Help Documentation

Managed Detection and Response

Fortinet FortiGate NGFW Logs

Updated Nov 10, 2023

Configure FortiGate NGFW log forwarding using the GUI

You can configure Fortinet® FortiGate® Next-Generation Firewall (NGFW) to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Configure Fortinet Fortigate logging.
  2. Provide your Fortinet Fortigate information to Arctic Wolf.

Step 1: Configure Fortinet Fortigate logging

  1. Sign in to your FortiGate NGFW.

  2. Click Log & Report > Log Settings.

  3. On the Global Settings tab, configure these settings:

    • Event Logging — Click All.
    • Local traffic logging — Click All.
    • Syslog logging — Click the toggle to the on position.
    • IP address/FQDN — Enter the IP address of your Arctic Wolf physical or virtual sensor.

  4. Click Apply.

Step 2: Provide your Fortinet Fortigate information to Arctic Wolf

  1. Sign in to the Arctic Wolf® Unified Portal.

  2. Click Help > Open a New Ticket.

  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep blank.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Any questions or comments that you have.

  4. Click Send Message.

    Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.

See also