Introduction
FortiWeb is a web application firewall (WAF) that protects net functions and APIs from assaults that target unknown exploits and helps preserve compliance with regulations. Using a computing device to mannequin every application, FortiWeb defends functions from recognized vulnerabilities and zero-day threats.
Fortinet is a cybersecurity company with more than two decades of experience and a comprehensive suite of products for channel partners, service providers, small enterprises, and large corporations.
Setup Requirements
Add Resource To Monitoring
Add your FortiWeb host into monitoring. For more information on adding resources to monitoring, see Adding Devices.
Adding Devices
Device data is saved as system properties, which can be accessed via the device’s Info tab. You can manually add properties to define login credentials and specific port settings for that device, as described in Defining Authentication Credentials. Based on the device information collected, DataSources and other LogicModules will be deployed to the device automatically.
Manually Adding Devices
You can choose between wizard and expert mode when manually adding a device. The expert mode will presume you are supplying the correct device setup, while wizard mode will verify that your equipment is correctly configured for monitoring.
Wizard Mode
Select Add | One Device | Wizard from the Resources page. The device wizard in LogicMonitor will guide you through a four-step process:
- Enter your device’s IP address or DNS name.
- For the device you’re adding, choose the main Collector. Using conventional monitoring protocols, this Collector will establish a connection with the device.
Also Read: FortiGate Training
Note that duplicate devices (i.e. IPs) can be added as long as they are monitored by separate Collectors and have different display names.
- The monitor will attempt to communicate with the device using standard monitoring protocols.
- If Monitor cannot establish communication, you will be prompted for more information regarding the device type. You may additionally be required to supply any passwords associated with the monitoring protocols that apply to your device (e.g., the community for a Linux server).
Note: This section of the wizard can also be used to set and test your SNMPv3 credentials, such as User Security Name, Authentication Key, Authentication Protocol, Privacy Key, and Privacy Protocol. SNMPv3 AuthNoPriv (no encryption) and NoAuthNoPriv (no password and no encryption) methods are not yet supported by the wizard, although SNMPv3 relevant device characteristics can still be manually defined for these methods, as explained in Defining Authentication Credentials.
- After you’ve completed the device wizard to set up the basic parameters for your new device, you can add more configurations (e.g. device URL, alert disabling, NetFlow analysis, group membership) by finding the new device in the Resources tree and clicking the Manage button on its detail page to open the Manage Device dialog. The Manage Device dialogue carries all of the same configurations that you specify when setting up a device in expert mode, therefore read the following section for more information on the additional settings available for setup.
Best Fortiweb Interview Questions and Answers
Expert Mode
An expert mode is a simple approach to quickly adding devices to your Monitor account if you already know which parameters are required to establish communication with your device, or if you know that these properties are configured at the group level.
IP Address/DNS Name
In the IP Address/DNS name area, type your device’s IP address or DNS name. The Collector will utilize this to establish communication.
Note that duplicate devices (i.e. IPs) can be added as long as they are monitored by separate Collectors and have different display names.
Name
Enter a display name for the device in the Name area. Throughout the application, the display name will be used. The operators and comparison functions described in Monitor’s data point expression syntax cannot be used in device display names.
Description
Enter a device description in the Description field. This description will result in the creation of a system. property description This can be used for dynamic groupings as well as device searching functionality.
Link to a URL
In the Link to a URL field, enter the machine URL if one exists. A machine icon will then show after the system identifies in the header of the machine element page. When the icon is clicked, a new browser tab opens to the URL. This discipline is most normally used to hyperlink to administration portals or troubleshoot documentation.
Enable Alerting
The Enable Alerting checkbox is enabled using default. If unchecked, system statistics will be accumulated however no signals will be generated. Users in many instances disable system alerting if facts factor alert thresholds want to be adjusted earlier than an alert generation.
Enable Network Flow Analysis
NetFlow (Network Traffic Flow Analysis) records can be monitored for any machine with sflow, jflow, or Netflow information. When the Enable Network Flow Analysis checkbox is selected, you’re given the choice to choose a separate Collector for NetFlow data. As mentioned in Configuring Monitoring for NetFlow, you have to additionally allow NetFlow statistics series on the system itself.
Collectors
In the Collectors section, use the Collector Group subject to filter the listing of on-hand Collectors that can be assigned as the favored Collector from the Preferred Collector field. The preferred Collector is the main Collector accountable for gathering records from the device. Backup Collectors will routinely be assigned if the desired Collector fails over.
Groups
In the Groups section, you can assign your gadget to one or greater machine groups. If you have whatever chosen in the Resources tree at the time you commenced including this new device, Monitor mechanically assigns the group, if any, that encompasses something that is presently selected. As mentioned in Device Groups Overview, grouping your units in Monitor can make administration extensively less complicated and shop you time when configuring alert thresholds, dashboards, reports, alert routing, and machine properties.
Properties
In the Properties section, you can assign houses to your devices, such as authentication and customized information. For extra data on assigning properties, see Resource and Instance Properties.
Adding Devices by way of Net Scans
You can configure Monitor Collectors to scan an IP vary periodically and add located units into the device automatically. For greater records on configuring community scans, see Creating Net Scans.
Adding Devices through Monitor’s API
Adding units by the API can be extraordinarily useful, mainly if you are searching to do a bulk add or desire to mechanically add a machine to monitoring as it’s spun up with the aid of a configuration administration device such as Puppet or Ansible. For greater facts on the usage of Monitor’s REST API to add gadgets when they boot, see REST API Developer’s Guide.
Enable SNMP
SNMP ought to be configured on the FortiWeb host for the Data Sources to apply.
SNMP Credentials
The Monitor ought to supply the gorgeous credentials to efficaciously get the right of entry to the FortiWeb aid by using SNMP. For guidelines on how to set the fantastic credentials as homes on the aid inside Monitor, see Defining Authentication Credentials.
Defining authentication credentials
Using houses to set credentials
The Monitor may additionally require credentials (for example, JDBC passwords, SNMP neighborhood strings, SSH username, and so on) to acquire information from your devices. You can use homes to set this fact at the global, group, or machine level.
The degree the place you pick to set residences for your gadget may additionally rely on how many gadgets that property applies to. For example, if you use the identical SNMP neighborhood string for all Linux devices, you can also favor setting this property at the team degree as a substitute at the gadget degree for every Linux gadget in your account. For techniques and guidelines on the place and how to set properties, see Resource and Instance Properties.
Common credentials
The following desk lists many predefined houses that can be used to shop credentials (and authentication details) for quite a several frequent protocols and systems.
Note: Any values assigned to residences with names ending in .pass .*password, .*credential, .auth, .key, or password will be obfuscated for the duration of the LogicMonitor interface for protection purposes. In addition, values assigned to the following houses will also be obfuscated: snmp.community, snmp.privtoken, snmp.authtoken, aws.accesskey, (\\S+((\\.pass)|(\\.auth)|( .key))), azure .secretkey, (saas .(privatekey|secretkey)), gcp .serviceaccountkey, (collector\\.sqs .(awsaccesskey|awssecretkey)), and (gcccli.accesskey).
Defining SNMP credentials and properties
A Monitor can use SNMP variations 1, 2c, or three If your machine helps 2c, it helps 64-bit counters and is preferable over model 1. SNMPv3 provides authentication and encryption, making it greater secure, however additionally extra difficult to set up and troubleshoot.
Notes:
- On a personal device, the SNMP.version is mechanically set using LogicMonitor to the model of SNMP that responds. LogicMonitor tries SNMP verbal exchange originally with model 3, then 2c, and in the end model 1. The best possible responding model is set for this value, and any tries to edit it will routinely revert.
- If you try to exchange the SNMP model after preliminary gadget addition (by getting into new credentials), you should make certain it and the pertinent credentials function. If LogicMonitor is now not in a position to speak the use of the new model specified, it will mechanically revert to the unique model as a result of the failure.
- If you prefer to override the default UDP 161 port, set SNMP. port (defined in the desk above) to mirror your SNMP port.
SNMP Versions 1 and 2c
For SNMP variations 1 and 2c, you want to set the SNMP.community property (defined in the desk above).
SNMP Version 3
For SNMPv3, to talk with authentication and privateness (referred to as authPriv protection level), you want to set the SNMP. security, SNMP.auth, SNMP.authToken, SNMP.priv, and SNMP.privToken homes (all described in the desk above).
If speaking with authentication solely (no privacy), referred to as authNoPriv, encompass the SNMP.priv and SNMP.privToken properties, however, go away them blank.
SNMPv3 additionally introduces assist for SNMP.contextName and SNMP.contextEngineID. The SNMP.contextEngineID cost is a string used to perceive the machine on which the administration data is hosted. The SNMP.contextName identifies the character SNMP context.
Import LogicModules
From the Monitor repository, import all Fortinet FortiWeb LogicModules, which are listed in the LogicModules in the Package area of this help article. If these LogicModules are already present, make sure you have the most current versions.
Once the LogicModules are imported (assuming all preceding setup necessities have been met), the suite of FortiWeb DataSources will routinely commence accumulating data.
LogicModules in Package
Monitor’s package deal for Fortinet FortiWeb consists of the following LogicModules. For full coverage, please make sure that all of these LogicModules are imported into your Monitor platform.
When placing static data point thresholds on the number of metrics tracked with the aid of this package’s DataSources, Monitor follows the technological know-how owner’s quality exercise KPI recommendations. If necessary, we motivate you to regulate these predefined thresholds to meet the special wants of your environment. For extra statistics on tuning data point thresholds, see Tuning Static Thresholds for Data points.
