Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 7.1.7 External Systems Configuration Guide
    7.1.7
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    HPE Aruba Networking ClearPass Policy Manager

    HPE Aruba Networking ClearPass Policy Manager

    HPE Aruba Networking ClearPass Policy Manager (CPPM) provides robust network access control with granular role-based policies for authentication, authorization, continuous monitoring and enforcement with its highly interoperability feature.

    Vendor Version Tested: Not Provided

    Vendor: Hewlett Packard Enterprise

    Product: Aruba Networking ClearPass Policy Manager

    Product Information: https://www.arubanetworks.com/products/security/network-access-control/secure-access/

    Event Types

    In ADMIN > Device Support > Event Types, search for "aruba clearpass" to see the event types associated with this device.

    Configuration

    Setup in Aruba ClearPass Policy Manager

    Complete these steps from your HPE Aruba ClearPass Policy Manager server. No additional configuration is required on FortiSIEM.

    Note: The ClearPass Policy Manager User Guide can be found here.

    Configure Syslog Target

    1. Log in to your Aruba ClearPass Policy Manager server.

    2. Navigate to Administration > External Servers > Syslog Targets.

    3. Click on Add.

    4. From the Add Syslog Target window, enter the following configuration information for your FortiSIEM.

      See Syslog Targets for more information.

      1. In the Host Address field, enter your FortiSIEM IP Address.

      2. For Protocol, select UDP.

      3. For Server Port, enter "514".

      4. Click Save.

    Configure Syslog Export Filter

    See Adding a Syslog Export Filter for more information.

    1. Navigate to Administration > External Servers > Syslog Export Filters.

    2. Click Add.

    3. Configure as required. Ensure the following is done.

      1. For Export Event Format Type, select Standard.

      2. For Syslog Servers, select the FortiSIEM Syslog target you created earlier from the drop-down list.

      3. Click Save.

    Sample Events

    <143>2012-05-30 16:07:55,484 192.168.1.68 AO361 0 1 0 protocol=RADIUS,username=test1,login_status=REJECT,request_timestamp=2012-05-30 16:06:23-07,connection_dest_ip_address=192.0.20.0,connection_nad_ip_address=192.0.20.3,

    <143>2015-09-17 15:58:58,474 10.0.0.20 ClearPassAuth 204 1 0 Auth.Username=john,Auth.Service=Aruba-Wireless-Service (xxxxxxx),Auth.Roles=[AirGroup v2]|[Guest]|[User Authenticated],Endpoint.Device-Category=SmartDevice,Endpoint.Device-Family=Apple,Endpoint.MAC-Address=aabbccddeeff,Endpoint.MAC-Vendor=Apple,Endpoint.IP-Address=192.0.20.1,Endpoint.Hostname=My_iPhone,Endpoint.Device-Name=Apple iPhone,Auth.Auth-Status=User
    Previous
    Next

    HPE Aruba Networking ClearPass Policy Manager

    HPE Aruba Networking ClearPass Policy Manager

    HPE Aruba Networking ClearPass Policy Manager (CPPM) provides robust network access control with granular role-based policies for authentication, authorization, continuous monitoring and enforcement with its highly interoperability feature.

    Vendor Version Tested: Not Provided

    Vendor: Hewlett Packard Enterprise

    Product: Aruba Networking ClearPass Policy Manager

    Product Information: https://www.arubanetworks.com/products/security/network-access-control/secure-access/

    Event Types

    In ADMIN > Device Support > Event Types, search for "aruba clearpass" to see the event types associated with this device.

    Configuration

    Setup in Aruba ClearPass Policy Manager

    Complete these steps from your HPE Aruba ClearPass Policy Manager server. No additional configuration is required on FortiSIEM.

    Note: The ClearPass Policy Manager User Guide can be found here.

    Configure Syslog Target

    1. Log in to your Aruba ClearPass Policy Manager server.

    2. Navigate to Administration > External Servers > Syslog Targets.

    3. Click on Add.

    4. From the Add Syslog Target window, enter the following configuration information for your FortiSIEM.

      See Syslog Targets for more information.

      1. In the Host Address field, enter your FortiSIEM IP Address.

      2. For Protocol, select UDP.

      3. For Server Port, enter "514".

      4. Click Save.

    Configure Syslog Export Filter

    See Adding a Syslog Export Filter for more information.

    1. Navigate to Administration > External Servers > Syslog Export Filters.

    2. Click Add.

    3. Configure as required. Ensure the following is done.

      1. For Export Event Format Type, select Standard.

      2. For Syslog Servers, select the FortiSIEM Syslog target you created earlier from the drop-down list.

      3. Click Save.

    Sample Events

    <143>2012-05-30 16:07:55,484 192.168.1.68 AO361 0 1 0 protocol=RADIUS,username=test1,login_status=REJECT,request_timestamp=2012-05-30 16:06:23-07,connection_dest_ip_address=192.0.20.0,connection_nad_ip_address=192.0.20.3,

    <143>2015-09-17 15:58:58,474 10.0.0.20 ClearPassAuth 204 1 0 Auth.Username=john,Auth.Service=Aruba-Wireless-Service (xxxxxxx),Auth.Roles=[AirGroup v2]|[Guest]|[User Authenticated],Endpoint.Device-Category=SmartDevice,Endpoint.Device-Family=Apple,Endpoint.MAC-Address=aabbccddeeff,Endpoint.MAC-Vendor=Apple,Endpoint.IP-Address=192.0.20.1,Endpoint.Hostname=My_iPhone,Endpoint.Device-Name=Apple iPhone,Auth.Auth-Status=User
    Previous
    Next