Fortinet black logo

Prerequisite Configuration Guide

Home SOCaaS Prerequisite Configuration Guide

Prerequisite configurations for SOCaaS

Prerequisite configurations for SOCaaS

This document provides post-sales guidance to help customers review the configurations on their FortiGates for optimizing their SOC-as-a-Service (SOCaaS) subscription.

The following prerequisite configurations are detailed:

FortiGate configuration

On FortiGate:
  1. Verify the status of all FortiGuard Security Services on all of your FortiGate devices to be monitored, highlighted in the image below.
    • The minimum requirement is the ATP bundle (IPS, Advanced Malware Protection)
    • It is highly recommended to use the UTP bundle (ATP + Web Security, Antispam).
    • For OT customers, you must add the OT Protocols Security Services (Industrial DB).
  2. Ensure you log the security events on your firewall policies and apply the security profiles according to your requirements.
    • Confirm that the traffic generated by the sources hit the firewall policies (see the Bytes column).
  3. Verify if your FortiGate device is detecting and logging traffic.
  4. Validate if the Logging & Analysis fabric connector is configured in your FortiGate.
  5. Ensure that the FortiAnalyzer certificate is verified.
    • If the FortiAnalyzer certificate is not verified, it will need to be accepted in order to connect and log in to the FortiAnalyzer.
  6. Configure global event logging (this is optional but recommended).

FortiAnalyzer configuration

On FortiAnalyzer:
  1. Confirm if your FortiAnalyzer Cloud instance is logging all events and security logs.
  2. By expanding the device list, you can confirm that Traffic, Security, and Application logs are being received.
    • In your FortiAnalyzer Log View, verify that the logs/log types that you have configured to forward from your FortiGate(s) are showing up.
  3. Follow the SOCaaS Quick Start Guide to help with the remaining configuration steps, including registering SOCaaS and getting started.
Previous
Next

Prerequisite configurations for SOCaaS

This document provides post-sales guidance to help customers review the configurations on their FortiGates for optimizing their SOC-as-a-Service (SOCaaS) subscription.

The following prerequisite configurations are detailed:

FortiGate configuration

On FortiGate:
  1. Verify the status of all FortiGuard Security Services on all of your FortiGate devices to be monitored, highlighted in the image below.
    • The minimum requirement is the ATP bundle (IPS, Advanced Malware Protection)
    • It is highly recommended to use the UTP bundle (ATP + Web Security, Antispam).
    • For OT customers, you must add the OT Protocols Security Services (Industrial DB).
  2. Ensure you log the security events on your firewall policies and apply the security profiles according to your requirements.
    • Confirm that the traffic generated by the sources hit the firewall policies (see the Bytes column).
  3. Verify if your FortiGate device is detecting and logging traffic.
  4. Validate if the Logging & Analysis fabric connector is configured in your FortiGate.
  5. Ensure that the FortiAnalyzer certificate is verified.
    • If the FortiAnalyzer certificate is not verified, it will need to be accepted in order to connect and log in to the FortiAnalyzer.
  6. Configure global event logging (this is optional but recommended).

FortiAnalyzer configuration

On FortiAnalyzer:
  1. Confirm if your FortiAnalyzer Cloud instance is logging all events and security logs.
  2. By expanding the device list, you can confirm that Traffic, Security, and Application logs are being received.
    • In your FortiAnalyzer Log View, verify that the logs/log types that you have configured to forward from your FortiGate(s) are showing up.
  3. Follow the SOCaaS Quick Start Guide to help with the remaining configuration steps, including registering SOCaaS and getting started.
Previous
Next