Adding traffic filter entries, 288 | Fortinet 400 specs

Configuring traffic logging	Logging and reporting

Adding traffic filter entries

Add entries to the traffic filter list to filter the messages that are recorded in the traffic log. If you do not add any entries to the traffic filter list, the FortiGate records all traffic log messages. You can add entries to the traffic filter list to limit the traffic logs that are recorded. You can log traffic with a specified source IP address and netmask, to a destination IP address and netmask and for a specified service. A traffic filter entry can include any combination of source and destination addresses and services.

Use the following procedure to add an entry to the traffic filter list.

1Go to Log&Report > Log Setting > Traffic Filter.

2Select New.

3Configure the traffic filter for the type of traffic that you want to record on the traffic log.

Name	Type a name to identify the traffic filter entry.

Source IP Address Source Netmask

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Spaces and other special characters are not allowed.

Type the source IP address and netmask for which you want the FortiGate unit to log traffic messages. The address can be an individual computer, subnetwork, or network.

Destination IP Address Destination Netmask

Service

Type the destination IP address and netmask for which you want the FortiGate unit to log traffic messages. The address can be an individual computer, subnetwork, or network.

Select the service group or individual service for which you want the FortiGate unit to log traffic messages.

4Select OK.

The traffic filter list displays the new traffic address entry with the settings that you selected in “Enabling traffic logging” on page 286.

Figure 45: Example new traffic address entry

288	Fortinet Inc.

Image 288

Fortinet 400 manual Adding traffic filter entries, 288, Destination IP Address Destination Netmask Service

Contents

Installation and Configuration Guide August Trademarks Regulatory Compliance Table of Contents NAT/Route mode installation High availability System status Network configuration 133 System configuration 157 Users and authentication 201 IPSec VPN 209 Network Intrusion Detection System Nids 249 Email filter 277 Glossary 295 Index 299 Contents Introduction Antivirus protection Web content filtering Email filtering NAT/Route mode Firewall Transparent mode Network intrusion detection VPN High availability Secure installation, configuration, and management Web-based manager Command line interface Logging and reporting What’s new in Version Replacement messages Users and authenticationFirewall Antivirus Web FilterEmail filter About this document Document conventions Fortinet documentation Comments on Fortinet technical documentation Customer service and technical support Getting started Package contents Mounting Powering on Power requirementsEnvironmental specifications FortiGate-400 LED indicators Connecting to the web-based manager Connecting to the web-based manager Connecting to the command line interface CLI Factory default FortiGate configuration settingsBits per second 9600 Data bits Parity Stop bits Flow control Factory default NAT/Route mode network configuration AccountInterface Factory default Transparent mode network configuration Factory default firewall configuration Factory default content profiles Strict content profile Scan content profileStrict content profile Options Scan content profile Options Web content profile Unfiltered content profileWeb content profile Options Unfiltered content profile Options Planning your FortiGate configuration NAT/Route mode with multiple external network connections Example NAT/Route mode network configuration Configuration options Setup Wizard FortiGate model maximum values matrix Front keypad and LCD Next steps Next steps Getting started NAT/Route mode installation Preparing to configure NAT/Route modeNAT/Route mode settings Administrator Password Interface Using the setup wizard Starting the setup wizardReconnecting to the web-based manager Using the front control buttons and LCD Using the command line interfaceConfiguring the FortiGate unit to operate in NAT/Route mode Configuring NAT/Route mode IP addresses Set system interface port2 mode static ip IPaddress netmask Connecting the FortiGate unit to your networks Configuring your network Completing the configurationConfiguring interface Go to System Network Interface Configuring interface 4/HA Setting the date and timeEnabling antivirus protection Registering your FortiGate unit Configuration example Multiple connections to the Internet Configuring virus and attack definition updates Configuring Ping servers Example multiple Internet connection configuration Primary and backup links to the Internet Using the CLIDestination based routing examples Go to System Network Routing Table Load sharing Load sharing and primary and secondary connections Adding the routes using the CLI Routing table should have routes arranged as shown in Table Routing a service to an external network Policy routing examples Adding a redundant default policy Firewall policy exampleGo to Firewall Policy port1-port3 Restricting access to a single Internet connection Adding more firewall policies Configuration example Multiple connections to the Internet Transparent mode installation Preparing to configure Transparent modeTransparent mode settings Administrator Password DNS Settings Changing to Transparent mode Go to System Status Set system opmode transparent Configuring the Transparent mode management IP address Configure the Transparent mode default gateway Registering your FortiGate Transparent mode configuration examples FortiGate-400 Transparent mode connections Default routes and static routes General configuration steps Default route to an external network Web-based manager example configuration steps CLI configuration stepsGo to System Network Management Go to System Network Routing Static route to an external destination Set system route number 1 dst 24.102.233.5 255.255.255.0 gw1 Example static route to an internal destination Set system route number 1 dst 172.16.1.11 255.255.255.0 gw1 Transparent mode configuration examples High availability Active-passive HA Active-active HA HA in NAT/Route mode Installing and configuring the FortiGate unitsConfiguring the HA interfaces Configuring the HA cluster Go to System Config HA Weighted Round Robin Least Connection Connecting the HA cluster to your network Example Active-Active HA configuration HA network configuration HA in Transparent mode Configuring the HA interface and HA IP addressStarting the HA cluster HA in Transparent mode None Sample active-passive HA configuration Managing the HA cluster Viewing the status of cluster membersGo to System Status Cluster Members Monitoring cluster members Go to System Status Monitor Monitoring cluster sessions Viewing and managing cluster log messagesGo to System Status Session Go to Log&Report Logging Synchronizing the cluster configuration Managing individual cluster units Returning to standalone configuration Replacing a FortiGate unit after fail-over Advanced HA options Selecting a FortiGate unit to a permanent primary unit Configuring weighted-round-robin weights Set system ha weight 1 3 System status System status Firmware upgrade procedures Procedure Description Changing the FortiGate host nameChanging the FortiGate firmware Upgrade to a new firmware version Upgrading the firmware using the web-based managerUpgrading the firmware using the CLI Execute restore image namestr tftpip Revert to a previous firmware version Reverting to a previous firmware version using the CLI Execute ping Install a firmware image from a system reboot using the CLI To install firmware from a system reboot Execute reboot 100 Test a new firmware image before installing it Restoring your previous configuration101 102 Installing and using a backup firmware image Installing a backup firmware image103 104 Switching to the backup firmware image 105 Manual virus definition updates Switching back to the default firmware image106 Manual attack definition updates Displaying the FortiGate serial numberDisplaying the FortiGate up time Displaying log hard disk status Backing up system settings Restoring system settingsRestoring system settings to factory defaults 108 Changing to Transparent mode Changing to NAT/Route modeRestarting the FortiGate unit 109 Shutting down the FortiGate unit System statusViewing CPU and memory status Viewing sessions and network status 111 Viewing virus and intrusions status Sessions and network status monitor Session list 113Viewing the session list Go to System Status Session 114 Virus and attack definitions updates and registration Updating antivirus and attack definitions115 Connecting to the FortiResponse Distribution Network Version Expiry date Last update attempt Last update status Configuring scheduled updates Go to System Update117 Configuring update logging Go to Log&Report Log SettingSuccessful Update FDN error Configuring push updates Adding an override serverManually updating antivirus and attack definitions 119 To enable push updates About push updatesPush updates through a NAT device Example push updates through a NAT device General procedure 121 122 Go to Firewall Virtual IP Schedule Always Service ANY Action Accept 123Adding a firewall policy for the port forwarding virtual IP Scheduled updates through a proxy server 124 FortiCare Service Contracts Registering FortiGate units125 Registering the FortiGate unit 126 127 Registering a FortiGate unit product information Recovering a lost Fortinet support password Updating registration informationViewing the list of registered FortiGate units 128 Registering a new FortiGate unit Adding or changing a FortiCare Support Contract number129 Changing your Fortinet support password Downloading virus and attack definitions updatesChanging your contact information or security question 130 Registering a FortiGate unit after an RMA 131 132 Network configuration Configuring zonesAdding zones 133 Adding interfaces to a zone Adding Vlan subinterfaces to a zoneRenaming zones 134 Configuring interfaces Deleting zonesViewing the interface list Bringing up an interface Changing an interface static IP address Adding a secondary IP address to an interfaceAdding a ping server to an interface 136 Controlling management access to an interface Configuring traffic logging for connections to an interfaceChanging the MTU size to improve network performance 137 Configuring port4/ha Configuring port4/ha for HA modeConfiguring port4/ha as a firewall interface Configuring the management interface Transparent mode Configuring VLANs Vlan network configuration139 Typical Vlan network configuration 140 Adding Vlan subinterfaces Rules for Vlan IDsRules for Vlan IP addresses Adding a Vlan subinterface 142 Adding a Vlan subinterface Configuring routing Adding a default routeAdding destination-based routes to the routing table 143 144 Adding routes in Transparent mode Configuring the routing table145 Policy routing command syntax Policy routing146 Providing Dhcp services to your internal network Set system dhcpserver command syntax Keywords Description147 148 RIP configuration 149 RIP settings Go to System RIP Settings150 Configuring RIP settings 151 Configuring RIP for FortiGate interfaces Password152 Mode Adding RIP neighbors 153Adding RIP neighbors Go to System RIP Neighbor Adding RIP filters Adding a single RIP filter154 Go to System RIP Filter Adding a RIP filter list 155Add the IP address of the route Mask Add the netmask of the route Action Adding a neighbors filter Adding a routes filter156 System configuration Setting system date and timeTo set the date and time Go to System Config Time 157 To set the system idle timeout Changing web-based manager options158 To set the Auth timeout To modify the Dead Gateway Detection settings159 To select a language for the web-based manager Adding and editing administrator accounts Adding new administrator accountsGo to System Config Admin 160 Editing administrator accounts To edit an administrator account Go to System Config Admin161 Configuring Snmp Configuring the FortiGate unit for Snmp monitoringConfiguring FortiGate Snmp support Go to System Config Snmp v1/v2c FortiGate MIBs 163Trap Community Trap Receiver IP Addresses FortiGate MIBs MIB file name Description EtherLike.mib Customizing replacement messages FortiGate traps164 FortiGate traps Trap message Description Customizing replacement messages Go to System Config Replacement Messages165 Customizing alert emails 166Alert email message sections 167 Alert email message sections 168 Firewall configuration 169 Default firewall configuration InterfacesVlan subinterfaces 170 Default addresses Interface Address Description ZonesAddresses 171 Services Content profilesAdding firewall policies Schedules Firewall policy options SourceDestination 173 Service ScheduleAction VPN Tunnel Authentication Traffic Shaping175 Anti-Virus & Web filter 176 Configuring policy lists Log TrafficComments Policy matching in detail Changing the order of policies in a policy list Enabling and disabling policiesDisabling a policy Enabling a policy Addresses Adding addresses179 Go to Firewall Address Editing addresses Deleting addresses180 Organizing addresses into address groups 181Go to Firewall Address Group Services Predefined services182 183 Https Providing access to custom services Go to Firewall Service Custom184 Grouping services Go to Firewall Service Group185 Schedules Creating one-time schedules186 Go to Firewall Schedule One-time Creating recurring schedules 187Go to Firewall Schedule Recurring Virtual IPs Adding a schedule to a policy188 Adding static NAT virtual IPs 189 Adding port forwarding virtual IPs 190 Adding policies with virtual IPs 191 IP pools Adding an IP pool192 Go to Firewall IP Pool IP/MAC binding IP Pools for firewall policies that use fixed portsIP pools and dynamic NAT 193 Go to Firewall IP/MAC Binding Setting 194Go to Firewall IP/MAC Binding Static IP/MAC Adding IP/MAC addresses 195 Viewing the dynamic IP/MAC list Enabling IP/MAC binding196 Go to Firewall IP/MAC Binding Dynamic IP/MAC Content profiles Default content profilesAdding a content profile Go to Firewall Content Profile 198 File BlockQuarantine Oversized File/Email Block Pass Fragmented Email Adding a content profile to a policy 199 200 Users and authentication 201 Setting authentication timeout Adding user names and configuring authenticationAdding user names and configuring authentication 202 Deleting user names from the internal database 203 Configuring Radius support Adding Radius serversDeleting Radius servers 204 Configuring Ldap support Adding Ldap servers205 Go to User Ldap Deleting Ldap servers 206 Configuring user groups Adding user groups207 Go to User User Group Deleting user groups 208 IPSec VPN 209 Key management Manual KeysAutoIKE with pre-shared keys AutoIKE with certificates General configuration steps for a manual key VPN Manual key IPSec VPNsAdding a manual key VPN tunnel 211 212 General configuration steps for an AutoIKE VPN Adding a phase 1 configuration for an AutoIKE VPNGo to VPN Ipsec Phase AutoIKE IPSec VPNs 214 Remote Gateway Static IP AddressRemote Gateway Dialup User Configuring advanced options 215 216 Adding a phase 2 configuration for an AutoIKE VPN 217 218 Managing digital certificates Obtaining a signed local certificate219 Generating the certificate request 220Go to VPN Local Certificates Downloading the certificate request Requesting the signed local certificate221 Retrieving the signed local certificate Importing the signed local certificate222 Obtaining a CA certificate Retrieving a CA certificateImporting a CA certificate 223 Configuring encrypt policies 224 Adding a source address Adding a destination addressAdding an encrypt policy 225 226 Adding an encrypt policy VPN concentrator hub general configuration steps IPSec VPN concentrators227 228 Source InternalAll Destination VPN spoke address Action Adding a VPN concentrator 229Go to VPN IPSec Concentrator VPN spoke general configuration steps 230VPN Tunnel Policies Configuring redundant IPSec VPN Redundant IPSec VPNs231 See Adding a phase 1 configuration for an AutoIKE VPN on 232 Monitoring and Troubleshooting VPNs Viewing VPN tunnel statusViewing dialup VPN connection status 233 Testing a VPN 234Go to VPN IPSec Dialup Configuring Pptp Pptp and L2TP VPN235 Configuring the FortiGate unit as a Pptp gateway Adding users and user groupsEnabling Pptp and specifying an address range 236 Adding an address group 237 Configuring a Windows 98 client for Pptp Installing Pptp supportGo to Start Settings Control Panel Network Adding a firewall policy Configuring a Pptp dialup connection Connecting to the Pptp VPNConfiguring a Windows 2000 client for Pptp 239 Configuring a Windows XP client for Pptp Configuring the VPN connection240 Go to Start Control Panel Configuring L2TP 241 Configuring the FortiGate unit as a L2TP gateway Enabling L2TP and specifying an address range242 Go to VPN L2TP L2TP Range Sample L2TP address range configuration 243 244 Configuring a Windows 2000 client for L2TP Configuring an L2TP dialup connectionDisabling IPSec 245 Connecting to the L2TP VPN Configuring a Windows XP client for L2TPConfiguring an L2TP VPN dialup connection Go to Start Settings 247 248 Network Intrusion Detection System Nids Detecting attacks249 Configuring checksum verification Selecting the interfaces to monitorDisabling the Nids 250 Viewing the signature list Viewing attack descriptions251 Go to Nids Detection Signature List Enabling and disabling Nids attack signatures Adding user-defined signatures252 Go to Nids Detection User Defined Signature List Preventing attacks Downloading the user-defined signature listEnabling Nids attack prevention 253 Setting signature threshold values Enabling Nids attack prevention signatures254 255 Configuring synflood signature values Value Description Minimum Maximum DefaultLogging attacks Logging attack messages to the attack log Reducing the number of Nids attack log and email messages Automatic message reductionManual message reduction 257 258 General configuration steps Antivirus protection259 Antivirus scanning 260To scan FortiGate firewall traffic for viruses File blocking 261 Blocking files in firewall traffic Adding file patterns to block262 Go to Anti-Virus File Block Go to Anti-Virus Quarantine Quarantine Config QuarantineQuarantining infected files Quarantining blocked files Viewing the quarantine list Sorting the quarantine list264 Go to Anti-Virus Quarantine Configuring quarantine options Filtering the quarantine listDeleting files from quarantine Downloading quarantined files Configuring limits for oversized files and email Blocking oversized files and emailsExempting fragmented email from blocking Viewing the virus list Web filtering 267 Content blocking Go to Web Filter Content BlockAdding words and phrases to the banned word list 268 Using the FortiGate web filter URL blockingAdding URLs or URL patterns to the block list 269 Clearing the URL block list 270 Downloading the URL block list Uploading a URL block list271 Using the Cerberian web filter Installing a Cerberian license key on the FortiGate unitAdding a Cerberian user to the FortiGate unit 272 Configuring Cerberian web filter About the default group and policyTo configure the Cerberian web filtering Enabling Cerberian URL filtering Script filtering Enabling the script filterSelecting script filter options 274 Exempt URL list Adding URLs to the exempt URL list275 Go to Web Filter Exempt URL 276 Example exempt URL list Email filter 277 Go to Email Filter Content Block Email banned word list278 Email block list Email exempt listAdding address patterns to the email block list 279 To add a subject tag Go to Email Filter Config Adding a subject tagAdding address patterns to the email exempt list 280 Logging and reporting Recording logs281 Recording logs on a remote computer Recording logs on a NetIQ WebTrends server282 Recording logs on the FortiGate hard disk 283Overwrite Option Filtering log messages Recording logs in system memory284 Example log filter configuration 285 Configuring traffic logging Enabling traffic loggingEnabling traffic logging for an interface Enabling traffic logging for a Vlan subinterface Configuring traffic filter settings Go to Log&Report Log Setting Traffic FilterEnabling traffic logging for a firewall policy 287 Destination IP Address Destination Netmask Service Adding traffic filter entries288 Viewing logs saved to memory Viewing logsSearching logs 289 Viewing and managing logs saved to the hard disk 290 Downloading a log file to the management computer Deleting all messages in an active log291 Configuring alert email Deleting a saved log fileAdding alert email addresses 292 Testing alert email Enabling alert email293 Go to Log&Report Alert Mail Categories 294 Glossary 295 296 297 298 Index Numerics299 300 Index 301 FDS 302 Ldap 303 MIB 304 305 RMA 306 TCP 307 VPN 308