Fortinet black logo

External Systems Configuration Guide

Radware DefensePro

Radware DefensePro

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
Syslog Over 120 event types Security and Compliance

Event Types

In RESOURCE > Event Types, Search for “Radware-DefensePro”.

Sample Event Type:

<132>DefensePro: 13-09-2017 15:03:21 WARNING 12572 Intrusions "SIP-Scanner-SIPVicious" UDP 1.1.1.1 29992 1.1.1.2 5060 15 Regular "GSN_Web" occur 1 3 N/A 0 N/A high drop FFFFFFFF-FFFF-FFFF-9C94-000F57F7595F
<132>DefensePro: 13-09-2017 15:18:45 WARNING 150 HttpFlood "HTTP Page Flood Attack" TCP 1.1.1.3 0 1.1.1.4 80 0 Regular "President-1.1.1.4" ongoing 100 0 N/A 0 N/A medium forward FFFFFFFF-FFFF-FFFF-9CCF-000F57F7595F
<132>DefensePro: 13-09-2017 14:37:53 WARNING 200000 SynFlood "SYN Flood HTTP" TCP 0.0.0.0 0 1.1.1.5 80 0 Regular "GSN_Web" ongoing 1 0 N/A 0 N/A medium challenge FFFFFFFF-FFFF-FFFF-9C46-000F57F7595F
<134>DefensePro: 13-09-2017 13:56:34 INFO Configuration Auditing manage syslog destinations create 172.16.10.207 -f "Local Use 0", ACTION: Create by user public via SNMP source IP 1.1.1.6

Rules

There are no specific rules but generic rules for Network IPS and Generic Servers apply.

Reports

There are no specific reports but generic rules for Network IPS and Generic Servers apply.

Configuration

Configure Radware DefensePro Security Manager to send syslog on port 514 to FortiSIEM.

Radware DefensePro

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
Syslog Over 120 event types Security and Compliance

Event Types

In RESOURCE > Event Types, Search for “Radware-DefensePro”.

Sample Event Type:

<132>DefensePro: 13-09-2017 15:03:21 WARNING 12572 Intrusions "SIP-Scanner-SIPVicious" UDP 1.1.1.1 29992 1.1.1.2 5060 15 Regular "GSN_Web" occur 1 3 N/A 0 N/A high drop FFFFFFFF-FFFF-FFFF-9C94-000F57F7595F
<132>DefensePro: 13-09-2017 15:18:45 WARNING 150 HttpFlood "HTTP Page Flood Attack" TCP 1.1.1.3 0 1.1.1.4 80 0 Regular "President-1.1.1.4" ongoing 100 0 N/A 0 N/A medium forward FFFFFFFF-FFFF-FFFF-9CCF-000F57F7595F
<132>DefensePro: 13-09-2017 14:37:53 WARNING 200000 SynFlood "SYN Flood HTTP" TCP 0.0.0.0 0 1.1.1.5 80 0 Regular "GSN_Web" ongoing 1 0 N/A 0 N/A medium challenge FFFFFFFF-FFFF-FFFF-9C46-000F57F7595F
<134>DefensePro: 13-09-2017 13:56:34 INFO Configuration Auditing manage syslog destinations create 172.16.10.207 -f "Local Use 0", ACTION: Create by user public via SNMP source IP 1.1.1.6

Rules

There are no specific rules but generic rules for Network IPS and Generic Servers apply.

Reports

There are no specific reports but generic rules for Network IPS and Generic Servers apply.

Configuration

Configure Radware DefensePro Security Manager to send syslog on port 514 to FortiSIEM.