Fortinet black logo

Cookbook

Allowing Branch to access the FortiAnalyzer

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:788845
Download PDF

Allowing Branch to access the FortiAnalyzer

  1. On Branch, go to Policy & Objects > Addresses and create an address for the FortiAnalyzer.

    Enable Static Route Configuration.

  2. Go to VPN > IPsec Tunnels and create a Phase 2 to allow traffic between the Branch tunnel interface and the FortiAnalyzer.

  3. Go to Network > Static Routes and create a route to the FortiAnalyzer.

  4. On External, go to Policy & Objects > Addresses and create an address for the FortiAnalyzer.

  5. Go to VPN > IPsec Tunnels and create a Phase 2 to allow traffic between the FortiAnalyzer and the Branch tunnel interface.

  6. Go to Policy & Objects > IPv4 Policy and create a policy to allow traffic from the VPN tunnel to the FortiAnalyzer.

    Enable NAT for this policy.

  7. On Branch, go to Security Fabric > Settings.

    In the FortiAnalyzer Logging section, an error appears because Branch is not yet authorized on the FortiAnalyzer.

  8. On the FortiAnalyzer, go to Device Manager > Unregistered.

    Select Branch and then select +Add to register Branch.

  9. Branch now appears as Registered.

Allowing Branch to access the FortiAnalyzer

  1. On Branch, go to Policy & Objects > Addresses and create an address for the FortiAnalyzer.

    Enable Static Route Configuration.

  2. Go to VPN > IPsec Tunnels and create a Phase 2 to allow traffic between the Branch tunnel interface and the FortiAnalyzer.

  3. Go to Network > Static Routes and create a route to the FortiAnalyzer.

  4. On External, go to Policy & Objects > Addresses and create an address for the FortiAnalyzer.

  5. Go to VPN > IPsec Tunnels and create a Phase 2 to allow traffic between the FortiAnalyzer and the Branch tunnel interface.

  6. Go to Policy & Objects > IPv4 Policy and create a policy to allow traffic from the VPN tunnel to the FortiAnalyzer.

    Enable NAT for this policy.

  7. On Branch, go to Security Fabric > Settings.

    In the FortiAnalyzer Logging section, an error appears because Branch is not yet authorized on the FortiAnalyzer.

  8. On the FortiAnalyzer, go to Device Manager > Unregistered.

    Select Branch and then select +Add to register Branch.

  9. Branch now appears as Registered.