Thursday 29 December 2016

How-to: Enable DLP on a FortiMail

By default the ForitMail doesn't show the DLP options in the GUI. This can be enabled from the CLI with the following commands:

config system global
set data-loss-prevention enable
end

Once done log out and back into the FortiMail and you should now see the DLP options available:


Posted by at No comments:
Labels: , ,

Thursday 4 February 2016

How-to: Use the grep command on a FortiGate

Grep is a fast and easy way of filtering lots of information from the console. The FortiGate allows you to pipe grep to many commands including show, get and diagnose.

To use grep you must pipe it with the search value after a command ex: | grep <value>

There are a few options available with grep that can be seen with the -h flag. Below is a show command that's been piped with grep to display all the options available:

gate1 # show | grep -h
Usage: grep [-invfcABC] PATTERN
Options:
        -i      Ignore case distinctions
        -n      Print line number with output lines
        -v      Select non-matching lines
        -f      Print fortinet config context
        -c      Only print count of matching lines
        -A      Print NUM lines of trailing context
        -B      Print NUM lines of leading context
        -C      Print NUM lines of output context

Read more »
Posted by at 8 comments:
Labels: , , , ,

Tuesday 19 January 2016

How-to: Configure Collector mode on a FortiAnalyzer

The FortiAnalyzer allows you to aggregate logs from multiple FortiGate firewalls giving you a central console to view logs, alerts and run reports for all the FortiGates in your organisation.

 Each FortiAnalyzer can only handle a certain number of logs per second, be it the hardware or VM models. If you have dozens, hundreds or even thousands of FortiGates it would not be feasible to have all these devices send their logs to one FortiAnalyzer. Good news is that FortiAnalyzers can be configured in a 'collector' mode and deployed regionally to take the burden from your Analyzer that is doing the reporting.

One advantage of this is that FortiAnalyzer VMs that have been configured as a collector have no GB per day limitation as their standard config does. This means you'll only need a FortiAnalyzer VM BASE license for each of the remote regions.

In this example I'll configure two FortiGates and FortiAnalyzers that have been configured in collector modes. This will simulate two regions for my organisation and the firewalls within each region. The collectors will then forward their logs to the global Analyzer from where I can run reports for the entire organisation.

The FortiGates are running 5.4.0 and the FortiAnalyzers 5.2.5.
Read more »
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)