Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiNDR 7.4.10 Administration Guide
    7.4.10
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.0
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0

    Initial setup

    Initial setup

    For the meaning of LEDs, see the Quick Start Guide (QSG).

    Internet Access

    For FortiGuard updates please have a stable internet access from the FortiNDR unit. Go to System > FortiGuard for updates via Internet. For offline deployments please refer to Appendix D: FortiGuard updates.

    Note

    Proxy FortiGuard support is supported via CLI only, please refer to the CLI guide.

    Ports

    For all FortiNDR 3500F appliances and VM, port1 and port2 are hard-coded to be management port and sniffer port.

    The following is the initial port configuration for FNR-3500F.

    Port Type Function

    Port1

    10GE copper (10G or 1G autodetect)

    Management port, GUI, Fabric devices files receiving, REST API, ICAP.

    Default IP address is 192.168.1.88 using admin with no password.

    Port2

    10GE copper (10G or 1G autodetect)

    Sniffer port.

    Port3

    Port4

    1G Copper

    High availability

    Port5

    Port6

    Port7

    Port8

    10G SPF+ fiber (gen3 only)

    Sniffer port.

    For VM, only Port5 is used as sniffer port among Port5, Port6, port7 and Port8.

    Console

    Serial port

    Console serial port.

    9600 baud, 8 data bits, 1 stop bit, no parity, XON/XOFF.

    The following is the initial port configuration for FNDR 1000F:

    Port Type Function

    Port1

    10G fiber

    Management port, GUI, Fabric devices files receiving, REST API, ICAP.

    Default IP address is 192.168.1.88 using admin with no password.

    Port2

    10G fiber

    Reserved

    Port3

    Port4

    10G fiber

    Sniffer port.

    Port5

    Port6

    1G Copper

    High availability. These are labeled as HA1 and HA2 on the device
    Note

    While the FortiNDR 1000F's sniffer port3 and port4 are equipped with fiber ports, you can use the FN-TRAN-SFP+GC transceiver to convert them into copper ports.

    SKU: FN-TRAN-SFP+GC

    Product Name: 10GE copper SFP+ RJ45 transceiver (30m range)

    Description: 10GE copper SFP+ RJ45 Fortinet transceiver (30m range) for systems with SFP+ slots.

    10GE copper supports up to 100m cable distance to switch or FortiGate. Ideally the shorter the cable the better the performance, avoiding retransmission and packet loss over physical medium.
    Note

    Use CAT 8 copper cable to achieve the maximum performance of up to 40Gbps for sniffer. For differences in CAT cables, see https://www.cablesandkits.com/learning-center/what-are-cat8-ethernet-cables.
    Note

    *For customers who are required to use SFP+ ports (available in FNR-3500F gen3 hardware only) for management and capture (sniffer), pls contact local CSE for details.

    RAID encryption support (1000F and 3600G models)

    To set up disk encryption on 1000F and 3600G models:

    Run the following CLI command:

    execute raidlevel <raid-level-option> [encryption <security_key>]

    For 1000F models:

    You must use the following CLI command to verify that the system supports Self-Encrypting Drives (SED):

    diagnose system raid-status-detail

    To verify both SSDs meet the requirements:
    1. In the PD LIST table, verify the SED column displays Y.

    2. In the Supported Adapter Operations section, verify Support Security = Yes is displayed.

    Previous
    Next

    Initial setup

    Initial setup

    For the meaning of LEDs, see the Quick Start Guide (QSG).

    Internet Access

    For FortiGuard updates please have a stable internet access from the FortiNDR unit. Go to System > FortiGuard for updates via Internet. For offline deployments please refer to Appendix D: FortiGuard updates.

    Note

    Proxy FortiGuard support is supported via CLI only, please refer to the CLI guide.

    Ports

    For all FortiNDR 3500F appliances and VM, port1 and port2 are hard-coded to be management port and sniffer port.

    The following is the initial port configuration for FNR-3500F.

    Port Type Function

    Port1

    10GE copper (10G or 1G autodetect)

    Management port, GUI, Fabric devices files receiving, REST API, ICAP.

    Default IP address is 192.168.1.88 using admin with no password.

    Port2

    10GE copper (10G or 1G autodetect)

    Sniffer port.

    Port3

    Port4

    1G Copper

    High availability

    Port5

    Port6

    Port7

    Port8

    10G SPF+ fiber (gen3 only)

    Sniffer port.

    For VM, only Port5 is used as sniffer port among Port5, Port6, port7 and Port8.

    Console

    Serial port

    Console serial port.

    9600 baud, 8 data bits, 1 stop bit, no parity, XON/XOFF.

    The following is the initial port configuration for FNDR 1000F:

    Port Type Function

    Port1

    10G fiber

    Management port, GUI, Fabric devices files receiving, REST API, ICAP.

    Default IP address is 192.168.1.88 using admin with no password.

    Port2

    10G fiber

    Reserved

    Port3

    Port4

    10G fiber

    Sniffer port.

    Port5

    Port6

    1G Copper

    High availability. These are labeled as HA1 and HA2 on the device
    Note

    While the FortiNDR 1000F's sniffer port3 and port4 are equipped with fiber ports, you can use the FN-TRAN-SFP+GC transceiver to convert them into copper ports.

    SKU: FN-TRAN-SFP+GC

    Product Name: 10GE copper SFP+ RJ45 transceiver (30m range)

    Description: 10GE copper SFP+ RJ45 Fortinet transceiver (30m range) for systems with SFP+ slots.

    10GE copper supports up to 100m cable distance to switch or FortiGate. Ideally the shorter the cable the better the performance, avoiding retransmission and packet loss over physical medium.
    Note

    Use CAT 8 copper cable to achieve the maximum performance of up to 40Gbps for sniffer. For differences in CAT cables, see https://www.cablesandkits.com/learning-center/what-are-cat8-ethernet-cables.
    Note

    *For customers who are required to use SFP+ ports (available in FNR-3500F gen3 hardware only) for management and capture (sniffer), pls contact local CSE for details.

    RAID encryption support (1000F and 3600G models)

    To set up disk encryption on 1000F and 3600G models:

    Run the following CLI command:

    execute raidlevel <raid-level-option> [encryption <security_key>]

    For 1000F models:

    You must use the following CLI command to verify that the system supports Self-Encrypting Drives (SED):

    diagnose system raid-status-detail

    To verify both SSDs meet the requirements:
    1. In the PD LIST table, verify the SED column displays Y.

    2. In the Supported Adapter Operations section, verify Support Security = Yes is displayed.

    Previous
    Next