Fortinet white logo
Fortinet white logo

Administration Guide

Adding FortiAnalyzer devices using the wizard

Adding FortiAnalyzer devices using the wizard

If the FortiAnalyzer or FortiAnalyzer BigData device is receiving logs from devices that are not managed by FortiManager, the wizard requires you to add the devices to FortiManager by typing the IP address and login credentials for each device. Ensure that you have the IP addresses and login credentials for each device before you start the wizard.

The Add FortiAnalyzer option is hidden when you cannot add a FortiAnalyzer unit to the FortiManager unit. For example, the Add FortiAnalyzer option is hidden if you have already added a FortiAnalyzer unit to the FortiManager unit (when ADOMs are disabled) or to the ADOM (when ADOMs are enabled). You also cannot add a FortiAnalyzer unit when you have enabled FortiAnalyzer features for the FortiManager unit.

FortiManager supports adding FortiAnalyzer BigData-VM and FortiAnalyzer BigData 4500F units.

FortiManager and FortiAnalyzer must be running 5.6 or later, and the versions must be the same on both devices.

After completing the wizard, ensure that you enable logging on the devices, so the managed FortiAnalyzer can receive logs from the devices. You can enable logging by using the log settings in a system template. See System templates.

Add a new FortiAnalyzer or FortiAnalyzer BigData using the wizard
To add a FortiAnalyzer device using the wizard:
  1. Confirm that the FortiAnalyzer device supports the number of devices managed by FortiManager.
    • If ADOMs are disabled, ensure that the FortiAnalyzer device limit is equal to or greater than the number of devices managed by FortiManager.
    • If ADOMs are enabled, ensure that the FortiAnalyzer device limit is equal to or greater than the number of devices in the ADOM.
  2. If ADOMs are enabled, select the ADOM to which you want to add the device.
  3. Go to Device Manager > Device & Groups.
  4. Click the Add Device dropdown and select Add FortiAnalyzer. The wizard opens.

    The Add FortiAnalyzer option is hidden if you've already added a FortiAnalyzer device.

  5. Use the Add New FortiAnalyzer tab to add new FortiAnalyzer devices to FortiManager.
    When adding a FortiAnalyzer device that is already being managed on another ADOM in FortiManager, select the Add Existing FortiAnalyzer option. See Add an existing FortiAnalyzer using the wizard.
  6. Toggle Use legacy device login to ON.

    The User Name and Password boxes are displayed.

  7. Type the IP address, user name, and password for the device, then click Next.

    FortiManager probes the IP address on your network to discover FortiAnalyzer device details, including:

    • IP address
    • Host name
    • Serial number
    • Device model
    • Firmware version (build)
    • High Availability status
    • Administrator user name

  8. Configure the following settings if desired, and click Next:
    NameType a unique name for the device. The device name cannot contain spaces or special characters (optional).
    DescriptionType a description of the device (optional).

    The wizard performs the following tasks:

    • Compares the ADOM name and configuration as well as devices between FortiAnalyzer and FortiManager
    • Verifies the devices in the Device Manager pane for FortiAnalyzer with the devices in the Device Manager pane for FortiManager

    If any discrepancies are found, information is displayed in the Status column, and you can resolve the discrepancies by clicking the Synchronize ADOM and Devices button.

    The following table describes the different statuses:

    StatusDescription

    FMG Only

    The device was located in FortiManager, but not FortiAnalyzer. If you proceed with the wizard, the device will be added to FortiAnalyzer too.

    FAZ Only

    The device was located in FortiAnalyzer, but not FortiManager. If you proceed with the wizard, the device will be added to FortiManager too. The login and password for the device is required to complete the wizard.

    Sync

    The device was located in both FortiAnalyzer and FortiManager without any differences, and the wizard will synchronize the device between FortiManager and FortiAnalyzer.

    Mismatched

    The device was located in both FortiAnalyzer and FortiManager with some differences, and the wizard will synchronize the device settings between FortiManager and FortiAnalyzer to remove the differences.

    If the FortiManager ADOM does not exist on the FortiAnalyzer device, a warning is displayed. You can add the ADOM and devices to FortiAnalyzer by clicking the Synchronize ADOM and Devices button.

  9. Click Synchronize ADOM and Devices to continue.
    1. If you are synchronizing devices from FortiAnalyzer to FortiManager, type the IP address and login for each device, and click OK to synchronize the devices.
    2. After the devices successfully synchronize, click OK to continue.

    The devices, ADOM name, and ADOM version are synchronized between FortiAnalyzer and FortiManager.

  10. Click Finish to close the wizard.

    The FortiAnalyzer device is displayed on the Device Manager pane as a Managed FortiAnalyzer, and FortiAnalyzer features are enabled.

Add an existing FortiAnalyzer using the wizard
To add an existing FortiAnalyzer device to a new ADOM:
  1. Confirm that the FortiAnalyzer device supports the number of devices managed by FortiManager.
  2. Select the ADOM to which you want to add the device.
  3. Go to Device Manager > Device & Groups.
  4. Click the Add Device dropdown and select Add FortiAnalyzer. The wizard opens.
  5. Click the Add Existing FortiAnalyzer tab, and select the existing FortiAnalyzer from the dropdown.
    FortiManager retrieves the device details from the local database.
  6. Click Synchronize ADOM and Devices to continue.
    The devices, ADOM name, and ADOM version are synchronized between FortiAnalyzer and FortiManager.
  7. Click Finish to close the wizard.

Adding FortiAnalyzer devices using the wizard

Adding FortiAnalyzer devices using the wizard

If the FortiAnalyzer or FortiAnalyzer BigData device is receiving logs from devices that are not managed by FortiManager, the wizard requires you to add the devices to FortiManager by typing the IP address and login credentials for each device. Ensure that you have the IP addresses and login credentials for each device before you start the wizard.

The Add FortiAnalyzer option is hidden when you cannot add a FortiAnalyzer unit to the FortiManager unit. For example, the Add FortiAnalyzer option is hidden if you have already added a FortiAnalyzer unit to the FortiManager unit (when ADOMs are disabled) or to the ADOM (when ADOMs are enabled). You also cannot add a FortiAnalyzer unit when you have enabled FortiAnalyzer features for the FortiManager unit.

FortiManager supports adding FortiAnalyzer BigData-VM and FortiAnalyzer BigData 4500F units.

FortiManager and FortiAnalyzer must be running 5.6 or later, and the versions must be the same on both devices.

After completing the wizard, ensure that you enable logging on the devices, so the managed FortiAnalyzer can receive logs from the devices. You can enable logging by using the log settings in a system template. See System templates.

Add a new FortiAnalyzer or FortiAnalyzer BigData using the wizard
To add a FortiAnalyzer device using the wizard:
  1. Confirm that the FortiAnalyzer device supports the number of devices managed by FortiManager.
    • If ADOMs are disabled, ensure that the FortiAnalyzer device limit is equal to or greater than the number of devices managed by FortiManager.
    • If ADOMs are enabled, ensure that the FortiAnalyzer device limit is equal to or greater than the number of devices in the ADOM.
  2. If ADOMs are enabled, select the ADOM to which you want to add the device.
  3. Go to Device Manager > Device & Groups.
  4. Click the Add Device dropdown and select Add FortiAnalyzer. The wizard opens.

    The Add FortiAnalyzer option is hidden if you've already added a FortiAnalyzer device.

  5. Use the Add New FortiAnalyzer tab to add new FortiAnalyzer devices to FortiManager.
    When adding a FortiAnalyzer device that is already being managed on another ADOM in FortiManager, select the Add Existing FortiAnalyzer option. See Add an existing FortiAnalyzer using the wizard.
  6. Toggle Use legacy device login to ON.

    The User Name and Password boxes are displayed.

  7. Type the IP address, user name, and password for the device, then click Next.

    FortiManager probes the IP address on your network to discover FortiAnalyzer device details, including:

    • IP address
    • Host name
    • Serial number
    • Device model
    • Firmware version (build)
    • High Availability status
    • Administrator user name

  8. Configure the following settings if desired, and click Next:
    NameType a unique name for the device. The device name cannot contain spaces or special characters (optional).
    DescriptionType a description of the device (optional).

    The wizard performs the following tasks:

    • Compares the ADOM name and configuration as well as devices between FortiAnalyzer and FortiManager
    • Verifies the devices in the Device Manager pane for FortiAnalyzer with the devices in the Device Manager pane for FortiManager

    If any discrepancies are found, information is displayed in the Status column, and you can resolve the discrepancies by clicking the Synchronize ADOM and Devices button.

    The following table describes the different statuses:

    StatusDescription

    FMG Only

    The device was located in FortiManager, but not FortiAnalyzer. If you proceed with the wizard, the device will be added to FortiAnalyzer too.

    FAZ Only

    The device was located in FortiAnalyzer, but not FortiManager. If you proceed with the wizard, the device will be added to FortiManager too. The login and password for the device is required to complete the wizard.

    Sync

    The device was located in both FortiAnalyzer and FortiManager without any differences, and the wizard will synchronize the device between FortiManager and FortiAnalyzer.

    Mismatched

    The device was located in both FortiAnalyzer and FortiManager with some differences, and the wizard will synchronize the device settings between FortiManager and FortiAnalyzer to remove the differences.

    If the FortiManager ADOM does not exist on the FortiAnalyzer device, a warning is displayed. You can add the ADOM and devices to FortiAnalyzer by clicking the Synchronize ADOM and Devices button.

  9. Click Synchronize ADOM and Devices to continue.
    1. If you are synchronizing devices from FortiAnalyzer to FortiManager, type the IP address and login for each device, and click OK to synchronize the devices.
    2. After the devices successfully synchronize, click OK to continue.

    The devices, ADOM name, and ADOM version are synchronized between FortiAnalyzer and FortiManager.

  10. Click Finish to close the wizard.

    The FortiAnalyzer device is displayed on the Device Manager pane as a Managed FortiAnalyzer, and FortiAnalyzer features are enabled.

Add an existing FortiAnalyzer using the wizard
To add an existing FortiAnalyzer device to a new ADOM:
  1. Confirm that the FortiAnalyzer device supports the number of devices managed by FortiManager.
  2. Select the ADOM to which you want to add the device.
  3. Go to Device Manager > Device & Groups.
  4. Click the Add Device dropdown and select Add FortiAnalyzer. The wizard opens.
  5. Click the Add Existing FortiAnalyzer tab, and select the existing FortiAnalyzer from the dropdown.
    FortiManager retrieves the device details from the local database.
  6. Click Synchronize ADOM and Devices to continue.
    The devices, ADOM name, and ADOM version are synchronized between FortiAnalyzer and FortiManager.
  7. Click Finish to close the wizard.