Speak to an expert : Live Chat exa online chat

Police CyberAlarm FortiGate setup

Enable Police CyberAlarm access with these steps…

This is a 3 step process, the first showing how to set up Syslog for Cyber Alarm on FortiGate firewalls, the second will be showing you how to set up outbound NAT, step three will be showing you how to link the outbound NAT to a SurfProtect profile (You do not need to complete steps 2 and 3 if SurfProtect is not in use)

Step 1: Setting the SysLog server

  • Log into the firewall by using either the local gateway i.e or the Public IP of the firewall i.e https://82.219.*.*
Screenshot 2022 03 31 at 12.59.44
  • Enter your log in details and this will take you to the Fortigate dashboard
97c18e40b08b8d7522432f3fe0cd2c72 dashboard noc 601
  • Once there, navigate to ‘Log & Report’ and go to ‘Log Settings’
Screenshot 2022 03 31 at 12.59.23
  • Enable ‘Send logs to Syslog’ once enabled this will allow us to send the traffic to the Server you require, this can either be local IP of hosted locally or if Cloud-hosted can be the public IP of the server;

In this example, we are going to send this to a local server; i.e

  • Once complete click ‘apply’ and logs should start generating and sending to the Syslog server.
Screenshot 2022 03 31 at 12.59.03

Step 2: Setting up an outbound NAT

Once the SysLog has been set up, we need to do an outbound NAT. An outbound NAT means changing the WAN IP for one specific device so it is different to the WAN interface. 

  • On the Draytek Menu on the left hand side choose ‘WAN’ and ‘Internet Access’

  • Depending on which WAN port is used, go into it by clicking on ‘Internet Access’. When you are on the next page find ‘WAN IP Alias’ and click it.
Screenshot 2022 04 06 at 10.03.41
  • Name: A good format we follow is NAT-82.219.*.*
  • Type: Choose ‘Overload’
  • External IP Range: This is the public IP address you will use when translating the internal IP/IP ranges to the public address/range.
  • ARP Reply: Make sure ARP is enabled.
Screenshot 2022 04 05 at 13.45.17
  • Click on’Policy & Objects’ > ‘Addresses’ and click on ‘Create New’
  • Name: To easily identify the object we suggest specifying the internal IP or range for the name.
  • Type: Use ‘IP/Netmask’ or ‘IP Range’ to specify a range of IP addresses for the outbound NAT.
  • Subnet/IP range: Specify the range of IP addresses you are going to be implementing the outbound NAT on.
  • Show in Address List: This is enabled by default and is required when we set the firewall rule up.
Screenshot 2019 08 14 at 20.38.36 2
  • Navigate to ‘Policy & Objects’ and click on ‘Firewall Policy’ then click on ‘Create New’
  • Name: Name of the IPv4 policy. Best to name it ‘Outbound NAT IP Address’ (IP will change depending on what is used)
  • Incoming Interface: Select the LAN interface used for this
  • Outgoing Interface: Select the WAN interface. (this will always be the WAN port)
  • Source: Select the address object that we’ve just created under Policy & Objects > Addresses
  • Destination Address: Select ‘all’
  • Schedule: Choose ‘always’.
  • Service: Select ‘all’
  • Action: Select ‘Accept’
  • NAT: Enable ‘NAT’
  • IP Pool Configuration: Select ‘Use Dynamic IP Pool’ and then select the IP pool object that you created.
  • Enable this policy: Enable the policy.
Screenshot 2022 04 05 at 13.47.31

Step 3: Creating a SurfProtect profile

Please skip this step if you are not using SurfProtect

We will need to setup a SurfProtect profile which has ‘HTTPS decryption disabled’.

surfprotect login page
  • Once logged in go into the profiles. This is done by clicking the blue eye next to the relevant location.
  • You will see a list of profiles the school has created and the default profile. Where it says ‘Filtering profiles’ there will be a green + symbol, click on this.
  • You will see a box labelled ‘Create new profile’ pop up, follow the onscreen instructions.

  • The first thing to do is name the profile. This can be called ‘CyberAlarm’

  • Click ‘Next’
Screenshot 2022 03 31 at 13.04.57
  • You will need to configure the next bit which is ‘Matching’ here, pick the IP that we used in the 1-to-1 NAT.
  • Carry on going through the onscreen instructions and create the profile.
  • Once the profile has been created, go into it by clicking the ‘blue eye’ and looking towards the bottom of the page, it will say ‘Advanced Policy Setting’ and disabling the setting under there.
Screenshot 2022 03 31 at 13.11.12

You should now be able to run Police CyberAlarm through your FortiGate Firewall.

The Exa Foundation

Contact us


Contact us

Is DarkLight connectivity best suited to you?

Dark fibre is perfect if you are looking for a potentially limitless, ultrafast connection with complete flexibility and control.

If you fully rely on the internet, a dark fibre connection could be the best option for you.

Is Leased Line connectivity best suited to you?

Leased Lines are best suited to you if you have high bandwidth requirements and need a reliable, uncontended service.

It is ideal for you if you regularly carry out large uploads and downloads, use cloud based services and a VoIP telephone system as well as video conferencing, for everyday communication.

Is GPON connectivity best suited to you?

GPON is a great choice for you if you need gigabit speeds but don’t need them to be symmetrical. It is becoming more widely available across the UK but may not be immediately available to you yet.

Is Rural Fibre connectivity best suited to you?

If you want to make the move to full fibre, but are based in a rural area, this option is for you.

Is FTTP connectivity best suited to you?

If you have a number of users who use cloud-based applications to upload and download data on a daily basis, but don’t transfer large amounts of data, FTTP might be your best option.

Is Gfast connectivity best suited to you?

If your line cannot support a minimum of 100Mbps, this connection is not for you. Gfast must meet the speed as a minimum. 

If your line meets this need, and you’re looking for an ultrafast, consistent and reliable connection without the hassle and upheaval of construction work – this could be a good fit.

It’s worth noting that Gfast is a stop gap to FTTP, and is not a technology that is likely to be around for a long time.

Is FTTC connectivity best suited to you?

If you need more bandwidth but don’t really need a guaranteed speed, FTTC could be for you. It is widely available throughout the UK, making it suitable as a main connection. As this connection provides higher speeds than ADSL, it is also a good option for a back up to a leased line.

As with ADSL, once the PSTN is turned off in 2025/26, FTTC will become virtually obsolete and at the very least you will require FTTP to remain connected.



Office hours

Monday: 8:30am – 5pm
Tuesday: 8:30am – 5pm
Wednesday: 8:30am – 5pm
Thursday: 8:30am – 5pm
Friday: 8:30am – 5pm
Saturday: Closed
Sunday: Closed


Contact us

Office hours

Monday: 8am – 4pm
Tuesday: 8am – 4pm
Wednesday: 8am – 4pm
Thursday: 8am – 4pm
Friday: 8am – 4pm
Saturday: Closed
Sunday: Closed


Contact us

Office hours

Monday: 8am – 5pm
Tuesday: 8am – 5pm
Wednesday: 8am – 5pm
Thursday: 8am – 5pm
Friday: 8am – 5pm
Saturday: Closed
Sunday: Closed

Is DSL connectivity best suited to you?

DSL connections offer very limited bandwidth so it might be right for you if you typically use the internet for less data-intensive tasks. If you’re sending emails, browsing the web, downloading very small files and working with small amounts of data – you should be fine with DSL.

It is worth noting connections based on copper wire, like DSL, will be switched off in the UK by Openreach, with a phased approach due to begin at the end of 2025. If you don’t have a fibre connection at the moment, you’ll need to upgrade this as well as move to a VoIP telephone system.

Technical Support

Contact us

Office hours

Monday: 8am – 6pm
Tuesday: 8am – 6pm
Wednesday: 8am – 6pm
Thursday: 8am – 6pm
Friday: 8am – 6pm
Saturday: 10am – 4pm
Sunday: 10am – 4pm