Fortinet black logo

Cookbook

Configuring FortiAnalyzer

Copy Link
Copy Doc ID af0e75e9-211f-11ea-9384-00505692583a:712303
Download PDF

Configuring FortiAnalyzer

FortiAnalyzer is a required component for the Security Fabric. It allows the Security Fabric to show historical data for the Security Fabric topology and logs for the entire Security Fabric.

For more information about using FortiAnalyzer, see the FortiAnalyzer Administration Guide.

To connect a FortiAnalyzer to the Security Fabric:
  1. Enable FortiAnalyzer Logging on the root FortiGate. See Configure the root FortiGate.
  2. On the FortiAnalyzer, go to System Settings > Network and click All Interfaces.
  3. Edit the port that connects to the root FortiGate.
  4. Set the IP Address/Netmask to the IP address that is used for the Security Fabric on the root FortiGate.

  5. Click OK.

    If the FortiGates have already been configured, it will now be listed as an unauthorized device.

  6. Go to Device Manager > Devices Unauthorized. The unauthorized FortiGate devices are listed.

  7. Select the root FortiGate and downstream FortiGate devices in the list, then click Authorize. The Authorize Device page opens.
  8. Click OK to authorize the selected devices.

    On the FortiGate devices, the FortiAnalyzer Logging section on the Security Fabric > Settings page will now show the ADOM on the FortiAnalyzer that the FortiGate is in, and the storage, analytics, and archive usage.

Configuring FortiAnalyzer

FortiAnalyzer is a required component for the Security Fabric. It allows the Security Fabric to show historical data for the Security Fabric topology and logs for the entire Security Fabric.

For more information about using FortiAnalyzer, see the FortiAnalyzer Administration Guide.

To connect a FortiAnalyzer to the Security Fabric:
  1. Enable FortiAnalyzer Logging on the root FortiGate. See Configure the root FortiGate.
  2. On the FortiAnalyzer, go to System Settings > Network and click All Interfaces.
  3. Edit the port that connects to the root FortiGate.
  4. Set the IP Address/Netmask to the IP address that is used for the Security Fabric on the root FortiGate.

  5. Click OK.

    If the FortiGates have already been configured, it will now be listed as an unauthorized device.

  6. Go to Device Manager > Devices Unauthorized. The unauthorized FortiGate devices are listed.

  7. Select the root FortiGate and downstream FortiGate devices in the list, then click Authorize. The Authorize Device page opens.
  8. Click OK to authorize the selected devices.

    On the FortiGate devices, the FortiAnalyzer Logging section on the Security Fabric > Settings page will now show the ADOM on the FortiAnalyzer that the FortiGate is in, and the storage, analytics, and archive usage.