable SNMP, SSH, and Ping
    1. Log in to your firewall's device manager as an administrator.
    2. Go to Network > Interfaces > List.
    3. Select the interface and click Edit.
    4. Under Service Options, for Management Services, select SNMP and SSH.
    5. For Other Services, select Ping.
    Create SNMP Community String and Management Station IP
    1. Go to Configuration > Report Settings > SNMP.
    2. If the public community is not available, create it and provide it with read-only access.
    3. Enter the Host IP address and Netmask of your FortiSIEM virtual appliance.
    4. Select the Source Interface that your firewall will use to communicate with FortiSIEM.
    5. Click OK.

    You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, see "Discovery Settings" and "Setting Credentials" in the User Guide.

    Syslog
    Modify Policies so Traffic Matching a Policy is Sent via Syslog to FortiSIEM
    1. Go to Policies.
    2. Select a policy and click Options.
    3. Select Logging.
    4. Click OK.
    Set FortiSIEM as a Destination Syslog Server
    1. Go to Configuration > Report Settings > Syslog.
    2. Select Enable syslog messages.
    3. Select the Source Interface that your firewall will use to communicate with FortiSIEM.
    4. Under Syslog servers, enter the IP/Hostname of your FortiSIEM virtual appliance.
    5. For Port, enter 514.
    6. For Security Facility, select LOCALD.
    7. For Facility, select LOCALD.
    8. Select Event Log and Traffic Log.
    9. Select Enable.
    10. Click Apply.
    Set the Severity of Syslogs to Send to FortiSIEM
    1. Go to Configuration > Report Setting > Log Settings.
    2. Click Syslog.
    3. Select the Severity Levels of the syslogs you want sent to FortiSIEM.
    4. Click Apply.
    Sample Parsed FortiGate Syslog 

    <129>Aug 26 11:09:45 213.181.33.233 20090826, 6219282, 2009/08/26 09:09:40, 2009/08/26 08:09:49, global.CoX, 1363,
CoX-eveTd-fw1, 213.181.41.226, traffic, traffic log, untrust, (NULL), 81.243.104.82, 64618, 81.243.104.82,
64618, dmz, (NULL), 213.181.36.162, 443, 213.181.36.162, 443, tcp, global.CoX, 1363, Workaniser_cleanup, fw/vpn, 34,
accepted, info, no, (NULL), (NULL), (NULL), (NULL), 3, 858, 1323, 2181, 0, 0, 14, 1, no, 0, Not 
				
<129>Aug 26 11:09:45 213.181.33.233 20090826, 6219282, 2009/08/26 09:09:40, 2009/08/26 08:09:49, global.CoX, 1363,
CoX-eveTd-fw1, Category, Sub-Category, untrust, (NULL), 81.243.104.82, 64618, 81.243.104.82, 64618, dmz,
(NULL), 213.181.36.162, 443, 213.181.36.162, 443, tcp, global.Randstad, 1363, Workaniser_cleanup, fw/vpn, 34, accepted,
info, no, (NULL), (NULL), (NULL), (NULL), 3, 858, 1323, 2181, 0, 0, 14, 1, no, 0, Not

    Settings for Access Credentials

    SNMP Access Credentials for All Devices

    Use these Access Method Definition settings to allow FortiSIEM to access your over SNMP. Set the Name and Community String.

    Setting Value
    Name <set name>
    Device Type Generic
    Access Protocol SNMP
    Community String <your own>
    Telnet Access Credentials for All Devices

    These are the generic settings for providing Telnet access to your device from FortiSIEM.

    Setting Value
    Name Telnet-generic
    Device Type generic
    Access Protocol Telnet
    Port 23
    User Name A user who has permission to access the device over Telnet
    Password The password associated with the user
    SSH Access Credentials for All Devices

    These are the generic settings for providing SSH access to your device from FortiSIEM.

    Setting Value
    Name ssh-generic
    Device Type Generic
    Access Protocol SSH
    Port 22
    User Name A user who has access credentials for your device over SSH
    Password The password for the user
    Previous
    Next

    Juniper Networks SSG

    Juniper Networks SSG Firewall

    What is Discovered and Monitored

    Protocol

    Information Discovered

    Metrics collected

    Used for

    SNMP

    Host name, Hardware model, Network interfaces, Operating system version

    Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Firewall connection count

    Availability and Performance Monitoring

    Telnet/SSH

    Running configuration

    Configuration Change

    Performance Monitoring, Security and Compliance

    Syslog

    Device type

    Traffic log, Admin login activity logs, Interface up/down logs

    Availability, Security and Compliance

    Event Types

    In ADMIN > Device Support > Event, search for "SSG" in the Device Type column to see the event types associated with this device.

    Rules

    There are no predefined rules for this device.

    Reports

    There are no predefined reports for this device.

    Configuration

    SNMP and SSH
    Enable SNMP, SSH, and Ping
    1. Log in to your firewall's device manager as an administrator.
    2. Go to Network > Interfaces > List.
    3. Select the interface and click Edit.
    4. Under Service Options, for Management Services, select SNMP and SSH.
    5. For Other Services, select Ping.
    Create SNMP Community String and Management Station IP
    1. Go to Configuration > Report Settings > SNMP.
    2. If the public community is not available, create it and provide it with read-only access.
    3. Enter the Host IP address and Netmask of your FortiSIEM virtual appliance.
    4. Select the Source Interface that your firewall will use to communicate with FortiSIEM.
    5. Click OK.

    You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, see "Discovery Settings" and "Setting Credentials" in the User Guide.

    Syslog
    Modify Policies so Traffic Matching a Policy is Sent via Syslog to FortiSIEM
    1. Go to Policies.
    2. Select a policy and click Options.
    3. Select Logging.
    4. Click OK.
    Set FortiSIEM as a Destination Syslog Server
    1. Go to Configuration > Report Settings > Syslog.
    2. Select Enable syslog messages.
    3. Select the Source Interface that your firewall will use to communicate with FortiSIEM.
    4. Under Syslog servers, enter the IP/Hostname of your FortiSIEM virtual appliance.
    5. For Port, enter 514.
    6. For Security Facility, select LOCALD.
    7. For Facility, select LOCALD.
    8. Select Event Log and Traffic Log.
    9. Select Enable.
    10. Click Apply.
    Set the Severity of Syslogs to Send to FortiSIEM
    1. Go to Configuration > Report Setting > Log Settings.
    2. Click Syslog.
    3. Select the Severity Levels of the syslogs you want sent to FortiSIEM.
    4. Click Apply.
    Sample Parsed FortiGate Syslog 

    <129>Aug 26 11:09:45 213.181.33.233 20090826, 6219282, 2009/08/26 09:09:40, 2009/08/26 08:09:49, global.CoX, 1363,
CoX-eveTd-fw1, 213.181.41.226, traffic, traffic log, untrust, (NULL), 81.243.104.82, 64618, 81.243.104.82,
64618, dmz, (NULL), 213.181.36.162, 443, 213.181.36.162, 443, tcp, global.CoX, 1363, Workaniser_cleanup, fw/vpn, 34,
accepted, info, no, (NULL), (NULL), (NULL), (NULL), 3, 858, 1323, 2181, 0, 0, 14, 1, no, 0, Not 
				
<129>Aug 26 11:09:45 213.181.33.233 20090826, 6219282, 2009/08/26 09:09:40, 2009/08/26 08:09:49, global.CoX, 1363,
CoX-eveTd-fw1, Category, Sub-Category, untrust, (NULL), 81.243.104.82, 64618, 81.243.104.82, 64618, dmz,
(NULL), 213.181.36.162, 443, 213.181.36.162, 443, tcp, global.Randstad, 1363, Workaniser_cleanup, fw/vpn, 34, accepted,
info, no, (NULL), (NULL), (NULL), (NULL), 3, 858, 1323, 2181, 0, 0, 14, 1, no, 0, Not

    Settings for Access Credentials

    SNMP Access Credentials for All Devices

    Use these Access Method Definition settings to allow FortiSIEM to access your over SNMP. Set the Name and Community String.

    Setting Value
    Name <set name>
    Device Type Generic
    Access Protocol SNMP
    Community String <your own>
    Telnet Access Credentials for All Devices

    These are the generic settings for providing Telnet access to your device from FortiSIEM.

    Setting Value
    Name Telnet-generic
    Device Type generic
    Access Protocol Telnet
    Port 23
    User Name A user who has permission to access the device over Telnet
    Password The password associated with the user
    SSH Access Credentials for All Devices

    These are the generic settings for providing SSH access to your device from FortiSIEM.

    Setting Value
    Name ssh-generic
    Device Type Generic
    Access Protocol SSH
    Port 22
    User Name A user who has access credentials for your device over SSH
    Password The password for the user
    Previous
    Next