We use a Fortigate 200D with Firmwarw v.5.4.3,build1111(GA)In "Log &
Report", "Log Settings", "Remote Logging and Archiving""Send Logs to
Syslog" is set on.IP Address/FQDN: (is filled with the IP-address of a
Graylog server.)"Local Traffic Log" is se...
On a Fortigate 200D a VIP (Virtual IP) is created. Type NAT Source
Address Filter: off Port Forwarding: off One external IP-address One
Mapped IP-addressThe Mapped (internal) IP-address is used by a Linux
system with only port 22 (SSH) open. So port ...
With tcpdump I got a log message from the Fortigate to the
Graylog-server.Msg: date=2019-04-15 time=16:15:33
devname=FG200D-Mailstreet devid=FG200D3916815285 logid=0000000013
type=traffic subtype=forward level=notice vd=root srcip=192.168.0.226
srcna...
Do you need one syslog record send by the Fortigate? Can the Fortigate
deliver this syslog record?Or shall I let wireshark capture a syslog
record of the fortigate?
The last days I read something about UTM response. Sorry, but I still
don't understand where port 8008 is used for. Send Fortigate new threat
prevention information by this port to our Fortigate?
Yes, now I see.The policy for this VIP (with port 8008 open) has the
next Security Profiles: AntiVirus: AV default IPS: protect_sftp_server
Proxy Options: PRX default The policy's for the other VIP's have only
the Security Profile: IPS: protect_sftp_...
I will read that documentation.On the Fortigate 200D, 23 VIP's are
created. All on the same way. Only one VIP has port 8008 open, on the
other VIP's port 8008 is closed.