Introduction

Secure installation, configuration, and management

 

 

Command line interface

You can access the FortiGate command line interface (CLI) by connecting a management computer serial port to the FortiGate RS-232 serial console connector. You can also use Telnet or a secure SSH connection to connect to the CLI from any network that is connected to the FortiGate unit, including the Internet.

The CLI supports the same configuration and monitoring functionality as the web-based manager. In addition, you can use the CLI for advanced configuration options that are not available from the web-based manager.

This Installation and Configuration Guide contains information about basic and advanced CLI commands. For a more complete description about connecting to and using the FortiGate CLI, see the FortiGate CLI Reference Guide.

Logging and reporting

The FortiGate unit supports logging for various categories of traffic and configuration changes. You can configure logging to:

report traffic that connects to the firewall,

report network services used,

report traffic that was permitted by firewall policies,

report traffic that was denied by firewall policies,

report events such as configuration changes and other management events, IPSec tunnel negotiation, virus detection, attacks, and web page blocking,

report attacks detected by the NIDS,

send alert email to system administrators to report virus incidents, intrusions, and firewall or VPN events or violations.

Logs can be sent to a remote syslog server or a WebTrends NetIQ Security Reporting Center and Firewall Suite server using the WebTrends enhanced log format. Some models can also save logs to an optional internal hard drive. If a hard drive is not installed, you can configure most FortiGate units to log the most recent events and attacks detected by the NIDS to the system memory.

FortiGate-800 Installation and Configuration Guide

21

Page 21
Image 21
Fortinet FortiGate-800 manual Command line interface, Logging and reporting