This version simplifies the pairing of FortiAnalyzer and FortiGate by using certificate verification to allow the FortiGate admin to preauthorize access.
When configuring FortiAnalyzer in the root FortiGate, FortiGate has an option to allow FortiAnalyzer to access the FortiGate REST API. FortiGate verifies the FortiAnalyzer by retrieving the FortiAnalyzer serial number and checking it against the FortiAnalyzer certificate. After verification, the FortiAnalyzer serial number is stored in the FortiGate configuration.
Then on the FortiAnalyzer side, the admin authorizes FortiGates in the same Security Fabric. After authorization, the FortiGates can form a Security Fabric in the FortiAnalyzer side without entering the admin credentials of the root FortiGate.
To configure FortiAnalyzer in the root FortiGate GUI:
- Go to Security Fabric > Settings.
- Enable FortiGate Telemetry and configure settings.
To configure FortiAnalyzer in the root FortiGate CLI:
config log fortianalyzer setting set status enable set server "10.6.30.250" set certificate-verification enable set serial "FL-4HET318900407" set access-config enable set upload-option realtime set reliable enable end
To authorize FortiGates in the same Security Fabric using the FortiAnalyzer GUI:
- In FortiAnalyzer, go to Device Manager and select the FortiGates to be authorized.
- After a moment, the FortiGates can form a Security Fabric in the FortiAnalyzer without entering the admin credentials of the root FortiGate.
- Go to the FortiGate to see the FortiAnalyzer logging information.