Fortinet FortiGate

Fortinet FortiGate is a next-generation firewall platform that inspects perimeter and internal traffic to block threats such as exploit attempts, malware delivery, command-and-control callbacks, and policy violations. Connecting FortiGate forwards firewall and threat syslog to Radiant Security through the Radiant Agent. Radiant uses the syslog data to triage firewall and threat alerts in context, giving analysts faster verdicts on whether observed traffic reflects a real compromise or routine network activity.

Prerequisites

• Admin access to FortiGate

• A deployed Radiant Agent reachable from each FortiGate firewall

Add the data connector in Radiant Security

1. Log in to Radiant Security.

2. From the navigation menu, click Settings > Data Connectors, then click + Add Connector.

3. Search for and select Radiant Agent, then click Data Feeds.

4. Under Select your data feeds, select Fortinet Fortigate v7, then click Credentials.

5. Under Credential Name, enter an identifiable name for the Radiant Agent integration (e.g., Radiant Agent integration). To reuse an existing Radiant Agent credential, select it from the drop-down menu.

6. Click Add Connector.

Configure FortiGate to forward syslog

Before starting, confirm the IP address of the Radiant Agent and the port configured to receive FortiGate data. If you do not know the port, contact your Customer Success representative. For Fortinet's reference, see Log settings and targets.

Apply this configuration on every FortiGate firewall that should forward syslog to Radiant.

1. Log in to the FortiGate CLI.

2. Configure the syslog destination. Replace <RADIANT_AGENT_IP> with the IP address of the Radiant Agent and <PORT> with the port configured on the agent to receive FortiGate data:

Verify ingestion

After FortiGate begins forwarding, confirm alerts and events are reaching Radiant.

1. In Radiant, navigate to Log Management.

2. Filter by rs_connectorType:"fortigate".

3. Confirm recent alerts and events appear.