Friday, February 4, 2022

FortiGate Logging and Antivirus Security Profile

To enable logging on the Firewall Policy, go to Policy & Objects > Firewall Policy.

 

Select FG_LAN_INTERNET > click Edit (or just double-click).

 

Under Security Profiles > enable (toggle): Antivirus, Application Control, IPS.

 

Under Logging Options > enable (toggle) Log Allow Traffic > All Sessions > click OK.

 

You can create a new profile or edit the existing Security Profiles.






To view the FortiGate traffic logs, go to Log & Report > Forward Traffic.

Select a specific log > click Details.

 

Notice the Application Name: Facebook, Category: Social Media, Security Action: Allowed and Policy ID: FG_LAN_INTERNET.

 

 

You can narrow down thesearch by clicking Add Filter.

 

In this example, I choose the Application Name: Youtube.

 


The FortiGate displayed Forward Traffic logs related only to Youtube.

The Chrome web browser has a built-in security feature, so I used Internet Explorer instead to test the Antivirus Security Profile. Go to wicar.org to download a test malware.

Notice it displayed a High Security Alert when a virus was detected.

To view Antivirus log, go to Log & Report > Antivirus. 

Select a specific Antivirus log > click Details.

 

Notice the Threat Level: Critical which has a Threat Score: 50.

 

You can also view the FortiGate top talkers in the Dashboard > FortiView.






No comments:

Post a Comment