Collect Firewall metadata with Lumu VA and FortiGate
Requirements
- FortiGate Next Generation Firewall version 5.6+.
- Have admin access to configure a syslog server on FortiGate.
- Have the most recent version of the Lumu Virtual Appliance installed.
These are the general steps you should follow to configure a syslog server on a FortiGate to send all metadata to Lumu:
Deploy and Set Up Lumu VA
All the detailed steps and guidance to create, download and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation:
Set up a Lumu VA Firewall Log Collector
Go to the Lumu Virtual Appliance and refresh the VA Collectors settings by running the command lumu-appliance collectors refresh . If the appliance is running, it should be stopped for setting up collectors.
Select the option that refers to FortiGate and the format that suits you best, then inform the following data:
- Protocol type : you can select between TCP and UDP according to your infrastructure and your FortiGate’s settings.
- Port number : provide a number between 1024 and 65535, inclusive.
- Timezone : The timezone for setting up the VA. Use the canonical ID (e.g. America/Chicago). You can use this external article for reference.
Configure FortiGate to Send Metadata to Lumu VA
This Next Generation Firewall (NGFW) version can send syslog to up to 4 different devices.
1. Before starting the configuration, check if the syslog service is available with the following commands:
config log syslogd3 setting
show full-configuration
show full-configuration
Replace
“
syslogd3
”
with the syslog number that you want to configure.
If you get “status disable” it means that the service is free.
2. Configure the syslog parameters:
config log syslogd3 setting
set status enable
set server IP_Lumu_Virtual_Appliance
set port 1514
end
set status enable
set server IP_Lumu_Virtual_Appliance
set port 1514
end
Replace the port number for communication with the syslog server, it must be higher than 1024. Replace
“syslogd3” with the syslog number that you want to configure.
3. It is important to be sure that you have enabled all logs related to URL filtering: To log all URLs through FortiGate, use the following command to capture all URLs.
config webfilter profile
edit webfilter-log\ all
set web-url-log enable
set extended-log enable
set log-all-url enable
end
edit webfilter-log\ all
set web-url-log enable
set extended-log enable
set log-all-url enable
end
For more details on the configuration settings, consult the Fortinet official documentation about
Configuring m
ultiple SYSLOG servers
and
Logging all user traffic URLs
.
Related Articles
Collect FortiGate Firewall Metadata with FortiAnalyzer and Lumu VA
In scenarios where all your FortiGate deployment logs are centralized within a FortiAnalyzer, you can use it to accelerate the deployment of Lumu and forward all firewall logs at once using the FortiAnalyzer data collection capabilities from Lumu. ...Collect MikroTik Firewall Metadata with Lumu VA
Requirements MikroTik Router OS 6 or newer. Have admin access to create a new Forwarding configuration. Have the most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to configure a syslog server ...Collect Metadata with Lumu VA
The Lumu Virtual Appliance (VA) offers the option to create VA collectors, a seamless way to integrate the network metadata of your entire enterprise into the Lumu cloud with the lowest impact on the network operation. Collecting metadata other than ...Collect Firewall Metadata with Lumu VA and Huawei USG Firewall
Requirements A Huawei USG Firewall device. Have admin access to create a new Forwarding configuration. Have the most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to configure a syslog server on ...Collect Firewall Metadata with Lumu VA and Check Point
Requirements Admin access to configure a syslog server on Check Point firewall. The most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to configure a syslog server on a Check Point firewall to ...