We have a device in line that brings down Threat intelligence from CTI providers and monitor or blocks based on the policies and rules, however one area where we do not currently have viability is when a SSLVPN user comes into the firewall to monitor what CTI rules they may be triggering. We can see the events on the WAN side, however we are not correlating them to the IP and user due to NAT.
Long story short, is there a way to send all SSLVPN traffic to a mirrored port on a Fortigate 100D ? From this port we can tap into the device and gather the information to be processed and sent to Splunk for reporting.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.