Manuals / Brands / Computer Equipment / Network Router / Fortinet / Computer Equipment / Network Router

Fortinet 100A 348 , Attack log, Spam filter log, Configuring log filters, Enabling traffic logging

1 374

Download 374 pages, 4.85 Mb

348 01-28007-0068-20041203 Fortinet Inc.

Configuring log filters Log & Report

Attack log

The Attack Log records attacks detected and prevented by the FortiGate unit. You can

apply the following filters:

Spam filter log

The Spam Filter Log records blocking of address patterns and content in IMAP and

POP3 traffic. You can apply the following filters:

Configuring log filters

Configure log filters for each location to which you are saving logs.

To configure log filters

1Go to Log&Report > Log Config > Log Filter.

2Enable the logging type for each location to which you want to log messages.

3Select the specific log sub-types to log for each location.

4Select Apply.

Enabling traffic logging

To enable traffic logging for an interface or VLAN subinterface

You can enable traffic logging for an interface or VLAN subinterface. All connections

to and through the interface are recorded in the traffic log.

1Go to System > Network > Interface.

2Select the Edit icon for an interface.

3Select Log.

4Select OK.

5Repeat steps 1 through 4 for each interface for which you want to enable logging.

6Make sure you enable traffic logs for a logging location and set the logging severity

level to Notification or lower.

Attack Signature The FortiGate unit logs all detected and prevented attacks based on the

attack signature, and the action taken by the FortiGate unit.

Attack Anomaly The FortiGate unit logs all detected and prevented attacks based on

unknown or suspicious traffic patterns, and the action taken by the

FortiGate unit.

SMTP The FortiGate unit logs all instances of blocked email in SMTP traffic.

POP3 The FortiGate unit logs all instances of blocked email in POP3 traffic.

IMAP The FortiGate unit logs all instances of blocked email in IMAP traffic.

Note: To record traffic log messages you must set the logging severity level to Notification when

configuring the logging location. Traffic log messages do not generally have a severity level

higher than Notification.

Contents

Main FortiGate 100A Administration Guide Page Table of Contents 4 Page 6 Page 8 Page 10 Page Page Introduction About FortiGate Antivirus Firewalls 14 Antivirus protection Web content filtering Spam filtering Firewall 16 NAT/Route mode Transparent mode VLANs and virtual domains Intrusion Prevention System (IPS) VPN 18 High availability Secure installation, configuration, and management Web-based manager Command line interface Document conventions 20 FortiGate documentation Fortinet Knowledge Center Comments on Fortinet technical documentation 22 Related documentation FortiManager documentation FortiClient documentation FortiMail documentation FortiLog documentation Customer service and technical support Page System status Console access 26 Status Viewing system status System status Unit Information Recent Virus Detections Content Summary 28 Interface Status System Resources All interfaces in the FortiGate unit are listed in the table. History Recent Intrusion Detections Changing unit information Page Page Session list Changing the FortiGate firmware Upgrading to a new firmware version Use the following procedures to upgrade the FortiGate unit to a newer firmware version. Upgrading the firmware using the web-based manager 34 Upgrading the firmware using the CLI Reverting to a previous firmware version Reverting to a previous firmware version using the web-based manager 36 Reverting to a previous firmware version using the CLI Page 38 Installing firmware images from a system reboot using the CLI Page 40 Restoring the previous configuration Testing a new firmware image before installing it Page Installing and using a backup firmware image Installing a backup firmware image 44 Switching to the backup firmware image Switching back to the default firmware image Page System network Interface 48 Interface settings Name Interface VLAN ID 50 Virtual Domain Addressing mode Manual DHCP PPPoE 52 DDNS Ping server Administrative access MTU Log Configuring interfaces Page Page Page Page 58 Zone Zone settings Management Page DNS 62 Routing table (Transparent Mode) Routing table list Transparent mode route settings VLAN overview 64 FortiGate units and VLANs VLANs in NAT/Route mode Rules for VLAN IDs Rules for VLAN IP addresses Adding VLAN subinterfaces VLANs in Transparent mode Page 68 Rules for VLAN IDs Transparent mode VLAN list Transparent mode VLAN settings Page FortiGate IPv6 support Page System DHCP Service 74 DHCP service settings Server 76 DHCP server settings Exclude range 78 DHCP exclude range settings IP/MAC binding DHCP IP/MAC binding settings Dynamic IP Page System config System time Options Page HA HA configuration Standalone Mode High Availability 86 Cluster Members Mode Group ID Unit Priority Override Master Password 88 Schedule Priorities of Heartbeat Device Heartbeat device IP addresses 90 Monitor priorities Configuring an HA cluster Page Page Internal Network 94 Managing an HA cluster Page Page SNMP 98 Configuring SNMP SNMP community Page FortiGate MIBs 102 FortiGate traps Fortinet MIB fields Page Page 106 Replacement messages Replacement messages list Changing replacement messages FortiManager System administration Administrators 110 Administrators list Administrators options Using trusted hosts Access profiles 112 Access profile list Access profile options Page Page System maintenance Backup and restore 116 Backing up and Restoring Page Update center Page 120 Updating antivirus and attack definitions Page Page Enabling push updates Push updates when FortiGate IP addresses change 124 Enabling push updates through a NAT device Support 126 Sending a bug report Use the Report Bug form to send bug information to Fortinet support. Registering a FortiGate unit Page Shutdown Page System virtual domain 132 Virtual domain properties Exclusive virtual domain properties Shared configuration settings 134 Administration and management Virtual domains Adding a virtual domain Selecting a virtual domain Selecting a management virtual domain 136 Configuring virtual domains Adding interfaces, VLAN subinterfaces, and zones to a virtual domain Page 138 Configuring routing for a virtual domain Configuring firewall policies for a virtual domain Page Page Router Static Page Static route list 144 Static route options Policy Policy route list 146 Policy route options RIP General 148 Networks list Networks options Interface list 150 Interface options Distribute list 152 Distribute list options Offset list Use offset lists to add the specified offset to the metric of a route. Offset list options 154 Router objects Access list New access list New access list entry Prefix list 156 New Prefix list New prefix list entry Route-map list 158 New Route-map Route-map list entry 160 Key chain list New key chain Key chain list entry 162 Monitor Routing monitor list Page 164 get router info rip Command syntax Examples config router ospf ospf command keywords and variables 166 ospf command keywords and variables (Continued) config area config area command syntax pattern 168 area command keywords and variables area command keywords and variables (Continued) 170 config filter-list config filter-list command syntax pattern filter-list command keywords and variables config range config range command syntax pattern 172 range command keywords and variables config virtual-link config virtual link command syntax pattern 174 virtual-link command keywords and variables config distribute-list virtual-link command keywords and variables (Continued) 176 config distribute-list command syntax pattern distribute-list command keywords and variables config neighbor config neighbor command syntax pattern 178 neighbor command keywords and variables config network config network command syntax pattern network command keywords and variables 180 config ospf-interface config ospf-interface command syntax pattern ospf-interface command keywords and variables 182 ospf-interface command keywords and variables (Continued) 184 config redistribute config redistribute command syntax pattern config summary-address redistribute command keywords and variables 186 config summary-address command syntax pattern summary-address command keywords and variables config router static6 static6 command keywords and variables Page Firewall 190 Policy How policy matching works Policy list The policy list has the following icons and features. Policy options Policy options are configurable when creating or editing a firewall policy. Policy has the following standard options: Page 194 Advanced policy options Authentication Traffic Shaping Differentiated Services 196 Comments Configuring firewall policies Policy CLI configuration 198 Address firewall policy command keywords and variables Address list Address options 200 Configuring addresses Address group list Address group options 202 Configuring address groups Service Predefined service list Page Page 206 Custom service list The custom services list has the following icons and features. Page 208 IP custom service options Configuring custom services Service group list Service group options 210 Configuring service groups Schedule One-time schedule list 212 One-time schedule options Configuring one-time schedules Recurring schedule list Recurring schedule options 214 Configuring recurring schedules Virtual IP Virtual IP list Virtual IP options 216 Virtual IP has the following options. Configuring virtual IPs Page Page IP pool 220 IP pool list IP pool options Configuring IP pools IP Pools for firewall policies that use fixed ports IP pools and dynamic NAT 222 Protection profile Protection profile list Default protection profiles The FortiGate unit comes preconfigured with four protection profiles. You can configure the following options when creating or editing a protection profile. Protection profile options 224 Configuring antivirus options Configuring web filtering options Configuring web category filtering options 226 Configuring spam filtering options Configuring IPS options Configuring content archive options 228 Configuring protection profiles Profile CLI configuration 230 firewall profile command keywords and variables firewall profile command keywords and variables (Continued) Page Users and authentication 234 Setting authentication timeout Local Local user list Local user options RADIUS RADIUS server list 236 RADIUS server options LDAP LDAP server list LDAP server options Page User group User group list 240 User group options peer radius command keywords and variables 242 peergrp radius command keywords and variables Page Page VPN 246 Phase 1 Phase 1 list Phase 1 basic settings Page Phase 1 advanced settings Phase 2 Phase 2 list Phase 2 basic settings 252 Phase 2 advanced options Manual key 254 Manual key list Manual key options 256 Concentrator Concentrator list Concentrator options Ping Generator 258 Ping generator options Monitor Dialup monitor Static IP and dynamic DNS monitor 260 PPTP PPTP range L2TP L2TP range 262 Certificates Local certificate list Page 264 Importing signed certificates CA certificate list Importing CA certificates 266 VPN configuration procedures IPSec configuration procedures Adding firewall policies for IPSec VPN tunnels Page 268 PPTP configuration procedures L2TP configuration procedures ipsec phase1 ipsec phase1 command keywords and variables 270 ipsec phase1 command keywords and variables (Continued) ipsec phase2 ipsec phase2 command keywords and variables 272 ipsec vip ipsec phase2 command keywords and variables (Continued) ipsec vip command keywords and variables 274 Configuring IPSec virtual IP addresses Page Page IPS IPS updates and information 278 Signature Predefined Predefined signature list Tabl e 24 describes each possible action you can select for predefined signatures. 280 Configuring predefined signatures Configuring parameters for dissector signatures 282 Custom Custom signature list Adding custom signatures Backing up and restoring custom signature files 284 Anomaly Anomaly list Configuring an anomaly Page Anomaly CLI configuration (config ips anomaly) config limit limit command keywords and variables Configuring IPS logging and alert email Default fail open setting Antivirus 290 Order of antivirus operations Virus list updates and information File block File block list 292 Configuring the file block list Quarantine Quarantined files list Quarantined files list options 294 AutoSubmit list AutoSubmit list options Configuring the AutoSubmit list Config Quarantine configuration has the following options: 296 Config Virus list Config Grayware Grayware options Page config antivirus heuristic 300 config antivirus quarantine config antivirus service http antivirus quarantine command keywords and variables antivirus service http command keywords and variables 302 config antivirus service ftp antivirus service ftp command keywords and variables 304 config antivirus service pop3 antivirus service pop3 command keywords and variables config antivirus service imap 306 antivirus service imap command keywords and variables config antivirus service smtp antivirus service smtp command keywords and variables Page Web filter 310 Order of web filter operations Content block Web content block list Web content block options 312 Configuring the web content block list URL block Web URL block list Web URL block options 314 Configuring the web URL block list Web pattern block list Web pattern block options Configuring web pattern block URL exempt 316 URL exempt list URL exempt list options Configuring URL exempt Category block FortiGuard managed web filtering service FortiGuard categories and ratings FortiGuard Service Points 318 FortiGuard licensing FortiGuard configuration Category block configuration options Configuring web category block Category block reports 320 Category block reports options Generating a category block report Category block CLI configuration Script filter catblock command keywords and variables Page Spam filter Page Order of spam filter operations FortiShield 326 FortiShield options Configuring the FortiShield cache IP address IP address list IP address options 328 Configuring the IP address list RBL & ORDBL RBL & ORDBL list RBL & ORDBL options Configuring the RBL & ORDBL list 330 Email address Email address list Email address options Configuring the email address list MIME headers 332 MIME headers list MIME headers options Configuring the MIME headers list Banned word 334 Banned word list Banned word options Configuring the banned word list Using Perl regular expressions 336 Regular expression vs. wildcard match pattern Word boundary Case sensitivity Examples Page Log & Report 340 Log config Log Setting options FortiLog settings 342 Disk settings Memory settings Syslog settings WebTrends settings 344 Alert E-mail options Log filter options 346 Traffic log Event log Anti-virus log Web filter log 348 Attack log Spam filter log Configuring log filters Enabling traffic logging Log access Viewing log messages 350 Choosing columns Searching log messages 352 fortilog setting log fortilog setting command keywords and variables 354 syslogd setting log syslogd setting command keywords and variables Page Page FortiGuard categories Page Page Page Page Page Glossary Page Page Page Index A B C 368 D E F G H I K 370 L M N O Q R S 372 T U V W X