FortiAnalyzer is a required component for the Security Fabric. In 6.4.4 and later, either FortiAnalyzer or FortiAnalyzer Cloud can be used to meet this requirement. FortiAnalyzer allows the Security Fabric to show historical data for the Security Fabric topology and logs for the entire Security Fabric.
For more information about using FortiAnalyzer, see the FortiAnalyzer Administration Guide.
FortiAnalyzer 7.0.1 is required for this configuration example.
- In FortiAnalyzer, configure the authorization address and port:
- Go to System Settings > Admin > Admin Settings.
- In the Fabric Authorization section, enter an Authorization Address and Authorization Port. This is used to access the FortiAnalyzer login screen.
- Click Apply.
- In FortiOS, go to Security Fabric > Fabric Connectors and double-click the FortiAnalyzer Logging card.
- Enter the FortiAnalyzer IP.
- Click OK. The FortiAnalyzer Status (in the right-side gutter) is Unauthorized.
- Click Authorize. You are redirected to a login screen.
- Enter the username and password, then click Login.
The authorization dialog opens.
- Select Approve and click OK to authorize the FortiGate.
- In FortiOS, refresh the FortiAnalyzer Logging page. The FortiAnalyzer Status is Authorized.
FortiGates running version 6.4.4. or later, with a FortiCloud Premium subscription (AFAC) for Cloud-based Central Logging & Analytics, can send traffic logs to FortiAnalyzer Cloud in addition to UTM logs and event logs. After the Premium subscription is registered through FortiCare, FortiGuard will verify the purchase and authorize the AFAC contract. Once the contract is verified, FortiGuard will deliver the contract to FortiGate.
FortiGates with a Standard FortiAnalyzer Cloud subscription (FAZC) can only send UTM and event logs. FortiGates with a Premium subscription will send the UTM and event logs even if the Standard subscription has expired.
For information about cloud logging, see FortiAnalyzer Cloud service
FortiAnalyzer Cloud does not support DLP/IPS archives at this time.
# diagnose test update info
AFAC fields display the subscription expiration date. The
Support contract field displays the FortiCare account information. The
User ID field displays the ID for FortiAnalyzer-Cloud instance.
FAZC,Tue Sep 24 16:00:00 2030
AFAC,Mon Nov 29 16:00:00 2021
Support contract: pending_registration=255 got_contract_info=1
account_id=[****@fortinet.com] company=[Fortinet] industry=[Technology]
User ID: 979090