- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: How to monitor attacks from the Internet?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to monitor attacks from the Internet?
Hi, totally newbie here. I came from Cisco background and just deployed my first 100E firewall. Great firewall and I am getting familiar with the firewall now.
My only gripe is that I cannot find any way to monitor traffic on the "outside" interface. No real time logs and no reports either. Fortigate is excellent showing me all sorts of log from the "inside" (web, antivirus, ips, dns, etc). But as for events on the "outside", I am clueless (feels like I am driving blind). I have called Fortigate support several times and they are somewhat surprised about my request and later concurred that there is no such "functionality".
Am I missing something here? Or is there really no way to monitor? Thanks in advance.
- « Previous
-
- 1
- 2
- Next »
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I am kinda newbie too. I deployed my 61E about a month ago, but I found few things that might be helpful. I am using Virtual IPs for connection to my servers, pair with Policies for each VIP group, these policies have Antivirus, Intrusion prevention, DNS filter, Web Application Firewall and SSL inspection enabled (and Anti spam profile for mail server), then these policies are set to Log security violations. This way I can see in Log & Report in each category (AV, Antispam, IPS, etc..) if I filter by Policy what attacks were caught by each security profile, so I can monitor attacks on basic vulnerabilities (like brute forces, and so on) which were blocked, as well as Spam filtering for SMTP and caught viruses coming to my network from outside. If you wanted to monitor attacks pointed directly to Fortigate (like management ports, VPN, ...) you would have to enable feature in Settings to show Local policies and setup these policies the same as those for VIPs to monitor the attacks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I use Kasper sky to save my data for hackers around the world. All of us know about the attack after the occurrence, so there is no way you can know before it.
I also use ivacy vpn to hide my IP address from hackers. Ivacy vpn is offering advance features like NAT Firewall and Dedicated IP which ensures complete security. For more info on how to save yourself online here is a blog https://www.sgsme.sg/reso...emselves-cyber-attacks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tanr,
I finally got it to display external traffic thanks to your suggestion about enabling "local-in-allow". After enabling this, I am able to view logs of outside source (their ip, countries, etc) trying to hit my outside IP and I can clearly see that they are "Deny". This is really counter intuitive...meaning to see outside threat, I have to view "local traffic". Anyway, thanks to you, it was a great help.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Fittan,
Can you help me about enabling Local-In-Allow ?
Thank you so much,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Mertozturk,
if you want to enable logging for local traffic:
#config log setting
#set local-in-allow enable
#end
This doc provides details on what CLI log settings there are, you might need to select the correct firmware version and then browse to 'CLI configuration commands > log > log setting':
https://docs.fortinet.com/document/fortigate/6.2.9/cli-reference/443620/config-log-setting
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Debbie,
Actually, i can see internal traffic and Lan-To-Wan traffic.
But i want to monitor Outside connections from Wan-To-Lan. Can you help me about that ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Mertozturk,
if you have policies from WAN to LAN, just make sure they log all sessions, not just security events.
If the WAN to LAN traffic is a response to an initial LAN to WAN connection and part of that LAN to WAN session, then there will be no separate log, that will also fall under the logs generated for the LAN to WAN traffic.
If you're looking for specific monitoring options:
- FortiGate FortiView/Dashboard widgets provide an overview of active traffic
- logs provide information on historic traffic, just ensure all traffic is logged
- you might want to get in touch with the FortiGate support team if you have very specific monitoring needs.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
- « Previous
-
- 1
- 2
- Next »
Related Posts
- Understanding the application control 367 Views
- FortiExtender Cloud 24.1 is now Released! 142 Views
- 2 fortigate firewall, I need one... 352 Views
- FORTIMAIL Gateway mode - Not seeing... 1171 Views
- Fortigate 30 E Wan Port Issues... 461 Views
Labels
-
FortiGate
6,711 -
FortiClient
1,334 -
5.2
801 -
5.4
639 -
FortiManager
578 -
FortiAnalyzer
422 -
6.0
416 -
5.6
362 -
FortiSwitch
344 -
FortiAP
341 -
FortiClient EMS
272 -
FortiMail
261 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
159 -
6.4
128 -
FortiNAC
110 -
FortiGuard
106 -
FortiSIEM
91 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
81 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
67 -
4.0MR3
64 -
Wireless Controller
60 -
FortiProxy
46 -
FortiADC
44 -
FortiEDR
41 -
Fortivoice
41 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
SD-WAN
30 -
High Availability
24 -
FortiConnect
24 -
VLAN
22 -
FortiWAN
22 -
FortiAuthenticator
21 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Interface
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Logging
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
Authentication
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSL SSH inspection
8 -
Traffic shaping
8 -
SSO
8 -
Application control
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
Web profile
5 -
FortiTester
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
FortiAP profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.