Installation, Configuring and Using FortiReporter Using Fortigate

Print Friendly, PDF & Email

FortiReporer is a software to get statistics, Analyze your firewall. Analyze firewall logs and graph graphs. First you have to configure the firewall to send the LOG's to a LOG's server (A syslog) that comes with the FortiReporter by default, And then he pulls up statistics of what's going on in the firewall, and can be configured to be sent automatically by email, or keep them somewhere… The first thing is to download the file to be installed on a server with disk capacity. We can download it from its official website (It's a trial of 21 days) – HERE.

The Java Runtime Environment console is required to run the FortiReport console (JRE), which you can download from the Java website (HERE). If we have it, we can start with the installation.

GOOD, first, we will configure the firewall to send the LOG's to our computer/server with the future Syslog & FortiReporter. To do this,, we log in to it and we are going to “Log&Report” > “Log Config” > And we enable the “Syslog”, enter the IP address of the server where we will host the FortiReport (the Syslog server itself), The default port is the 514, we see that I'll install the FortiReport on the 192.168.1.45. In “Level” If we put “Information” it will send us any type of event that happens in the firewall, to start and check that it works is fine, then we will put the one that interests us (Emergency / Alert / Critical / Error / Warning / Notification o Information). In “Facility” Will “local7” and save the changes by clicking “Apply”.

In “Log Filter” we will mark all the checks that we want to send us to the Syslog, Default All. Save the changes by clicking “Apply”.

GOOD, once the changes have been made in the firewall we can start installing the FortiReport, We run the installer and give “Yes” begin with.

Check the requirements, If we have certain DLL/OCX libraries and if we have administrator privileges, If everything is alright, We give “Install”.

Start the wizard, “Next”

We mark the check and click on “Next”

If it's our first FortiReport, Mark “Standalone”, but if we want to create a centralized installation of several, We would check the other option, “Next”

We put an Organization/Company name. And now the most important thing, we will put the IP of the server that will have the FortiReport, if it's this same PC we put theirs (“FR Server IP”). And if I have two network cards with two IPs and we want to access only from one, We put it in “FR Server Public IP”, It's not usually normal, so in both the normal is the same IP address. We give “Next”.

These are the default directories for each application, “Next”,

We say that “Yes” so that I created the installation directories for us,

To manage the FortiReporter console we will have a user “Admin” who will be the administrator with all the privileges, We give you a password and continue “Next”,

If we have IIS installed, we can tell it that we took advantage of it and that it should install the console in IIS, But if we don't have it, nothing happens, An Apache hits us, and if we can we use SSL (“Use SSL”) so that the admin password is encrypted over the network or from where we access the FortiReporter console. We will look at the ports because we will then use them when connecting from a remote PC. “Next”,

We give “Install” to start installing…

Vale, As I told you I wanted to secure the website with certificates, I need to create one for me to assign, We give “Yes”,

We fill in the data to generate the certificate… “Next”

“Next”,

“Next”

“Next” to secure the site for us. If we have not chosen Apache, We will have to create the certificate manually and assign it to the website that we have created or modified.

Vale, It confirms that the certificate is installed and that the service needs to be restarted, it also tells us that it has left us the certificate in the installation path, “Finish”,

“Finish”

Vale, has already installed the FortiReporter for us, now there would be the Syslog, if we don't already have one installed (Normally, it doesn't), we will install it by pressing “Yes”.

“Following”

We must enter the IP address of the server that has the FortiReport installed, as we are installing everything on the same equipment, because we enter the same IP address. “Following”

Check that there is connectivity and if it is okay, Continue “Following”

The path where you will install the Syslog, “Following”,

Check the data that is correct and press “End” for installation to begin.

Vale, Everything has been installed perfectly, Now the configuration screen will jump in case we want to make any additional modifications. “Accept”

We can make certain modifications if we are interested, such as that our logs are NOT deleted, or that they are compressed, or change the path and save them in a place with a larger capacity. Apart from pulling LOGs from Fortigate firewall, it also logs if we want from ISA Server, Checkpoint, Culm… We give “OK”

It will generate this icon for us, click on it to open the FortiReporter.

Yes for whatever reason, we want to access this console from another PC, simply by putting the IP where the FortiReporter and the Java JRE console are installed, It would be worth it. We have to authenticate with the user that is created at the beginning, user “Admin” And your password. Click on “Login”,

What a trial version looks like, We have to click on “Try”,

And we have to trust the certificate if we jump, We will say that “Yes”,

And we will execute if it tells us any application.


Recommended Posts

Monitoring our firewall's web UTM rules thanks to Centreon
Read
Allowing specific users to escape Fortigate's web filtering
Read
FortiGate metrics with Prometheus and Grafana
Read
Protegiendonos de ataques y botnets en Fortigate
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Setting up a Fortigate SSL VPN

21 de October de 2008

Configuración de GFI MailEssentials 9

21 de October de 2008