Auditing logon events with FortiGate

Share this:

How to enable Auditing on Active Directory. One of my customers was implementing web filtering using Active Directory with Fortigate firewall appliances. The solution requires a couple of Event IDs to be generated on the Domain Controllres (4768, 4769 and 4776).


One of my customers is enabling FortiGate for web filtering using integration with Active Directory, and the request to the Active Directory Team was to enable the Event IDs 4768, 4769 and 4776 on all Domain Controllers.

The first step was to search the actual Event ID requested and find out which policies were required to change. Here is a list of the IDs and the technical information from Microsoft.


After that my next step was to change the Defautl Domain Controllers Policy to enable the proper Audit setting. Based on the documentation we need to work on the item Audit logon events. In order to find it, expand the settings the same way that is shown in the image below.


In the first page of the policy the administrator can define which action will be logged.


It seems that FortiGate also requires Kerberos authentication logging information, and for that reason we are going to enable these items as well.


The second tab (explain) gives details of the default values for servers and workstations, and the administrator can use that to identify if the setting is enabling what is required from the third-party application.


In this Tutorial, we went over the process of enabling auditing on the Domain Controllers, and those specific ones can be used with FortiGate to enable the web filtering based on Active Directory integration.

Written by Anderson Patricio

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson has been contributing to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at,, and Anderson (Portuguese).

Related Post

Creating a new Azure Active Directory instance It seems a simple thing, but when you need to create an additional directory for testing/dev purposes, you may ask yourself how to create. In this Tut...
Article: Protect your enterprise social media acco... Hello folks, I've just published an article in where we go over the benefits of using Microsoft Azure Active Directory SSO with socia...
How to identify the replication technology in use ... Since Windows Server 2003 the SYSVOL replication which includes Group Policies, Scripts, and so forth has been done through FRS (File Replication Serv...
How to disable all accounts from an Organization U... In some cases, the administrator must disable all accounts from a specific Organization Unit. We can approach this task from either Active Directory U...