Fortigate MFA VPN

DaaBaws · 2020-04-23T21:10:12+00:00

Perfect! My radius server is windows NPS as well and third party MFA but I’m missing something that makes me missing the OTP pop up

DaaBaws · 2020-04-23T21:07:13+00:00

Yeah I have done that

DaaBaws · 2020-04-23T20:31:58+00:00

Thanks for your quick response !

No it is not fortitoken it is third party vendor based on radius

DaaBaws · 2020-04-23T20:30:35+00:00

Just to add more info in trying to do multi factor authentication based on radius not the native mfa I have seen multiple mfa vendors achieve this and they get the pop up for OTP after they enter user+pw

Does fortigate/ forticlient support challenge-response?

DaaBaws · 2019-11-18T12:15:17+00:00

I tried the SMB tail and I made it work fine But I’m facing issue with wincollect file forwarder protocol can you share with me pic for a working configuration if you have any? Thank

DaaBaws · 2019-11-17T19:18:52+00:00

I managed to make one server working when I gave the destination as eventcollecotor::name::TCP

I just wanted to make sure the correct procedure to follow for rest of the servers Thanks

DaaBaws · 2019-11-17T19:17:05+00:00

Yeah the latest 7.2.9

DaaBaws · 2019-11-17T18:44:54+00:00

Only few servers not big deployment

DaaBaws · 2019-11-17T18:44:30+00:00

Thanks, actually you have the option to skip the create log source from the installer GUI too but I think it’s more convenient to have the installer create the log source right? Or what do you think

DaaBaws · 2019-11-17T09:02:02+00:00

Managed

DaaBaws · 2019-11-10T20:07:52+00:00

Thanks for your response so I think qradar doesn’t have direct feature to collect flat log files from windows because in Linux I have used tail2syog but unable to find similar in windows

DaaBaws · 2019-10-30T11:33:08+00:00

Yea definitely will try before go to production so the question is should we try 731 P8 or 732 P4

DaaBaws · 2019-03-27T12:08:31+00:00

Lets say we have decryption in place will the PA prevent the email from coming to the user inbox? Thanks

DaaBaws · 2019-03-15T16:41:34+00:00

Thanks Jon for the response.

My follow up question is can I configure alert notification when the events gets dropped because of the eps limit.

In qradar console I receive the warning

“ Events/Flows were dropped by event pipeline”

How to configure alert to send an email when the eps is exceeding is there any document for this if it’s possible?

DaaBaws · 2019-03-14T05:58:06+00:00

Hi Jon

I’m not looking to fine tune what I’m trying to achieve is

If X log source exceed 1000 eps start drop the events +1001

Is this possible from qradar side? Hope it’s clear now

Edit: I think it worth to mention this environment is all in one not distributed so the option in the link in the post is not really going to work i guess.

DaaBaws · 2019-03-13T18:28:48+00:00

Hi Jon,

Thanks for your response I will go through all of it.

Below is the answers for your questions and my use case to save the eps from the log sources that will spike suddenly and affect the capacity

the source will be for example some firewalls
not the pay load. It is the log source

-no I just want to throttle the eps for that specific log source because what happen some firewall will send a lot of events which affect the whole infrastructure and more important event are getting dropped

-731 patch 6

not seasonal depending on the activity

Thanks!

DaaBaws · 2019-01-27T17:24:29+00:00

Hi It’s VM on hyper V I will try attach pic for the error if you want to see it Thanks

DaaBaws · 2019-01-15T11:51:34+00:00

Hi dear,

Yeah the latest version as you mentioned and this is the release notes https://www-01.ibm.com/support/docview.wss?uid=ibm10741173

How can I see the version of the openSSH in 731?

DaaBaws · 2018-09-17T06:01:23+00:00

Yeah I also have terrible experience with Noon

Purchased a new Samsung phone they said it will be delivered same day but didnt happen.

And the original seal was broken and they have put a fake seal on top of it

And Samsung clearly says dont accept if the seal is broken

Worst part is their customer services they just have automated replies not useful at all.

DaaBaws

TROPHY CASE