FortiSIEM Discussions
khanchand
New Contributor III

Cisco Iron Port logs collection

Hi Community Member,

 

We have cisco Iron Port on cloud and Fortisiem on prem there is not connectivity between them. How can we get logs from Iron port.

1 Solution
Secusaurus
Contributor II

Hi khanchand,

 

I understand your Iron Port is in a cloud setup and your FortiSIEM is not and you do not have a S2S-VPN-tunnel which could connect both of them, correct?

 

Main question would be: What kind of logs would you expect?

In the Fortinet world, for most systems, there is a possibility to use an API-access via HTTPS (which I would not recommend on public IPs, but could be a way to go).

If you like to look at SNMP or Syslog, you won't like to do that over public internet (there are ways, but this creates big holes in your infrastructure and you don't want that).

 

So, your possibilities in that case are:

  • Setup a collector inside your cloud infrastructure (as it will only receive logs of one device, you might reduce the required resources, even smaller disk sizes than default)
  • Initiate a S2S-Tunnel between your cloud infrastructure and your local network (which is quite common)
  • If it is not your own infrastructure: Ask your IronPort provider on how he would hand over the logs to you.

 

I hope this helps a little.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

View solution in original post

FCP & FCSS Security Operations | Fortinet Advanced Partner
2 REPLIES 2
Secusaurus
Contributor II

Hi khanchand,

 

I understand your Iron Port is in a cloud setup and your FortiSIEM is not and you do not have a S2S-VPN-tunnel which could connect both of them, correct?

 

Main question would be: What kind of logs would you expect?

In the Fortinet world, for most systems, there is a possibility to use an API-access via HTTPS (which I would not recommend on public IPs, but could be a way to go).

If you like to look at SNMP or Syslog, you won't like to do that over public internet (there are ways, but this creates big holes in your infrastructure and you don't want that).

 

So, your possibilities in that case are:

  • Setup a collector inside your cloud infrastructure (as it will only receive logs of one device, you might reduce the required resources, even smaller disk sizes than default)
  • Initiate a S2S-Tunnel between your cloud infrastructure and your local network (which is quite common)
  • If it is not your own infrastructure: Ask your IronPort provider on how he would hand over the logs to you.

 

I hope this helps a little.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
khanchand
New Contributor III

Hi Christian,

 

Thanks for response. Yes we did not have S2S connectivity, and for Cisco Iron Port no API integration is available in FortiSIEM.

Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"