cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 5

Fortigate Firewall/Radware DefensePro

Hi there,

I have two questions concerning the data sources (McAfee ESM v9.2.1).

1) Did you have any issues to implementing a data source "Fortigate Firewall"? The Receiver doesn't parse all the messages and I can't create a custom rule because the type is not ASP.

2) How do I configure the "Radware DefensePro" in order to collecting events and sending them to the "McAfee Receiver"? By APsolute Vision or for each devices

4 Replies
anthony_hardin
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Fortigate Firewall/Radware DefensePro

1. Switch to a ASP version. With ASP we tend to write rules to cover all the versions and if we don't have the rules to cover a PER can be logged to get additional parsing. I realize the model names may no line up but it would be worth taking a sample of one of the logs that aren't parsed and save that to that to a text file and then do the following:

a. create a fake data source with one of the other models selected. Make sure you say "Support Generic Syslog"

b. write out the data source settings and push out policy

c. edit the newly created data source and execute the "Upload" button

d. browse to your text file with the log sample

e. Verify if the log was parsed out correctly.

f. repeat steps until you have found the correct model

2. I'm not sure I understand what you are asking with this question. Are you looking for specific instructions for configuring Radware to syslog data to the McAfee Receiver?

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 5

Re: Fortigate Firewall/Radware DefensePro

Hi Antony,

thank you.

1) There is not way to select a model Fortinet Firewall of type ASP; by the way I've just discovered that the Fortigate sends messages there are not documented on official log's guide (Foritage Log Message Referenge Guide v2.8);

2) I need to known the setup on device side;

Rgds,

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 5

Re: Fortigate Firewall/Radware DefensePro

Hi,

       We had the same issue, Then we tried with Fortigate UTM Space Delimited and it worked and it parsed all the events. So give it a shot by selecting Vendor as Fortigate and products as Fortigate UTM- space delimited. You can try Comma delimited if the above is not working.

Regards,

Vinaya.

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 5

Re: Fortigate Firewall/Radware DefensePro

Hi Vinaya,

thank you for your reply.

Actually, I found the official documentation of Fortinet (Log Message Reference Guide) and inside it there is not evidence concerning some logs that the appliance sends, eg: 00380000007.

So we opened a Ticket to Fortinet in order to knowing something more.

Rgds,

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community