Fortinet 100A manual Log access, Viewing log messages, 349

Page 349

Log & Report

Viewing log messages

 

 

To enable traffic logging for a firewall policy

You can enable traffic logging for a firewall policy. All connections accepted by the firewall policy are recorded in the traffic log.

1Go to Firewall > Policy.

2Select the Edit icon for a policy.

3Select Log Traffic.

4Select OK.

5Make sure you enable traffic log under Log Filter for a logging location and set the logging severity level to Notification or lower.

Log access

Log Access provides access to log messages saved to the memory buffer. You can view and search logs.

This section describes:

Viewing log messages

Searching log messages

Figure 186:Sample list of logs stored on the FortiGate disk

Viewing log messages

You can view log messages saved to the memory buffer.

Figure 187:Viewing log messages

FortiGate-100A Administration Guide

01-28007-0068-20041203

349

Image 349
Contents December 01-28007-0068-20041203 Administration GuideTrademarks Version 2.80 MR7 December 01-28007-0068-20041203Regulatory Compliance Table of Contents Management Configuring Snmp Snmp community101 102Static 141 Static route list 143 Static route options 144 System administration 109RIP Policy 145 Policy route list Policy route options 146Users and authentication 233 Radius server list 235 Radius server options 236 235260 Pptp range 260IPS Web filter 309 Log & Report 339 Contents 01-28007-0068-20041203 About FortiGate Antivirus Firewalls IntroductionAntivirus protection Web content filteringFirewall Spam filteringTransparent mode NAT/Route modeVLANs and virtual domains VPN Intrusion Prevention System IPSCommand line interface Secure installation, configuration, and managementHigh availability Web-based managerLogging and reporting Document conventionsYou enter You can enter any of the following set allowaccess pingFortiGate documentation Explains how to configure VPNs using the web-based managerFortinet Knowledge Center Comments on Fortinet technical documentationFortiManager documentation Related documentationFortiClient documentation FortiMail documentationFortiLog documentation Customer service and technical supportFortiLog documentation System status Console accessViewing system status StatusConnect DisconnectUpgrades Content SummaryUnit Information Recent Virus DetectionsInterface Status ResetSystem Resources Recent Intrusion Detections HistoryChanging unit information Attack Name Name of the attackTo update the antivirus definitions manually To update the firmware versionTo update the attack definitions manually To change FortiGate host nameTo change to NAT/Route mode To change to Transparent modeTo view the session list Go to System Status Session Session listSessions ProtocolTo upgrade the firmware using the web-based manager Upgrading the firmware using the web-based managerFirmware upgrade procedures Procedure Description Changing the FortiGate firmwareTo upgrade the firmware using the CLI Upgrading the firmware using the CLIFortiGate unit responds with the message Reverting to a previous firmware versionCopy the firmware image file to the management computer Log into the FortiGate web-based manager Reverting to a previous firmware version using the CLITo revert to a previous firmware version using the CLI To install firmware from a system reboot Go to step FortiGate unit running v3.x Bios FortiGate unit running v3.x BiosImmediately press any key to interrupt the system startup Type Y FortiGate unit running v3.x Bios Restoring the previous configurationTo test a new firmware image Testing a new firmware image before installing itType N FortiGate unit running v3.x Bios Installing a backup firmware image Installing and using a backup firmware imageTo install a backup firmware image To switch to the backup firmware image Switching to the backup firmware imageTo switch back to the default firmware image Switching back to the default firmware imageInstalling and using a backup firmware image Interface System networkAccess Interface settingsName NetmaskName See the following procedures for configuring interfacesInterface Name of the InterfaceVirtual Domain Addressing modeManual PPPoE ConnectingInitializing ConnectedPing server Administrative accessLog Configuring interfacesTo start up an interface that is administratively down To bring down an interface that is administratively upTo add a Vlan subinterface To add interfaces to a zoneYou can configure any FortiGate interface to use Dhcp To configure an interface for DhcpTo configure an interface for PPPoE To change the static IP address of an interfaceSave the changes end To add a secondary IP addressChoose an interface and select Edit To control administrative access to an interface Zone Zone settingsTraffic To add a zone ManagementTo delete a zone To edit a zoneFrom Default Enter the default gateway address GatewayIP/Netmask Virtual Domain managementTo add DNS server IP addresses Go to System Network DNS DNSTransparent mode route settings Routing table Transparent ModeRouting table list MaskBasic Vlan topology Vlan overviewFortiGate units and VLANs VLANs in NAT/Route modeRules for Vlan IDs Rules for Vlan IP addressesAdding Vlan subinterfaces FortiGate unit in Nat/Route modeTo add firewall policies for Vlan subinterfaces VLANs in Transparent modeGo to Firewall Address Go to Firewall PolicyFortiGate unit with two virtual domains in Transparent mode Rules for Vlan IDs Transparent mode virtual domains and VLANsTransparent mode Vlan settings Transparent mode Vlan listTo add a Vlan subinterface in Transparent mode FortiGate IPv6 support IPv6 CLI commands Feature CLI CommandTransparent mode Vlan settings System Dhcp ServiceTo configure an interface as a regular Dhcp relay agent Dhcp service settingsGo to System Dhcp Service Type RegularServer To configure an interface to be a Dhcp serverTo configure a Dhcp server for an interface Dhcp server settingsGo to System Dhcp Server Select Create NewExclude range To configure multiple Dhcp servers for an interfaceStarting IP Ending IPIP/MAC binding Dhcp exclude range settingsRange cannot exceed 65536 IP addresses To add an exclusion range Go to System Dhcp Exclude RangeDynamic IP Dhcp IP/MAC binding settingsTo view the dynamic IP list Go to System Dhcp Dynamic IP Select the interface for which you want to view the listDhcp IP/MAC binding settings System time System configTime Time Zone Select the current FortiGate system time zoneOptions For Idle Timeout, type a number in minutes Select Apply To set the system idle timeout Go to System Config OptionsTo set the Auth timeout Go to System Config Options For Auth Timeout, type a number in minutes Select ApplyDevice failover HA heartbeat failover To modify the dead gateway detection settingsStandalone Mode HA configurationMode Cluster MembersGroup ID Unit PriorityOverride Master PasswordPriorities of Heartbeat Device ScheduleHeartbeat device IP addresses To configure a FortiGate unit for HA operation Configuring an HA clusterMonitor priorities Go to System Status Go to System Config HATo connect a FortiGate HA cluster To add a new unit to a functioning cluster HA network configurationManaging an HA cluster To configure weighted-round-robin weightsConnect to the cluster and log into the web-based manager To view the status of each cluster memberTo view and manage logs for individual cluster units Go to Log&Report Log AccessTo monitor cluster units for failover To manage individual cluster units SnmpGo to System Config Snmp v1/v2c to configure the Snmp agent Configuring SnmpSnmp community options part Snmp community100 To configure Snmp access to an interface in NAT/Route modeFortiGate MIBs To add an Snmp community Go to System Config Snmp v1/v2c101 102 FortiGate traps103 Fortinet MIB fields104 Administrator accounts System config Fortinet MIB fields105 Replacement messages list Replacement messages106 Replacement message tags Tag Description Changing replacement messages107 FILE%%FortiManager Replacement message tags108 Tag DescriptionAdministrators System administration109 This chapter describesAdministrators options Administrators listUsing trusted hosts Access profiles111 Access profile options Access profile listUnder Access Control Allow Write All113 114 Backup and restore System maintenanceSystem settings 115Backing up and Restoring Restore or back up the spam filter RBL and Ordbl listBacking up and Restoring Version or the antivirus or attack definitions117 118 Update center119 Update centerUpdating antivirus and attack definitions Go to System Maintenance Update center120 To make sure the FortiGate unit can connect to the FDNTo add an override server 121122 To enable scheduled updates through a proxy serverPush updates when FortiGate IP addresses change Enabling push updatesSelect Allow Push Update Select Apply 123General procedure Enabling push updates through a NAT device124 Go to Firewall Virtual IPSupport Schedule Always Service ANY Action Accept125 To add a firewall policy to the FortiGate NAT device126 Sending a bug reportRegistering a FortiGate unit To report a bug Go to System Maintenance Support127 RelayTo register a FortiGate unit 128To restart the system Go to System Maintenance Shutdown To log out of the system Go to System Maintenance ShutdownShutdown 129To reset the FortiGate unit to factory defaults Select Reboot Select Apply FortiGate unit restarts130 To shut down the system131 System virtual domainExclusive virtual domain properties Virtual domain properties132 IPSec133 Shared configuration settingsAntivirus Web filter Spam filter Log and report Virtual domains Administration and management134 Selecting a virtual domain Adding a virtual domainSelecting a management virtual domain 135136 Configuring virtual domainsTo select a management virtual domain To add physical interfaces to a virtual domainTo add Vlan subinterfaces to a virtual domain 137To add zones to a virtual domain Configuring firewall policies for a virtual domain Configuring routing for a virtual domain138 To add firewall policies to a virtual domainTo add firewall addresses to a virtual domain 139To add IP pools to a virtual domain Go to Firewall IP PoolTo configure VPN for a virtual domain Configuring IPSec VPN for a virtual domain140 Static Router141 FortiGate1 142143 Static route listDevice internal Distance 144 Static route optionsTo move static routes Go to Router Static Static Route Policy route list Policy145 146 Policy route optionsTo add a policy route Go to Router Policy Route Port, enter the same port number for both From and To147 GeneralNetworks list To configure RIP general settings Go to Router RIP General148 Networks options To configure a RIP network Go to Router RIP NetworksInterface list 149150 Interface optionsSplit-Horizon Password To configure a RIP interface Go to Router RIP InterfaceDistribute list 151152 Distribute list optionsOffset list To configure an offset list Go to Router RIP Offset ListOffset list options 153New access list Access listRouter objects 154Prefix list New access list entry155 156 New Prefix listRoute-map list New prefix list entry157 158 New Route-mapSelect Create New Enter a name for the route map Select OK 159 Route-map list entryNew key chain Key chain list160 161 Key chain list entryEnter a name for the key chain Select OK Routing monitor list Monitor162 Display the FortiGate routing table163 CLI configurationConfig router ospf Router info rip command keywords and variablesCommand syntax pattern Get router info ripKeywords Description Default Availability Variables Ospf command keywords and variables165 This example shows how to display the Ospf settings This example shows how to set the Ospf router ID toExample 166Config area command syntax pattern Config areaThis example shows how to display the Ospf configuration Config area command has 3 subcommands168 Area command keywords and variables169 This example shows how to display the settings for areaConfig filter-list command syntax pattern Config filter-listFilter-list command keywords and variables 170Config range command syntax pattern Config range171 Range idinteger can be 0 to172 Range command keywords and variablesConfig virtual link command syntax pattern Config virtual-linkCommand 173174 Virtual-link command keywords and variablesThis example shows how to configure a virtual link Config distribute-list175 Distribute-list command keywords and variables Config distribute-list command syntax pattern176 Config neighbor command syntax pattern Config neighbor177 This example shows how to manually add a neighbor Neighbor command keywords and variablesThis example shows how to display the settings for neighbor 178Config network command syntax pattern Config networkNetwork command keywords and variables 179Config ospf-interface command syntax pattern Config ospf-interfaceThis example shows how to display the settings for network 180Keywords and variables Description Default Availability Ospf-interface command keywords and variables181 182 183 184 Config redistributeRedistribute command keywords and variables Config redistribute command syntax patternConfig summary-address 185Summary-address command keywords and variables Config summary-address command syntax pattern186 Static6 command keywords and variables Config router static6187 188 189 FirewallPolicy list How policy matching works190 Policy options Policy list has the following icons and features191 Policy has the following standard options 192Interface / Zone Address Name193 Advanced policy options Authentication194 Traffic Shaping Differentiated Services195 Comments Configuring firewall policies196 To disable a policy Policy CLI configurationTo enable a policy Go to Firewall Policy 197Address Firewall policy command keywords and variables198 Address list Address list has the following icons and featuresAddress options 199200 Configuring addressesTo add an address Go to Firewall Address To edit an addressAddress group list Address group list has the following icons and featuresAddress group options 201202 Configuring address groupsAddress group has the following options To delete an address groupName Name of the predefined services Detail Predefined service list203 Make any required changes Select OKANY 204IRC 205Custom services list has the following icons and features Custom service list206 TCP and UDP custom service options Custom service optionsIcmp custom service options 207Configuring custom services IP custom service optionsTo add a custom Icmp service Go to Firewall Service Custom To add a custom IP service Go to Firewall Service CustomService group options Service group listTo delete a custom service Go to Firewall Service Custom To edit a custom service Go to Firewall Service CustomService group has the following options Configuring service groupsTo delete a service group To edit a service group Go to Firewall Service GroupSchedule One-time schedule list has the following icons and featuresOne-time schedule list 211One-time schedule options Configuring one-time schedules212 One-time schedule has the following optionsRecurring schedule options Recurring schedule list213 Recurring schedule has the following optionsVirtual IP Configuring recurring schedules214 Virtual IP list Virtual IP list has the following icons and featuresVirtual IP options 215216 Configuring virtual IPsVirtual IP has the following options To add a static NAT virtual IP Go to Firewall Virtual IPWan1 217218 219 IP poolTo delete a virtual IP Go to Firewall Virtual IP To edit a virtual IP Go to Firewall Virtual IPIP pool list Configuring IP poolsIP pool options 220IP pools and dynamic NAT IP Pools for firewall policies that use fixed ports221 To delete an IP pool Go to Firewall IP PoolProtection profile list Protection profile222 Create New Select Create New to add an IP pool NameProtection profile options Default protection profiles223 224 Configuring antivirus optionsVirus Scan File BlockConfiguring web category filtering options Configuring web filtering options225 226 Configuring spam filtering optionsConfiguring content archive options Configuring IPS options227 228 Configuring protection profilesTo add a protection profile Go to Firewall Protection Profile229 Profile CLI configurationTo add a protection profile to a policy 230 Firewall profile command keywords and variables231 232 To set up user groups Users and authentication233 Local Setting authentication timeoutLocal user list Local user options235 Radius server listTo delete a user name from the internal database Radius236 Radius server optionsTo delete a Radius server Server Secret Enter the Radius server secretLdap server options Ldap server list237 To delete an Ldap server 238User group list User group239 User group options To configure a user group Go to User User Group240 Available UsersThis example shows how to add the branchoffice peer Radius command keywords and variablesPeer 241Peergrp Use this command to add or edit a peer group242 Member namestr243 244 245 VPNPhase 1 list PhaseTo configure phase 1 settings Go to VPN Ipsec Phase 246247 Phase 1 basic settingsEncryption AlgorithmPre-shared Key Certificate Name 248249 Phase 1 advanced settings250 To configure phase 2 settings Go to VPN Ipsec PhasePhase 2 basic settings Phase 2 list251 252 Phase 2 advanced optionsTunnel Name Remote Gateway Enable perfect forward secrecy PFS DH Group Enable replay detectionManual key 253Manual key list Algorithm Edit, view, or delete manual key configurations254 To specify manual keys for creating a tunnel255 Manual key optionsLocal SPI Remote SPIConcentrator AuthenticationConcentrator list 256Concentrator options Ping Generator257 Concentrator Name258 Ping generator optionsTo view active tunnels Go to VPN Ipsec Monitor To interpret the display, see the following sectionsStatic IP and dynamic DNS monitor Dialup monitor259 Pptp range Enable Pptp and specify the address range260 L2TP range Enable L2TP and specify the address range261 Local certificate list Certificates262 263 Certificate requestSelect Generate 264 Importing signed certificatesSelect Import Importing CA certificates CA certificate list265 View CertificateIPSec configuration procedures VPN configuration proceduresAdding firewall policies for IPSec VPN tunnels 266To define an IP destination address 267To define the firewall encryption policy Interface/ZoneL2TP configuration procedures Pptp configuration procedures268 Ipsec phase1 command keywords and variables Ipsec phase1269 270 Probes. The dpd-retryinterval range EnableDpd-retrycount Dpd-retryintervalIpsec phase2 command keywords and variables Ipsec phase2271 Network behind the remote VPN272 Ipsec vipLocal sender or network behind 273 Ipsec vip command keywords and variablesOut-interface Null274 Configuring IPSec virtual IP addressesFortiGate1 External FortiGate2275 276 IPS updates and information Protection profile configuration277 Predefined Signature278 279 Predefined signature list280 Configuring predefined signaturesActions to select for each predefined signature 281 Configuring parameters for dissector signaturesCustom signature list Custom282 Backing up and restoring custom signature files Adding custom signatures283 To add a custom signature Go to IPS Signature CustomAnomaly list Anomaly284 285 Configuring an anomalyModify PassReset Client To configure the settings of an anomaly Go to IPS AnomalyReset Server 286Limit command keywords and variables Anomaly CLI configuration Config ips anomaly config limit287 Default fail open setting Configuring IPS logging and alert email288 289 AntivirusFile block Virus list updates and informationOrder of antivirus operations 290File block list File block list has the following icons and features291 Quarantine Configuring the file block listQuarantined files list 292293 Quarantined files list optionsAutoSubmit list has the following icons and features Configuring the AutoSubmit listAutoSubmit list AutoSubmit list optionsQuarantine configuration has the following options Config295 OptionsVirus list Config296 Grayware options Grayware297 298 This example shows how to disable heuristic scanning Config antivirus heuristic299 Antivirus quarantine command keywords and variables Config antivirus quarantineConfig antivirus service http 300How file size limits work Antivirus service http command keywords and variables301 302 Config antivirus service ftp303 Antivirus service ftp command keywords and variablesAntivirus service pop3 command keywords and variables Config antivirus service pop3304 305 Config antivirus service imap306 Antivirus service imap command keywords and variablesMemfilesizelimi 143Antivirus service smtp command keywords and variables Config antivirus service smtp307 308 309 Web filter310 Order of web filter operationsWeb content block list Content blockWeb content block options Web content block has the following icons and featuresTo add or edit a banned word Go to Web Filter Content Block Configuring the web content block listURL block 312Web URL block list Web URL block has the following icons and featuresWeb URL block options 313Web pattern block list Configuring the web URL block list314 Select Web URL Block Select Create NewURL exempt Configuring web pattern blockWeb pattern block options 315URL exempt list has the following icons and features Configuring URL exemptURL exempt list URL exempt list optionsFortiGuard Service Points FortiGuard managed web filtering serviceCategory block FortiGuard categories and ratingsCategory block configuration options FortiGuard configurationFortiGuard licensing 318To enable FortiGuard web filtering Configuring web category blockCategory block reports 319Category block reports options Category block CLI configurationGenerating a category block report 320This example shows how to display the catblock settings Catblock command keywords and variablesScript filter 321322 Web script filter optionsJavascript CookiesSpam filter Spam filter setting323 324 Order of spam filter operations FortiShield325 Enable Cache Configuring the FortiShield cacheFortiShield options 326IP address IP address list has the following icons and featuresIP address list IP address options328 Configuring the IP address listRBL & Ordbl list has the following icons and features Configuring the RBL & Ordbl listRBL & Ordbl list RBL & Ordbl optionsEmail address Email address list has the following icons and featuresEmail address list Email address optionsMime headers Configuring the email address list331 Email addressMime headers list Mime headers list has the following icons and featuresMime headers options 332Banned word Configuring the Mime headers list333 Banned word list Banned word has the following icons and featuresBanned word options 334Configuring the banned word list Using Perl regular expressions335 To add or edit a banned word Go to Spam Filter Banned WordWord boundary Regular expression vs. wildcard match patternCase sensitivity 336To block any word in a phrase 337To block purposely misspelled words To block common spam phrases338 339 Log & ReportLog Setting options Log config340 FortiLog341 FortiLog settingsDescribes the FortiGate logging severity levels Log file upload settings Disk settings342 Logging severity levelsSyslog settings Memory settingsWebTrends settings To configure log file uploading344 Alert E-mail optionsLog filter options To configure alert email Go to Log&Report Alert E-mail345 Event log Traffic log346 Policy allowed traffic Policy violation trafficWeb filter log Anti-virus log347 Attack log Configuring log filtersSpam filter log Enabling traffic loggingTo enable traffic logging for a firewall policy Log accessViewing log messages 349350 Choosing columns351 Searching log messagesTo change the columns in the log message display To perform a simple keyword search352 Fortilog setting353 Log fortilog setting command keywords and variablesLog syslogd setting command keywords and variables Syslogd setting354 Facility types Description 355356 357 FortiGuard categoriesFortiGuard categories Category name Description 358Objectionable or Controversial Potentially Non-productive 359Potentially Bandwidth Consuming Potentially Security ViolatingUse 360361 Others 362363 GlossaryKB, kilobyte a unit of storage 1 024 bytes 364365 366 367 IndexIndex 368369 MIB 370371 TCP 372373 374
Related manuals
Manual 2 pages 50.79 Kb

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.