Before you can add a Security Fabric group to FortiAnalyzer, you need to create the Security Fabric group in FortiGate.
Fortinet recommends using a dedicated Super_User administrator account on the FortiGate for FortiAnalyzer access. This ensures that associated log messages are identified as originating from FortiAnalyzer activity. This dedicated Super_User administrator account only needs Read Only access to System Configuration; all other access can be set to None.
- Go to Device Manager > Unauthorized Devices.
- Select all the devices corresponding to the Security Fabric group created in FortiGate.
- Authenticate the Security Fabric group by clicking the Warning icon (yellow triangle) beside the corresponding FortiGate root.
- Enter the Authentication Credentials. The authentication credentials are the ones you specified in FortiGate. Once the FortiGate root has been authenticated, the Warning icon will disappear.
- After authentication, it takes a few minutes for FortiAnalyzer to automatically populate the devices under the FortiGate root which creates the Security Fabric group.