We want to send the attack or traffic logs from the fortiweb cloud to a fortianalyzer.
I have configured the logging part but I do not see that the Fortianalyzer receives this traffic.
Does anyone know how?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hey davill,
I'm not terribly familiar with FortiWebCloud, but I would start by treating this like any other connection issue:
- verify traffic is being sent by FortiWebCloud (it should use port 514)
- verify FortiAnalyzer is receiving this traffic (diag sniffer command works on FortiAnalyzer)
-> if FortiAnalyzer is receiving the traffic, start digging there. Are ADOMs enabled, is the FortiWebCloud serial number added as a device, etc
-> if FortiWebCloud is failing to send the traffic, investigate there
-> if FortiWebCloud is sending, but FortiAnalyzer is not receiving anything, check the network(s) in between and determine where the traffic might be dropped
If the issue is with either FortiWebCloud not sending, or FortiAnalyzer receiving but not doing anything with it, you might reach out to Fortinet Technical Support for further assistance in troubleshooting the matter.
the problem is that FortiWeb Cloud is not like a FortiWeb on premise, I don't have access to the console to apply sniffer or a debug.
Btw, FortiAnalyzer 7.4 already has support for FortiWeb-Cloud attack logs
Check it on the documentation :
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1522 | |
1020 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.