Hot!Firewall rule changed alert

Author
Ludo
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/01/13 05:33:12
  • Status: offline
2021/01/13 05:45:38 (permalink)
0

Firewall rule changed alert

Hi,
 
We have multiple FortiGate instances with different VDOMs.
We have several admins working on them and would like to be notified when a rule changes on one of the VDOMs.
I didn't find anything right away, is there an easy way to do this?
 
Kind Regards,
Ludovic
#1

5 Replies Related Threads

    lobstercreed
    Platinum Member
    • Total Posts : 372
    • Scores: 43
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: online
    Re: Firewall rule changed alert 2021/01/14 08:05:53 (permalink)
    0
    I review system event logs after the fact to keep abreast of what other admins are doing and did figure out how to set an alert in FortiAnalyzer based on this, but as far as an alert from the FortiGate itself - I'm not sure.  Do you have FortiAnalyzer?
    #2
    Ludo
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2021/01/13 05:33:12
    • Status: offline
    Re: Firewall rule changed alert 2021/01/14 08:29:54 (permalink)
    0
    Yes, we have a FortiAnalyzer in our environment. It would be great if you could help me.

    For now, I have created a script that gets the full config every day and checks if there are any differences with the previous config.
    #3
    lobstercreed
    Platinum Member
    • Total Posts : 372
    • Scores: 43
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: online
    Re: Firewall rule changed alert 2021/01/20 11:44:06 (permalink)
    0
    See attached.  The redacted part is my username so that it doesn't annoy me when *I'm* working on the system, and the blank line eliminates the noise like NAT creation/destruction.
     
    This only fires every 30 minutes I believe but it lets me know on days when I'm out of the office if someone else is messing around on the firewall.  I can then review the system logs in FortiAnalyzer to look for the specifics.
     
    I hope this helps.  If you need more specific guidance maybe we could do a brief call or Zoom.  Feel free to DM me.

    Attached Image(s)

    #4
    sruthi reddy
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2021/01/20 20:22:24
    • Status: offline
    Re: Firewall rule changed alert 2021/01/20 21:31:17 (permalink)
    0
    Hello Ludovic,
     
    You can configure automation stitch and an alert email using Fortigate. Please check:
     
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD46073 
    https://docs.fortinet.com/document/fortigate/6.0.0/handbook/712138/automation-stitches
     
    Alternatively, you can also configure alerts on FortiAnalyzer based on event logs:
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD41608
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD41685
     
    Another similar thread: https://forum.fortinet.com/tm.aspx?m=187812
     
    Thanks,
    Sruthi
    NSE7
    #5
    tafb
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/12/04 13:35:03
    • Status: offline
    Re: Firewall rule changed alert 2021/01/31 11:20:53 (permalink)
    0
    Try the alertemail settings.  only available in the cli now but can email all config changes.
    #6
    Jump to:
    © 2021 APG vNext Commercial Version 5.5