Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.2.4 Administration Guide

Configuring FortiAnalyzer

7.2.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
Copy Link
Copy Doc ID 541164a8-66d4-11ed-96f0-fa163e15d75b:712303
Download PDF

Configuring FortiAnalyzer

FortiAnalyzer allows the Security Fabric to show historical data for the Security Fabric topology and logs for the entire Security Fabric. For more information about using FortiAnalyzer, see the FortiAnalyzer Administration Guide.

To authorize a FortiAnalyzer in the Security Fabric:
  1. In FortiAnalyzer, configure the authorization address and port:
    1. Go to System Settings > Admin > Admin Settings.
    2. In the Fabric Authorization section, enter an Authorization Address and Authorization Port. This is used to access the FortiAnalyzer login screen.

    3. Click Apply.
  2. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Logging & Analytics card.
  3. Select the Settings tab, select the FortiAnalyzer tab, and set the Status to Enabled.
  4. Enter the FortiAnalyzer IP in the Server field.
  5. Optionally, configure the remaining log settings:

    Upload option

    Select the frequency of log uploads to the remote device:

    • Real Time: logs are sent to the remote device in real time.

    • Every Minute: logs are sent to the remote device once every minute. This option is unavailable if the Security Fabric connection is configured.

    • Every 5 Minutes: logs are sent to the remote device once every five minutes. This is the default option. This option is unavailable if the Security Fabric connection is configured.

    • store-and-upload: store logs to a local disk before uploading to FortiAnalyzer or FortiManager at a scheduled time. This option is only available in the CLI.

    Allow access to FortiGate REST API

    Define access to FortiGate REST API:

    • Enable: the REST API accesses the FortiGate topology and shares data and results.

    • Disable: the REST API does not share data and results.

    Verify FortiAnalyzer certificate

    Define the FortiAnalyzer certificate verification process:

    • Enable: the FortiGate will verify the FortiAnalyzer serial number against the FortiAnalyzer certificate. When verified, the serial number is stored in the FortiGate configuration.

    • Disable: the FortiGate will not verify the FortiAnalyzer certificate against the serial number.

  6. Click OK. The FortiAnalyzer Connection status is Unauthorized.

  7. Click Authorize. You are redirected to a login screen.
  8. Enter the username and password, then click Login.

    The authorization dialog opens.

  9. Select Approve and click OK to authorize the FortiGate.

  10. In FortiOS, refresh the FortiAnalyzer page. The Connection status is Authorized.

Note

FortiGates with a FortiAnalyzer Cloud license can send all logs to FortiAnalyzer Cloud.
Previous
Next

More Links

Fortinet Security Fabric

Configuring FortiAnalyzer

FortiAnalyzer allows the Security Fabric to show historical data for the Security Fabric topology and logs for the entire Security Fabric. For more information about using FortiAnalyzer, see the FortiAnalyzer Administration Guide.

To authorize a FortiAnalyzer in the Security Fabric:
  1. In FortiAnalyzer, configure the authorization address and port:
    1. Go to System Settings > Admin > Admin Settings.
    2. In the Fabric Authorization section, enter an Authorization Address and Authorization Port. This is used to access the FortiAnalyzer login screen.

    3. Click Apply.
  2. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Logging & Analytics card.
  3. Select the Settings tab, select the FortiAnalyzer tab, and set the Status to Enabled.
  4. Enter the FortiAnalyzer IP in the Server field.
  5. Optionally, configure the remaining log settings:

    Upload option

    Select the frequency of log uploads to the remote device:

    • Real Time: logs are sent to the remote device in real time.

    • Every Minute: logs are sent to the remote device once every minute. This option is unavailable if the Security Fabric connection is configured.

    • Every 5 Minutes: logs are sent to the remote device once every five minutes. This is the default option. This option is unavailable if the Security Fabric connection is configured.

    • store-and-upload: store logs to a local disk before uploading to FortiAnalyzer or FortiManager at a scheduled time. This option is only available in the CLI.

    Allow access to FortiGate REST API

    Define access to FortiGate REST API:

    • Enable: the REST API accesses the FortiGate topology and shares data and results.

    • Disable: the REST API does not share data and results.

    Verify FortiAnalyzer certificate

    Define the FortiAnalyzer certificate verification process:

    • Enable: the FortiGate will verify the FortiAnalyzer serial number against the FortiAnalyzer certificate. When verified, the serial number is stored in the FortiGate configuration.

    • Disable: the FortiGate will not verify the FortiAnalyzer certificate against the serial number.

  6. Click OK. The FortiAnalyzer Connection status is Unauthorized.

  7. Click Authorize. You are redirected to a login screen.
  8. Enter the username and password, then click Login.

    The authorization dialog opens.

  9. Select Approve and click OK to authorize the FortiGate.

  10. In FortiOS, refresh the FortiAnalyzer page. The Connection status is Authorized.

Note

FortiGates with a FortiAnalyzer Cloud license can send all logs to FortiAnalyzer Cloud.
Previous
Next