반응형
Example configuration
This example shows the steps for setting up an HA cluster using three FortiSandbox 3000D units.
Step 1 - Prepare the hardware
The following hardware will be required:
l Nine cables for network connections
l Three 1/10 Gbps switches
l Three FortiSandbox 3000D units with proper power connections (units A, B, and C).
The master and primary slaves should be on different power circuits.
Step 2 - Prepare the subnets
Prepare three subnets for your cluster (customize as needed):
l Switch A: 192.168.1.0/24: For system management.
l Gateway address: 192.168.1.1
l External management IP address: 192.168.1.99
l Switch B: 192.168.2.0/24: For internal cluster communications.
Administration Guide
Fortinet, Inc.
116
HA-Cluster URL Package
l Switch C: 192.168.3.0/24: For the outgoing port (port 3) on each unit.
l Gateway address: 192.168.3.1
Step 3 - Setup the physical connections
1. Connect port 1 of each FortiSandbox device to Switch A..
2. Connect port 2 of each FortiSandbox device to Switch B.
3. Connect port 3 of each FortiSandbox device to Switch C.
Step 4 - Configure the master
1. Power on the device (Unit A), and log into the CLI (see Connecting to the Command Line Interface on page 11).
2. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.99/24
set port2-ip 192.168.2.99/24
set port3-ip 192.168.3.99/24
set default-gw 192.168.3.1
3. Configure the device as the master node with the following commands:
hc-settings -s -tM -nMasterA -cTestHCsystem -ppassw0rd -iport2
hc-settings -l
See Appendix A - CLI Reference on page 163 for more information about the CLI commands.
4. Review the cluster status with the following command:
hc-status -l
Other ports on the device can be used for file inputs.
Step 5 - Configure the primary slave
1. Power on the device (Unit B), and log into the CLI.
2. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.100/24
set port2-ip 192.168.2.100/24
set port3-ip 192.168.3.100/24
set default-gw 192.168.3.1
3. Configure the device as the primary slave node with the following commands:
hc-settings -s -tP -nPslaveB -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd
4. Review the cluster status with the following command:
hc-status -l
Step 6 - Configure the normal slave
1. Power on the device (Unit C), and log into the CLI.
2. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.101/24
set port2-ip 192.168.2.101/24
set port3-ip 192.168.3.101/24
set default-gw 192.168.3.1
3. Configure the device as a slave node with the following commands:
hc-settings -s -tR -nSlaveC -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd
117 Administration Guide
Fortinet, Inc.
URL Package HA-Cluster
4. Review the cluster status with the following command:
hc-status -l
Step 7 - Configure other settings
Configure required settings, such as other static routes if you need to access the HA cluster through a router and
scan profiles for malware detection. All configuration can only be done on the master device.
Step 8 - Finish
The HA cluster can now be treated like a single, extremely powerful standalone FortiSandbox unit.

 

In this example, files are submitted to, and reports and logs are available over IP address 192.168.1.99.

 

 

반응형
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortigate IPv6 over IPv4 VPN Tunnel  (0) 2018.05.08
FortiGate Service Objects Category별 우선 순위  (0) 2018.05.08
FortiAuthenticator FSSO 설정  (0) 2018.05.08
FortiSandbox VM package  (0) 2018.05.08
Fortigate Custom Application Control  (0) 2018.05.08
반응형
Authentication > Remote Auth. Servers > LDAP
 
Fortinet SSO Methods > SSO > General
 
Fortinet SSO Methods > SSO > Domain Controllers
 
Fortinet SSO Methods > SSSO > Syslog Sources
 
Syslog WLC Parse
Trigger: enterprise=1.3.6.1.4.1.9.9.599.0.4
Logon: enterprise=1.3.6.1.4.1.9.9.599.0.4
Logoff: 
Username field: 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0={{:username}},     /     1.3.6.1.4.1.9.9.599.1.2.1.0={{:username}},
Client IP field: 1.3.6.1.4.1.9.9.599.1.3.1.1.10.0={{:client_ip}},
Group field: 1.3.6.1.4.1.9.9.599.1.3.1.1.28.0={{:group}}      /     1.3.6.1.4.1.9.9.599.1.2.2.0={{:group}} 
 
Fortinet SSO Methods > SSO > FortiGate Filtering
 
 
 
 
 
Syslog Sample
2015-12-11 10:44:53    Local7.Debug    10.0.56.4    community=dic, enterprise=1.3.6.1.4.1.9.9.599.0.4, uptime=1265877000, agent_ip=10.14.4.5, 1.3.6.1.4.1.9.9.599.1.3.1.1.1.0="Hex String=F0 F6 1C 4D A7 96", 1.3.6.1.4.1.9.9.513.1.1.1.1.5.0=YH_1602_AP_11F_6, 1.3.6.1.4.1.9.9.599.1.3.1.1.8.0="Hex String=1C 1D 86 CF BA 00", 1.3.6.1.4.1.9.9.513.1.2.1.1.1.0=1, 1.3.6.1.4.1.9.9.599.1.3.1.1.10.0=172.20.20.12, 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0=T070415, 1.3.6.1.4.1.9.9.599.1.3.1.1.28.0=DaelimWifi
 

 

2015-12-29 14:20:14 Local7.Debug 10.0.56.4 community=dic, enterprise=1.3.6.1.4.1.9.9.599.0.4, uptime=2635334200, agent_ip=10.14.4.6, 1.3.6.1.4.1.9.9.599.1.3.1.1.1.0="Hex String=F0 F6 1C 4D A7 96", 1.3.6.1.4.1.9.9.513.1.1.1.1.5.0=SS_1142_AP_5F_5, 1.3.6.1.4.1.9.9.599.1.3.1.1.8.0="Hex String=08 17 35 C6 2E F0",1.3.6.1.4.1.9.9.513.1.2.1.1.1.0=1, 1.3.6.1.4.1.9.9.599.1.3.1.1.10.0=172.20.20.12, 1.3.6.1.4.1.9.9.599.1.2.1.0=T070415, 1.3.6.1.4.1.9.9.599.1.2.2.0=DaelimWifi 

 

 

반응형
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiGate Service Objects Category별 우선 순위  (0) 2018.05.08
FortiSandbox Cluster  (0) 2018.05.08
FortiSandbox VM package  (0) 2018.05.08
Fortigate Custom Application Control  (0) 2018.05.08
Fortigate SSLVPN Host Check  (0) 2018.05.08
반응형
1. Install Microsoft Windows VM package 
 
If the unit is not does not have Microsoft Windows VM package installed, they can be installed manually. 
To manually download the package: 
1. FSA-1000D, FSA-3000D, and FSA-VM models: 
Download the package from ftp://fsavm.fortinet.net/general/image/2.0.0/2015022118_vm.pkg.7z 
Users can also try or purchase, download and install extra Android, Windows 8.1 and Windows 10 image 
packages. These packages can be downloaded from: 
Android: Download the package from ftp://fsavm.fortinet.net/images/v2.00/AndroidVM.pkg.7z 
Windows 8.1: Download the package from ftp://fsavm.fortinet.net/images/v2.00/WIN81VM.pkg.7z 
Windows 10:Download the package from ftp://fsavm.fortinet.net/images/v2.00/WIN10VM.pkg.7z 
MD5 File: Download the package from ftp://fsavm.fortinet.net/images/v2.00/md5.txt 
2. Put the package on a host that supports file copy with the SCP or FTP command. The FortiSandbox must be able 
to access the SCP or FTP server. 
3. In a console window, enter the following command string to download and install the package: 
fw-upgrade -v -s<SCP/FTP server IP address> -u<user name> -p<password> -t<ftp|scp> -f<file path> 
 
2. Install the Microsoft Office license file 
 
1. If the unit has no Office license file installed, download the Microsoft Office license file from the Fortinet 
Customer Service & Support portal. 
2. Log into the FortiSandbox and go to System > Dashboard . In the System Information widget, click the Upload 
License link next to Microsoft Office. The Microsoft Office License Upload page is displayed. Browse to the 
license file on the management computer and select the Submit button. The system will reboot. 
3. The Microsoft Office license must be activated against the Microsoft activation server. This is done automatically 
after a system reboot. To ensure the activation is successful, port3 must be able to access the Internet and the 
DNS servers should be able to resolve the Microsoft activation servers. 
 
3. Install Windows 8.1 or Windows 10 license files 
 
1. If user purchases Windows 8.1 or Windows 10 support, download the Windows license file from the Fortinet 
Customer Service & Support portal 
2. Log into FortiSandbox and go to System > Dashboard. In the System Information widget, click the Upload 
License link next to Windows VM field. The Microsoft VM License Upload page is displayed. Browse to the 
license file on the management computer and click the Submit button. The system will reboot. 
3. The Microsoft Windows license must be activated against the Microsoft activation server. This is done 
automatically after a system reboot. To ensure the activation is successful, port3 must be able to access the 
Internet and the DNS servers should be able to resolve the Microsoft activation servers. Network configurations for 

 

port3 can be configure on the Scan Policy > General page. 

 

 

반응형
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiSandbox Cluster  (0) 2018.05.08
FortiAuthenticator FSSO 설정  (0) 2018.05.08
Fortigate Custom Application Control  (0) 2018.05.08
Fortigate SSLVPN Host Check  (0) 2018.05.08
FortiAnalyzer SQL database delete and rebuild  (0) 2018.05.08
반응형

1. Afreeca TV

 

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern ".afreeca."; --context host; --no_case; --app_cat 5; )

 

2. Naver Café

 

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe.naver.com"; --context host; --no_case; --app_cat 23; )

 

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe"; --context host; --no_case; --within 10,context; --pattern ".naver.net"; --context host; --no_case; --app_cat 23; )

 

3. KakaoStory

 

F-SBID( --protocol tcp; --service SSL; --pattern "story.kakao.com"; --context host; --no_case; --app_cat 23; )

 

F-SBID( --protocol tcp; --service SSL; --pattern "story."; --context host; --no_case; --pattern ".kakaocdn.net"; --context host; --no_case; --app_cat 23; )

 

F-SBID( --protocol tcp; --service SSL; --pattern "story-"; --context host; --no_case; --pattern ".kakao"; --context host; --no_case; --app_cat 23; )

 

F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "User-Agent: "; --context header; --no_case; --pattern "KakaoStory"; --context header; --no_case; --within 20; --app_cat 23; )

 

FG # sh ips custom Apache.Struts.CVE.2017.5638.Custom config ips custom    edit "Apache.Struts.CVE.2017.5638.Custom"        set signature "F-SBID( --attack_id 7386; --name Apache.Struts.CVE.2017.5638.Custom; --protocol tcp; --service HTTP; --flow from_client; --pattern Content-Type:; --context header; --no_case; --pattern multipart/form-data; --context header; --no_case; --within 64; --pattern %{; --context header; --distance -32; --within 64; --pcre /%{[^x0a]*([^x0a]*)/i; --context header; --distance -2;   )"        set log-packet enable        set action block        set comment "CVE-2017-5638"    next

end

 

반응형
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiAuthenticator FSSO 설정  (0) 2018.05.08
FortiSandbox VM package  (0) 2018.05.08
Fortigate SSLVPN Host Check  (0) 2018.05.08
FortiAnalyzer SQL database delete and rebuild  (0) 2018.05.08
Fortigate IP Macbindging  (0) 2018.05.08
반응형

*제약사항 (1) SSLVPN는,  forticlient v5.2만 가능(v5.4이상 연결안됨) (2) Endpoint Control는 5.4이상(v5.6 포함)에서 지원*테스트결과[외부접속 : SSLVPN - Host Check Software]1-0. 환경 : FortiClient v5.2.6.0664 1-1. 단일설정 (3rd party체크프로그램으로 KakaoTalk.exe로 테스트)config vpn ssl web host-check-software    edit "KakaoTalk-2.5.6.1543"        set type fw        set version "2.5.6.1543"        config check-item-list            edit 1                set type process                set target "KakaoTalk.exe"                set version "2.5.6.1543"                set md5s "62765EA78EABD95DC986EC285165EB7C"            next        end    nextendconfig vpn ssl web portal    edit "NICS-SSLVPN"        set tunnel-mode enable        set host-check custom        set auto-connect enable        set keep-alive enable        set save-password enable        set ip-pools "SSLVPN_192.168.221.[100-200]"        set split-tunneling disable        set host-check-policy "KakaoTalk-2.5.6.1543"    nextend1-2. 복합설정 (KakaoTalk.exe와 V3Lite.exe 모두 실행해야 만족 - AND조건)config vpn ssl web host-check-software    edit "NICSTECH"        set type fw        config check-item-list            edit 1                set type process                set target "V3Lite.exe"                set version "3.0.1.181"                set md5s "8712E59F299F740DD0B5931788DB94EB"            next            edit 2                set type process                set target "KakaoTalk.exe"                set version "2.5.6.1543"                set md5s "62765EA78EABD95DC986EC285165EB7C"            next        end    nextendconfig vpn ssl web portal    edit "NICS-SSLVPN"        set tunnel-mode enable        set host-check custom        set auto-connect enable        set keep-alive enable        set save-password enable        set ip-pools "SSLVPN_192.168.221.[100-200]"        set split-tunneling disable        set host-check-policy "NICSTECH"    nextend2-1. 테스트결과 (해당 파일 미동작시 : KakaoTalk.exe)

2-1. 단일테스트 (해당파일 동작시 : KakaoTalk.exe)

[내부접속 : endpoint-control profile]1-0. 환경 : FortiClient v5.4.3.0870 / v5.6.0.1075 + FortiGate 5.4.5 1-1. 설정 (3rd party체크프로그램으로 KakaoTalk.exe로 테스트)config endpoint-control profile    edit "default"        config forticlient-winmac-settings            config forticlient-running-app                edit 1                    set app-name "KakaoTalk-2.5.6.1543"                    set process-name "KakaoTalk.exe"                    set app-sha256-signature "D3B4DEB0CAB4DE483CA7769CFC5289DCBBF30502626E15DE4A32B50E9F3287F5"                 next            end            set forticlient-log-upload disable            set forticlient-vuln-scan disable        end        config forticlient-android-settings        end        config forticlient-ios-settings        end    nextend

2. 테스트 (compliance-action의 설정에 따른 변화)FortiGate-VM64 # config endpoint-control profileFortiGate-VM64 (profile) # edit defaultFortiGate-VM64 (default) # config forticlient-winmac-settingsFortiGate-VM64 (forticlient-winm~ngs) # set compliance-action block          Block.warning        Warning.auto-update    Auto update.2-1. Compliance action=auto-update시해당 요소를 자동 다운로드하여 업데이트

2-2. Compliance action=block 및 warning시, 차단팝업 및 로그 알림(가) Compliance에 맞지 않는 경우(KakaoTalk.exe미실행)

(나) Compliance에 일치하는 경우 (KakaoTalk.exe실행후)

3. FortiGate에서의 Monitor(1) FortiClient Monitor

(2) Device Inventory

(3) Endpoint Events Log

4-1. 주의사항 : Forticlient 미설치/삭제이후/하위버전(5.2)설치시, 설치유도 페이지 팝업 발생

FortiCLient 설치후,  초기접속화면

4-2 주의사항 : 수동으로 연결을 끊는 경우 - Disconnect

재연결 및 Compliance만족 전에는 '인터넷 접속불가'

5.기타 :  MD5 및 SHA256 checksum

 

 

 

반응형
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiSandbox VM package  (0) 2018.05.08
Fortigate Custom Application Control  (0) 2018.05.08
FortiAnalyzer SQL database delete and rebuild  (0) 2018.05.08
Fortigate IP Macbindging  (0) 2018.05.08
Fortinet Open Ports Diagram  (0) 2018.05.08
반응형

Technical Note: FortiAnalyzer SQL database delete and rebuildProducts

FortiAnalyzer v5.0
 
FortiAnalyzer v5.2
 

Description

Occasionally an upgrade does not correctly update the SQL database and reporting will cease to function properly due to missing/misnamed columns and/or indexes.
 
“exec sql-local rebuild-db” is the first option, but if that does not resolve the issue then deleting and rebuilding of the database is the next step.

Solution

 

Remove and re-create the SQL db:
 
1) Change operation mode to collector
 
config system global
set log-mode collector
end
 
2) Disable SQL and remove the current database
 
config system sql
set status disable
end
 
execute sql-local remove-db
 
3) Re-enable SQL
 
config system sql
set status local
end
 
4) Change operation mode back to analyser
 
config system global
set log-mode analyzer
end
 
5) Rebuild database
 
exec sql-local rebuild-db
 
 
 
Notes:
 
(1) The rebuild-db command causes the unit to reboot and the rebuild starts when the unit comes back up.
 
(2) Use the command 'diag sql status rebuild-db' to show the status of the rebuild.
 
(3) The time required to rebuild the database depends on the amount of logs stored on the unit.
 
(4) Although this procedure does not remove any log files it is recommended to backup log files beforehand as a precaution.

 

반응형
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortigate Custom Application Control  (0) 2018.05.08
Fortigate SSLVPN Host Check  (0) 2018.05.08
Fortigate IP Macbindging  (0) 2018.05.08
Fortinet Open Ports Diagram  (0) 2018.05.08
FortiSandbox diagram  (0) 2018.05.08
반응형
  1. Macbinding Table 생성
config firewall ipmacbinding table
    edit 1
        set mac 사용자맥주소1
        set name "사용자명1"
        set status enable
    next
    edit 2
        set mac 사용자맥주소2
        set name "사용자명2"
        set status enable
    next
    …
end
  1. Macbinding 옵션 설정 및 적용
config firewall ipmacbinding setting
    set bindthroughfw enable
    set bindtofw enable
    set undefinedhost block
end
config system interface
    edit "port1"
        set vdom "root"
        set ip 1.1.1.1 255.255.255.0
        set allowaccess ping https ssh snmp
        set ipmac enable
        set type physical
        set snmp-index 5
    next
end

 

반응형
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

Fortigate SSLVPN Host Check  (0) 2018.05.08
FortiAnalyzer SQL database delete and rebuild  (0) 2018.05.08
Fortinet Open Ports Diagram  (0) 2018.05.08
FortiSandbox diagram  (0) 2018.05.08
FortiSandbox Flow  (0) 2017.08.08
반응형

 

 

 

반응형
저작자표시 비영리 변경금지

'업무이야기 > Security' 카테고리의 다른 글

FortiAnalyzer SQL database delete and rebuild  (0) 2018.05.08
Fortigate IP Macbindging  (0) 2018.05.08
FortiSandbox diagram  (0) 2018.05.08
FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08

+ Recent posts

티스토리툴바