1st issues the diag command with application forticloud to see our options
2nd we will use the level 1 to see our username and device details. I've circled key items that we must take note of.
3rd use the level 3 integer to see your log status for bytes and quotas
Next we will use the diag debug en and miglogd option to validate logs are being sent
lastly, to ensure traffic is being sent to forticloud, we dump on the address or tcp/port that's output from the above.
Key points to remember
- forticloud is a SMB logging solution
- requires firewall policies to have logging enabled ( set logtraffic all )
- uses reliable syslog ( tcp )
- encrypts all log data from fortigate to forticloud
- your fortigate must have a interface with public access
- has quota limits for logging data
- logging is sent at the completion of the session
- ensure you can traceroute if you are experiencing connectivity issues ( ping is disable )
- most problems are caused by 1> incorrect user/password 2> upstream devices blocking access
note2: you can change the source address if you have multiple uplink interfaces;
config system fortiguard
set sourc-ip x.x.x.x
end
Ken Felix
Freelance Network/Security Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( # # )=
@
/ \
Hello Ken
ReplyDeleteHow to change active server Ip
Because I'm 0.0.0.0
Thanks
What do you mean change the active server? I don't think you can do that.
ReplyDelete