Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Clavister Firewall

 

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
syslog Host name, Reporting IP None Connection – permit and deny, system events Security monitoring

 

Event Types

In ADMIN > Device Support > Event Types, search for "Clavister" to see the event types associated with this device.

Rules

No specific rules are written for Clavister firewall but generic firewall rules will apply.

Reports

No specific reports are written for Clavister firewall but generic firewall rules will apply.

Configuration

Configure Clavister firewall to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required

Sample Events

<134>[2016-04-26 16:10:07] EFW: CONN: prio=1 id=00600005 rev=1 event=conn_close_natsat action=close rule=if3_net_nat_out conn=close connipproto=TCP connrecvif=If3 connsrcip=192.168.99.13 connsrcport=43347 conndestif=If1 conndestip=1.1.1.1 conndestport=443 connnewsrcip=1.1.1.2 connnewsrcport=65035 connnewdestip=1.1.1.1 connnewdestport=443 origsent=1395 termsent=5763 conntime=83

 

<134>[2016-04-26 16:10:11] EFW: ALG: prio=1 id=00200001 rev=1 event=alg_session_open algmod=ftp algsesid=95238 connipproto=TCP connrecvif=If1 connsrcip=1.1.1.3 connsrcport=59576 conndestif=core conndestip=1.1.1.4 conndestport=21 origsent=100 termsent=44

 

<134>[2016-04-26 16:10:05] EFW: IPSEC: prio=1 id=01800211 rev=2 event=reconfig_IPsec action=ipsec_reconfigured

Clavister Firewall

 

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
syslog Host name, Reporting IP None Connection – permit and deny, system events Security monitoring

 

Event Types

In ADMIN > Device Support > Event Types, search for "Clavister" to see the event types associated with this device.

Rules

No specific rules are written for Clavister firewall but generic firewall rules will apply.

Reports

No specific reports are written for Clavister firewall but generic firewall rules will apply.

Configuration

Configure Clavister firewall to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required

Sample Events

<134>[2016-04-26 16:10:07] EFW: CONN: prio=1 id=00600005 rev=1 event=conn_close_natsat action=close rule=if3_net_nat_out conn=close connipproto=TCP connrecvif=If3 connsrcip=192.168.99.13 connsrcport=43347 conndestif=If1 conndestip=1.1.1.1 conndestport=443 connnewsrcip=1.1.1.2 connnewsrcport=65035 connnewdestip=1.1.1.1 connnewdestport=443 origsent=1395 termsent=5763 conntime=83

 

<134>[2016-04-26 16:10:11] EFW: ALG: prio=1 id=00200001 rev=1 event=alg_session_open algmod=ftp algsesid=95238 connipproto=TCP connrecvif=If1 connsrcip=1.1.1.3 connsrcport=59576 conndestif=core conndestip=1.1.1.4 conndestport=21 origsent=100 termsent=44

 

<134>[2016-04-26 16:10:05] EFW: IPSEC: prio=1 id=01800211 rev=2 event=reconfig_IPsec action=ipsec_reconfigured