Fortinet black logo

External Systems Configuration Guide

Home FortiSIEM 7.1.3 External Systems Configuration Guide
7.1.3
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2
6.7.1
6.7.0
6.6.5
6.6.4
6.6.3
6.6.2
6.6.1
6.6.0
6.5.3
6.5.2
6.5.1
6.5.0
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.3.0
6.2.1
6.2.0
6.1.2
6.1.1
6.1.0
5.4.0
5.3.3
5.3.2
5.3.1
5.3.0
5.0.0

HPE Aruba Networking ClearPass Policy Manager

HPE Aruba Networking ClearPass Policy Manager

HPE Aruba Networking ClearPass Policy Manager (CPPM) provides robust network access control with granular role-based policies for authentication, authorization, continuous monitoring and enforcement with its highly interoperability feature.

Vendor Version Tested: Not Provided

Vendor: Hewlett Packard Enterprise

Product: Aruba Networking ClearPass Policy Manager

Product Information: https://www.arubanetworks.com/products/security/network-access-control/secure-access/

Event Types

In ADMIN > Device Support > Event Types, search for "aruba clearpass" to see the event types associated with this device.

Configuration

Setup in Aruba ClearPass Policy Manager

Complete these steps from your HPE Aruba ClearPass Policy Manager server. No additional configuration is required on FortiSIEM.

Note: The ClearPass Policy Manager User Guide can be found here.

Configure Syslog Target

  1. Log in to your Aruba ClearPass Policy Manager server.

  2. Navigate to Administration > External Servers > Syslog Targets.

  3. Click on Add.

  4. From the Add Syslog Target window, enter the following configuration information for your FortiSIEM.

    See Syslog Targets for more information.

    1. In the Host Address field, enter your FortiSIEM IP Address.

    2. For Protocol, select UDP.

    3. For Server Port, enter "514".

    4. Click Save.

Configure Syslog Export Filter

See Adding a Syslog Export Filter for more information.

  1. Navigate to Administration > External Servers > Syslog Export Filters.

  2. Click Add.

  3. Configure as required. Ensure the following is done.

    1. For Export Event Format Type, select Standard.

    2. For Syslog Servers, select the FortiSIEM Syslog target you created earlier from the drop-down list.

    3. Click Save.

Sample Events

<143>2012-05-30 16:07:55,484 192.168.1.68 AO361 0 1 0 protocol=RADIUS,username=test1,login_status=REJECT,request_timestamp=2012-05-30 16:06:23-07,connection_dest_ip_address=192.0.20.0,connection_nad_ip_address=192.0.20.3,

<143>2015-09-17 15:58:58,474 10.0.0.20 ClearPassAuth 204 1 0 Auth.Username=john,Auth.Service=Aruba-Wireless-Service (xxxxxxx),Auth.Roles=[AirGroup v2]|[Guest]|[User Authenticated],Endpoint.Device-Category=SmartDevice,Endpoint.Device-Family=Apple,Endpoint.MAC-Address=aabbccddeeff,Endpoint.MAC-Vendor=Apple,Endpoint.IP-Address=192.0.20.1,Endpoint.Hostname=My_iPhone,Endpoint.Device-Name=Apple iPhone,Auth.Auth-Status=User
Previous
Next

HPE Aruba Networking ClearPass Policy Manager

HPE Aruba Networking ClearPass Policy Manager (CPPM) provides robust network access control with granular role-based policies for authentication, authorization, continuous monitoring and enforcement with its highly interoperability feature.

Vendor Version Tested: Not Provided

Vendor: Hewlett Packard Enterprise

Product: Aruba Networking ClearPass Policy Manager

Product Information: https://www.arubanetworks.com/products/security/network-access-control/secure-access/

Event Types

In ADMIN > Device Support > Event Types, search for "aruba clearpass" to see the event types associated with this device.

Configuration

Setup in Aruba ClearPass Policy Manager

Complete these steps from your HPE Aruba ClearPass Policy Manager server. No additional configuration is required on FortiSIEM.

Note: The ClearPass Policy Manager User Guide can be found here.

Configure Syslog Target

  1. Log in to your Aruba ClearPass Policy Manager server.

  2. Navigate to Administration > External Servers > Syslog Targets.

  3. Click on Add.

  4. From the Add Syslog Target window, enter the following configuration information for your FortiSIEM.

    See Syslog Targets for more information.

    1. In the Host Address field, enter your FortiSIEM IP Address.

    2. For Protocol, select UDP.

    3. For Server Port, enter "514".

    4. Click Save.

Configure Syslog Export Filter

See Adding a Syslog Export Filter for more information.

  1. Navigate to Administration > External Servers > Syslog Export Filters.

  2. Click Add.

  3. Configure as required. Ensure the following is done.

    1. For Export Event Format Type, select Standard.

    2. For Syslog Servers, select the FortiSIEM Syslog target you created earlier from the drop-down list.

    3. Click Save.

Sample Events

<143>2012-05-30 16:07:55,484 192.168.1.68 AO361 0 1 0 protocol=RADIUS,username=test1,login_status=REJECT,request_timestamp=2012-05-30 16:06:23-07,connection_dest_ip_address=192.0.20.0,connection_nad_ip_address=192.0.20.3,

<143>2015-09-17 15:58:58,474 10.0.0.20 ClearPassAuth 204 1 0 Auth.Username=john,Auth.Service=Aruba-Wireless-Service (xxxxxxx),Auth.Roles=[AirGroup v2]|[Guest]|[User Authenticated],Endpoint.Device-Category=SmartDevice,Endpoint.Device-Family=Apple,Endpoint.MAC-Address=aabbccddeeff,Endpoint.MAC-Vendor=Apple,Endpoint.IP-Address=192.0.20.1,Endpoint.Hostname=My_iPhone,Endpoint.Device-Name=Apple iPhone,Auth.Auth-Status=User
Previous
Next