Hardening FortiGate connection to FortiAnalyzer

The FortiGate uses OFTP (Fortinets proprietary Optimized Fabric Transfer Protocol, not Odette File Transfer Protocol) to transfer data between FortiGates and FortiAnalyzer. For encryption SSLv3 or TLS is used. In order to harden the connection, use the following commands:

Cfg for FortiAnalyzer 

 1. Set TLS to minimum version 1.2:


 2. Change FAZ certificate to one using the correct FQDN from your/a public CA:



 Debugging can be done using the fowlloing commands:


Oftpd daemon test usage:   diagnose test application oftpd <integer>
  • 1: show PID
  • 2: show statistics and state
  • 3: show connected device name and IP
  • 4: show detailed session state
  • 5: show oftp request statistics
  • 6: show cmdb device cache
  • 7: show logfwd thread stats
  • 8: show tasklist statistics
  • 9: show unreg dev cache
  • 10: log cluster bridge stats
  • 20: show forticlent end-user stats
  • 21: rebuild forticlient end-user avatar table
  • 90: reload un-reg device tree
  • 99: restart daemon

FAZ looks like this:
(global)# get
dh-params           : 8192
enc-algorithm       : high
fgfm-ssl-protocol   : tlsv1.2
oftp-ssl-protocol   : tlsv1.2
ssl-low-encryption  : disable
ssl-protocol        : tlsv1.2
ssl-static-key-ciphers: disable
webservice-proto    : tlsv1.2


Cfg for FortiGate


1. Change TLS ciphers to high:

config log fortianalyzer setting
    set enc-algorithm high
end

2. Change Global TLS-Settings

config system global
    set ssl-static-key-ciphers disable
    set dh-params 8192
    set strong-crypto enable
end


at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Cribl - Change values to lowerCase

Some logs (e.g. Microsoft Azure) sometimes are not fully normalized to all lowercase characters. You can use Cribl to adjust those values by...