This article leads you through the process of integrating Fortinet Fortigate with Red Canary. Follow the procedure from beginning to end.

Estimated reading time: 15 minutes

Prerequisites 

Before you connect Fortinet Fortigate to Red Canary, make sure the following configuration requirement is met:

• Make sure that you have OpenSSL (version 1.1.) installed.

Step 1: Red Canary–Create your Red Canary generated URL

Create a Red Canary provided-URL to send Fortinet Fortigate alerts for ingestion.

1. From your Red Canary dashboard, click the Integrations dropdown, and then click Alert Sources.
2. In the search bar, type and select Fortinet Fortigate.
   
   
3. To configure your new alert source, scroll down and click Fortinet FortiGate.
4. Click Edit Configuration.
5. Enter a name for your external alert source.  
6. Select a display category.
7. From the Ingest Format/Method dropdown, select Fortinet Fortigate via Syslog (Required for Red Canary Threat Investigation Service). 
8. Click Save Configuration.
9. Click Edit Configuration.
10. Click Activate.
11. After a few minutes, Red Canary will generate a URL (Collector ID) that you will use to input into your Fortinet Fortigate account.
    Example: prod1-use2-1234567.prod1.collectors.redcanary.io
    
    

Step 2: Command Line–Generate passphrase keys and TLS certificates

Generate the necessary keys and Transport Layer Security (TLS) certificates that are used to configure the Fortigate platform to send syslogs to Red Canary.

1. Open your native terminal.
   
   
2. Copy and run the command below to generate a Certificate Authority (CA) Private Key:
   

   openssl genrsa -aes256 -out fgcaprivkey.pem 2048

   1. Enter a passphrase for the key. 
   2. Copy the passphrase. You’ll use this to connect Fortinet Fortigate to Red Canary. 
3. Copy and run the command below to generate the Certificate Authority Certificate:
   

   openssl req -new -x509 -days 3650 -extensions v3_ca -key fgcaprivkey.pem -out fgcacert.pem

   1. Enter the values requested.
   2. Enter an identifier when prompted for a Common Name (CN).
      Example: RedCanaryCA
4. Copy and run the command below to generate a Client Certificate Private Key:
   

   openssl genrsa -out InsertYourCollectorID.collectors.redcanary.io.key 2048

   1. Enter a passphrase for the key. 
   2. Copy the passphrase.
5. Copy and run the command below to generate a Client Certificate Signing Request:
   

   openssl req -new -key InsertYourCollectorID.collectors.redcanary.io.key -outInsertYourCollectorID.collectors.redcanary.io.csr

   CN: InsertYourCollectorID.collectors.redcanary.io.key

   1. Enter the Fully Qualified Domain Name (FQDN) of the collector when prompted for a Common Name (CN).
6. Copy and run the command below to create a Red Canary client certificate using the CA Private key and CA Certificate from Steps 1.2 and 1.3:
   

   openssl x509 -req -in InsertYourCollectorID.collectors.redcanary.io.csr -CA fgcacert.pem -CAkey fgcaprivkey.pem -CAcreateserial -out InsertYourCollectorID.collectors.redcanary.io.crt -days 500 -sha256

   Note: If you used an ls command in the directory, you should have the following files:
   

   fgcaprivkey.pem

   fgcacert.pem

   InsertYourCollectorID.collectors.redcanary.io.key

   InsertYourCollectorID.collectors.redcanary.io.csr

   InsertYourCollectorID.collectors.redcanary.io.crt

7.  With your passkeys and TLS certificates generated, log in to Fortigate.

Step 3: Fortinet Fortigate–Import certificates to Fortinet Fortigate

1. From your Fortinet Fortigate dashboard, click System.
2. Click Certificates.
3. Click Create/Import, and then click CA Certificate.
4. Click File.
5. Upload the fgcacert.pem from Step 1.2.
6. Click Save. The new CA Certificate will be located under the Local CA Certificate section. 
7. Click Create/Import, and then click Certificate.
8. Click Import Certificate, and then click Certificate.
9. Upload the InsertYourCollectorID.collectors.redcanary.io.key file from Step 1.4.
10. Upload the InsertYourCollectorID.collectors.redcanary.io.crt file from Step 1.6.
11. Enter the password you set for the key in Step 1.4.
12. Click Save. 
13. Enter a Certificate Name.
    Example: RedCanaryCert
14. Click Create. 

The new certificate will be located under the Local Certificate list.

Step 4: Fortinet Fortigate–Configure Fortinet Fortigate for secure syslog

1. From your Fortinet Fortigate dashboard, click the >_ icon .
2. Enter config log syslogd setting in the Command Line Interface (CLI).
3. Type out the following lines:
   

   set status enable

   set server “InsertYourCollectorID.collectors.redcanary.io”

   set mode reliable

   set facility alert 

   set format cef 

   set priority default

   set ssl-min-proto-version TLSv1-2

   set certificate “[Certificate name from step 2c [RedCanaryCert]”

   set enc-algorithm high 

   set port [Port visible on Alert Source configuration modal

   end
   

   Note: Do not copy and paste the above lines as this will cause an encoding issue.

4. Press the Enter key.

Note: You may get a warning that the port has changed after entering the enc-algorithm high command. Make sure to set up the port value after you enter enc-algorithm high, as seen in the order above.

Step 5: Red Canary–Upload custom certificates to Red Canary

Connect your custom certificates to Red Canary in order to start receiving Fortinet Fortigate alerts.

1. From the Red Canary homepage, click Integrations, and then click Alert Sources.
2. To configure your new alert source, scroll down and then click Fortinet Fortigate.
3. Click Edit Configuration.
4. Select Use custom TLS server certificate for ingest over TLS?
5. Upload the certificates listed in Step 1.6:
   1. Upload a certificate file (PEM or DER)–Upload the .crt file.
   2. Upload the corresponding private key file–Upload the .key file.
   3. Enter the Private key passphrase used to generate the server key.
   4. Upload the CA certificate corresponding to your certificate–Upload the ca.crt.
6. Enter the passphrase from Step 1.4 in the field marked Private key passphrase.
7. Click Save Configuration.