On This Page
Configuring Log Forwarding and Security Profile Groups
Overview
When Designer creates a new rule, its default is to set the Log Forwarding Profiles and Security Profile Groups to None. If you want Designer to automatically set a specific value for these profiles, you can configure it in stconf
. You can set these profiles globally or per Device Management ID.
In Panorama, when a profile is set per Device Management ID, it also affects all the devices that are beneath it in the device hierarchy.
Security Profile groups are relevant for Panorama and Fortinet. Log forwarding profiles are only relevant for Panorama.
Prerequisites
Any profile that is defined, must be defined on the device.
Configure the Log Forwarding Profile and Security Profile Group
-
Navigate to:
https://<SecureTrack_IP>/securetrack/admin/stcgitest.htm
-
Navigate to Edit StConf > Fetch StConf.
-
In the
stconf
file, navigate to theDesigner_Default_Profiles
;. -
Add the
Log_Forwarding_Profile
andSecurity_Profile_Group
<Designer_Default_Profiles>
<Log_Forwarding_Profile>
<Profile>log_forwarding_profile1</Profile>
<Profile management="11">log_forwarding_profile1</Profile>
</Log_Forwarding_Profile>
<Security_Profile_Group>
<Profile>security_group_profile1</Profile>
<Profile management="11">security_group_profile1</Profile>
</Security_Profile_Group>
</Designer_Default_Profiles> -
<Profile>log_forwarding_profile1</Profile>
defines the global default. -
<Profile management="11">log_forwarding_profile1</Profile>
defines default profile for Device Management ID 11. For Panorama, this will apply to this management ID and all the Device Groups beneath it in the hierarchy. When the profile provided is not found on the device, the global default is used. If no global default is found, none will be used. -
Click Submit New Conf.
where
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague