Back Arrow Back to All Integrations

Fortinet Fortigate Firewall

Fortinet Fortigate Firewall

Fortinet Firewall Integration

Blumira’s modern SIEM platform integrates with Fortinet Fortigate Firewalls to detect cybersecurity threats and provide an automated response to remediate when a threat is detected.

 

When configured, the Blumira integration with Fortinet Fortigate Firewall will stream security event logs to the Blumira service for automated threat detection and actionable response.

 

When Blumira’s dynamic blocklist capabilities are configured with the Fortinet Fortigate Firewalls, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.

 

Learn more about enabling Blumira’s Dynamic Block Lists to block malicious source IP addresses and domains for automated threat response.

Configuration Instructions

Configure Log Forwarding for Fortigate Fortigate Firewalls

To configure Fortinet Fortigate Firewalls to send logs to Blumira’s sensor, you can either use the GUI, in Log & Report | Log Settings, or you can use the Fortigate Command Line Interface (CLI).

Log into the CLI and enter the following commands:

config log syslogd setting
set facility user
set port 514
set server [IP address of Blumira Sensor]
set status enable
set reliable disable
end

You can configure Fortigate to send logs to up to four sensors. Just replace ‘syslogd’ with syslogd2, sylsogd3 or syslogd4 on the first line to configure each sensor.

Most FortiGate features are enabled for logging by default, but you can make sure the Traffic, Web and URL Filtering features are enabled for logging with the following commands:

config log syslogd filter
set traffic enable
set web enable
set url-filter enable
end

For more information on logging to a remote syslog server, please see Fortinet’s Logging and Reporting Guide.