> For the complete documentation index, see [llms.txt](https://docs.apica.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.apica.io/integrations/list-of-integrations/fortinet-firewalls.md).

# Fortinet FortiGate Firewall Logs

You can integrate Apica Flow with your FortiGate Firewall to forward either all or selected logs to Apica Ascent using the firewall's built-in syslog forwarding capabilities.

## Configuration

Drop into the firewall CLI and switch to the log syslogd configuration page

```
config log syslogd setting
```

![Fortigate Firewall configuration](/files/4SxceVLDwrZDsFPkPXVV)

## Syslogd forwarding

Once in the syslogd configuration settings, set the following to enable forwarding to Apica Flow

```
set status enable
set server <IP/FQDNS of Apica Ascent Server here>
set mode reliable
set facility local1
set format rfc5424
```

## Log Filtering configurations

For the log forwarding to work, you may need to tweak additional settings such as filtering (see example below - in this configuration, all log-level debug and above are configured to be sent to Apica Flow):

```
FGTAWSX5HFDA6I36 # config log syslogd filter

FGTAWSX5HFDA6I36 (filter) # show
config log syslogd filter
    set severity debug
end

FGTAWSX5HFDA6I36 (filter) # 
```

Additional filtering options can be found under the ***Log & Report*** section in the UI:

![](/files/GgPdbNlYqvxcPoy6LkxP)

### Key Validation Steps:

* Set severity to ***warning*** or ***error*** at the FortiGate filter for traffic logs, and reserve ***debug*** for security event and authentication log categories only — use separate ***syslogd filter*** configs per log type
* Confirm Apica Flow's syslog receiver is configured with octet-counting enabled for RFC5424 over TCP
* Enable TLS on the syslog connection (port 6514, mutual TLS with certificate pinning)
* Assign distinct facility codes per FortiGate appliance to enable per-source routing in Flow
* Use separate syslogd destinations per log category (traffic, event, security) rather than a single catch-all stream


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apica.io/integrations/list-of-integrations/fortinet-firewalls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.