Firewall rule changed alert | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB
Fuse
- Fuse Fortinet User Community

Mark Thread UnreadFlat Reading Mode ❐

Hot!Firewall rule changed alert

Author Post Essentials Only Full Version
Ludo New Member Total Posts : 2 Scores: 0 Reward points: 0 Joined: 2021/01/13 05:33:12 Status: offline 2021/01/13 05:45:38 (permalink) 0 Firewall rule changed alert Hi, We have multiple FortiGate instances with different VDOMs. We have several admins working on them and would like to be notified when a rule changes on one of the VDOMs. I didn't find anything right away, is there an easy way to do this? Kind Regards, Ludovic #1 5 Replies Related Threads
lobstercreed Platinum Member Total Posts : 372 Scores: 43 Reward points: 0 Joined: 2018/11/28 14:57:58 Location: Sedalia, MO Status: online Re: Firewall rule changed alert 2021/01/14 08:05:53 (permalink) 0 I review system event logs after the fact to keep abreast of what other admins are doing and did figure out how to set an alert in FortiAnalyzer based on this, but as far as an alert from the FortiGate itself - I'm not sure. Do you have FortiAnalyzer? #2
Ludo New Member Total Posts : 2 Scores: 0 Reward points: 0 Joined: 2021/01/13 05:33:12 Status: offline Re: Firewall rule changed alert 2021/01/14 08:29:54 (permalink) 0 Yes, we have a FortiAnalyzer in our environment. It would be great if you could help me. For now, I have created a script that gets the full config every day and checks if there are any differences with the previous config. #3
lobstercreed Platinum Member Total Posts : 372 Scores: 43 Reward points: 0 Joined: 2018/11/28 14:57:58 Location: Sedalia, MO Status: online Re: Firewall rule changed alert 2021/01/20 11:44:06 (permalink) 0 See attached. The redacted part is my username so that it doesn't annoy me when I'm working on the system, and the blank line eliminates the noise like NAT creation/destruction. This only fires every 30 minutes I believe but it lets me know on days when I'm out of the office if someone else is messing around on the firewall. I can then review the system logs in FortiAnalyzer to look for the specifics. I hope this helps. If you need more specific guidance maybe we could do a brief call or Zoom. Feel free to DM me. Attached Image(s) #4
sruthi reddy New Member Total Posts : 3 Scores: 0 Reward points: 0 Joined: 2021/01/20 20:22:24 Status: offline Re: Firewall rule changed alert 2021/01/20 21:31:17 (permalink) 0 Hello Ludovic, You can configure automation stitch and an alert email using Fortigate. Please check: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46073 https://docs.fortinet.com/document/fortigate/6.0.0/handbook/712138/automation-stitches Alternatively, you can also configure alerts on FortiAnalyzer based on event logs: https://kb.fortinet.com/kb/documentLink.do?externalID=FD41608 https://kb.fortinet.com/kb/documentLink.do?externalID=FD41685 Another similar thread: https://forum.fortinet.com/tm.aspx?m=187812 Thanks, Sruthi NSE7 #5
tafb New Member Total Posts : 1 Scores: 0 Reward points: 0 Joined: 2014/12/04 13:35:03 Status: offline Re: Firewall rule changed alert 2021/01/31 11:20:53 (permalink) 0 Try the alertemail settings. only available in the cli now but can email all config changes. #6

Jump to:

© 2021 APG vNext Commercial Version 5.5