Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 56
76. Lecture-76: Configure Syslog in FortiGate Firewall.
Smart because she said she slugged me system logging every device nowadays in the network is really important to generate logs and send them to any centralized location so that we can monitor them for target purposes, for monitoring purposes, for many other purposes, for forensic use, for security order, and for many of the reasons we are using SIS logs. Again, we discussed this log in five courses, so I’m going through quickly. These logs are generated like something happened in the system, CPU high, something goes wrong, interface, don’t interface up. Are we being blown up something or some things change in this or anything can happen. It’s just less regulation. Anything happen, it will generate logs and logs are categorized in certain categories, which we call them level 0.01, emergency alert, critical error, warning, notice information and debug the most dangerous emergency. The more low level, the more is dangerous. Okay, alert, critical. Edad, warning and notice.
So, we need to get about this one. Now, here, the firewall is generating the logs locally as well, and you can send them to 40 manager for 40 analyzer in many other places. If you go to logs and reports out there who are fully category of logs and report forwarding traffic in traffic, which is generating, there will be any traffic which is going outside.
So, it will be here, by the way. It has to be here. Let me go to Google dot com and refresh. Okay, it will come after awhile so far during traffic, local traffic and air traffic locally generated. It will show here. And this logged Laugesen report snibbe traffic. You know, we’ve done snipping. I remember we’ve done it here. If I go to any interface and there is this one where we’ve done it and any interface let me go to. It’s not seeing, by the way. And in this interface, let me go to any interface. Yeah. This one one arm snipper. You remember this one in the first I think the second or third class we can figure this one like you want to use for the Great Firewall is like IP ideas.
So, their traffic will be generated here with this snipper traffic. But we have one configuration where it’s not doing anything then if any even happened here, like anything happen in the system, like suppose if I log out okay and I log in wrongly, if if it’s wrong, it’s a and wrong and then I log in admin one, two, three suppos.
So, those logs will be showing here logs and report events. It will be mentioned here that SFB and this one just admin logging fill admin log in and the third attempt I login system.
So, any system related events, it will show here that level which I told you, there are many level username messages and log description. You can see other like a even detail here. You can see weepin events, you can see user events, detail here. You can see in one detail which we don’t have when it’s high availability, security rating butyl and is going into detail. But right now we have only system detail and it’s storing and memory. And if you want to go in any of these detail, it will show you more detail here. And you can filter as well here like a date and time by destination interface to the destination interface. Like any other filter, you can assign so many filter here, you can download them as well.
So, it will download even on the events detail and you can refresh antivirus reality then.
So, antivirus will be showing here with filter related will be here. SSL related will be here to be initiated. An alert will show here. Application control. Will you remember we and this one is here security profile.
So, all these dogs are showing here intrusion prevention. We done an normally we run their log showing this the log setting if you want to configure log setting. Okay, it’s not showing.
So, just let me rephrase log setting. It will show you more detail.
So, here is log setting.
So, our logs are stored in Membrey, if you want to send them 40 analyzer and 40 minutes. These are the two. Another product for the Great Firewall for the manager is like a panorama to configure many firewall from the same place analyzer to analyze the traffic. First disable if you want to send the logs the same to this long server. Let me send this log. Tomizawa 100 dot one I the Nasdaq 100. Daquan, let me see my IP. Let me send to myself.
So, let me see what is my IP address. I’m connected through network adapter by the way.
So, what is my network. Dr. Dysphonia under that one zero nine.
So, I send the traffic 231 one zero nine and apply you can send to just log server as well. Let me answer Slug’s or three Sulayman and the rest is Log server 101. 09 is listening. Look at 48 firewall’s starting. Let me clear this log so that you can see new Newlove. Nothing is coming. Let’s do some changes. You will see the logs, see if I apply and let me change something like a system administrator and let’s delete this one to generate logs. And now you will see the logs here.
So, logs coming device. This one, they say this the message type IP address is 100 or 230 for this one. Okay. And they are sending information, everything, user admin and something. You enjoy their login and they’re done listing.
So, whatever you want to do, it will be sent here. The logs which was generated before locally are let me do one thing more. Let me create a user. Suppose, I just need some changes. One, two, three, one, two, three. And let me choose here and. Okay. And when it’s okay, I need to see another log here. It’s come up. Yeah.
So, you can send the logs here.
So, logs and report forwarding log local logs, related log even system related log antivirus. We already done.
So, I don’t want to repeat this and log showing so you can send us just log server and you can send to forty Analisa and forty manager and you can send to cloud if you have a cloud and your firewall is registered.
So, you can send there as well. Okay, and address. If you want to send out the detailed information and which log you want to send all of our customers. These are all the log type, the one which you don’t want to send, just uncheck it. And local traffic log. These are all the local traffic log are customized unicast traffic or traffic broadcast. If you don’t want, you can check them, okay? And these are hostname. It will show you the hostname here as well. Like FGB device name is an unknown application. It will show you the application details well in the logs.
So, this was log related. Okay, it was so simple to send the logs there. Okay and threadbare. This also related. If you want to log thread what you want to send them as a medium point-to-point proxy, want to protect them and you want to see. But this is application related anyway. It’s not related here and these are the risk level, which I just sure will be this low level zero to seven. They mentioned something here critical. And those so this was to send the logs to service logs server and now we can see look at a lot of logs is now coming because everything is enabled to notice as well and all types of logs we can receive them.
So, let me go back and disable the logs from here.
So, log setting and I would say I don’t need the logs to send to the log server. If you have forty manager you can send them to. Okay.
77. Lecture-77: Traffic Shaping Shared Shaper and Per IP Shaper.
Another topic is traffic shaping, traffic shaping to give shape to the traffic, not only in your organization, you will see that many system in many user in many ipis are killing the bandwidth, are accessing YouTube, that existing Facebook, that existing streaming media. They are watching movies inside the organization.
So, you need to put quality of services. Quality of service is a long topic. I don’t want to go there. I want to bring you here directly.
So, far their purpose. You can apply for the Great Firewall traffic shaping this type of quality of services to restrict the bandwidth and give priority to someone. Either application or use. Are IP are Orlin.
So, far, but we are using trepang shipping in 48 Fadwa, there are two typographic shipping share shipper and the other one is but IP traffic shipper sheer Shipborough means it’s a share for everyone. All user will guarantee the maximum bandwidth. Suppose, if you give them MBBS, that means every user will use 10 megabits per second, even if your organization has only one user, they will use 10 megabits per second.
So, this is sheer schepper like a share. Benguiat you give them everyone. The other one is but a traffic Shipborough, this is what IP it is different from that one. Suppose, that you apply for IP so everybody will get all together that bandwidth. I suppose if you put one in, beat all the users in the lane, we’ll get only one M.B. A loser will get one M.B.
So, there are two types of traffic shaping, you can apply share shipper, and the other one is what, IP shipper? It’s better to show you from the air, but maybe, hopefully you will understand from the air now in my case, I have to be okay. One is one. That one. The other is one that, too. Let me quickly check that everything is configured not.
So, let me see the policy first. Let me delete this policy. Let me quickly enable one policy to allow the traffic just for this purpose. Cleared new and here I will say, you know, everything from land to win sauce can be all and destination can be all and services can be and nurtured and okay. And I need to check one default out there because we’ve done many changes, so I just need to be for it so we don’t need this one. I believe we believe this one. The crowd is already there. Interfaces APIs are already there. Okay, it’s correct Hundert and this one and being this should be the area.
So, let me specify. Businesses will get it. And one dark one, not one, not one, so basic setup is dear. Now, let me assign a piece to this, there were no need of this one. Let me stop this one and stop this one. We just want to go into these are all NBC. Let me go first to this ABC and assign them one hundred and sixty eight one. That one is one, two, three is the buzzword about this one. Lucier one. And let me assign a thing, so let’s go to control panel.
Sorry, let me go from here is Peter. This might be one and go through into physical properties and on this one and let me assign them 190 to 168 one darkland IP and get gurdwaras the Padawan to be inserted in one Dortmunder and be initiated at eight and one part, one dark one done and done. Okay. I hope so. I will exit the Internet now. Because it will never them and they will reach to the Internet and no need of this on this one, we are already done.
So, let’s see Internet zero, not until they let me go to this, because will you do an assigned one, not two.
So, again, just one, two, three, and log in to PC and be sure to we will assign IP 190 to 168 one dot two. Okay, let me go to PC one analyst. Let’s Internet is not. Yes, the Internet is there. Okay, and let me check first, Dotcom. Okay, faster and faster speed test, okay? So, let me check my speed here. And until this one, let me go to the other piece and assign one dart to here.
So, basically, I have to be an inside. Okay, one is 190 to 160, had one last one and the other is 100, 160, 132.
So, untuk IPV six and assign 192 168 one to 192 one six eight one hundred eighty eight and one on one. Not one. Okay, and now she can turn it here as well, and also Benguiat.
So, now let’s go to the first one.
So, as for foreign. Let me check again. It has to be more than this, by the way. We will make them more or less okay.
So, for one, you just keep right down here that our speed because there is no speed limit.
So, if I said no book, okay.
So, four point eight is our speed. Now let’s go to the other PC and check here. First dot com. And let’s see the speed test, because both are lempke, both are getting equal.
So, there will be no restriction. I hope so.
So, let’s see the speed test. Okay, so both will get almost similar.
So, let me type here and notepad. Is getting to more than that one, but it’s not. Anyway, it’s almost similar.
So, let me type here five one three. What are you doing this to me now? I need to restrict them.
So, one is sheer would be one for all. But it will affect fairshare, but will affect upload speeds if you want download as well, you have to put reverse as well. But I’d be required if suppose 10 user each user would get one MBBS, total 10 MBBS, outgoing traffic if the difference. Let me show you.
So, let me go to where we can apply.
So, let’s go to where is. Oh, system, I figured the place it should be. Okay, and let me. By the way. They still don’t quite know what is here. It’s not showing me it’s the. It has to be somewhere here. Okay, maybe it’s off in some firewalls who need to go wall to system and feature visibility and check for the. Policy, so your traffic shaping is on some where they are not showing, it’s not on its own, by the way, so it has to be here. Security profile. It should be, yes, here.
So, here is traffic schepper traffic shaping policy and traffic shaping profile. Click on Traffic Share, but they already have some policies, five policies already there, if you want to use this one. But anyway, I want to create my own so share shaper and parade behavior.
So, I give them their share. And suppose let me give them that was in Gambia’s, because they’re suing five, be a big priority, which priority do you want to give them? Low, high, medium if you want to give them Benwood unit.
So, I said KABB is this one maximum benefit. If you want to send home maximum Benwood, they can get an guaranteed. At least they have to get and this is for extra checking here. But it’s okay.
So, this is my share, Hundert, Gabe and I created them first created. Now, now let’s create a policy. But okay, let’s do this one. Now, let’s go to traffic shaping policy here, I created a unit there which I want to apply this to policy by default. There is only implicit Binay policy. Let’s create a policy like other right before policy.
So, I share those. And Gibbs, this is just a policy name. Enable status if you want to come in.
Source source. They will come from Lynn. I suppose you can give them specific as well. Destination services can be anything, application can be anything. You are category can be anything you can put by application as well. Like a Facebook only if you want to give you two really specific bandwidth. But anyway, we want to do for a distinction. Apply Schepper unmuted interface on outside interface share Schepper. Yes, we have created a with 10 beeps. Where is our wonderful unshared thousand Gambia’s. But I need to put resources well for download as well, so I will pull this one as well and but I don’t want to do. Let me go big, by the way, I didn’t put the deed in this, the name and. Maximum benefit those in. I do know you forgot this one. Can I apply the policy, but this policy is for our let’s go back and refresh and see. Before it was go to four point eight, maybe Lizzi.
So, it’s not reaching to foreign aid, it’s not more than 1000, and let’s go to the other ABC. It was Paderborn three last time, just depression. It will not cross thousand because I put very low value this way, it will not go to exactly thousand. Why? Let me show you why it’s not going. I just need to give them more a bit.
So, it will Adwar, I know it will not be a 390 Cabeus, not for one, three and Belacqua last time. How are you know if you refresh this one? okay, I’m sorry to hear the.
So, it is going to be applied in this one, by the way, it has to show us the traffic. Yeah, so it’s a nine nine Gabes utilize and drop it at one point six nine, because I give them really low.
So, most of the traffic has been denied.
So, that’s why it is not reached to 1000 cabs.
So, I need to give them a bit more to show you properly.
So, let me give them 2000 Gabes and Lestari. This time, at least, you will get at least nearby. Now it’s okay, at least now one point six and the other one, Liswood, will have to reach to one or something. Yes, you have to go there anyway, so before it was fired and now is reaching hardly to this one because we have our share buried so everyone will get this two thousand Gabes.
So, we will make them 2000. Yeah, the name is one thousand, but basically. Yes, sorry when Is this one our one, this one two thousand capes and it’s showing here to palm say sambas drop two places. This has been used. Priority’s high. Now, so this is shared between, you know, we use the policy shared a bed with. Now, let’s create a new policy this time, but I appreciate both and let me give them for you be Schepper Bindoon unit, this one and maximum, let me give them 1000. And okay, and now let’s create a policy here and create new and give them a B ship, our source can be anything, destination can be anything, services can be anything. I don’t get implication. Outgoing interfaces when and this time, but I b is this one is my profile which I created Enoki. Let me put this policy on there, because the other policy, so let me choose this one here on the top and now let’s go there right now, but it has not been heard. Nothing is due. Now, let’s check out. Otherwise, we will disable the other one, so it’s almost because 1000 we give them, so it will reach and the same time let me choose this one is when. And now let’s refresh this one, can we see something it’s hurting the approval ratings there, Don. Yes, we are sitting this one that said that at the end, Gabe is being dropped.
So, it will be. And what about the other one? It will be. Let me think again, let me put this one and let me put here so it’s 850 and 850.
So, then they will say, what is the difference, because in this one, I forgot one thing if you did not put them is the reverse.
So, it will be different if you click here. That is okay. Put them as a reward system in reverse means the download and the this one to the upload.
So, it will stick both. If I disable this, you will see if I disable Gennady SABL right click and okay there, they don’t have here a third able to disable them for a while like other policy to show you what we can reconfigure them as clear counter to see their traffic again. And let me clear this one as well.
So, let’s see which rule is being. I know this one will hit and let’s see. And let’s see this one. And looked refreshed, you will see the traffic will be a top one because it’s also like a policy because this one is in the top here. I put them here on the top. This one is hitting this one. If you pull this one, then it will take this one see three point three and has being dropped.
So, it will drop them if it is increasing in one and B, but I’d be.
So, this is called traffic shaping. Maximum value, you can put this one, by the way, if you put more than this value, it will not work in a CEIBS when you know the maximum value, which we see. By the way, if you are to try to put some other by, you can put more. If you need to put more than this, then you have to UCLA, not you. You cannot use that one.
So, what you need to do, you have to create many rules for how to waste what Hypertrophied bought them under TARP. You know, there they mentioned them priority.
So, high, low and medium high means to give high priority, give them more priority.
So, why not give them more priority so far? Why create a new rule? okay, and for them to make Mutty Marleau something, whatever you want, Benwood unit to the Benwood Megabit to give it whatever you want. Maximum Bendat you want to assign and is guarantied means that whatever happens you have to give them this Benguiat so you have to put that well with. And what else I need to mention here, because I sometime I missed this one, so.
So, this is share and they will share the same Benwood with ABC, and this is what I prepared with which I give you an example. This one Benyus that each one NBP has been a total 10 megabit outgoing traffic.
So, if you have 11 to 11 and B because we assign one in IP, but this one, if you assign one in all, the user in the land will use one. And B, what you will say it was showing both sim because I Rennard both at the same time Benwood was there.
So, that’s why you did not utilize it. And what is this the thing. Yeah, that’s it.
So, this is just a quick review. What is Tropiques shipping in.