Adding Fortinet Firewall Devices

Overview

TOS Aurora monitors Fortinet devices for policy revision changes. For TOS Aurora to show full accountability details (who made the policy changes and when the changes were made) and rule and object usage, you must also configure the device to send syslogs.

By default, Fortinet devices define an "all" object that will represent "any." Making changes to this object may cause Provisioning to fail on the device.

To see which TOS features are supported for your device, review the feature support table.

Fortigate Clusters

Fortigate clusters must be monitored in TOS Aurora through the Fortimanager device.

Prerequisites

• Choose a username that has Read (Read Only, or Read/Write) permissions for all information on the Fortinet device. If your device has VDOMs, make sure that your RO user is configured correctly according to this Fortinet article.

• If you are monitoring a FortiGate cluster, you must monitor the devices through FortiManager.

Recommendations

• TOS Aurora and the monitored devices must be synchronized with the correct date and time, either manually or automatically. We recommend that you also configure the devices to resolve DNS queries.

• Clusters are only fully supported when managed by a FortiManager device. When adding the cluster, edit the configuration of the standby member and disable usage analysis collection and topology. This will prevent the standby member from appearing on the interactive map, and ensure that routing is correct.

Add a Device

1. Select Fortinet > Fortigate:

   

2. Configure the device settings:

   

   • Name for Display

   • Domain: Available only if you have configured your system for managing multi-domains and All Domains is currently selected. Select the domain to which to add the device. The Domain can only be entered when adding a device; to change the Domain, you must migrate the device.

   • Get revisions from: One of the following:
     • IP Address: Revisions are retrieved automatically
     • Offline File: (If available) Revisions are manually uploaded to TOS Aurora for Offline Analysis

   • ST server: In a distributed deployment, select which TOS Aurora cluster monitors this device (not shown in image)

   • To enable adding and monitoring Virtual Domains, select This device has Virtual Domains configured.

   Click Next.

3. Configure the TOS Aurora connection to the Fortinet device, according to the parameters required by the device.

   

   • Enter the authentication details needed to connect to the Fortinet device.
     • Username and password: Enter the device username and password
     • Enable password: Enter the password to give TOS Aurora elevated privileges on the device
   • Connection configuration: Select whether to use SSH (preferred) or Telnet. To use default settings (recommended in most cases), leave the Port number blank.
     The device must be configured to use SSH version 2.
4. Click Next.

5. In Monitoring Settings, do one of the following:

   

   • To use real-time monitoring and timing settings from the Timing page, select Default.

   Otherwise, select Custom and configure the monitoring mode and settings.

   Real-Time Monitoring: Applies only if syslogs Sending Additional Information using Syslog) are configured. Select Custom settings and configure:

   • 'Install policy' interval: When two or more Install Policy events for the same policy occur within this time interval, TOS Aurora combines the events into a single Install Policy revision (Default: 60 seconds)
   • Automatic fetch frequency: Frequency (in minutes) for automatic fetch 
   • Periodic Polling, select Custom settings and configure the Polling frequency: How often TOS Aurora fetches the configuration from each device.

     If you select 1 day, you can then select the exact time (hour and minute) for the daily polling.

6. Click Next. 
7. Save the configuration.

   The Fortinet device now appears in the Monitored Devices list.

Configure a Monitored Device

After you add a device, further configuration options are available.

Options vary depending on your environment.

Example

• Edit configuration: Use the wizard to modify selected device settings. See Add a Device in this topic.

• Delete this device: Type yes to confirm that you want to delete the device.

• Import Administrative Domains and Managed Devices

How Do I Get Here?

SecureTrack > Monitoring > Manage Devices