This feature adds the Policy Analyzer application as a management extension application (MEA).
Policy Analyzer MEA is an automated tool with a wizard. It works with Security Policies in learning mode from a managed FortiGate to analyze logs sent to FortiAnalyzer. Based on the analyzed traffic, administrators can choose to automatically create a policy block to:
- Block malicious traffic
- Allowed learned traffic - permissive mode
- Allowed learned traffic - restricted mode
A policy block is automatically created and inserted in the policy package, and the policy package is installed to the target FortiGate.
Policy Analyzer MEA is included with FortiManager and does not require a license.
By default, Policy Analyzer is disabled. You can enable Policy Analyzer by using the GUI or the CLI.
For information about minimum system resources recommended for FortiManager when using Policy Analyzer, see the FortiManager Release Notes.
For information about using Policy Analyzer, see the Policy Analyzer Administration Guide.
The following CLI commands are available for Policy Analyzer:
config system docker
diagnose docker status
diagnose docker upgrade policyanalyzer
This topic contains the following sections:
- On FortiManager, ensure you are logged in by using an administrator account that is assigned a Super_User profile.
- Go to Management Extensions, and click Policy Analyzer.
A confirmation dialog box is displayed.
- In the confirmation dialog box, click OK.
As long as FortiManager has access to the Internet, Policy Analyzer MEA is downloaded from the Fortinet registry (registry.fortinet.com). A progress bar displays under the Policy Analyzer tile.
After Policy Analyzer is downloaded, the Policy Analyzer tile is available.
- Click Policy Analyzer.
Policy Analyzer opens.
- Prepare to use Policy Analyzer MEA.
Before you can use Policy Analyzer MEA, you must complete some configuration on FortiGate, FortiAnalyzer, and FortiManager.
- On FortiGate, complete the following configuration:
- Set NFGW to policy-based.
- Configure a Security Policy with Learning Mode enabled.
- Enable logging to FortiAnalyzer.
For details, see Policy Analyzer Administration Guide > Configuring FortiGate.
- On FortiAnalyzer, complete the following configuration:
- Authorize logging from FortiGate.
- Ensure that the administrative account has JSON API access set to a minimum of READ to enable API communication between the products.
For details, see Policy Analyzer Administration Guide > Configuring FortiAnalyzer.
- On FortiManager, add the FortiGate for management.
For details, see Policy Analyzer Administration Guide > Configuring FortiManager.
After you have prepared to use Policy Analyzer MEA, you are ready to use the following Policy Analyzer MEA modes to create policies:
- Block malicious traffic. See Policy Analyzer Administration Guide > Blocking malicious traffic.
- Allow learned traffic with permissive mode. See Policy Analyzer Administration Guide > Allowing learned traffic with permissive mode.
- Allow learned traffic with restricted mode. See Policy Analyzer Administration Guide > Allowing learned traffic with restrictive mode.