Fortinet black logo

External Systems Configuration Guide

Microsoft PPTP VPN Gateway

Microsoft PPTP VPN Gateway

Configuring Microsoft PPTP

Windows 2003 Server
  1. Logon with administrative rights.
  2. Configure PPTP VPN.
    1. Go to Start | All Programs | Administrative Tools | Configure Your Server Wizard, select the Remote Access/VPN Server role. The click the next button which runs the the Routing and Remote Access Wizard.
    2. On the Routing and Remote Access wizard, follow the following steps:
      1. Select "Virtual Private Network (VPN) and NAT" and click Next.
      2. Select the network interface for use by VPN connection and click Next.
      3. Specify the network that VPN clients should connect to in order to access resources and click Next.
      4. Select VPN IP Address assignment methodology (DHCP/VPN pool) and click Next.
      5. Specify VPN pool if VPN pool was chosen in step d and click Next.
      6. Identify the network that has shared access to the Internet and click Next.
      7. Select if an external RADIUS server is to be used for central authentication and click Next.
    3. Give users VPN access rights. Open the properties page for a user, select that user's Dial-In properties page and select "Allow access" under Remote Access Permissions.
  3. Configure Server Logging - Enable authentication and accounting logging from the Settings tab on the properties of the Local File object in the Remote Access Logging folder in the Routing and Remote Access snap-in. The authentication and accounting information is stored in a configurable log file or files stored in the SystemRoot\System32\LogFiles folder. The log files are saved in Internet Authentication Service (IAS) or database-compatible format, meaning that any database program can read the log file directly for analysis.
  4. Configure Snare agent to send logs to FortiSIEM.

Sample Syslog Messages

<13>Apr  1 09:28:03 dev-v-win03-vc MSPPTPLog	0	
192.168.24.11,administrator,04/01/2009,09:28:00,RAS,DEV-V-WIN03-VC,44,29,4,192.168.24.11,6,2,7,1,5,129,61,5,64,1,65,1,31,192.168.20.38,66,192.168.20.38,4108,192.168.24.11,4147,311,4148,MSRASV5.20,4155,1,4154,Use Windows authentication for all users,4129,DEV-V-WIN03-VC\administrator,4130,DEV-V-WIN03-VC\administrator,4127,4,25,311 1 192.168.24.11 04/01/2009 16:12:12 3,4149,Connections to Microsoft Routing and Remote Access server,4136,1,4142,0

Microsoft PPTP VPN Gateway

Microsoft PPTP VPN Gateway

Configuring Microsoft PPTP

Windows 2003 Server
  1. Logon with administrative rights.
  2. Configure PPTP VPN.
    1. Go to Start | All Programs | Administrative Tools | Configure Your Server Wizard, select the Remote Access/VPN Server role. The click the next button which runs the the Routing and Remote Access Wizard.
    2. On the Routing and Remote Access wizard, follow the following steps:
      1. Select "Virtual Private Network (VPN) and NAT" and click Next.
      2. Select the network interface for use by VPN connection and click Next.
      3. Specify the network that VPN clients should connect to in order to access resources and click Next.
      4. Select VPN IP Address assignment methodology (DHCP/VPN pool) and click Next.
      5. Specify VPN pool if VPN pool was chosen in step d and click Next.
      6. Identify the network that has shared access to the Internet and click Next.
      7. Select if an external RADIUS server is to be used for central authentication and click Next.
    3. Give users VPN access rights. Open the properties page for a user, select that user's Dial-In properties page and select "Allow access" under Remote Access Permissions.
  3. Configure Server Logging - Enable authentication and accounting logging from the Settings tab on the properties of the Local File object in the Remote Access Logging folder in the Routing and Remote Access snap-in. The authentication and accounting information is stored in a configurable log file or files stored in the SystemRoot\System32\LogFiles folder. The log files are saved in Internet Authentication Service (IAS) or database-compatible format, meaning that any database program can read the log file directly for analysis.
  4. Configure Snare agent to send logs to FortiSIEM.

Sample Syslog Messages

<13>Apr  1 09:28:03 dev-v-win03-vc MSPPTPLog	0	
192.168.24.11,administrator,04/01/2009,09:28:00,RAS,DEV-V-WIN03-VC,44,29,4,192.168.24.11,6,2,7,1,5,129,61,5,64,1,65,1,31,192.168.20.38,66,192.168.20.38,4108,192.168.24.11,4147,311,4148,MSRASV5.20,4155,1,4154,Use Windows authentication for all users,4129,DEV-V-WIN03-VC\administrator,4130,DEV-V-WIN03-VC\administrator,4127,4,25,311 1 192.168.24.11 04/01/2009 16:12:12 3,4149,Connections to Microsoft Routing and Remote Access server,4136,1,4142,0