FortiAnalyzer is a required component for the Security Fabric. In 6.4.4 and above, either FortiAnalyzer or FortiAnalyzer Cloud can be used to meet this requirement. FortiAnalyzer allows the Security Fabric to show historical data for the Security Fabric topology and logs for the entire Security Fabric.
For more information about using FortiAnalyzer, see the FortiAnalyzer Administration Guide.
- Enable FortiAnalyzer Logging on the root FortiGate. See Configure the root FortiGate.
- On the FortiAnalyzer, go to System Settings > Network and click All Interfaces.
- Edit the port that connects to the root FortiGate.
- Set the IP Address/Netmask to the IP address that is used for the Security Fabric on the root FortiGate.
- Click OK.
If the FortiGates have already been configured, it will now be listed as an unauthorized device.
- Go to Device Manager > Devices Unauthorized. The unauthorized FortiGate devices are listed.
- Select the root FortiGate and downstream FortiGate devices in the list, then click Authorize. The Authorize Device page opens.
- Click OK to authorize the selected devices.
- On the FortiGate devices, go to Security Fabric > Fabric Connectors and double-click the FortiAnalyzer Logging card. The page will now show the ADOM on the FortiAnalyzer that the FortiGate is in, and the storage, analytics, and archive usage.
FortiGates running version 6.4.4. or later, with a FortiCloud Premium subscription (AFAC) for Cloud-based Central Logging & Analytics, can send traffic logs to FortiAnalyzer Cloud in addition to UTM logs and event logs. After the Premium subscription is registered through FortiCare, FortiGuard will verify the purchase and authorize the AFAC contract. Once the contract is verified, FortiGuard will deliver the contract to FortiGate.
FortiGates with a Standard FortiAnalyzer Cloud subscription (FAZC) can only send UTM and event logs. FortiGates with a Premium subscription will send the UTM and event logs even if the Standard subscription has expired.
For information about cloud logging, see FortiAnalyzer Cloud service
FortiAnalyzer Cloud does not support DLP/IPS archives at this time.
# diagnose test update info
AFAC fields display the subscription expiration date. The
Support contract field displays the FortiCare account information. The
User ID field displays the ID for FortiAnalyzer-Cloud instance.
FAZC,Tue Sep 24 16:00:00 2030
AFAC,Mon Nov 29 16:00:00 2021
Support contract: pending_registration=255 got_contract_info=1
account_id=[****@fortinet.com] company=[Fortinet] industry=[Technology]
User ID: 979090