Fortinet white logo
Fortinet white logo

FortiSIEM Reference Architecture Using ClickHouse

Network Protection

Network Protection

FortiSIEM should be in protected network segment with restricted access to the console interface (SSH). Log transport between devices and Collectors should be over a secure protocol or using trusted networks. For example, sending UDP Syslog from devices to Collectors over untrusted connections such as the Internet is bad security practice.

Various protocols and network ports are used between the components in a FortiSIEM deployment. The main ports and protocols are summarized in the following diagram. Refer to the FortiSIEM External Systems Configuration Guide for a comprehensive list of ports used in a FortiSIEM deployment.

Network Protection

Network Protection

FortiSIEM should be in protected network segment with restricted access to the console interface (SSH). Log transport between devices and Collectors should be over a secure protocol or using trusted networks. For example, sending UDP Syslog from devices to Collectors over untrusted connections such as the Internet is bad security practice.

Various protocols and network ports are used between the components in a FortiSIEM deployment. The main ports and protocols are summarized in the following diagram. Refer to the FortiSIEM External Systems Configuration Guide for a comprehensive list of ports used in a FortiSIEM deployment.