Recommendations and Special Notes

• Recommendations
• Special Notes

Recommendations

Fortinet recommends the following versions and configurations to use with FortiAIOps.

Product	Recommendation
FortiAP	FortiAP (FAP) version 7.2.2 and above is recommended to generate all events in FortiAIOps.
FortiOS	FortiOS version 7.2.4 and above, 7.4.0, or 7.6.0 are recommended to generate all events in FortiAIOps.
FortiGate	[FortiGate/FortiAnalyzer] Configure the FortiAIOps IP address in the FortiGate syslog or FortiAnalyzer to send events to FortiAIOps. Ensure that you enable the detection of interfering SSIDs in FortiGate to allow reporting of Throughput SLA - interference issues in FortiAIOps. To detect interfering SSIDs in FortiGate, configure the FortiAP profile to use Radio Resource Provisioning or a WIDS profile with AP scan enabled. To receive SD-WAN logs, ensure that the SD-WAN monitoring license is applied in FortiGate. This is to generate congestion logs. Configure the sla-fail and sla-pass log failure period, the recommended duration is 60 seconds for enhanced accuracy. When the backup file is restored on a different machine, reconfigure the FortiAIOps IP address in the FortiGate syslog settings.
FortiAIOps 500G (FAO-500G)	For a fresh configuration, completely erase all existing configurations from the hard disks. A factory reset is recommended to ensure all configurations are removed. Back up your configuration data before RAID rebuild and migration operations, as these processes are susceptible to errors. The 10 Gbps port does not support 1 Gbps data speeds. RAID rebuild and migration operations cannot be performed concurrently. However, simultaneous rebuild operations are supported for SSDs and HDDs. The system supports the failure of only one HDD and one SSD at a time. Simultaneous failures of multiple HDDs or SSDs may lead to data loss.
Others	The FortiAIOps time and timezone should be synchronized with the NTP server.

Special Notes

Note the following when using FortiAIOps.

• [SD-WAN] Upgrade to the current release sets the baseline configuration mode to dynamic, by default.

• [Switching] Ensure that all L2 security features, such as, BPDU guard, loop guard, DHCP snooping, root guard are enabled on the switch port to detect STP and DHCP failures.

• By default, there is no password for logging into the CLI mode for the first time. However, you are prompted to change the password after logging in. The default login credentials (username/password) for the GUI are admin/admin. Configuring the CLI password does not modify the GUI password.

• The FortiAIOps CLI and GUI users are different.

• FortiAP and FortiSwitch events/logs are displayed randomly for both primary and secondary FortiGates in a cluster.

• When a FortiGate is deleted and added in a new device group, the AI-Insights data is still displayed in the older device group, only for the time period during which the device was part of that group.

• This release supports the backup and restore function only for FortiAIOps configuration. CLI configurations are saved using the execute backup config command and it does not include any FortiAIOps specific configurations.

• The import option is not available for FortiGates deployed in HA mode.

• The Time to Connect - DNS delay is not supported.

• SAM works with F-series, G-series, and K-series FAPs, bridge mode SSIDs, and WPA2 PSK security mode only.

• Currently only radio1 (2.4GHz) and radio 2 (5GHz) are supported for SAM operations.

• SAM test results are not displayed in the baseline view details/trends page after the restore operation.

• FortiAnalyzer version 7.4.1 is not supported due to an incorrect log format.

• Time to Connect and Connection Failure SLA - WPA3 SAE and Enterprise modes are not supported.

• The backup and restore operation is supported from version 2.0.0. This operation is not supported from 1.x version.