fbpx
Back Arrow Back to All Integrations

Fortinet Fortigate Firewall

Fortinet Fortigate Firewall

Cloud SIEM for Fortinet Firewall

Click here for the most updated version of this documentation.

 

Blumira’s modern SIEM platform integrates with Fortinet Fortigate Firewalls to detect cybersecurity threats and provide an automated response to remediate when a threat is detected.

 

When configured, the Blumira integration with Fortinet Fortigate Firewall will stream security event logs to the Blumira service for automated threat detection and actionable response.

 

When Blumira’s dynamic blocklist capabilities are configured with the Fortinet Fortigate Firewalls, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.

 

Learn more about enabling Blumira’s Dynamic Block Lists to block malicious source IP addresses and domains for automated threat response.

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

 

Free Trial

Integrating with Fortinet Fortigate Firewall

Overview

Blumira’s modern SIEM platform integrates with Fortinet Fortigate Firewalls to stream security event logs to the Blumira service for automated threat detection and actionable response.

When Blumira’s dynamic blocklist capabilities are configured with your firewall, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected, and provide blocking based on Blumira’s community of customers that have detected new threats.

Learn more about enabling Blumira’s blocklists to block malicious source IP addresses and domains for automated threat response. Also see Fortinet’s external thread list setup instructions.

Before you begin

Determine the Blumira sensor you will use as a syslog server to collect log data. On the sensor detail screen, under Host Details, copy the IP address of your Blumira sensor to use when configuring Fortigate.

Configuring Log Forwarding for Fortinet Fortigate Firewalls

To configure Fortinet Fortigate Firewalls to send logs to Blumira’s sensor, you can either use the graphical user interface (GUI), found in Log & Report > Log Settings, or you can use the Fortigate Command Line Interface (CLI).

Log into the CLI and enter the following commands, which include the IP address of your Blumira sensor:

config log syslogd setting
set status enable
set server [IP address of Blumira Sensor]
set port 514
set facility user
set reliable disable (This command is version specific)
end

Note: You can configure Fortigate to send logs to up to four sensors. Just replace ‘syslogd’ with syslogd2, sylsogd3 or syslogd4 on the first line to configure each sensor.

Most Fortigate features are enabled for logging by default, but you can enable Traffic, Web, and URL Filtering with the following commands:

config log syslogd filter
set traffic enable
set web enable
set url-filter enable
end

For more information on logging to a remote syslog server, please see Fortinet’s Logging and Reporting Guide.