Description
This article describes how to send logs to FortiCloud.
Solution
Activate Forticloud:
Go to System -> FortiGuard and under FortiGate Cloud select 'Activate'.
Registered Email will be pre-filled ,fill empty fields and enable 'Send logs to Fortigate Cloud' then select 'OK'.
Go to Log and Report -> Log Settings, enable Cloud Logging select FortiGate Cloud as 'Type' then select 'Apply'.
For FortiOS 7.2.x and above, go to Security Fabric -> Fabric Connector -> Logging & Analytics -> Cloud logging -> FortiGate Cloud.
Also in case of multiple ISP or SDWAN connection source IP and interface may be required to add.
config log fortiguard setting
set status enable
set access-config enable
set ssl-min-proto-version default
set source-ip 0.0.0.0 [it should be one of the WAN interface IP]
set interface-select-method auto [auto|sdwan|specify <----- Incase of specify need to select this option "set interface WAN_INTERFAC_PORT_Number"]
set upload-option realtime
set priority default
set max-log-rate 0
set enc-algorithm high
set conn-timeout 10
end
Note:
If there is an upstream firewall, the following ports need to be allowed for the FortiGate Cloud connection to work properly.
Refer to :
- TCP/443 for Registration, Quarantine, Log and report, Syslog, and Contract Validation.
- TCP/514 for OFTP.
- TCP/541 for Management.
