Overview
The information in this document provides guidance for configuring FortiAnalyzer to integrate with FortiNAC. This document details the items that must be configured.
What it Does
FortiAnalyzer is a platform providing Centralized Logging, Analysis, and Reporting. This provides the following benefits:
-
Delivers increased knowledge of security events throughout the network
-
Minimizes the effort required to scrutinize and maintain policies
-
Minimizes the effort required to identify attack patterns to help fine-tune organizational policies
Default templates are available for report generation:
CTAP FortiNAC Version
Endpoint Distribution by Vendor (example below)
Endpoint Distribution by Location and Type
Endpoint Distribution by Type and Operating System
Endpoint Inventory Details
Network Inventory Details
Consolidated FortiNAC Endpoints Reports
Network Inventory Summary
Total number of Rogue and Registered Endpoint (example below)
Consolidated FortiNAC Network Report (example below)
Examples:
How it Works
FortiNAC sends the following information to FortiAnalyzer over TCP port 514 in order to build reports:
-
Events
-
Alarms
-
Endpoint data
-
Network infrastructure data
Note: In earlier FortiAnalyzer versions, FortiNAC templates must be downloaded from the Document Library and imported. For details seeReport Templates.
Requirements
• FortiNAC license key containing certificates. Older appliances may not have this type of key. If keys were installed prior to January 1st 2020, a new key must be downloaded from FortiCare (https://support.fortinet.com/). See KB article 192245 to verify.
• Allow TCP 514 traffic between FortiNAC and FortiAnalyzer.
Supported versions
Model/ SKU |
FortiNAC Version |
Minimum FortiAnalyzer Version |
---|---|---|
FortiNAC-F VM (CentOS-based VMs) |
F7.2 |
7.2.4 |
FortiNAC-VM-ESXI/ FNC-CAX-VM |
F7.2 |
7.4.2 |
FortiNAC-MX-VM/ FNC-MX-VM |
F7.2 |
7.4.2 |
FortiNAC-CA-500F/ FNC-CA-500F |
F7.2 |
7.4.2 |
FortiNAC-CA-600F/ FNC-CA-600F |
F7.2 |
7.4.2 |
FortiNAC-CA-700F/ FNC-CA-700F |
F7.2 |
7.4.2 |
FortiNAC-M-550F/ FNC-M-550F |
F7.2 |
7.4.2 |
Reference FortiAnalyzer Release Notes:
https://docs.fortinet.com/document/fortianalyzer/7.2.4/release-notes/572813/fortinac-models
https://docs.fortinet.com/document/fortianalyzer/7.4.2/release-notes/572813/fortinac-models
FortiAnalyzer Sizing Guidelines
The amount of resources the FortiAnalyzer requires is dependent upon the following factors:
-
How much log data FortiNAC is expected to produce per day
-
How long FortiNAC logs are archived
Use the following guidelines below to determine the appropriate required sizing
|
Logging Aggressiveness: LPS (Logs per second) |
Archive Storage Requirements GB |
Analytic Storage Requirements GB |
||||||
Network Size |
Low |
Med |
high |
Low |
Med |
high |
Low |
Med |
high |
Small |
0.1 |
0.5 |
1.5 |
0 |
1 |
2 |
0 |
0 |
1 |
Medium |
0.5 |
2.5 |
7.5 |
1 |
4 |
11 |
0 |
2 |
7 |
Large |
1 |
5 |
15 |
1 |
7 |
22 |
1 |
5 |
14 |
Global |
5 |
25 |
75 |
7 |
37 |
110 |
5 |
24 |
72 |
Logging aggressiveness controlled in FortiNAC under Logs > Events |
Archive Period: 365 days/50 bytes |
Analytic Period:30 days/400 bytes |