Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Ports and Protocols

    Home FortiManager 6.4.0 Ports and Protocols
    6.4.0
    6.4.0
    6.2.0
    6.0.0

    FortiAnalyzer and FortiGuard

    FortiAnalyzer and FortiGuard

    FortiAnalyzer uses proprietary Fortinet protocols to communicate with FortiGuard to retrieve information for use by the FortiView and Reports modules. This section describes what FortiAnalyzer retrieves by using the different protocols and where the information is stored in FortiAnalyzer systems.

    Metadata

    FortiAnalyzer uses the fmupdate protocol to communicate with FortiGuard to get metadata updates for use by the FortiView and Reports modules. The following FortiAnalyzer metadata is updated:

    FortiAnalyzer Version

    What is Retrieved from FortiGuard

    FortiAnalyzer Storage Location
    TIDB (for indicators of compromise) /var/fds/vsig/0001000
    5.0.0, 5.2.0 and later app-ctrl /var/fds/vsig/05000000
    GeoIP /var/fds/vsig/05000000/IPGE00000

    IPS

    /var/fds/vsig/05000000/NIDS0220

    app-ctrl

    /var/fds/vsig/05000000/NIDS02300

    5.4.0 and later

    IPS

    /var/fds/vsig/05004000/NIDS02200

    app-ctrl

    /var/fds/vsig/05004000/NIDS02300

    6.0.0 and later

    FGT FortiFlowDB (for ISDB owner lookup)

    /var/fds/vsig/06000000/FFDB00305

    /var/fds/vsig/06000000/FFDB00405

    FortiClient

    FortiAnalyzer also uses the fmupdate protocol to communicate with FortiGuard to retrieve and store the following metadata for FortiClient in the Reports module:

    FortiAnalyzer Version

    What is Retrieved from FortiGuard

    FortiAnalyzer Storage Location

    5.6.0 and earlier

    		 FVDB /var/fct/vsig/05004000/FVDB01800/

    5.6.1 and later

    		 FVDB /var/fct/vsig/05004000/FVDB01800/

    Application icons and FortiGuard encryclopedia link prefixes

    FortiAnalyzer uses the fazcfgd protocol to communicate with FortiGuard to retrieve application icons and encryclopedia link prefixes for use by the FortiView and Reports modules. FortiAnalyzer retrieves the following information:

    What is Retrieved

    URL

    FortiAnalyzer Storage Location
    Encyclopedia link prefix https://productapi.fortinet.com/v1/fgd/prefixlinks /var/fgd_cache/encyclopedia_link_prefixes.json
    Application icons, sprite map files (small_sprite.png, sprite_map.css, webfilter_categories.json)

    Based on link prefix, for example, https://filestore.fortinet.com/fortiguard/app_logos96/small_sprite.png

    		/var/fgd_cache/

    FortiAnalyzer communicates with productapi.fortinet.com for the sprite map. The productapi.fortinet.com site resolves to an IP address of 96.45.36.123 or 208.91.114.142.

    Previous
    Next

    FortiAnalyzer and FortiGuard

    FortiAnalyzer and FortiGuard

    FortiAnalyzer uses proprietary Fortinet protocols to communicate with FortiGuard to retrieve information for use by the FortiView and Reports modules. This section describes what FortiAnalyzer retrieves by using the different protocols and where the information is stored in FortiAnalyzer systems.

    Metadata

    FortiAnalyzer uses the fmupdate protocol to communicate with FortiGuard to get metadata updates for use by the FortiView and Reports modules. The following FortiAnalyzer metadata is updated:

    FortiAnalyzer Version

    What is Retrieved from FortiGuard

    FortiAnalyzer Storage Location
    TIDB (for indicators of compromise) /var/fds/vsig/0001000
    5.0.0, 5.2.0 and later app-ctrl /var/fds/vsig/05000000
    GeoIP /var/fds/vsig/05000000/IPGE00000

    IPS

    /var/fds/vsig/05000000/NIDS0220

    app-ctrl

    /var/fds/vsig/05000000/NIDS02300

    5.4.0 and later

    IPS

    /var/fds/vsig/05004000/NIDS02200

    app-ctrl

    /var/fds/vsig/05004000/NIDS02300

    6.0.0 and later

    FGT FortiFlowDB (for ISDB owner lookup)

    /var/fds/vsig/06000000/FFDB00305

    /var/fds/vsig/06000000/FFDB00405

    FortiClient

    FortiAnalyzer also uses the fmupdate protocol to communicate with FortiGuard to retrieve and store the following metadata for FortiClient in the Reports module:

    FortiAnalyzer Version

    What is Retrieved from FortiGuard

    FortiAnalyzer Storage Location

    5.6.0 and earlier

    		 FVDB /var/fct/vsig/05004000/FVDB01800/

    5.6.1 and later

    		 FVDB /var/fct/vsig/05004000/FVDB01800/

    Application icons and FortiGuard encryclopedia link prefixes

    FortiAnalyzer uses the fazcfgd protocol to communicate with FortiGuard to retrieve application icons and encryclopedia link prefixes for use by the FortiView and Reports modules. FortiAnalyzer retrieves the following information:

    What is Retrieved

    URL

    FortiAnalyzer Storage Location
    Encyclopedia link prefix https://productapi.fortinet.com/v1/fgd/prefixlinks /var/fgd_cache/encyclopedia_link_prefixes.json
    Application icons, sprite map files (small_sprite.png, sprite_map.css, webfilter_categories.json)

    Based on link prefix, for example, https://filestore.fortinet.com/fortiguard/app_logos96/small_sprite.png

    		/var/fgd_cache/

    FortiAnalyzer communicates with productapi.fortinet.com for the sprite map. The productapi.fortinet.com site resolves to an IP address of 96.45.36.123 or 208.91.114.142.

    Previous
    Next