Fortinet black logo

New Features

One FortiAnalyzer can be shared across multiple FortiManager ADOMs

Copy Link
Copy Doc ID 722c6141-8e83-11ec-9fd1-fa163e15d75b:244000
Download PDF

One FortiAnalyzer can be shared across multiple FortiManager ADOMs

One FortiAnalyzer can be shared across multiple FortiManager ADOMs. While users can see FortiAnalyzer data only from the ADOM they have been assigned to.

Topology

The scenarios provided below use the following topology which includes three FortiManager ADOMs, and two FortiAnalyzer devices.

  • FortiManager ADOM-1 manages FortiAnalyzer device 1.
  • FortiManager ADOM-2 manages FortiAnalyzer device 1.
  • FortiManager ADOM-3 manages FortiAnalyzer device 2.

Each ADOM has a unique administrator assigned to manage that ADOM. Each administrator can only view their associated ADOM.

Scenario one: Manage one FortiAnalyzer in multiple ADOMs

In this example scenario, one FortiAnalyzer device is being managed in two separate FortiManager ADOMs: ADOM-1 and ADOM-2.

Each ADOM has an administrator who is only able to access that ADOM. "User1" can access and manage ADOM-1, and "user2" can access and manage ADOM-2.

To configure a managed FortiAnalyzer to serve multiple FortiManager ADOMs:
  1. Add the FortiAnalyzer as a managed device on FortiManager ADOM-1:
    1. In FortiManager, enter ADOM-1.
    2. Go to Device Manager, and click Add Device > Add FortiAnalyzer to add the managed FortiAnalyzer.
      The Add FortiAnalyzer dialog window displays.
      1. Enter the IP and login credentials of the FortiAnalyzer device, and click Next.
      2. The dialog displays information discovered from the FortiAnalyzer, including the device name. Click Next.
      3. Click Synchronize ADOM and Devices. After the ADOM and devices are synchronized, the FortiAnalyzer is added to ADOM-1 successfully.
      4. The FortiAnalyzer device can be found under the Managed FortiAnalyzer device group in ADOM-1. You can edit the FortiAnalyzer to view device information.
  2. Add the FortiAnalyzer as a managed device on FortiManager ADOM-2:
    1. In FortiManager, enter ADOM-2.
    2. Go to Device Manager, and click Add Device > Add FortiAnalyzer.
      The Add FortiAnalyzer dialog window displays.
      1. Click the Add Existing FortiAnalyzer tab in the dialog window.
      2. Select the desired FortiAnalyzer from the list of available devices in the Select FortiAnalyzer dropdown list, and click Next.

      3. FortiManager will retrieve information from the device database and display it. Click Next.
      4. Click Synchronize ADOM and Devices. After the ADOM and devices are synchronized, the FortiAnalyzer is added to ADOM-2 successfully.
      5. The same FortiAnalyzer device can be found under the Managed FortiAnalyzer device group in ADOM-2.
  3. Log in to FortiManager with ADOM-1 administrator "User1". In this example scenario, User1 is only allowed to access ADOM-1. When User1 views FortiAnalyzer data, they are only able to see the data related to ADOM-1 devices.
  4. Log in to FortiManager with ADOM-2 administrator "User2". In this example scenario, User2 is only allowed to access ADOM-2. When User2 views FortiAnalyzer data, they are only able to see the data related to ADOM-2 devices.

Scenario two: Manage a second FortiAnalyzer in a new ADOM

FortiManager can also manage multiple FortiAnalyzer devices in different ADOMs. For example, after one FortiAnalyzer is added to FortiManager ADOM-1 and ADOM-2, a second FortiAnalyzer can be added to ADOM-3.

In this scenario, a second FortiAnalyzer is added to FortiManager ADOM-3, and can be accessed by administrator "user3".

To manage a second FortiAnalyzer device in FortiManager:
  1. Add a second FortiAnalyzer as a managed device on FortiManager ADOM-3:
    1. In FortiManager, enter ADOM-3.
    2. Go to Device Manager, and click Add Device > Add FortiAnalyzer to add the managed FortiAnalyzer.
      The Add FortiAnalyzer dialog window displays.
      1. Enter the IP and login credentials of the second FortiAnalyzer device, and click Next.
      2. The dialog displays information discovered from the FortiAnalyzer, including the device name. Click Next.
      3. Click Synchronize ADOM and Devices. After the ADOM and devices are synchronized, the FortiAnalyzer is added to ADOM-3 successfully.
      4. The FortiAnalyzer device can be found under the Managed FortiAnalyzer device group in ADOM-3. You can edit the FortiAnalyzer to view device information.
  2. Log in to FortiManager with ADOM-3 administrator "User3". In this example scenario, User3 is only allowed to access ADOM-3. When User3 views FortiAnalyzer data, they are only able to see the data related to ADOM-3 devices.

One FortiAnalyzer can be shared across multiple FortiManager ADOMs

One FortiAnalyzer can be shared across multiple FortiManager ADOMs. While users can see FortiAnalyzer data only from the ADOM they have been assigned to.

Topology

The scenarios provided below use the following topology which includes three FortiManager ADOMs, and two FortiAnalyzer devices.

  • FortiManager ADOM-1 manages FortiAnalyzer device 1.
  • FortiManager ADOM-2 manages FortiAnalyzer device 1.
  • FortiManager ADOM-3 manages FortiAnalyzer device 2.

Each ADOM has a unique administrator assigned to manage that ADOM. Each administrator can only view their associated ADOM.

Scenario one: Manage one FortiAnalyzer in multiple ADOMs

In this example scenario, one FortiAnalyzer device is being managed in two separate FortiManager ADOMs: ADOM-1 and ADOM-2.

Each ADOM has an administrator who is only able to access that ADOM. "User1" can access and manage ADOM-1, and "user2" can access and manage ADOM-2.

To configure a managed FortiAnalyzer to serve multiple FortiManager ADOMs:
  1. Add the FortiAnalyzer as a managed device on FortiManager ADOM-1:
    1. In FortiManager, enter ADOM-1.
    2. Go to Device Manager, and click Add Device > Add FortiAnalyzer to add the managed FortiAnalyzer.
      The Add FortiAnalyzer dialog window displays.
      1. Enter the IP and login credentials of the FortiAnalyzer device, and click Next.
      2. The dialog displays information discovered from the FortiAnalyzer, including the device name. Click Next.
      3. Click Synchronize ADOM and Devices. After the ADOM and devices are synchronized, the FortiAnalyzer is added to ADOM-1 successfully.
      4. The FortiAnalyzer device can be found under the Managed FortiAnalyzer device group in ADOM-1. You can edit the FortiAnalyzer to view device information.
  2. Add the FortiAnalyzer as a managed device on FortiManager ADOM-2:
    1. In FortiManager, enter ADOM-2.
    2. Go to Device Manager, and click Add Device > Add FortiAnalyzer.
      The Add FortiAnalyzer dialog window displays.
      1. Click the Add Existing FortiAnalyzer tab in the dialog window.
      2. Select the desired FortiAnalyzer from the list of available devices in the Select FortiAnalyzer dropdown list, and click Next.

      3. FortiManager will retrieve information from the device database and display it. Click Next.
      4. Click Synchronize ADOM and Devices. After the ADOM and devices are synchronized, the FortiAnalyzer is added to ADOM-2 successfully.
      5. The same FortiAnalyzer device can be found under the Managed FortiAnalyzer device group in ADOM-2.
  3. Log in to FortiManager with ADOM-1 administrator "User1". In this example scenario, User1 is only allowed to access ADOM-1. When User1 views FortiAnalyzer data, they are only able to see the data related to ADOM-1 devices.
  4. Log in to FortiManager with ADOM-2 administrator "User2". In this example scenario, User2 is only allowed to access ADOM-2. When User2 views FortiAnalyzer data, they are only able to see the data related to ADOM-2 devices.

Scenario two: Manage a second FortiAnalyzer in a new ADOM

FortiManager can also manage multiple FortiAnalyzer devices in different ADOMs. For example, after one FortiAnalyzer is added to FortiManager ADOM-1 and ADOM-2, a second FortiAnalyzer can be added to ADOM-3.

In this scenario, a second FortiAnalyzer is added to FortiManager ADOM-3, and can be accessed by administrator "user3".

To manage a second FortiAnalyzer device in FortiManager:
  1. Add a second FortiAnalyzer as a managed device on FortiManager ADOM-3:
    1. In FortiManager, enter ADOM-3.
    2. Go to Device Manager, and click Add Device > Add FortiAnalyzer to add the managed FortiAnalyzer.
      The Add FortiAnalyzer dialog window displays.
      1. Enter the IP and login credentials of the second FortiAnalyzer device, and click Next.
      2. The dialog displays information discovered from the FortiAnalyzer, including the device name. Click Next.
      3. Click Synchronize ADOM and Devices. After the ADOM and devices are synchronized, the FortiAnalyzer is added to ADOM-3 successfully.
      4. The FortiAnalyzer device can be found under the Managed FortiAnalyzer device group in ADOM-3. You can edit the FortiAnalyzer to view device information.
  2. Log in to FortiManager with ADOM-3 administrator "User3". In this example scenario, User3 is only allowed to access ADOM-3. When User3 views FortiAnalyzer data, they are only able to see the data related to ADOM-3 devices.