FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bthomaj
Staff
Staff
Description
This article describes how to configure an encrypted IPSec connection between a FortiGate and a FortiAnalyzer.

Scope
Applicable for firmware: 4.2.x, 4.3.x, 5.0.x, 5.2.x

Solution
1. Configure the following via the CLI on the FortiGate.

(a) FortiOS 4.2.x and below:
config log fortianalyzer setting
  set status enable
  set server 192.168.182.120
  set encrypt enable
  set psksecret 123456
  set localid "FG300B3908606800"
end
The "localid" setting has to match the "Device Name" configured on the FortiAnalyzer for the IPSec tunnel to work.
Its value is the peer ID that the FortiGate will present.

(b) FortiOS 4.3.x:
config log fortianalyzer setting
  set status enable
  set server 192.168.182.120
  set encrypt enable
  set psksecret 123456
  set localid "FG300B3908606800"
  set upload-option realtime
end
(b) FortiOS 5.0.x and above:
config log fortianalyzer setting
  set status enable
  set server 192.168.182.120
  set encrypt enable
  set psksecret 123456
  set localid "FG300B3908606800"
  set upload-option realtime
end
Icon-Light-Bulb.pngThe peer ID presented by the FortiGate must match the Device Name (not the device ID) as configured on the FortiAnalyzer.

2. Configure the following via the CLI for FortiAnalyzer 4.2.x and 4.3.x:
config log device
  edit FG300B3908606800  ----> device name, this must match the localid configured on the FortiGate
    set type fgt
    set secure psk
    set psk 123456
    set id FG300B3908606800  ----{ device ID
end
(a) To check the secure connection, connect to the web based manager and verify the Lock icon on the FortiAnalyzer under All Devices.
bthomaj_FD36144_tn_FD36144-1.jpg
(b) To check that the FortiGate sends logs to the FortiAnalyzer, connect to the FortiAnalyzer GUI and verify under Log > Log Viewer.
bthomaj_FD36144_tn_FD36144-2.jpg
3. Configure the following via GUI for FortiAnalyzer 5.0.x, 5.2.x:


Check box for Secure Connection and enter the device ID for FortiGate and pre-shared key.

To check the secure connection, connect to the web based manager and verify that arrow is up and green on FortiAnalyzer under
All Devices.
bthomaj_FD36144_tn_FD36144-4.jpg

Contributors