Fortinet black logo

External Systems Configuration Guide

Microsoft Network Policy Server (RAS VPN)

Microsoft Network Policy Server (RAS VPN)

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None AAA based login events Security monitoring

Event Types

In ADMIN > Device Support > Event, search for "MS-NPS" to see the event types associated with this device.

Rules

No specific rules are written for Microsoft Network Policy Server but regular AA Server rules apply.

Reports

No specific reports are written for Microsoft Network Policy Server but regular AA Server reports apply.

Configuration

Configure Microsoft Network Policy Server system to send logs to FortiSIEM in the supported format (see Sample Events). See https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-accounting-configure.

Settings for Access Credentials

None required.

Sample Events

"HOSTXXVPN","RAS",03/10/2019,03:47:04,4,"domain\user",,"10.1.1.130","192.168.22.2",,"172.17.220.130",

"HOSTXXVPN","10.5.5.212",387,,"10.5.5.212","HOSTXXVPN",1552214822,,5,,1,2,,,0,

"311 1 fe80::a1bf:5c1c:7ebc:6ab7 02/07/2019 04:24:00 4805",,,,,2,,268050551,253119217,"4806",3,69101,833955,726102,1,"1251",1,,79617,1,

"192.168.22.2","10.1.1.130",,,,,,,"MSRASV5.20",311,,"0x00504F4C42",0,,

"Microsoft Routing and Remote Access Service Policy",,,,"MSRAS-0-HOST123413","MSRASV5.20"

Microsoft Network Policy Server (RAS VPN)

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None AAA based login events Security monitoring

Event Types

In ADMIN > Device Support > Event, search for "MS-NPS" to see the event types associated with this device.

Rules

No specific rules are written for Microsoft Network Policy Server but regular AA Server rules apply.

Reports

No specific reports are written for Microsoft Network Policy Server but regular AA Server reports apply.

Configuration

Configure Microsoft Network Policy Server system to send logs to FortiSIEM in the supported format (see Sample Events). See https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-accounting-configure.

Settings for Access Credentials

None required.

Sample Events

"HOSTXXVPN","RAS",03/10/2019,03:47:04,4,"domain\user",,"10.1.1.130","192.168.22.2",,"172.17.220.130",

"HOSTXXVPN","10.5.5.212",387,,"10.5.5.212","HOSTXXVPN",1552214822,,5,,1,2,,,0,

"311 1 fe80::a1bf:5c1c:7ebc:6ab7 02/07/2019 04:24:00 4805",,,,,2,,268050551,253119217,"4806",3,69101,833955,726102,1,"1251",1,,79617,1,

"192.168.22.2","10.1.1.130",,,,,,,"MSRASV5.20",311,,"0x00504F4C42",0,,

"Microsoft Routing and Remote Access Service Policy",,,,"MSRAS-0-HOST123413","MSRASV5.20"