Fortinet black logo

Online Help

Home FortiCASB 23.4.a Online Help
23.4.a
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

FortiAnalyzer Configurations

FortiAnalyzer Configurations

Part 1: FortiAnalyzer Port Configuration

Part 2: FortiAnalyzer System Configuration

Part 3: Configure FortiAnalyzer on FortiGate

Part 1: FortiAnalyzer Port Configuration

This section is to provide a public IPv4 address for FortiAnalyzer and make sure the IP address with the following ports can be accessed from the external network.

Protocols TCP Port
HTTP 80
HTTPS 443
  1. In FortiAnalyzer, go to System Settings > Network, select the interface.

  2. Then click Edit to edit the network interface.
  3. Enable HTTPS or HTTP in Administrative Access. (The network connection will be tested in FortiCASB Configuration)

Part 2: FortiAnalyzer System Configuration

  1. Finish all parts 1-3 in the FortiGate Configuration.
  2. Go to FortiAnalyzer > System Settings, click on Administrators, select the user to be connected to FortiCASB and press Edit.

  3. Click Admin Profile drop down menu and select "Standard_User" or "Super_User".

  4. Click JSON API Access drop down menu and select "Read-Write".
  5. Use the following CLI commands to add RPC-permit's read and write permissions to the user:

    config system admin user

    edit "user" (The FortiAnalyzer user that will be used to connect to FortiCASB.)

    set rpc-permit read-write

Part 3: Configure FortiAnalyzer on FortiGate

  1. Go to FortiGate and open CLI, then enter the following command:

    2. #config log fortianalyzer2 setting

    #set status enable

    #set server <FortiAnalyzor server IP>

    #set enc-algorithm high-medium

    #set upload-option realtime

    #set reliable enable

    #end

  2. Go to FortiAnalyzer > Device & Groups.
  3. Look for the unauthorized FortiGate device and authorize it.

  4. Go to back to FortiGate then execute the following command to test the connection.

    5. #execute log fortianalyzer test-connectivity 2

  5. If the connection is successful, FortiGate will return the following:

Registration: registered

Connection: allow

The entire CLI output should look like below:

FGVM04TMXXXXXX # execute log fortianalyzer test-connectivity 2

FortiAnalyzer Host Name: FAZAWS

FortiAnalyzer Adom Name: root

FortiGate Device ID: FGVM04TMXXXXXX

Registration: registered

Connection: allow

Adom Disk Space (Used/Allocated): 3921305424B/53687091200B

Analytics Usage (Used/Allocated): 790079985B/37580963840B

Analytics Usage (Data Policy Days Actual/Configured): 32/60 Days

Archive Usage (Used/Allocated): 3131225439B/16106127360B

Archive Usage (Data Policy Days Actual/Configured): 55/365 Days

Log: Tx & Rx (6 logs received since 15:21:34 08/29/23)

IPS Packet Log: Tx & Rx

Content Archive: Tx & Rx

Quarantine: Tx & Rx

Certificate of Fortianalyzer valid and serial number is: FAZ-VMTMXXXXXX

Previous
Next

FortiAnalyzer Configurations

Part 1: FortiAnalyzer Port Configuration

Part 2: FortiAnalyzer System Configuration

Part 3: Configure FortiAnalyzer on FortiGate

Part 1: FortiAnalyzer Port Configuration

This section is to provide a public IPv4 address for FortiAnalyzer and make sure the IP address with the following ports can be accessed from the external network.

Protocols TCP Port
HTTP 80
HTTPS 443
  1. In FortiAnalyzer, go to System Settings > Network, select the interface.

  2. Then click Edit to edit the network interface.
  3. Enable HTTPS or HTTP in Administrative Access. (The network connection will be tested in FortiCASB Configuration)

Part 2: FortiAnalyzer System Configuration

  1. Finish all parts 1-3 in the FortiGate Configuration.
  2. Go to FortiAnalyzer > System Settings, click on Administrators, select the user to be connected to FortiCASB and press Edit.

  3. Click Admin Profile drop down menu and select "Standard_User" or "Super_User".

  4. Click JSON API Access drop down menu and select "Read-Write".
  5. Use the following CLI commands to add RPC-permit's read and write permissions to the user:

    config system admin user

    edit "user" (The FortiAnalyzer user that will be used to connect to FortiCASB.)

    set rpc-permit read-write

Part 3: Configure FortiAnalyzer on FortiGate

  1. Go to FortiGate and open CLI, then enter the following command:

    2. #config log fortianalyzer2 setting

    #set status enable

    #set server <FortiAnalyzor server IP>

    #set enc-algorithm high-medium

    #set upload-option realtime

    #set reliable enable

    #end

  2. Go to FortiAnalyzer > Device & Groups.
  3. Look for the unauthorized FortiGate device and authorize it.

  4. Go to back to FortiGate then execute the following command to test the connection.

    5. #execute log fortianalyzer test-connectivity 2

  5. If the connection is successful, FortiGate will return the following:

Registration: registered

Connection: allow

The entire CLI output should look like below:

FGVM04TMXXXXXX # execute log fortianalyzer test-connectivity 2

FortiAnalyzer Host Name: FAZAWS

FortiAnalyzer Adom Name: root

FortiGate Device ID: FGVM04TMXXXXXX

Registration: registered

Connection: allow

Adom Disk Space (Used/Allocated): 3921305424B/53687091200B

Analytics Usage (Used/Allocated): 790079985B/37580963840B

Analytics Usage (Data Policy Days Actual/Configured): 32/60 Days

Archive Usage (Used/Allocated): 3131225439B/16106127360B

Archive Usage (Data Policy Days Actual/Configured): 55/365 Days

Log: Tx & Rx (6 logs received since 15:21:34 08/29/23)

IPS Packet Log: Tx & Rx

Content Archive: Tx & Rx

Quarantine: Tx & Rx

Certificate of Fortianalyzer valid and serial number is: FAZ-VMTMXXXXXX

Previous
Next