Dear Team,
One of my customer requires report for firewall policy created/modifed/deleted in last 24 hours. He is using both FortiManager and Analyser. Can someone guide me on this ? This is bit urgent.
Regards,
Ravindra
Hey Ravindra,
is this for policies created/modified/deleted on FortiGate, or FortiManager?
For FortiGate, it writes log messages when policies are edited. There is a predefined chart for config changes (at least in FortiAnalyzer 7.2) that you could put into the report; you might need to experiment a bit with how many results it shows.
For FortiManager changes, this is a bit more tricky; if the FortiManager logs to FortiAnalyzer, you should have logs of subtype 'objcfg' which are generated when objects are edited/deleted/created, and you could create a simple report to list those logs.
Both these options would cover config changes in general, not just policy changes, though; FortiGate does not generate separate logs for policy changes as opposed to object changes, so it would be tricky to only filter out the logs that deal with policy changes specifically.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.