Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

FortiAP

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP (to FortiGate) Access point – Name, OS, Interfaces, Controller (FortiGate) FortiAP CPU, Memory, Clients, Sent/Received traffic Performance and Availability Monitoring
Syslog (from FortiGate) Wireless events   Security and Log Analysis

FortiAPs are discovered from FortiGate firewalls via SNMP. FortiAP logs are received via FortiGate firewalls.

Event Types

In ADMIN > Device Support > Event, search for "FortiGate-Wireless" and “FortiGate-event” in the Description column to see the event types associated with this device.

Rules

There are generic rules that trigger for this device as event types are mapped to specific event type groups.

Reports

Generic reports are written for this device as event types are mapped to specific event type groups. 

Configuration

Configure FortiGate to:

  1. Send Syslog to FortiSIEM.
  2. Enable SNMP read from FortiSIEM.

Sample Events

FortiSIEM generated performance monitoring events:

[PH_DEV_MON_FORTIAP_STAT]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortinet.cpp,

[lineNumber]=688,[hostName]=FAP320C-default,[hostIpAddr]=,[sysUpTime]=7588440,

[wtpDaemonUpTime]=7588440,[wtpSessionUpTime]=63039960,[numWlanClient]=0,

[ftntWtpSessionStatus]=55038712,[sentBitsPerSec]=0.000000,[recvBitsPerSec]=0.000000,

[pollIntv]=180,[phLogDetail]=

 

[PH_DEV_MON_SYS_CPU_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortinet.cpp,

[lineNumber]=698,[cpuName]=FAP320C-default_WTP_CPU,[hostName]=FAP320C-default,

[hostIpAddr]=,[cpuUtil]=0.000000,[pollIntv]=0,[phLogDetail]=

[PH_DEV_MON_SYS_MEM_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortinet.cpp,

[lineNumber]=707,[memName]=FAP320C-default_WTP_MEM,[hostName]=FAP320C-default,

[hostIpAddr]=,[memUtil]=34,[totalMemKB]= 254256 ,[freeMemKB]=254256,[usedMemKB]=0,

[phLogDetail]=

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Fortinet FortiAP
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

 

FortiAP

What is Discovered and Monitored

Protocol Information Discovered Metrics collected Used for
SNMP (to FortiGate) Access point – Name, OS, Interfaces, Controller (FortiGate) FortiAP CPU, Memory, Clients, Sent/Received traffic Performance and Availability Monitoring
Syslog (from FortiGate) Wireless events   Security and Log Analysis

FortiAPs are discovered from FortiGate firewalls via SNMP. FortiAP logs are received via FortiGate firewalls.

Event Types

In ADMIN > Device Support > Event, search for "FortiGate-Wireless" and “FortiGate-event” in the Description column to see the event types associated with this device.

Rules

There are generic rules that trigger for this device as event types are mapped to specific event type groups.

Reports

Generic reports are written for this device as event types are mapped to specific event type groups. 

Configuration

Configure FortiGate to:

  1. Send Syslog to FortiSIEM.
  2. Enable SNMP read from FortiSIEM.

Sample Events

FortiSIEM generated performance monitoring events:

[PH_DEV_MON_FORTIAP_STAT]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortinet.cpp,

[lineNumber]=688,[hostName]=FAP320C-default,[hostIpAddr]=,[sysUpTime]=7588440,

[wtpDaemonUpTime]=7588440,[wtpSessionUpTime]=63039960,[numWlanClient]=0,

[ftntWtpSessionStatus]=55038712,[sentBitsPerSec]=0.000000,[recvBitsPerSec]=0.000000,

[pollIntv]=180,[phLogDetail]=

 

[PH_DEV_MON_SYS_CPU_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortinet.cpp,

[lineNumber]=698,[cpuName]=FAP320C-default_WTP_CPU,[hostName]=FAP320C-default,

[hostIpAddr]=,[cpuUtil]=0.000000,[pollIntv]=0,[phLogDetail]=

[PH_DEV_MON_SYS_MEM_UTIL]:[eventSeverity]=PHL_INFO,[fileName]=deviceFortinet.cpp,

[lineNumber]=707,[memName]=FAP320C-default_WTP_MEM,[hostName]=FAP320C-default,

[hostIpAddr]=,[memUtil]=34,[totalMemKB]= 254256 ,[freeMemKB]=254256,[usedMemKB]=0,

[phLogDetail]=

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Fortinet FortiAP
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration