About the Illumio and Fortinet Integration
The Illumio - Fortinet integration enables organizations to ingest flow logs from both on-prem and cloud-based Fortinet FortiGate firewalls directly into Illumio Insights. By centralizing Fortinet telemetry within the Illumio platform, you gain unified visibility across your hybrid network, a baseline for your traffic behavior, and the capability to rapidly identify security gaps, misconfigurations, and early indicators of potential breaches.
This integration currently supports two integration methods:
Note
You must enable syslog monitoring for both methods of sending Fortinet logs.
Ingest Syslogs directly from Fortinet (Recommended).
FortiGate devices natively support syslog forwarding. Fortinet firewalls send their traffic logs directly to the Illumio Syslog Service over mTLS. After the logs reach the Syslog Service, the Illumio platform automatically processes, normalizes, and ingests the data into Illumio Insights.
To enable this method, you must configure FortiGate and FortiManager to:
Enable traffic-log generation for all required firewalls.
Configure syslog forwarding using mTCP with TLS.
Point the log stream to your Illumio Syslog endpoint.
Route Fortinet logs from Cribl to Azure Event Hub.
For environments that are already using Cribl Stream as a centralized logging pipeline, Illumio supports routing Fortinet logs directly from Cribl directly to the Illumio-hosted Azure Event Hub. This option is ideal for when you prefer to decouple log collection from their firewalls, already have Cribl deployed, or need advanced routing, filtering, or transformation capabilities before logs reach Illumio.
Note the following about using the Cribl method:
This method is supported for select customers only. Contact Illumio Support for approval.
You must configure Cribl with the Azure Event Hub connection string and namespace provided to you.