Clavister Firewall
Integration Points
Method | Information discovered | Metrics collected | LOGs collected | Used for |
syslog | Host name, Reporting IP | None | Connection – permit and deny, system events | Security monitoring |
Event Types
In ADMIN > Device Support > Event, Search for "Clavister" to see the event types associated with this device.
Rules
No specific rules are written for Clavister firewall but generic firewall rules will apply.
Reports
No specific reports are written for Clavister firewall but generic firewall rules will apply.
Configuration
Configure Clavister firewall to send logs to FortiSIEM in the supported format (see Sample Events below).
Settings for Access Credentials
None required
Sample Events
<134>[2016-04-26 16:10:07] EFW: CONN: prio=1 id=00600005 rev=1 event=conn_close_natsat action=close rule=if3_net_nat_out conn=close connipproto=TCP connrecvif=If3 connsrcip=192.168.99.13 connsrcport=43347 conndestif=If1 conndestip=1.1.1.1 conndestport=443 connnewsrcip=1.1.1.2 connnewsrcport=65035 connnewdestip=1.1.1.1 connnewdestport=443 origsent=1395 termsent=5763 conntime=83
<134>[2016-04-26 16:10:11] EFW: ALG: prio=1 id=00200001 rev=1 event=alg_session_open algmod=ftp algsesid=95238 connipproto=TCP connrecvif=If1 connsrcip=1.1.1.3 connsrcport=59576 conndestif=core conndestip=1.1.1.4 conndestport=21 origsent=100 termsent=44
<134>[2016-04-26 16:10:05] EFW: IPSEC: prio=1 id=01800211 rev=2 event=reconfig_IPsec action=ipsec_reconfigured