Skip to content

Latest commit

 

History

History
33 lines (25 loc) · 2.26 KB

README.md

File metadata and controls

33 lines (25 loc) · 2.26 KB

Distributed IPS

ExtremeCloud IQ - Site Engine configuration

  • FortiGate can inform the Extreme Connect to quarantine the end-system by syslog message. Open the OneView -> Connect -> Configuration -> Administration -> Distributed IPS -> Services

Connect

  • Regex for FortiGate v6: devid="FGVMEV4L-TUFYM70".*srcip=$threatIpAddress.*action="deny".*policy$threatName\s Based on the FortiGate firewall settings the module can receive many syslog messages. It is very probable that customer will not want to Blacklist every device for each packet drop. Careful customization of the regex is recommended. The example above does match events from FortiGate with name FGVMEV4L-TUFYM70.
  • Regex for FortiGate v5: devid=FGVMEV4L-TUFYM70.*srcip=$threatIpAddress.*action="deny".*policy$threatName\s Based on the FortiGate firewall settings the module can receive many syslog messages. It is very probable that customer will not want to Blacklist every device for each packet drop. Careful customization of the regex is recommended. The example above does match events from FortiGate with name FGVMEV4L-TUFYM70.
  • File: /var/log/syslog
  • senderFilter: name or IP of the sender
  • endSystemGroup defines what group will be the endsystem assigned. Default is Blacklist, you can define your own.
  • endSystemGroupType: MAC

Connect-config

  • Module enabled True
  • Threat name regular expression: ("[^"]*"|(\w|\d|\:|\.|\-|\/|\=|\(|\)|\[|\])+)
  • Do not forget to save your changes.

FortiGate

  • In the FortiGate menu: Log & Report -> Log Settings -> IP Address/FQDN is the Site Engine, Send Logs to Syslog enabled, configure what events you want to send to syslog.

Syslog Settings

  • Enable logging in the rule you want the quarantine action to happen Rule setting

Support

The software is provided as-is and Extreme Networks has no obligation to provide maintenance, support, updates, enhancements, or modifications. Any support provided by Extreme Networks is at its sole discretion.

Issues and/or bug fixes may be reported on The Hub.

Be Extreme