Configuring alert email, Searching logs, 256 | Fortinet 100 instruction

Searching logs	Logging and reporting

Searching logs

Use the following procedure to search log messages saved in system memory:

1Go to Log&Report > Logging.

2Select Event Log, Attack Log, Antivirus Log, Web Filter Log, or Email Filter Log.

3Select to search the messages in the selected log.

4Select AND to search for messages that match all the specified search criteria.

5Select OR to search for messages that match one or more of the specified search criteria.

6Select one or more of the following search criteria:

Keyword	To search for any text in a log message. Keyword searching is
	case-sensitive.
Time	To search log messages created during the selected year, month, day, and
	hour.

7Select OK to run the search.

The web-based manager displays the messages that match the search criteria. You can scroll through the messages or run another search.

Note: After running a search, to display all log messages again, run another search but leave all the search fields blank.

Configuring alert email

You can configure the FortiGate unit to send alert email to up to three email addresses when there are virus incidents, block incidents, network intrusions, and other firewall or VPN events or violations. After you set up the email addresses, you can test the settings by sending test email.

•Adding alert email addresses

•Testing alert email

•Enabling alert email

Adding alert email addresses

Because the FortiGate unit uses the SMTP server name to connect to the mail server, it must be able to look up this name on your DNS server. Therefore, before configuring alert email ensure that you have configured at least one DNS server.

To add a DNS server

1Go to System > Network > DNS.

2If they have not already been added, add the primary and secondary DNS server addresses provided to you by your ISP.

3Select Apply.

To add alert email addresses

1Go to Log&Report > Alert Mail > Configuration.

2Select Authentication if your email server requires an SMTP password.

256	Fortinet Inc.

Image 256

Fortinet 100 user manual Configuring alert email, Searching logs, Adding alert email addresses, 256

Contents

Installation and Configuration Guide August Trademarks Regulatory Compliance Table of Contents NAT/Route mode installation System status Virus and attack definitions updates and registration RIP configuration 121 Users and authentication 173 IPSec VPN 181 Network Intrusion Detection System Nids 221 Glossary 259 Index 263 Contents Introduction Antivirus protection Web content filtering Email filtering NAT/Route mode Firewall Transparent mode Network intrusion detection Secure installation, configuration, and management Web-based manager Command line interface FortiGate web-based manager and setup wizard System administration Network configurationWhat’s new in Version Logging and reporting Replacement messages Users and authenticationDhcp server Firewall Web Filter AntivirusEmail filter About this document Document conventions Fortinet documentation Comments on Fortinet technical documentation Customer service and technical support Comments on Fortinet technical documentation Getting started Package contents Mounting Powering on Environmental specifications Connecting to the web-based manager Connecting to the web-based manager Connecting to the command line interface CLI Factory default FortiGate configuration settingsBits per second 9600 Data bits Parity Stop bits Flow control Factory default NAT/Route mode network configuration AccountInternal interface External interface Factory default Transparent mode network configuration Factory default firewall configuration Factory default content profiles Factory default firewall configuration Traffic ShapingAuthentication Antivirus & Web Filter Strict content profile Scan content profileStrict content profile Options Scan content profile Options Web content profile Unfiltered content profileWeb content profile Options Unfiltered content profile Options Planning your FortiGate configuration Example NAT/Route mode network configuration NAT/Route mode with multiple external network connections Example NAT/Route multiple internet connection configuration Configuration options Setup Wizard FortiGate model maximum values matrix Next steps Configuration options Getting started Preparing to configure NAT/Route mode NAT/Route mode installationInternal servers Advanced NAT/Route mode settings Advanced FortiGate NAT/Route mode settingsDMZ interface Dhcp server Using the setup wizard Using the command line interface Set system interface external mode static ip 204.23.1.5 Connecting the FortiGate unit to your networks FortiGate-100 NAT/Route mode connections Configuring your networks Completing the configurationConfiguring the DMZ interface Setting the date and time Configuration example Multiple connections to the Internet Configuring virus and attack definition updatesEnabling antivirus protection Registering your FortiGate Example multiple Internet connection configuration Configuring Ping servers Primary and backup links to the InternetUsing the CLI Destination based routing examples Load sharing Load sharing and primary and secondary connections Adding the routes using the CLI Routing table should have routes arranged as shown in Table Routing a service to an external network Policy routing examples Adding a redundant default policy Firewall policy exampleAdding more firewall policies Action Accept Restricting access to a single Internet connection Transparent mode installation Preparing to configure Transparent modeTransparent mode settings Administrator Password DNS Settings Changing to Transparent mode Go to System Status Configuring the Transparent mode management IP address Configure the Transparent mode default gateway FortiGate-100 Transparent mode connections Setting the date and time Transparent mode configuration examples Default routes and static routes General configuration steps Default route to an external network Web-based manager example configuration steps CLI configuration stepsGo to System Network Management Go to System Network Routing Static route to an external destination Set system route number 1 dst 24.102.233.5 255.255.255.0 gw1 Example static route to an internal destination Set system route number 1 dst 172.16.1.11 255.255.255.0 gw1 System status System status Changing the FortiGate host name Firmware upgrade procedures Procedure DescriptionChanging the FortiGate firmware Upgrading the firmware using the web-based manager Upgrade to a new firmware versionUpgrading the firmware using the CLI Execute restore image namestr tftpip Revert to a previous firmware version Reverting to a previous firmware version using the CLI Execute ping Install a firmware image from a system reboot using the CLI To install firmware from a system reboot Press Any Key To Download Boot Image Test a new firmware image before installing it Restoring your previous configuration Test a new firmware image before installing it Installing and using a backup firmware image Installing a backup firmware image Installing and using a backup firmware image Switching to the backup firmware image Manual virus definition updates Switching back to the default firmware image Manual attack definition updates Backing up system settingsDisplaying the FortiGate serial number Displaying the FortiGate up time Restoring system settings Restoring system settings to factory defaults Changing to NAT/Route mode Changing to Transparent modeRestarting the FortiGate unit System status Shutting down the FortiGate unitViewing CPU and memory status Viewing sessions and network status Go to System Status Monitor Viewing virus and intrusions status Sessions and network status monitor Session list Viewing the session list Go to System Status Session To IP Virus and attack definitions updates and registration Updating antivirus and attack definitions Connecting to the FortiResponse Distribution Network Version Expiry date Last update attempt Last update status Configuring scheduled updates Go to System Update Go to Log&Report Log Setting Configuring update loggingSuccessful Update FDN error Adding an override server Configuring push updatesManually updating antivirus and attack definitions To enable push updates About push updatesPush updates and external dynamic IP addresses Push updates through a NAT device Example push updates through a NAT device Example network topology Push updates through a NAT device General procedure Go to Firewall Virtual IP Schedule Always Service ANY Action Accept Adding a firewall policy for the port forwarding virtual IP Scheduled updates through a proxy server 100 Registering FortiGate units FortiCare Service Contracts101 Registering the FortiGate unit 102 103 Registering a FortiGate unit product information Recovering a lost Fortinet support password Updating registration informationViewing the list of registered FortiGate units 104 Adding or changing a FortiCare Support Contract number Registering a new FortiGate unit105 Changing your Fortinet support password Downloading virus and attack definitions updatesChanging your contact information or security question 106 Registering a FortiGate unit after an RMA 107 108 Configuring interfaces Network configuration109 Viewing the interface list Bringing up an interfaceChanging an interface static IP address Adding a secondary IP address to an interface Adding a ping server to an interface Controlling management access to an interface111 Configuring the external interface with a static IP address Configuring traffic logging for connections to an interfaceConfiguring the external interface for Dhcp Configuring the external interface for PPPoE 113 Configuring the management interface Transparent mode Configuring routing Adding DNS server IP addresses115 Go to System Network DNS Adding a default route Adding destination-based routes to the routing table Adding routes in Transparent mode 117 Configuring the routing table Policy routing Providing Dhcp services to your internal network Policy routing command syntax119 Go to System Network Dhcp Viewing the dynamic IP list 120 RIP configuration 121 Go to System RIP Settings RIP settings122 Update 123Invalid Holddown Configuring RIP for FortiGate interfaces Password124 Mode 125 Adding RIP neighborsAdding RIP neighbors Go to System RIP Neighbor Adding RIP filters Adding a single RIP filter126 Go to System RIP Filter Adding a RIP filter list 127Add the IP address of the route Mask Add the netmask of the route Action Adding a routes filter Adding a neighbors filter128 System configuration Setting system date and timeTo set the date and time Go to System Config Time 129 Changing web-based manager options To set the system idle timeout130 To set the Auth timeout To modify the Dead Gateway Detection settings131 To select a language for the web-based manager Adding and editing administrator accounts Adding new administrator accountsGo to System Config Admin 132 To edit an administrator account Go to System Config Admin Editing administrator accounts133 Configuring Snmp Configuring the FortiGate unit for Snmp monitoringConfiguring FortiGate Snmp support Go to System Config Snmp v1/v2c FortiGate MIBs 135Trap Community Trap Receiver IP Addresses FortiGate MIBs MIB file name Description EtherLike.mib Customizing replacement messages FortiGate traps136 FortiGate traps Trap message Description Go to System Config Replacement Messages Customizing replacement messages137 138 Customizing alert emailsAlert email message sections 139 Alert email message sections 140 Firewall configuration 141 Addresses Default firewall configuration142 Services Content profilesSchedules 143 144 Adding firewall policiesGo to Firewall Policy 145 VPN Tunnel Traffic Shaping146 Dynamic IP Pool Fixed Port Anti-Virus & Web filter Authentication147 Comments Log Traffic148 Configuring policy lists Policy matching in detailChanging the order of policies in a policy list 149 Addresses Enabling and disabling policiesDisabling a policy Enabling a policy 151 Adding addressesGo to Firewall Address Editing addresses Deleting addressesOrganizing addresses into address groups 152 Predefined services Services153 154 ANY 155 IRC Providing access to custom services Grouping servicesGo to Firewall Service Custom Go to Firewall Service Group Schedules 157 Creating one-time schedules Creating recurring schedules158 Go to Firewall Schedule One-time Adding a schedule to a policy 159 Adding static NAT virtual IPs Virtual IPs160 Adding port forwarding virtual IPs 161 162 Adding policies with virtual IPs 163 IP pools Adding an IP pool164 Go to Firewall IP Pool IP pools and dynamic NAT IP Pools for firewall policies that use fixed ports165 Go to Firewall IP/MAC Binding Setting IP/MAC binding166 Go to Firewall IP/MAC Binding Static IP/MAC Adding IP/MAC addresses 167 Viewing the dynamic IP/MAC list Enabling IP/MAC binding168 Go to Firewall IP/MAC Binding Dynamic IP/MAC Content profiles 169 Default content profiles Adding a content profileGo to Firewall Content Profile 170 171 Adding a content profile to a policyOversized File/Email Block Pass Fragmented Email 172 Users and authentication 173 Setting authentication timeout Adding user names and configuring authenticationAdding user names and configuring authentication 174 Deleting user names from the internal database 175 Configuring Radius support Adding Radius serversDeleting Radius servers 176 Configuring Ldap support Adding Ldap servers177 Go to User Ldap Deleting Ldap servers 178 Configuring user groups Adding user groups179 Go to User User Group Deleting user groups 180 IPSec VPN 181 Key management Manual KeysAutoIKE with pre-shared keys AutoIKE with certificates General configuration steps for a manual key VPN Manual key IPSec VPNsAdding a manual key VPN tunnel 183 184 General configuration steps for an AutoIKE VPN Adding a phase 1 configuration for an AutoIKE VPNGo to VPN Ipsec Phase AutoIKE IPSec VPNs Remote Gateway Static IP Address 186Remote Gateway Dialup User Configuring advanced options 187 188 Adding a phase 2 configuration for an AutoIKE VPN 189 190 Obtaining a signed local certificate Managing digital certificates191 192 Generating the certificate requestGo to VPN Local Certificates Requesting the signed local certificate Downloading the certificate request193 Importing the signed local certificate Retrieving the signed local certificate194 Obtaining a CA certificate Retrieving a CA certificateImporting a CA certificate 195 Configuring encrypt policies 196 Adding a source address Adding a destination addressAdding an encrypt policy 197 198 Adding an encrypt policy IPSec VPN concentrators VPN concentrator hub general configuration steps199 200 Source InternalAll Destination VPN spoke address Action 201 Adding a VPN concentratorGo to VPN IPSec Concentrator VPN spoke general configuration steps 202VPN Tunnel Policies Redundant IPSec VPNs Configuring redundant IPSec VPN203 See Adding a phase 1 configuration for an AutoIKE VPN on 204 Monitoring and Troubleshooting VPNs Viewing VPN tunnel statusViewing dialup VPN connection status 205 206 Testing a VPNGo to VPN IPSec Dialup Pptp and L2TP VPN Configuring Pptp207 Configuring the FortiGate unit as a Pptp gateway Adding users and user groupsEnabling Pptp and specifying an address range 208 Adding an address group 209 Configuring a Windows 98 client for Pptp Installing Pptp supportGo to Start Settings Control Panel Network Adding a firewall policy Configuring a Pptp dialup connection Connecting to the Pptp VPNConfiguring a Windows 2000 client for Pptp 211 Configuring a Windows XP client for Pptp Configuring the VPN connection212 Go to Start Control Panel Configuring L2TP 213 Configuring the FortiGate unit as a L2TP gateway Enabling L2TP and specifying an address range214 Go to VPN L2TP L2TP Range Sample L2TP address range configuration 215 216 Configuring a Windows 2000 client for L2TP Configuring an L2TP dialup connectionDisabling IPSec 217 Connecting to the L2TP VPN Configuring a Windows XP client for L2TPConfiguring an L2TP VPN dialup connection Go to Start Settings 219 220 Detecting attacks Network Intrusion Detection System Nids221 Configuring checksum verification Selecting the interfaces to monitorDisabling the Nids 222 Viewing the signature list Viewing attack descriptions223 Go to Nids Detection Signature List Enabling and disabling Nids attack signatures Adding user-defined signatures224 Go to Nids Detection User Defined Signature List Preventing attacks Downloading the user-defined signature listEnabling Nids attack prevention 225 Enabling Nids attack prevention signatures Setting signature threshold values226 227 Configuring synflood signature values Value Description Minimum Maximum DefaultLogging attacks Logging attack messages to the attack log Reducing the number of Nids attack log and email messages Automatic message reductionManual message reduction 229 230 Antivirus protection General configuration steps231 232 Antivirus scanningTo scan FortiGate firewall traffic for viruses File blocking Blocking files in firewall trafficAdding file patterns to block 233 Configuring limits for oversized files and email Blocking oversized files and emailsExempting fragmented email from blocking Viewing the virus list Web filtering 235 Content blocking Go to Web Filter Content BlockAdding words and phrases to the banned word list 236 Using the FortiGate web filter URL blockingAdding URLs or URL patterns to the block list 237 Clearing the URL block list 238 Uploading a URL block list Downloading the URL block list239 Using the Cerberian web filter Installing a Cerberian license key on the FortiGate unitAdding a Cerberian user to the FortiGate unit 240 Configuring Cerberian web filter About the default group and policyTo configure the Cerberian web filtering Enabling Cerberian URL filtering Script filtering Enabling the script filterSelecting script filter options 242 Exempt URL list Adding URLs to the exempt URL list243 Go to Web Filter Exempt URL 244 Email filter 245 Email banned word list Go to Email Filter Content Block246 Email block list Email exempt listAdding address patterns to the email block list 247 To add a subject tag Go to Email Filter Config Adding a subject tagAdding address patterns to the email exempt list 248 Recording logs Logging and reporting249 Recording logs on a NetIQ WebTrends server Recording logs on a remote computer250 Recording logs in system memory Filtering log messages251 Example log filter configuration 252 Configuring traffic logging Enabling traffic loggingEnabling traffic logging for an interface Enabling traffic logging for a firewall policy Configuring traffic filter settings Go to Log&Report Log Setting Traffic FilterAdding traffic filter entries 254 Destination IP Address Destination Netmask Service Viewing logs saved to memoryViewing logs 255 Configuring alert email Searching logsAdding alert email addresses 256 Testing alert email Enabling alert email257 Go to Log&Report Alert Mail Categories 258 Glossary 259 260 261 262 Index 263 264 Index 265 FDS 266 Ldap 267 MIB 268 RMA 269 TCP 270 UDP 271 272