1. Knowledge Base
  2. Data Source Support

Connecting Fortinet Firewalls to ContraForce

This is an overview of the steps required to connect Fortinet firewalls to ContraForce.

There are two different methods that can be used to connect a Fortinet firewall to ContraForce. The method to be used depends on the FortiOS version being used by the firewall. Older FortiOS versions (5 and below) require the command line to be used to set up log forwarding to ContraForce. Newer FortiOS versions (6 and above) allow for log forwarding to be setup within the user interface of FortiAnalyzer. Both methods are outlined below.

If you have any questions about this process please feel free to email support@contraforce.com! 

Using FortiAnalyzer User Interface

Edit Log Forwarding

  1. From the home page, navigate to System Settings
  2. In the left pane, navigate to Log Forwarding.
  3. Within the Log Forwarding page, select + Create New
  4. Under Edit Log Forwarding, fill out the details to setup log forwarding to ContraForce.
    1. Name: ContraForce
    2. Status: Enabled
    3. Remote Server Type: Common Event Format (CEF) 
    4. Server FQDN/IP: <ContraForce IP Address>
      1. The IP address to be used will be provided to you by the ContraForce Team.
    5. Server Port: 514
    6. Reliable Connection: Enabled
  5. After the log forwarding details are completed, log forwarding filters can also be adjusted.
    1. Log Filters: Enabled
    2. Log messages that match: All
  6. Once completed click "Ok."
  7. On the Log Forwarding page you should now see a line for ContraForce. 
  8. After completing the setup, let your ContraForce Customer Success representative know and they will confirm that the connection has been made to ContraForce. 

Using the Command Line

  1. Navigate to the Fortinet Command Line
  2. Run the following commands
    1. config log syslogd setting
      1. set status enable
    2. set format cef
    3. set port 514
    4. set server <ContraForce IP Address>
      1. The IP address to be used will be provided to you by the ContraForce Team. 
    5. end
  3. After completing the setup, let your ContraForce Customer Success representative know and they will confirm that the connection has been made to ContraForce. 

Troubleshooting the Command Line

  • The facility name by default should be local4. 
  • For very early versions of FortiOS the command set csv disable may also need to be ran.