Creating Device Groups | Fortinet FortiLog-800, FortiLog-100

Configuring the FortiLog unit	Connecting to the FortiLog Unit

You can classify the device interfaces as one of None, LAN, WAN or DMZ to match the type of traffic the interface will process. When the FortiLog unit generates the traffic log report, the FortiLog unit compares the source and destination interface classifications and determines the traffic direction. The traffic direction is one of:

•Incoming

•Outgoing

•Internal

•External

•Unclassified.

The table below illustrates how the source and destination interface types are represented in the log report as traffic direction.

Table 3: Log report traffic direction identification

Source	Destination	Traffic Direction

None	All types	Unclassified

All types	None	Unclassified

WAN	LAN, DMZ	Incoming

WAN	WAN	External

LAN, DMZ	LAN, DMZ	Internal

LAN, DMZ	WAN	Outgoing

Creating Device Groups

if you have a number of devices belonging to a department or section of the company, you can create groups to keep these devices together for easier access. Once you create a group you can add or remove devices from the groups as required.

To create a device group

1Go to System > Devices > Groups.

2Select Create New.

3Enter a group name.

4Select the devices you wish to add to the group.

5Select OK.

You do not have to add device to the group when you first create the group. There are a number of alternate ways of adding a device to a group:

•add devices when registering them

•select Edit to add or remove devices when required.

•In the selected devices tab, select the device and select Assign Selected.

28

05-16000-0082-20050115

Fortinet Inc.

Image 28

Fortinet FortiLog-800, FortiLog-100 manual Creating Device Groups, To create a device group Go to System Devices Groups

Contents

FortiLog-100 FortiLog-400 FortiLog-800 January 15, 2004 Trademarks Version 1.6 January 15 05-16000-0082-20050115Regulatory Compliance Table of Contents Config Network Managing the FortiLog unit Reports Setting folder and file properties 103104 110 Introduction FortiLog-400 FortiLog-100 FortiLog-800 Active Mode Operational Modes Passive Mode Introduction About this guide Explains how to install and set up the FortiLog unitFortiLog documentation Related documentation Explains how to configure VPNs using the web-based managerFortiGate documentation FortiManager documentation FortiClient documentationFortiMail documentation Fortinet Knowledge Center Customer service and technical support Customer service and technical support Setting up the FortiLog unit Checking the package contents Weight Hardware specifications DimensionsFortiLog-100 2.5 kg FortiLog-400 11 kg FortiLog-80014 kg Planning the installation Power requirementsEnvironmental specifications Air flow Connecting the FortiLog unit Connecting the FortiLog unitFortiLog unit Management PC To connect the FortiLog unit to the network Configuring the FortiLog unit Using the web-based managerFactory defaults Administrator To connect to the web-based manager Using the command line interface To configure the FortiLog unit using the web-based managerTo configure the FortiLog unit using the CLI Set system interface port1 mode static ip IPaddress netmask Set the primary DNS server IP address Using the front panel buttons and LCDSet system dns primary IPaddress Configuring the FortiLog unit Connecting to the FortiLog Unit Configuring FortiGate unit running FortiOSGo to Log&Report Log Config Sending device logs to the FortiLog unit Configuring FortiGate devices running FortiOS FortiGate 2.8 log settings Configuring FortiMail devices FortiGate 2.5 Log settings Adding a device To add a deviceGroups from this tab Unregistered Defining device port interfaces Creating Device Groups To create a device group Go to System Devices Groups Status Managing the FortiLog unitStatus Operating Mode IntervalRefresh Alerts To change the operating mode in the CLI Changing the FortiLog host nameChanging operating modes Set system opmode activepassive Viewing system resources information To change the firmware using the web-based managerChanging the firmware Installing firmware from a system reboot To change the firmware using the CLIExecute restore image namestr tftpip Execute restore image FortiLog400-v120.out To install firmware from a system reboot Press any key to enter configuration menuImmediately press any key to interrupt the system startup Enter Local Address Testing a new firmware image To test a new firmware image before installing itFollowing message appears Enter File Name image.out Installing a backup firmware image Save as Default firmware/Run image without savingD/RGet system status You can test the new firmware image as required To install a backup firmware image Type B Switching to the default firmware image Switching to a backup firmware imageTo switch to the backup firmware image Backing up system settings To switch back to the default firmware imageExecute reboot To backup up system settings Go to System Status Status Restoring system settings Restore factory default system settingsTo restore system settings Go to System Status Status Restoring a FortiLog unit To upload the firmware image to the FortiLog unit Press any key to begin download Config Network Config RAID Log settings Config PolicyLog to Host Port Config Policy Log policyCSV format Levels Description Generated by Admin TimeOptions Language Configure Administrator access Administrator account levels Administrator options Changing the Administrator password Devices Active modeTo add an administrator account Go to System Config Admin Adding and registering a device Device listEditing device information Server Alert EmailTo edit a device Go to System Devices Local Device Active modeCreating a new device alert Attack Type Attack Type Entry and listing Level of wait interval To add a device alert Go to System Alert Email Device AlertsVirus Type Defining IP aliases Network SharingWindow To set host alias names Go to Reports IP Aliases IP aliases To create a report Go to Reports Config ReportsCreating and generating a report Select New and enter a name for the report Configuring report parameters To define report parameters Go to Reports ConfigSet the following Select Run now Configuring a report query To set the report queries Go to Reports ConfigResolve Service Names Ranked Reports show top Select a report from the list Select Queries To select the devices Go to Reports Config Creating a query profileSelecting the devices for the report To create a query profile To set the filtering on a log report Go to Reports Config Creating a device profileSelect filtering options To create a device profile Setting a report schedule To create a scheduled report Go to Reports ConfigCreating a filter profile To create a report filter profile Creating a report schedule profile Choosing the report destination and formatSelect Schedule Select a day from the following To create a report schedule profile To generate a report on demand Go to Reports Config Creating a report destination and format profileReports on demand To create a pre-defined output selection Viewing reports To view a generated report Go to File Browse Reports Roll up report Individual reports Vulnerability reports To create a report Go to Reports Config VulnerabilityCreating and generating a report Selecting report result parameters Per device Resolve Host Names Resolve Service NamesSelecting plug-ins To select the plug-ins Go to Reports Config Vulnerabilities Creating a plug-in profileSelecting the scan targets for the report To create a plug-in profile To add additional devices Creating a scan target profileTo create a scan target profile File Browse/Reports hard diskEmail list As an email attachment Viewing the vulnerability report Select the report name from the list of completed reports Using Logs Log view interface Viewing logs Finding log information To view the device log files Go to File Browse LogsSelect the column header to change the sort order between Ascending and descending order Basic log filter Importing log files Alert levelTo import a log file Go to File Browse Logs Match Up and Down arrows Log watch Active mode Log SearchTo set log watching Go to File Browse Logs Show Up and Down arrows Event correlation Active mode Sort list Event correlation Active mode Using the FortiLog unit as a NAS Connecting to the FortiLog file system Providing access to the FortiLog hard disk Select Enable for a file sharing protocolSelecting a file sharing protocol Adding and modifying user accounts Assigning access to folders Adding and modifying group accountsTo add a user group Go to Network Sharing Groups Select Create New Windows sharing configuration Modifying the user or group folder access NFS share configuration To set file and folder permissions Go to File Browse Files Setting folder and file propertiesOwner FortiLog CLI reference CLI documentation conventions Connecting to the CLI Connecting to the FortiLog-800 consoleFortiLog-800 login To connect to the FortiLog-800 console To use the CLI to configure SSH or Telnet access Setting administrative access for SSH or TelnetWelcome Connecting to the FortiLog CLI using SSH Connecting to the FortiLog CLI using TelnetTo connect to the CLI using SSH To connect to the CLI using Telnet FortiLog CLI commands include CLI commandsExecute branch Get command architecture Use get to display settings, logs, or system informationGet branch Get log logsetting Get system adminGet report resolve Get report aliases Use set to configure settings, logs, or system information Use set alertemail to configure alert mailsSet alertemail command architecture Set branch String is the password Namestr is the user nameBelow Set alertmail local time 0.5 1.0 3.0 6.0 Set alertmail device enable add leveltime CLI commandsSettings originate from a singe source IP Use set console to set console configuration Set console Set log command architecture Use set log to configure log settingsSet log YY-MM-DD 100 101 102 Set NAS 103 Set report command architecture Set reportSet system 104 105 106 107 108 0.0Trusthoststr is trusted host IP address Netmaskstr is the netmask 109 Unset branch 111 112 Appendix a Log Report Types Network ActivityWeb Activity 113 FTP Activity Terminal Activity Mail Activity115 Mail activity reports record Email traffic and connections Antivirus Activity Intrusion ActivityWeb Filter Activity Mail Filter Activity 117 Content Activity VPN Activity 119 120 Index 121 122 Index 123 124