Advanced FortiRecorder Configuration

After you have a basic working setup, depending on your specific requirements, you may want to configure some advanced or optional settings:

Configuring system timeout, ports, and public access
Configuring FortiRecorder system appearance
Configuring logging
Alert email

Configuring system timeout, ports, and public access

Go to System > Configuration > Options to configure the system idle timeout, the HTTP, HTTPS, SSH, Telnet, and FortiRecorder Central access ports, and the host name for public/remote access.

If you want remote access — connecting from a home or a branch office through the Internet to your FortiRecorder — for either using the web UI or snapshot notification video clips while you are out of the office, you must configure both your network and the FortiRecorder.

First, on your office’s firewall or Internet router, configure port forwarding and/or a virtual IP (VIP) to forward remote access connections from the Internet to your FortiRecorder’s private network IP. (See “Appendix A: Port numbers”).

Remote access opens ports and can weaken the strength of your network security. To prevent attackers on the Internet from gaining access to your surveillance system, configure your firewall or router to require authentication, restrict which IP addresses can use your port forward/virtual IP, and scan requests for viruses and hacking attempts.

If you are not sure what your network’s Internet address is, while connected to your office network, you can use an online utility such as:

http://ping.eu/

Next, go to System > Configuration > Options and configure these settings:

Setting Name	Description
Public Access
Host name	Type either your network’s IP on the Internet, or its domain name, such as www.example.com. This is either your Internet router’s WAN IP, or a virtual IP (VIP) on your firewall whose NAT table will forward incoming connections from this public network IP to your FortiRecorder’s private network IP.
HTTP/ HTTPS Port number	Type the port number, such as 8080, on your public IP that your Internet router or firewall will redirect to your FortiRecorder's listening port.

Setting Name

Description

Public Access

Host name

Type either your network’s IP on the Internet, or its domain name, such as www.example.com.

This is either your Internet router’s WAN IP, or a virtual IP (VIP) on your firewall whose NAT table will forward incoming connections from this public network IP to your FortiRecorder’s private network IP.

HTTP/ HTTPS Port number

Type the port number, such as 8080, on your public IP that your Internet router or firewall will redirect to your FortiRecorder's listening port.

FortiRecorder supports live streaming (HLS) for mobile devices. You can use the FortiRecorder Mobile drop-down menu to enable live streaming over HTTP or HTTPS.

Creating FortiRecorder logical interfaces

In addition to the physical interfaces, you can create a variety of logical interfaces on FortiRecorder.

VLAN subinterfaces

A Virtual LAN (VLAN) subinterface, also called a VLAN, is a virtual interface on a physical interface. The subinterface allows routing of VLAN tagged packets using that physical interface, but it is separate from any other traffic on the physical interface.

Virtual LANs (VLANs) use ID tags to logically separate devices on a network into smaller broadcast domains. These smaller domains forward packets only to devices that are part of that VLAN domain. This reduces traffic and increases network security.

One example of an application of VLANs is a company’s accounting department. Accounting computers may be located at both main and branch offices. However, accounting computers need to communicate with each other frequently and require increased security. VLANs allow the accounting network traffic to be sent only to accounting computers and to connect accounting computers in different locations as if they were on the same physical subnet.

Redundant interfaces

On the FortiRecorder unit, you can combine two or more physical interfaces to provide link redundancy. This feature allows you to connect to two or more switches to ensure connectivity in the event one physical interface or the equipment on that interface fails.

In a redundant interface, traffic is only going over one interface at any time. This differs from an aggregated interface where traffic is going over all interfaces for increased bandwidth. This difference means redundant interfaces can have more robust configurations with fewer possible points of failure. This is important in a fully-meshed HA configuration.

A physical interface is available to be in a redundant interface if:

it is a physical interface, not a VLAN interface
it is not already part of a redundant interface
it has no defined IP address and is not configured for DHCP
it does not have any VLAN subinterfaces
it is not monitored by HA

When a physical interface is included in a redundant interface, it is not listed on the System > Network > Interface page. You cannot configure the interface anymore.

Aggregate interfaces

An aggregate interface is a logical interface which uses the Link Aggregation Control Protocol (LACP) (802.3ad) and combines several interfaces to increase throughput. It also provides redundancy in case one interface in the aggregation is down.

Loopback interfaces

A loopback interface is a logical interface that is always up (no physical link dependency) and the attached subnet is always present in the routing table.

The loopback IP address does not depend on one specific external port, and is therefore possible to access it through several physical or VLAN interfaces. In the current release, you can only add one loopback interface on the FortiRecorder unit.

The loopback interface is useful when you use a layer 2 load balancer in front of several FortiRecorder units. In this case, you can set the FortiRecorder loopback interface’s IP address the same as the load balancer’s IP address and thus the FortiRecorder unit can pick up the traffic forwarded to it from the load balancer.

Customizing the system messages, email templates, and UI appearance.

Customizing system messages

The FortiRecorder system delivers custom system messages to the user, such as disclaimers or camera notifications.

To customize system messages

Go to System > Customization > Custom Message.
Select a message and select Edit.
Enter the desired message in the content area. There is a limit of 4000 characters for each message.
Select Insert Variables.
Place your mouse cursor in the text message at the insertion point of the variable.
Select the name of the variable to add. It will appear at the insertion point.
Select the close icon.
Select OK.

In addition to adding predefined variables to your system messages, you can create new variables. Typically these variables represent frequently used messages.

To create a new variable

Go to System > Customization > Custom Messages.
Select a message and then select Edit Variable.
Select New.
Enter the variable name to use in the system message. Its format is: %%<variable_name>%%. For example, if you enter the word “warning”, this variable appears as %%warning%% in the system message if you select to insert it.
Enter a description of the variable in the Display Name field.
Enter the variable’s content. For example: The camera %%CAMERA_NAME%% has detected motion on %%EVENTDATE%%.
Select Create.

Customizing email templates

The FortiRecorder unit may send out notification emails for events such as alert or camera notification.

To customize email templates

Go to System > Customization > Custom Email Templates.
Select the template and then select Edit.
Enter the necessary information, such as the name and a brief description.
In the content section, format the message in HTML. To add variables, select Insert Variable.
Determine if the HTML code was entered correctly by selecting Preview.
Select OK.

Customizing the user interface appearance

You can customize the interface of the FortiRecorder like the default color of the interface or adding your own custom logo.

To customize the user interface appearance

Go to System > Customization > Appearance.

Configure the following to change the appearance of the UI:

Setting Name	Description
Product name	Enter the name of the product.
Custom top logo	Select Change to upload an icon used as the favicon for the FortiRecorder UI.
Default theme	Select the default display theme (red, green, blue, and light blue) for the display of the web-based manager and the login page. You can configure a separate theme preference for each administrator account. For details, see the Configuring administrator account section.

Setting Name

Description

Product name

Enter the name of the product.

Custom top logo

Select Change to upload an icon used as the favicon for the FortiRecorder UI.

Default theme

Select the default display theme (red, green, blue, and light blue) for the display of the web-based manager and the login page.

You can configure a separate theme preference for each administrator account. For details, see the Configuring administrator account section.

Select Apply.

Configuring Logging

To diagnose problems or to track actions that the FortiRecorder appliance does as it receives and processes video, configure the FortiRecorder appliance to record log messages.

Log messages can record camera, and/or FortiRecorder appliance events.

To view log messages, go to Monitor > Log > Event.

To configure logging

Go to Logs & Alert > Log Settings > Local. Alternatively, if you want logs to be stored remotely, go to Logs & Alert > Log Settings > Remote.

Configure the following settings if configuring local log storage:

Setting Name	Description
Log file size	Type the file size limit of the current log file in megabytes (MB). The log file size limit must be between 1 MB and 1000 MB. Note: Large log files may decrease display and search performance.
Log time	Type the time (in days) of the file age limit. If the log is older than this limit, even if has not exceeded the maximum file size, a new current log file will be started. Valid range is between 1 and 366 days.
At hour	Select the hour of the day (24-hour format) when the file rotation should start. When a log file reaches either the age or size limit, the FortiRecorder appliance rotates the current log file: that is, it renames the current log file (elog.log) with a file name indicating its sequential relationship to other log files of that type (elog2.log, and so on), then creates a new current log file. For example, if you set the log time to 10 days at hour 23, the log file will be rotated at 23 o’clock of the 10th day.
Log level	Select the severity level that a log message must equal or exceed in order to be recorded to this storage location. For information about severity levels, see “Log severity levels”. Caution: Avoid recording log messages using low severity thresholds such as Information or Notification to the local hard disk for an extended period of time. A low log severity threshold is one possible cause of frequent logging. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure.
Log options when disk is full	Select what the FortiRecorder will do when the local disk is full and a new log message is caused, either: Do not log — Discard all new log messages. Overwrite — Delete the oldest log file in order to free disk space, and store the new log message.
Logging Policy Configuration	Select what type of FortiRecorder events and camera events you want to log.

If configuring remote log storage, click New, then configure the following settings:

Setting Name	Description
IP	Type the IP address of a Syslog server or FortiAnalyzer.
Port	Type the UDP port number on which the Syslog server listens for log messages. The default is 514.
Level	Select the severity level that a log message must equal or exceed in order to be recorded to this storage location. For information about severity levels, see “Log severity levels”. Caution: Avoid recording log messages using low severity thresholds such as Information or Notification to the local hard disk for an extended period of time. A low log severity threshold is one possible cause of frequent logging. Excessive logging frequency can cause undue wear on the hard disk and may cause premature failure.
Facility	Select the facility identifier the FortiRecorder will use to identify itself to the Syslog server if it receives logs from multiple devices. To easily identify log messages from the FortiRecorder when they are stored on a remote logging server, enter a unique facility identifier, and verify that no other network devices use the same facility identifier.
CSV format	Enable if your Syslog server requires comma-separated values (CSV). Note: Do not enable this option if the remote host is a FortiAnalyzer. FortiAnalyzer does not support CSV-formatted log messages.
Logging Policy Configuration	Select what type of FortiRecorder events and camera events you want to log.

To verify logging connectivity, from FortiRecorder, trigger a log message that matches the type and severity levels that you have chosen to store on the remote Syslog server or FortiAnalyzer. Then, on the remote host, confirm that it has received that log message.

If you will be sending logs to a FortiAnalyzer appliance, you must add the FortiRecorder to the FortiAnalyzer’s device list, and allocate enough disk space. Otherwise, depending on its configuration for unknown devices, FortiAnalyzer may ignore the logs. When the allocated disk space is full, it may drop subsequent logs.

If the remote host does not receive the log messages, verify the FortiRecorder’s static routes (see “FortiRecorder configuration”) and the policies on any intermediary firewalls or routers (they must allow Syslog traffic from the FortiRecorder network interface that is connected to the gateway between it and the Syslog server). To determine the point of connectivity failure along the network path, if the FortiAnalyzer or Syslog server is configured to respond to ICMP ECHO_REQUEST (ping), go to Dashboard > Console and enter the command:

execute traceroute <syslog_ipv4>

where <syslog_ipv4> is the IPv4 address of your FortiAnalyzer or Syslog server.

Configuring Alert Emails

As the FortiRecorder system administrator, you can receive alert email whenever an important system event occurs, such as the hard disk being full and so on. Before you configure alert email, you must configure the mail server settings so that FortiRecorder can send out email. For details see “Configuring FortiRecorder to send notification email”.

You can configure up to 10 alert email addresses.

To configure alert email settings

Go to Logs & Alerts > Alert Email > Configuration.
Select New.
Type your email address, such as admin@example.com.

This setting is the recipient only for appliance-related notifications, such as the hard disk being full. It does not configure the recipient of camera-related notifications, such as motion detection. For this kind of video-related notifications, see “Notifications”.
Select Create.

Go to Logs & Alerts > Alert Email > Category. Enable all desired appliance events to trigger an alert email:

Setting Name	Description
System events	Enable to notify when serious system events occur such as daemon crashes. See also “Resource issues”.
Disk is full	Enable to notify when the disk partition that stores log data is full. See also “Data storage issues”.
Camera device altered	Enable to notify when a defined camera configuration has been enabled or disabled, or if there are problems with the camera. (The FortiRecorder will not control or record video from a camera that is not enabled in its list of known, configured devices. See “Camera settings”.)
Camera communication error	Enable to notify when there has been a network error during communications between the FortiRecorder and camera. See also “Connectivity issues”.
Camera recording error	Enable to notify when an issue prevents a camera from recording. See also “Video viewing issues” and “Connectivity issues”.
Camera alert summary	Enable notify when various alerts have been triggered.
Video disk events	Enable to notify when the disk partition that stores video data is full. See also “Data storage issues”.

Select Apply.