Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Cisco Meraki Cloud Controller and Network Devices

What is Discovered and Monitored

Cisco Meraki Devices are discoverable in either of the following ways

  • SNMP to the Cloud Controller
  • SNMP to each Network Device

SNMP Traps can be sent from the Cloud Controller. Cisco Meraki Network Devices can also send logs directly to FortiSIEM.

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c) to Cloud Controller or Devices Host name, Software version, Hardware model, Network interfaces Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and Performance Monitoring
syslog from Meraki Firewalls   Firewall logs Security Monitoring
SNMP Traps from Cloud Controller Health Availability Monitoring

Event Types

  • Interface Utilization: PH_DEV_MON_NET_INTF_UTIL

Rules

Availability (from SNMP Trap)
  • Meraki Device Cellular Connection Disconnected
  • Meraki Device Down
  • Meraki Device IP Conflict
  • Meraki Device Interface Down
  • Meraki Device Port Cable Error
  • Meraki Device VPN Connectivity Down
  • Meraki Foreign AP Detected
  • Meraki New DHCP Server
  • Meraki New Splash User
  • Meraki No DHCP lease
  • Meraki Rogue DHCP Server
  • Meraki Unreachable Device
  • Meraki Unreachable RADIUS Server
  • Meraki VPN Failover
Performance (Fixed threshold)
  • Network Intf Error Warning
  • Network Intf Error Critical
  • Network Intf Util Warning
  • Network Intf Util Critical
Performance (Dynamic threshold based on baselines)
  • Sudden Increase in Network Interface Traffic
  • Sudden Increase in Network Interface Errors

Reports

None

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials 

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Cisco Meraki Cloud Controller
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Cisco Meraki Cloud Controller and Network Devices

What is Discovered and Monitored

Cisco Meraki Devices are discoverable in either of the following ways

  • SNMP to the Cloud Controller
  • SNMP to each Network Device

SNMP Traps can be sent from the Cloud Controller. Cisco Meraki Network Devices can also send logs directly to FortiSIEM.

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c) to Cloud Controller or Devices Host name, Software version, Hardware model, Network interfaces Uptime, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths) Availability and Performance Monitoring
syslog from Meraki Firewalls   Firewall logs Security Monitoring
SNMP Traps from Cloud Controller Health Availability Monitoring

Event Types

  • Interface Utilization: PH_DEV_MON_NET_INTF_UTIL

Rules

Availability (from SNMP Trap)
  • Meraki Device Cellular Connection Disconnected
  • Meraki Device Down
  • Meraki Device IP Conflict
  • Meraki Device Interface Down
  • Meraki Device Port Cable Error
  • Meraki Device VPN Connectivity Down
  • Meraki Foreign AP Detected
  • Meraki New DHCP Server
  • Meraki New Splash User
  • Meraki No DHCP lease
  • Meraki Rogue DHCP Server
  • Meraki Unreachable Device
  • Meraki Unreachable RADIUS Server
  • Meraki VPN Failover
Performance (Fixed threshold)
  • Network Intf Error Warning
  • Network Intf Error Critical
  • Network Intf Util Warning
  • Network Intf Util Critical
Performance (Dynamic threshold based on baselines)
  • Sudden Increase in Network Interface Traffic
  • Sudden Increase in Network Interface Errors

Reports

None

Configuration

SNMP

FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.

Settings for Access Credentials 

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Cisco Meraki Cloud Controller
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration