Fortinet black logo

Ports and Protocols

Home FortiManager 6.4.0 Ports and Protocols

FortiAnalyzer and FortiGuard

6.4.0
6.4.0
6.2.0
6.0.0
Copy Link
Copy Doc ID afaba801-7883-11eb-9995-00505692583a:125028
Download PDF

FortiAnalyzer and FortiGuard

FortiAnalyzer uses proprietary Fortinet protocols to communicate with FortiGuard to retrieve information for use by the FortiView and Reports modules. This section describes what FortiAnalyzer retrieves by using the different protocols and where the information is stored in FortiAnalyzer systems.

Metadata

FortiAnalyzer uses the fmupdate protocol to communicate with FortiGuard to get metadata updates for use by the FortiView and Reports modules. The following FortiAnalyzer metadata is updated:

FortiAnalyzer Version

What is Retrieved from FortiGuard

FortiAnalyzer Storage Location
TIDB (for indicators of compromise) /var/fds/vsig/0001000
5.0.0, 5.2.0 and later app-ctrl /var/fds/vsig/05000000
GeoIP /var/fds/vsig/05000000/IPGE00000

IPS

/var/fds/vsig/05000000/NIDS0220

app-ctrl

/var/fds/vsig/05000000/NIDS02300

5.4.0 and later

IPS

/var/fds/vsig/05004000/NIDS02200

app-ctrl

/var/fds/vsig/05004000/NIDS02300

6.0.0 and later

FGT FortiFlowDB (for ISDB owner lookup)

/var/fds/vsig/06000000/FFDB00305

/var/fds/vsig/06000000/FFDB00405

FortiClient

FortiAnalyzer also uses the fmupdate protocol to communicate with FortiGuard to retrieve and store the following metadata for FortiClient in the Reports module:

FortiAnalyzer Version

What is Retrieved from FortiGuard

FortiAnalyzer Storage Location

5.6.0 and earlier

 FVDB /var/fct/vsig/05004000/FVDB01800/

5.6.1 and later

 FVDB /var/fct/vsig/05004000/FVDB01800/

Application icons and FortiGuard encryclopedia link prefixes

FortiAnalyzer uses the fazcfgd protocol to communicate with FortiGuard to retrieve application icons and encryclopedia link prefixes for use by the FortiView and Reports modules. FortiAnalyzer retrieves the following information:

What is Retrieved

URL

FortiAnalyzer Storage Location
Encyclopedia link prefix https://productapi.fortinet.com/v1/fgd/prefixlinks /var/fgd_cache/encyclopedia_link_prefixes.json
Application icons, sprite map files (small_sprite.png, sprite_map.css, webfilter_categories.json)

Based on link prefix, for example, https://filestore.fortinet.com/fortiguard/app_logos96/small_sprite.png

/var/fgd_cache/

FortiAnalyzer communicates with productapi.fortinet.com for the sprite map. The productapi.fortinet.com site resolves to an IP address of 96.45.36.123 or 208.91.114.142.

Previous
Next

FortiAnalyzer and FortiGuard

FortiAnalyzer uses proprietary Fortinet protocols to communicate with FortiGuard to retrieve information for use by the FortiView and Reports modules. This section describes what FortiAnalyzer retrieves by using the different protocols and where the information is stored in FortiAnalyzer systems.

Metadata

FortiAnalyzer uses the fmupdate protocol to communicate with FortiGuard to get metadata updates for use by the FortiView and Reports modules. The following FortiAnalyzer metadata is updated:

FortiAnalyzer Version

What is Retrieved from FortiGuard

FortiAnalyzer Storage Location
TIDB (for indicators of compromise) /var/fds/vsig/0001000
5.0.0, 5.2.0 and later app-ctrl /var/fds/vsig/05000000
GeoIP /var/fds/vsig/05000000/IPGE00000

IPS

/var/fds/vsig/05000000/NIDS0220

app-ctrl

/var/fds/vsig/05000000/NIDS02300

5.4.0 and later

IPS

/var/fds/vsig/05004000/NIDS02200

app-ctrl

/var/fds/vsig/05004000/NIDS02300

6.0.0 and later

FGT FortiFlowDB (for ISDB owner lookup)

/var/fds/vsig/06000000/FFDB00305

/var/fds/vsig/06000000/FFDB00405

FortiClient

FortiAnalyzer also uses the fmupdate protocol to communicate with FortiGuard to retrieve and store the following metadata for FortiClient in the Reports module:

FortiAnalyzer Version

What is Retrieved from FortiGuard

FortiAnalyzer Storage Location

5.6.0 and earlier

 FVDB /var/fct/vsig/05004000/FVDB01800/

5.6.1 and later

 FVDB /var/fct/vsig/05004000/FVDB01800/

Application icons and FortiGuard encryclopedia link prefixes

FortiAnalyzer uses the fazcfgd protocol to communicate with FortiGuard to retrieve application icons and encryclopedia link prefixes for use by the FortiView and Reports modules. FortiAnalyzer retrieves the following information:

What is Retrieved

URL

FortiAnalyzer Storage Location
Encyclopedia link prefix https://productapi.fortinet.com/v1/fgd/prefixlinks /var/fgd_cache/encyclopedia_link_prefixes.json
Application icons, sprite map files (small_sprite.png, sprite_map.css, webfilter_categories.json)

Based on link prefix, for example, https://filestore.fortinet.com/fortiguard/app_logos96/small_sprite.png

/var/fgd_cache/

FortiAnalyzer communicates with productapi.fortinet.com for the sprite map. The productapi.fortinet.com site resolves to an IP address of 96.45.36.123 or 208.91.114.142.

Previous
Next