Description
This article describes how to send logs to FortiCloud.
Scope
FortiGate.
Solution
Activate FortiCloud:
Go to System -> FortiGuard and under FortiGate Cloud select 'Activate'.
Registered Email will be pre-filled, fill empty fields and enable 'Send logs to Fortigate Cloud', select the Domain/Region (Global, US, Europe), then select 'OK'.
Go to Log and Report -> Log Settings, enable Cloud Logging select FortiGate Cloud as 'Type' then select 'Apply'.
For FortiOS 7.2.x and above, go to Security Fabric -> Fabric Connector -> Logging & Analytics -> Cloud logging -> FortiGate Cloud.
Also in case of multiple ISP or SD-WAN connection source IP and interface may be required to add.
config log fortiguard setting
set status enable
set access-config enable
set ssl-min-proto-version default
set source-ip 0.0.0.0 [it should be one of the WAN interface IP]
set interface-select-method auto [auto|sdwan|specify] <- With 'specify', it is necessary to add 'set interface WAN_INTERFAC_PORT_Number'
set upload-option realtime
set priority default
set max-log-rate 0
set enc-algorithm high
set conn-timeout 10
end
Note:
If there is an upstream firewall, the following ports need to be allowed for the FortiGate Cloud connection to work properly.
Refer to
- TCP/443 for Registration, Quarantine, Log and report, Syslog, and Contract Validation.
- TCP/514 for OFTP.
- TCP/541 for Management.
Related article:
Troubleshooting Tip: FortiGate not sending logs to FortiCloud
