🔍

Overview of FortiGate Logging Configuration

Mar 13, 2025

View transcript

Lecture Notes: FortiGate Logging Review and Configuration

Introduction

  • Presenter: Devin Adams from Net Instructor in Tempe, Arizona.
  • Purpose: Creating a lab environment for the FortiGate FortiOS 6.4 (Ana c4).
  • Objective: Review FortiGate logging to ensure accountability and create a paper trail for changes and events.

Key Concepts

  • FortiDuck Account: A testing account with restricted access.

    • Cannot make system changes.
    • Used to verify logging functions.

  • Importance of Separate Admin Accounts:

    • Facilitates accountability.
    • Ensures unauthorized actions can be traced back to individual accounts.

Logging Configuration

Steps to Access Logging

  1. Log in as Admin:

    • Use incognito mode or different browsers to login as different admins without sharing session keys.

  2. Check Logging Settings:

    • Navigate to "Log & Report" -> "Log Settings".
    • Ensure event logging is enabled.
    • Verify logging to a hard drive or remote options (FortiCloud, FortiAnalyzer, or Syslog).
    • Enable "FortiView" for graphical representation of logs.

Event Logging

  • System Events:
    • Logs system-level changes like admin login/logout and configuration changes.
    • Use filters to isolate specific activities (e.g., changes made by FortiDuck).

Traffic Logging

  • Policy and Object Settings:

    • Use "Log Allowed Traffic" in firewall policies for security events.
    • Avoid logging all sessions due to excess data volume; focus on security events.

  • Inspection Options:

    • Deep Inspection vs. Certificate Inspection.
    • Certificate Inspection used for basic visibility without deep analysis.

Demonstration

  • Example on logging with a simulated PC generating web traffic.
  • Use of "make Internet noise" to create traffic logs.
  • Verification of logging through "Forwarding Logs" to track websites visited, leveraging device identification and reverse database for application names.

Advanced Features

  • Internet Service Database:

    • Maps popular public IPs and protocols for applications.
    • Helps in identifying traffic to sites like Amazon, Google.

  • Web Filtering:

    • Categories and actions analyzed via FortiGuard services.

  • FortiView:

    • Offers visual insights into traffic trends, categories, and user actions.
    • Supports historical analysis and normalization of data.

Conclusion

  • Logging is essential for network security and accountability.
  • Ensure logging is enabled and appropriately configured.
  • Regularly review logs and utilize FortiView for insights.
  • Future topics include detailed inspection and web filtering configuration.

These notes encapsulate the crucial elements of the logging lecture, providing insights into best practices for monitoring and accountability in FortiGate configurations.

Full transcript