Servers

You can set up SMTP servers and Syslog servers in the system to enable Event notifications to be sent via email and/or logged on an SIEM. You can also set up FortiGate firewalls to send firewall policy suggestions to FortiGate based on the OT Security network events.

SMTP Servers

In order to enable sending Event notifications via email to the relevant parties you will need to set up an SMTP Server in the system. If you do not set up an SMTP server, the Events generated by the system can’t be sent out by email. Under any circumstances, all Events can be viewed in the Management Console (UI) on the Events screen.

To Set up an SMTP Server:

  1. Under Local Settings, go to the Servers > SMTP Servers screen.

  2. Click Add SMTP Server.

    The SMTP Servers configuration window is displayed.

  3. In the Server Name field, enter the name of an SMTP server to be used for email notifications.

  4. In the Hostname\IP field, enter a host name or an IP address of the SMTP server.

  5. In the Port field, enter the port number on which the SMTP server will listen for the Events (Default: 25).

  6. In the Sender Email Address field, enter an email address that is shown as the sender of the Event notification email.

  7. In the User Name and Password fields, enter a user name and password that will be used to access the SMTP server.

    These fields are optional.

  8. At this point you can try to send a test email to verify that the configuration was successful. Click Send Test Email, then enter the email address to send to and check the inbox to see if the email arrived. If the email did not arrive, then troubleshoot to discover the cause of the problem and correct it.

  9. Click Save.

    You can set up additional SMTP Servers by repeating the procedure described above.

Syslog Servers

In order to enable collection of log events on an external server you will need to set up a Syslog Server in the system. If you do not want to set up a Syslog Server, then the event logs will only be saved on the OT Security platform.

To Set up a Syslog Server:

  1. Under Local Settings, go to the Servers > Syslog Servers screen.

  2. Click + Add Syslog Server. The Syslog Servers configuration window is displayed.

  3. In the Server Name field, enter the name of a Syslog Server to be used for logging system events.

  4. In the Hostname\IP field, enter a host name or an IP address of the Syslog server.

  5. In the Port field, enter the port number on the Syslog server to which the events will be sent. (Default: 514)

  6. In the Transport field, select from the dropdown list the transport protocol to be used. Options are TCP or UDP.

  7. If you would like to send a test message to verify that the configuration was successful, click Send Test Message, and check if the message has arrived. If the message did not arrive, then troubleshoot to discover the cause of the problem and correct it.

  8. Click Save.

    You can set up additional Syslog Servers by repeating the procedure described above.

FortiGate Firewalls

To Set up a FortiGate Server:

  1. Under Local Settings, go to the Servers > FortiGate Firewalls screen.

  2. Click the Add Firewall button.

    The Add FortiGate Firewall configuration window is displayed.

  3. In the Server Name field, enter the name of a FortiGate Server to be used.

  4. In the Host/IP field, enter a host name or an IP address of the FortiGate server.

  5. In the API Key field, enter the API token you generated from FortiGate. For more information, see the note below.

  6. Click Add.

    The FortiGate Firewall Server is created.

    Note: The instructions for generating a FortiGate API token can be found on the following page: https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/guides/fgt_token.

    Please note: For the source address (which is needed to ensure the API token can only be used from trusted hosts), please use your OT Security unit IP address.

    When creating an Administrator profile for OT Security, make sure to apply access permissions according to the following settings: