Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.4
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiProxy 7.6.4 Administration Guide
    7.6.4
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Configuring FortiGate Cloud logging

    Configuring FortiGate Cloud logging

    FortiGate Cloud is a hosted security management and log retention service for FortiProxy devices. It provides centralized reporting, traffic analysis, configuration management, and log retention without the need for additional hardware or software.

    FortiGate Cloud offers a wide range of features:

    • Simplified central management

      FortiGate Cloud provides a central GUI to manage individual or aggregated FortiProxy and FortiWiFi devices. Adding a device to the FortiGate Cloud management subscription is straightforward. FortiGate Cloud has detailed traffic and application visibility across the whole network.

    • Hosted log retention with large default storage allocated

      Log retention is an integral part of any security and compliance program, but administering a separate storage system is onerous. FortiGate Cloud takes care of this automatically and stores the valuable log information in the cloud. Different types of logs can be stored, including Traffic, System Events, Web, Applications, and Security Events.

    • Monitoring and alerting in real time

      Network availability is critical to a good end-user experience. FortiGate Cloud enables you to monitor your FortiProxy network in real time with different alerting mechanisms to pinpoint potential issues. Alerting mechanisms can be delivered via email.

    • Customized or pre-configured reporting and analysis tools

      Reporting and analysis are your eyes and ears into your network’s health and security. Pre-configured reports are available, as well as custom reports that can be tailored to your specific reporting and compliance requirements. The reports can be emailed as PDFs, and can cover different time periods.

    • Maintain important configuration information uniformly

      The correct configuration of the devices within your network is essential for maintaining optimum performance and security posture. In addition, maintaining the correct firmware (operating system) level allows you to take advantage of the latest features.

    • Service security

      All communication (including log information) between the devices and the cloud is encrypted. Redundant data centers are always used to give the service high availability. Operational security measures have been put in place to make sure your data is secure — only you can view or retrieve it.

    For more information, refer to the FortiGate Cloud documentation.

    This topic covers the following aspect about FortiGate cloud logging:

    Registration and activation

    Before you can activate a FortiGate Cloud account, you must register your device first.

    FortiGate Cloud accounts can be registered manually through the FortiGate Cloud website, https://www.forticloud.com, or you can easily register and activate your account directly from your FortiProxy.

    To activate your FortiGate Cloud account:
    1. On your device, go to Dashboard > Status.
    2. In the FortiGate Cloud widget, click the Not Activated > Activate button in the Status field.
    3. A pane will open asking you to register your FortiGate Cloud account. Click Create Account, enter your information, view and accept the terms and conditions, and then click OK.
    4. A second dialogue window opens, asking you to enter your information to confirm your account. This sends a confirmation email to your registered email. The dashboard widget then updates to show that confirmation is required.
    5. Open your email, and follow the confirmation link it contains.

      A FortiGate Cloud page will open, stating that your account has been confirmed. The Activation Pending message on the dashboard will change to state the type of account you have, and will provide a link to the FortiGate Cloud portal.

    Enabling logging to FortiGate Cloud

    To enable logging to FortiGate Cloud:

    1. Go to Security Fabric > Fabric Connectors and double-click the Logging & Analytics card.

    2. Select the Settings tab, select the Cloud Logging tab, and set the Type to FortiGate Cloud.

    3. Select an upload option:

      • Real Time: logs are sent to the cloud device in real time.

      • Every Minute: logs are sent to the cloud device once every minute.

      • Every 5 Minutes: logs are sent to the cloud device once every five minutes (default).

      If the Security Fabric connection is configured, only the Real Time option is available.

    4. Click OK.

    Logging into the FortiGate Cloud portal

    Once logging has been configured and you have registered your account, you can log into the FortiGate Cloud portal and begin viewing your logging results. There are two methods to reach the FortiGate Cloud portal:

    • If you have direct network access to the FortiProxy:
      1. Go to Dashboard > Status.
      2. In the FortiGate Cloud widget, in the Status field, click Activated > Launch Portal, or, in the Licenses widget, click FortiCare Support > Launch Portal.
    • If you do not have access to the FortiProxy’s interface, visit the FortiGate Cloud website (https://www.forticloud.com) and log in remotely, using your email and password. It will ask you to confirm the FortiGate Cloud account you are connecting to and then you will be granted access.

    Configuring a Security Fabric with FortiGate Cloud logging

    A Security Fabric can be created on the root device using FortiGate Cloud for cloud logging. When the FortiCloud account enforcement is enabled (by default), members joining the Fabric must be registered to the same FortiCloud account. Devices that are not activated with FortiCloud are also allowed.

    For example, the root FortiProxy is configured with FortiGate Cloud logging. In the Security Fabric settings, the FortiCloud account enforcement option is enabled by default. The downstream FortiProxy with the same FortiCloud account ID is able to join the Fabric.

    To configure a Security Fabric with FortiCloud logging in the GUI:
    1. Configure the Security Fabric settings on the root FortiProxy (see Fabric Connectors). The FortiCloud account enforcement setting is enabled by default.
    2. Configure FortiCloud logging on the root FortiProxy:
      1. Go to Security Fabric > Fabric Connectors and double-click the Logging & Analytics card.
      2. Select the Settings tab, select the Cloud Logging tab, and set the Type to FortiGate Cloud.
      3. Click OK.
    3. Configure the FortiProxy to join the Security Fabric:
      1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
      2. Select the Settings tab, and set the Security Fabric role to Join Existing Fabric.
      3. Click OK. The FortiProxy is authorized and successfully joins the Security Fabric.
    4. Check the FortiCloud logging settings:
      1. Go to Security Fabric > Fabric Connectors and double-click the Logging & Analytics card.
      2. Select the Settings tab, select the Cloud Logging tab. The settings are automatically retrieved from the root FortiProxy and the Account is the same.
    To configure a Security Fabric with FortiCloud logging in the CLI:
    config log fortiguard setting
    set status enable
    set upload-option realtime
end

    The FortiCloud account enforcement setting is enabled by default in the Security Fabric settings:

    show system csf
    config system csf
        set status enable
        set group-name "CSF_101"
        set forticloud-account-enforcement enable
    end
    Previous
    Next

    Configuring FortiGate Cloud logging

    Configuring FortiGate Cloud logging

    FortiGate Cloud is a hosted security management and log retention service for FortiProxy devices. It provides centralized reporting, traffic analysis, configuration management, and log retention without the need for additional hardware or software.

    FortiGate Cloud offers a wide range of features:

    • Simplified central management

      FortiGate Cloud provides a central GUI to manage individual or aggregated FortiProxy and FortiWiFi devices. Adding a device to the FortiGate Cloud management subscription is straightforward. FortiGate Cloud has detailed traffic and application visibility across the whole network.

    • Hosted log retention with large default storage allocated

      Log retention is an integral part of any security and compliance program, but administering a separate storage system is onerous. FortiGate Cloud takes care of this automatically and stores the valuable log information in the cloud. Different types of logs can be stored, including Traffic, System Events, Web, Applications, and Security Events.

    • Monitoring and alerting in real time

      Network availability is critical to a good end-user experience. FortiGate Cloud enables you to monitor your FortiProxy network in real time with different alerting mechanisms to pinpoint potential issues. Alerting mechanisms can be delivered via email.

    • Customized or pre-configured reporting and analysis tools

      Reporting and analysis are your eyes and ears into your network’s health and security. Pre-configured reports are available, as well as custom reports that can be tailored to your specific reporting and compliance requirements. The reports can be emailed as PDFs, and can cover different time periods.

    • Maintain important configuration information uniformly

      The correct configuration of the devices within your network is essential for maintaining optimum performance and security posture. In addition, maintaining the correct firmware (operating system) level allows you to take advantage of the latest features.

    • Service security

      All communication (including log information) between the devices and the cloud is encrypted. Redundant data centers are always used to give the service high availability. Operational security measures have been put in place to make sure your data is secure — only you can view or retrieve it.

    For more information, refer to the FortiGate Cloud documentation.

    This topic covers the following aspect about FortiGate cloud logging:

    Registration and activation

    Before you can activate a FortiGate Cloud account, you must register your device first.

    FortiGate Cloud accounts can be registered manually through the FortiGate Cloud website, https://www.forticloud.com, or you can easily register and activate your account directly from your FortiProxy.

    To activate your FortiGate Cloud account:
    1. On your device, go to Dashboard > Status.
    2. In the FortiGate Cloud widget, click the Not Activated > Activate button in the Status field.
    3. A pane will open asking you to register your FortiGate Cloud account. Click Create Account, enter your information, view and accept the terms and conditions, and then click OK.
    4. A second dialogue window opens, asking you to enter your information to confirm your account. This sends a confirmation email to your registered email. The dashboard widget then updates to show that confirmation is required.
    5. Open your email, and follow the confirmation link it contains.

      A FortiGate Cloud page will open, stating that your account has been confirmed. The Activation Pending message on the dashboard will change to state the type of account you have, and will provide a link to the FortiGate Cloud portal.

    Enabling logging to FortiGate Cloud

    To enable logging to FortiGate Cloud:

    1. Go to Security Fabric > Fabric Connectors and double-click the Logging & Analytics card.

    2. Select the Settings tab, select the Cloud Logging tab, and set the Type to FortiGate Cloud.

    3. Select an upload option:

      • Real Time: logs are sent to the cloud device in real time.

      • Every Minute: logs are sent to the cloud device once every minute.

      • Every 5 Minutes: logs are sent to the cloud device once every five minutes (default).

      If the Security Fabric connection is configured, only the Real Time option is available.

    4. Click OK.

    Logging into the FortiGate Cloud portal

    Once logging has been configured and you have registered your account, you can log into the FortiGate Cloud portal and begin viewing your logging results. There are two methods to reach the FortiGate Cloud portal:

    • If you have direct network access to the FortiProxy:
      1. Go to Dashboard > Status.
      2. In the FortiGate Cloud widget, in the Status field, click Activated > Launch Portal, or, in the Licenses widget, click FortiCare Support > Launch Portal.
    • If you do not have access to the FortiProxy’s interface, visit the FortiGate Cloud website (https://www.forticloud.com) and log in remotely, using your email and password. It will ask you to confirm the FortiGate Cloud account you are connecting to and then you will be granted access.

    Configuring a Security Fabric with FortiGate Cloud logging

    A Security Fabric can be created on the root device using FortiGate Cloud for cloud logging. When the FortiCloud account enforcement is enabled (by default), members joining the Fabric must be registered to the same FortiCloud account. Devices that are not activated with FortiCloud are also allowed.

    For example, the root FortiProxy is configured with FortiGate Cloud logging. In the Security Fabric settings, the FortiCloud account enforcement option is enabled by default. The downstream FortiProxy with the same FortiCloud account ID is able to join the Fabric.

    To configure a Security Fabric with FortiCloud logging in the GUI:
    1. Configure the Security Fabric settings on the root FortiProxy (see Fabric Connectors). The FortiCloud account enforcement setting is enabled by default.
    2. Configure FortiCloud logging on the root FortiProxy:
      1. Go to Security Fabric > Fabric Connectors and double-click the Logging & Analytics card.
      2. Select the Settings tab, select the Cloud Logging tab, and set the Type to FortiGate Cloud.
      3. Click OK.
    3. Configure the FortiProxy to join the Security Fabric:
      1. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
      2. Select the Settings tab, and set the Security Fabric role to Join Existing Fabric.
      3. Click OK. The FortiProxy is authorized and successfully joins the Security Fabric.
    4. Check the FortiCloud logging settings:
      1. Go to Security Fabric > Fabric Connectors and double-click the Logging & Analytics card.
      2. Select the Settings tab, select the Cloud Logging tab. The settings are automatically retrieved from the root FortiProxy and the Account is the same.
    To configure a Security Fabric with FortiCloud logging in the CLI:
    config log fortiguard setting
    set status enable
    set upload-option realtime
end

    The FortiCloud account enforcement setting is enabled by default in the Security Fabric settings:

    show system csf
    config system csf
        set status enable
        set group-name "CSF_101"
        set forticloud-account-enforcement enable
    end
    Previous
    Next