Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MustphaBassim
New Contributor III

No IPS log or Anomaly log recorded

Dears

Greeting

 

I had Fortigate 201F and 201E but we noitced no logs are recorded for IPS and Anomaly on device take in mind both features are enabled so plz could u advise

 

Bests

10 REPLIES 10
AEK
SuperUser
SuperUser

Hello Mustapha

First, make you enabled the required logs:

  • Enable All traffic logs under Log &  Report > Log Setting
  • Enable All traffic logs at policy level where you have enabled IPS and AV profiles

Try to download a dummy virus file like eicar, here FG should block it and you should find the log under Log & Setting > AV.

In case you didn't enable SSL deep inspection then you will only catch viruses and attacks under http and other unencrypted protocols.

So if you want to catch viruses and attacks under https you need to enable SSL deep inspection.

AEK
AEK
MustphaBassim
New Contributor III

Hello Dear and thnx for reply

if i enable deep insepection i need to put the SSL certication on the firewall itself and put FG firewall certication on servers/clients , any approch for going that without putting the SSL certication ?

Bests

AEK

Hello

You have choice between two options:

  • Use FG embedded certificate and push it to your clients via GPO 
  • Or use your domain private certificate: put a subordinate CA cert on FG

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/680736/microsoft-ca-deep-packet-inspecti...

AEK
AEK
MustphaBassim
New Contributor III

When I put certificate on certification field , it's not appeared  "CA certifcate" it's show me only Fortinet_CA_SSL not the other imported one take in mind i using Godday for that since the traffic is from outside to inside 

AEK

AEK
MustphaBassim
New Contributor III

The problem i could not find the certificate just fortinet certification :(

AEK

You want to use Windows certificate, right?

Have you created a the sub CA cert from your Windows domain? Have you imported it correctly to FortiGate?

AEK
AEK
MustphaBassim
New Contributor III

No really i want them to use Godday certificate since the traffic is from outside to inside 

Published service on internet and need to ensure everything is inspected 

AEK

For publishing web server and inspect its traffic you just need a server certificate (a public one), not a sub CA cert from Windows root CA.

This can be done with virtual server configuration. Here is the guide for what you need.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-Inbound-SSL-Deep-Inspection/ta...

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors