76. Lecture-76:Configure Syslog in FortiGate Firewall.
Another small topic is syslog syslog means system logging every device nowadays in the network is very important to generate log and send them to any centralized location so that we can monitor them for audit purpose, for monitoring purpose, for many other purpose, for forensic use, for security audit and for many other reason we are using syslogs again we discuss assist log and five courses so I’m going through quickly these logs are generated like something happened in the system CPU high, something goes wrong, interface down, interface up, VPN down, up something goes, something change in the server anything happen, it’s less violation anything happen, it will generate logs and logs are categorized in seven categories which we call them level zero to save one emergency alert, critical error warning, notice information and debug the most dangerous is emergency the more low level, the more is dangerous okay alert, critical error warning and notice so we need to care about this one now here firewall is generating your logs locally as well and you can send them to 40 manager, 40 analyzer and many other places if you go to logs and report so they have a full category of logs and report forwarding traffic any traffic which is generating, they will be here any traffic which is going outside so it will be here by the way, it has to be here let me go to Google. com and refresh okay, it will come after a while so forwarding traffic, local traffic, any traffic locally generated it will show here in this log, log in report Snip traffic you know we done Snipping I remember we done it here if I go to any interface and there is arm Snipper this one where we done it and any interface let me go to, it’s not showing by the way in this interface let me go to any interface yeah, this one one arm Snipper you remember this one in the first I think the second or third class we configure this one like you want to use FortiGate .
Firewall as IPS IDs so their traffic will be generated here with the Snipper traffic but we haven’t configured so it’s not showing anything then if any event happened here, like anything happened in the system like suppose if I log out and I log in wrongly if and wrong, SSD and wrong and then I log in admin one, two, three suppose so those log will be showing here logs and report events it will be mentioned here that says SFTP and this one just admin login fail, admin login fail and the third attempt I log in successfully so any system related events it will show here date level which I told you there are many level username messages and log description you can see other like route event detail here you can see VPN events, you can see user events detail here you can see endpoint detail which we don’t have an a high availability security rating detail and SD connector detail. But right now we have only system detail, NS storing and memory. And if you want to go in any of these detail, it will show you more detail here. And you can filter as well here like a date and time by destination interface, choose the destination interface like any other filter. You can assign so many filter here, you can download them as well. So it will download events, all the events detail and you can refresh NTWS we already done.
So Ntvirus will be showing here with filter related will be here. SSL related will be here a DNS, we’ve done already. It will show here application control, we done. You remember, we’ve done. This one is here security profile so all these logs are showing here. Intrusion prevention, we done. Anomaly, we done here. Log setting this the log setting if you want to configure log setting okay, it’s not showing so just let me refresh log setting, it will show you more detail. So here is log setting. So all logs are stored in membrane if you want to send them 40 Analyzer and 40 Manager these are the two. Another product of 40 gate firewall 40 Manager is like a panorama to configure many firewall from same place and analyzer to analyze the traffic so it’s disabled. If you want to send the logs there, send to Syslog server. Let me send this log to my server 101 either not 101, let me see my IP, let me send to myself so let me see what is my IP address? I’m connected through network adapter by the way so what is my network adapter? This one? Yeah, 1010 nine. So I say send the traffic to 1010 nine and apply you can send to Syslog server as well. Let me on Syslog server three CDA NDRs. Syslog server. 1010 nine is listening. Look at 40 gate. Firewall is starting let me clear this log so that you can see new logs nothing is coming let’s do some changes you will see the logs so if I apply and let me change something like system administrator and let’s delete this one to generate logs and now you will see the logs here so logs is coming device this one they say that the message type IP address is 100 234 this one okay and they are sending information, everything user admin and something in GUI they log in and they’ve done this thing. So whatever you want to do, it will be sent here the logs which was generating before locally. Let me do one thing more. Let me create a user. Suppose I just need some changes. 123123 and let me choose here. And okay.
And when it’s okay, I need to see another log. Here. It’s come up here so you can send the logs. Here so logs and report forwarding log local logs snip related log events system related log and TVR as we already done so I don’t want to repeat these and log setting so you can send to this log server and you can send to 40 Analyzer and 14 Manager and you can send to Cloud if you have a cloud and your firewall is registered, so you can send there as well. Okay. And address if you want to. Send all the detailed information and which log you want to send. All logs are customized. These are all the log type. The one which you don’t want to send, just uncheck it.
And local traffic log. These are all. The local traffic log or customized Unicorn traffic out traffic broadcast. If you don’t want, you can check them and reserve host name. It will show you the host name here as well. Like FG device name is an unknown. Application. It will show you the unapplication detail as well in the logs. So this was log related and it was so simple to send the logs there. Okay. And thread where this also related if you want to log. Thread. What? You want to send them as a medium point to point proxy, want to protect them and you want to see. But this is application related anyway, it’s not related here. And these are the risk level, which I just show you the syslog level zero to seven they mentioned something here critical and those so this was to send the logs to Syslog server and now we can see look at a lot of logs is now coming because everything is enabled. So notice as well and all type of logs, we can receive them. So let me go back and disable the logs from here. So log setting. And I would say I do need the logs to send to the Syslog server. If you have 40 manager, you can send them to there as well. Okay.
77. Lecture-77::Traffic Shaping Shared Shaper and Per IP Shaper.
Another topic is traffic shaping. Traffic shaping to give shape to the traffic normally in your organization you will see that many system and many user and many IPS are killing the bandwidth. They are accessing YouTube, they are accessing Facebook, they are accessing streaming media, they are watching movies inside the organization. So you you need to put quality of services. Quality of service is a long topic. I don’t want to go there. I want to bring you here directly. So for that purpose you can apply and FortiGate firewall traffic shaping this type of quality of services to restrict the bandwidth and give priority to someone either application or user or IP or Len. So for this purpose we are using trapping shaping and 40 gate firewall. There are two type of traffic shaping share shaper and the other one is PERIP traffic shaper. Share shaper means it’s a share for everyone. All user will sit guaranteed and maximum bandwidth. Suppose if you give ten Mbvps, so it means every user will use ten megabit per second. Even if your organization is only one user, they will use ten megabit per second. So this is share shaper. Like a share bandwidth to you. Give them everyone. The other one is per IP traffic shaper. This is PERIP. It is different from that one. Suppose if you apply per IP, so everybody will get altogether that bandwidth. Suppose if you put one MB, all the user in the lane will get only one MB. All user will get one MB. So there are two type of traffic shaping you can apply share shaper and the other one is per IP shaper. It’s better to show you from the lab maybe, hopefully you will understand from there. Now, in my case, I have two PCN lane. Okay? One is one one, the other is one two. Let me quickly check that everything is configure or not.
So let me see the policy first. Let me delete this all policy. Let me quickly enable one policy to allow the traffic just for test purpose, create new and here I will say allow everything from lane to when source can be all and destination can be all and services can be all and netted and okay, and I need to check one default route there because we’ve done many changes. So I just need to be verified. So we don’t need this one, I believe. Yeah, so delete this one. Static route is already there, interface is IPS are already there. Okay, it’s correct 100 and this one and DNS should be there. Yeah. So let me specify DNS as well. Eight, eight, eight and one one. So basic setup is there. Now let me assign IPS to this server. No need of this one. Let me stop this one and stop this one. We just want to go internet. These are our Land PC. Let me go first to this PC and assign them 192 68 one one test, one two three as the password for this one to seven and let me assign IP. So let’s go to control panel. Sorry let me go from here is better. This is my PC one and go to interface. Go to properties and uncheck this one and let me assign them 1921-6811 dot IP and gateway is the firewall IP inside LAN 10 and DNSs eight n one one done and done. Okay I hope so I will access the internet now because it will narrate them and they will reach to the internet and no need of this one. This one we already done. So let’s see internet is there or not? Until that let me go to this PC as well PC two and assign one two.
So again test one, two, three and log into PC two and PC two we will assign IP 109 216812 okay let me go to PC one and let’s test internet is there or not? Yeah so internet is there. Okay and let me check fast comfs. com for speed test. Okay so let me check my speed here and until this one let me go to the other PC and assign one dot two here. So basically I have two PC and inside okay one is 1921-6811 and the other is 1921-6812 so uncheck IPV six and assign 100 and 9216-8121-9216-8108 and one one okay and now check internet here as well and also bandwidth. So now let’s go to the first one. So it’s 4. 7 let me check again. It has to be more than this by the way we will make them more or less okay so 4. 8 just keep right down here that our speed because there is no speed limit. So if I say notebook okay so 4. 8 is our speed. Now let’s go to the other PC and check here fast and let’s see the speed test because both are lane PC, both are getting equal so there will be no restriction I hope. So let’s see the speed test. Okay so both will get almost similar. So let me type here node fade it’s getting too much then the other one but it’s normal anyways almost similar.
So let me type here. 5. 3 is getting both are getting dissimilar now I need to restrict them. So one is share shaper to be equal for all but it will affect share shaper will affect upload speeds. If you want download as well you have to put reverse as well per IP require if suppose ten user, each user would get one MBBS total ten MBBS outgoing traffic just the difference. Let me show you. So let me go to where we can apply so let’s go to whereas system I forgot the place it should be okay, let me by the way they still are by oh what is here? It’s not showing me. It has to be somewhere here. Okay maybe it’s off in some far wall. So you need to go to system and feature visibility and check for the policy. So your traffic shaping is on some farwell they are not showing it’s not on. So it’s on by the way. So it has to be here security Profile so here is Traffic Shaper traffic Shaping policy and traffic Shaping profile. Click on traffic shaper. They already have some policies. Five policies already there if you want to use this one. But anyway I want to create my own. So share, shaper and periphaper. So I give them name Share and suppose let me give them 1000 Kbps because they are suing five MB trip priority. Which priority you want to give them? Low, high, medium if you want to give them bandwidth and unit. So I say Kbps. This one maximum bandwidth. If you want to set how maximum bandwidth they can get and guarantee bandwidth at least they have to get. And this is for extra checking header. But it’s okay. So this is my share 100 KB and I created them. So it’s created now. Now let’s create a policy. But okay let’s do this one. Now let’s go to traffic shaping policy. Here I created a unit which I want to apply this the policy by default there is only implicit deny policy. Let’s create a policy like other IP four policy. So I say share 1000 Kbps. This is just the policy.
Name enable status if you want to commend source source they will come from lane all. Suppose you can give them specific as well. Destination services can be anything. Application can be anything. URL category can be anything. You can put by application as well. Like a Facebook only if you want to give YouTube only specific bandwidth. But anyway we want to do for all this section apply shaper on which interface? On outside interface. Share Shaper yes, we have created Share shaper with ten Bps. Where is our one? This one share 1000 Kbps. But I need to put reverse as well for download as well. So I will put this one as well and per IP I don’t want to do. Let me go back. By the way, I didn’t put the detail that’s the name and maximum bay width thousand. I didn’t know how you forgot this one to put. So now I apply the policy. But this policy is for let’s go back and refresh and see before it was go to 4. 8 MB. Let’s see. So it’s not reaching to 4. 8, it’s not more than 1000 and let’s go to the other PC. It was 5. 3 last time. Just refresh it. It will not cross 1000 because I put very low value.
That’s why it will not go to exactly 1000. Why? Let me show you why it’s not going. I just need to give them more a bit. So it will not go. I know it will not. 390 Kbps, not 4. 3 MB laka last time. How I know if you refresh this one? Okay sorry. Here we apply them this one by the way it has to show us the traffic here. So it’s saying 99 Kbps utilize and drop picket 1. 69 because I give them very low. So most of the traffic has been denied. So that’s why at least it’s not reached to 1000 Kbps. So I need to give them a bit more to show you properly. So let me give them 2000 Kbps. And now let’s try this term at least you will get at least nearby now it’s okay at least now 1. 6 and the other one let’s go it will also reach to one or something. Yes it will go there anyway.
So before it was five and now it’s reaching hardly to this one because we have a share bandwidth so everyone will get this 2000 Kbps. Sorry we make them 2000 yeah the name is 1000 but basically yes sorry we are this one, our one this one 2000 KPPS and it’s showing here 2. 6 MBS dropped two places. This has been used, priority is high now. So this is share bandwidth. You know we use the policy share bandwidth. Now let’s create a new policy this time per IP shaper and let me give them per IP shaper bendwin unit this one and maximum let me give them 1000 and okay and now let’s create a policy here and create new and give them periphaper. Source can be anything, destination can be anything, services can be anything. I don’t care. Application outgoing interface is when and this time PERIP is this one is my profile which I created and okay let me put this policy on the top because it will hit the other policy. So let me choose this one here on the top and now let’s go there. So right now per IP has not been hit. Nothing is there now let’s check out otherwise we will disable the other one. So it’s get almost because 1000 we give them so it will reach and the same time let me choose this one as well. And now let’s refresh this one. Can we see something? It’s hitting the approval either the down yeah so it’s hitting this one so it says that 80 eight KB has been dropped so 850 and what about the other 1850 let me stick again let me put this one and let me put here so it’s 850 and f 850 so then they will say what is the difference? Because in this one I forgot one thing. If you did not put them as a reverse so it will be different if you click here, there is okay, I put them as a reverse as well. Reverse means the download and this one to the upload so it will restrict both. If I disable this, you will see if I disable can I disable right click and okay, they don’t have here I thought I will disable them for a while like other policy to show you but we can clear them as well.
Clear counter to see the traffic again. And let me clear this one as well. So let’s see which rule has been hitting. I know this, the top one will hit and let’s see this one and let’s refresh. You will see the traffic will hit the top one. Because it’s also like a policy. Because this one is on the top here, I put them here on the top. This one is hitting this one. If you put this one then it will take this one. So now C 3. 3 MB has been dropped. So it will drop them if it is increasing in one MB per IP. So this is called traffic shaping maximum value. You can put this one by the way, if you put more than this value, it will not work in a Kbps when you know the maximum bandwidth which we see by the way, if you are trying to put some other by CLI, you can put more. If you need to put more than this then you have to use CLI, not UI. You cannot use that one.
So what you need to do, you have to create many rules for voice over IP traffic. Both them and the type. Whereas they mentioned them priority. So high, low and medium. High means to give high priority, give them more priority. So voice normally we give them more priority. So for wise, create a new rule. Okay? And for data, make medium or low something, whatever you want. Bandwidth unit, choose the bandwidth megabit or gigabit, whatever you want. Maximum bandwidth you want to assign in Kbps guaranteed means that whatever happened, you have to give them this bandwidth. So you have to put that bandwidth. And what else I need to mention, okay? Here because sometimes I miss this one. So this is share bandwidth. They will share the bandwidth, same bandwidth with RPC and this is peripheral which I give you an example. This 110 user, each user gets one Mbps bandwidth. Total ten megabit outgoing traffic. So if you have eleven MB because we assign one MB per IP but this one, if you assign one MB so all the user in the lane will use one MB. But you will say it was showing both same because I run not both on the same time bandwidth was there. So that’s why he did not utilize it. And what is this thing? Yeah, that’s it. So this is just a quick review. What is traffic shaping in?