Quantcast
Channel: Fortinet GURU
Viewing all 2380 articles
Browse latest View live

Get off end of life hardware and FortiOS

May 13, 2020, 8:47 pm
$
0
0

Watch the video and learn some stuff. Thanks!

 

Search

FortiAnalyzer – FortiOS 6.2.3 – Datasets

May 14, 2020, 8:48 pm
$
0
0

Datasets

Use the Datasets pane to create, edit, and manage your datasets.

Creating datasets

FortiAnalyzer datasets are collections of data from logs for monitored devices. Charts and macros reference datasets. When you generate a report, the datasets populate the charts and macros to provide data for the report.

FortiAnalyzer has many predefined datasets that you can use right away. You can also create your own custom datasets.

To create a new dataset:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Report Definitions > Datasets, and click Create New.
  3. Provide the required information for the new dataset.
Name                                       Enter a name for the dataset.
Log Type                                 Select a log type from the dropdown list.

l  The following log types are available for FortiGate: Application Control,

Intrusion Prevention, Content Log, Data Leak Prevention, Email Filter,

Event, Traffic, Virus, VoIP, Web Filter, Vulnerability Scan, FortiClient Event, FortiClient Traffic, FortiClient Vulnerability Scan, Web Application Firewall, GTP, DNS, SSH, and Local Event.

l  The following log types are available for FortiMail: Email Filter, Event, History, and Virus.

l  The following log types are available for FortiWeb: Intrusion Prevention, Event, and Traffic.
Query Enter the SQL query used for the dataset. An easy way to build a custom query is to copy and modify a predefined dataset’s query.
Variables                                Click the Add button to add variable, expression, and description information.
Test query with specified devices and time period
Time Period             Use the dropdown list to select a time period. When selecting Custom, enter the start date and time, and the end date and time.
Devices       Select All Devices or Specify to select specific devices to run the SQL query against. Click the Select Device button to add multiple devices to the query.
                     Test                         Click to test the SQL query before saving the dataset configuration.
  1. Click Test.

The query results are displayed. If the query is not successful, an error message appears in the Test Result pane.

  1. Click OK.

Viewing the SQL query of an existing dataset

You can view the SQL query for a dataset, and test the query against specific devices or all devices.

To view the SQL query for an existing dataset:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Report Definitions > Datasets.
  3. Hover the mouse cursor over the dataset on the dataset list. The SQL query is displayed as a tooltip. You can also open the dataset to view the Query

SQL query functions

In addition to standard SQL queries, the following are some SQL functions specific to FortiAnalyzer. These are based on standard SQL functions.

root_domain(hostname) The root domain of the FQDN. An example of using this function is:

select devid, root_domain(hostname) as website FROM $log WHERE’user’=’USER01′ GROUP BY devid, hostname ORDER BY hostname LIMIT 7
nullifna(expression) This is the inverse operation of coalesce that you can use to filter out n/a values. This function takes an expression as an argument. The actual SQL syntax this is base on is select nullif(nullif(expression, ‘N/A’), ‘n/a’).

In the following example, if the user is n/a, the source IP is returned, otherwise the username is returned.

select coalesce(nullifna(‘user’), nullifna(‘srcip’)) as user_ src, coalesce(nullifna(root_domain(hostname)),’unknown’) as domain FROM $log WHERE dstport=’80’ GROUP BY user_src, domain ORDER BY user_src LIMIT 7
email_domain email_user email_domain returns the text after the @ symbol in an email address. email_user returns the text before the @ symbol in an email address. An example of using this function is:

select ‘from’ as source, email_user(‘from’) as e_user, email_ domain(‘from’) as e_domain FROM $log LIMIT 5 OFFSET 10
from_dtime from_itime from_dtime(bigint) returns the device timestamp without time zone. from_itime(bigint) returns FortiAnalyzer’s timestamp without time zone. An example of using this function is:

select itime, from_itime(itime) as faz_local_time, dtime, from_ dtime(dtime) as dev_local_time FROM $log LIMIT 3

Managing datasets

You can manage datasets by going to Reports > Report Definitions > Datasets. Some options are available as buttons on the toolbar. Some options are available in the right-click menu. Right-click a dataset to display the menu.

Option Description
Create New Creates a new dataset.
Edit Edits the selected dataset. You can edit datasets that you created. You cannot edit predefined datasets.
View Displays the settings for the selected dataset. You cannot edit predefined datasets.
Delete Deletes the selected dataset. You can delete datasets that you create. You cannot delete predefined datasets.
Clone Clones the selected dataset. You can edit cloned datasets.
Validate Validate selected datasets.
Validate All Custom Validates all custom datasets.
Search Lets you search for a dataset name.

FortiAnalyzer – FortiOS 6.2.3 – Output profiles

May 15, 2020, 8:48 pm
$
0
0

Output profiles

Output profiles allow you to define email addresses to which generated reports are sent and provide an option to upload the reports to FTP, SFTP, or SCP servers. Once created, an output profile can be specified for a report.

Creating output profiles

To create output profiles:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Advanced > Output Profile.
  3. Click Create New. The Create Output Profile pane is displayed.
  4. Provide the following information, and click OK:
Name Enter a name for the new output profile.
Comments Enter a comment about the output profile (optional).
Output Format Select the format or formats for the generated report. You can choose PDF, HTML, XML, or CSV format.
Email Generated Reports Enable emailing of generated reports.
Subject Enter a subject for the report email.
Body Enter body text for the report email.
Recipients Select the email server from the dropdown list and enter to and from email addresses. Click Add to add another entry so that you can specify multiple recipients.
Upload Report to Server Enable uploading of generated reports to a server.
Server Type Select FTP, SFTP, or SCP from the dropdown list.
Server Enter the server IP address.
User Enter the username.
Password Enter the password.
Directory Specify the directory where the report will be saved.
Delete file(s) after uploading Select to delete the generated report after it has been uploaded to the selected server.

Managing output profiles

You can manage output profiles by going to Reports > Advanced > Output Profile. Some options are available as buttons on the toolbar. Some options are available in the right-click menu. Right-click an output profile to display the menu.

Option Description
Create New Creates a new output profile.
Edit Edits the selected output profile.
Delete Deletes the selected output profile.

FortiAnalyzer – FortiOS 6.2.3 – Report languages

May 16, 2020, 8:51 pm
$
0
0

Report languages

You can specify the language of reports when creating a report.

Exporting and modifying a language

You can export a language and modify it to create a different language or modify the text in a predefined language.

One way to create a new language is to export a predefined language, modify the text to a different language, save the file as a different language name, and import it back into FortiAnalyzer. The file name must be one of the languages in the Advanced Settings section of the Reports Settings tab > Language dropdown list.

If you want to modify a predefined language, export the predefined language, modify the text, and import it back into FortiAnalyzer.

To export and modify a language:

  1. Go to Reports > Advanced > Language.
  2. Select a language and click Export. The language is exported as a zip file into your default downloads folder.
  3. Extract the zip file and use a text editor to modify it.
  4. Change the text after the equal sign (=) to a different language or text.
  5. Zip the modified file. The file name must be one of the languages in the Advanced Settings section of the Reports Settings tab > Language dropdown list.

The new language file is ready to be imported into FortiAnalyzer.

Importing a language

To import a language:

  1. Go to Reports > Advanced > Language.
  2. Click Import and locate the language file.

The language file must be a zip file with only one language file in it. Both the language file name and zip file name must be one of the language names in the Advanced Settings section of the Reports Settings tab > Language dropdown list.

  1. Import the language zip file.

In Reports > Advanced > Language, you can select this language when you create or run reports.

FortiAnalyzer – FortiOS 6.2.3 – Report calendar

May 17, 2020, 8:52 pm
$
0
0

Report calendar

You can use the report calendar to view all the reports that are scheduled for the selected month. You can edit or disable upcoming report schedules, as well as delete or download completed reports.

Viewing all scheduled reports

To view all scheduled reports:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Advanced > Report Calendar.
  3. Hover the mouse cursor over a calendar entry to display the name, status, and device type of the scheduled report.
  4. Click a generated report to download it.
  5. Click a scheduled report to go to the Settings tab of the report.
  6. Click the left or right arrow at the top of the Report Calendar pane to change the month that is displayed. Click Today to return to the current month.

Managing report schedules

You can manage report schedules in Reports > Advanced > Report Calendar.

To edit a report schedule:

  1. In Report Calendar, right-click an upcoming calendar entry, and select Edit.
  2. In the Settings tab of the report that opens, edit the corresponding report schedule.

To disable a report schedule:

In Report Calendar, right-click an upcoming calendar entry, and select Disable. All scheduled instances of the report are removed from the report calendar. Completed reports remain in the report calendar.

To delete or download a completed report:

In Report Calendar, right-click a past calendar entry, and select Delete or Download. The corresponding completed report will be deleted or downloaded.

 

FortiAnalyzer – FortiOS 6.2.3 – FortiRecorder

May 18, 2020, 8:52 pm
$
0
0

FortiRecorder

The FortiRecorder module allows you to set up, manage, and view cameras directly through the FortiAnalyzer GUI.

Cameras can be set to record continuously and/or when motion is detected. Recorded video is stored in the root storage of the FortiAnalyzer device, however, it can be accessed from other ADOMs.

FortiRecorder includes two panes:

  • Camera Manager: Allows you to configure devices, profiles, and schedules.
  • Monitor: Allows you to view streaming and recorded video from configured devices.

Configuring cameras in the Camera Manager

In the Camera Manager pane, you can set up and manage the cameras connected to the FortiAnalyzer FortiRecorder module.

Creating a camera key

In order to enable cameras in the FortiRecorder module, a camera key must be created.

Camera keys are used by FortiAnalyzer to generate camera admin and operator passwords.

Only one camera key is required per FortiAnalyzer.

To set a camera key in the CLI:

config fortirecorder global

set camera key end

Setting up a camera

New cameras automatically detected by FortiAnalyzer will appear in the FortiRecorder> Camera dashboard.

In order for FortiAnalyzer to detect cameras automatically, the cameras must be:

l Assigned a DHCP address through a connected FortiGate. l Connected with Power over Ethernet (PoE) to the FortiAnalyzer.

If a DHCP server is not available, cameras can also be set up with a static IP address through the Create New menu in the Camera dashboard.

A camera key must be set before cameras can be activated in FortiAnalyzer. See Creating a camera key on page 143.

To activate a camera detected by the FortiAnalyzer:

  1. Go to FortiRecorder > Camera Manager > Camera.
  2. Select the Unauthorized
  3. Right-click a detected camera and select Authorize. The Edit Camera Device menu will open.
  4. Configure the camera settings, then select OK.

Camera settings will vary depending on the model of camera detected. For information on the individual camera settings, see the FortiRecorderAdministration Guide.

  1. Once successfully authorized, the camera will be enabled.

If a camera fails to connect, it will be displayed with an error icon. Right-click the device to Disable it and then attempt to Enable it again. This will reload the default settings for the device and may correct issues which are preventing it from connecting successfully.

In a HA configuration, FortiRecorder devices should only be configured on the FortiAnalyzer device on which they were set up. When attempting to modify a camera being managed by another device, a warning message will be displayed.

Configuring camera profiles

Camera profiles define which video profile, schedules, recording types, and storage options are set for each camera.

You can modify the default camera profiles, create new profiles, or clone an existing profile in the Camera Profile dashboard.

To create or edit a camera profile:

  1. Go to FortiRecorder > Camera Manager > Camera Profile.
  2. Click Create New or select an existing camera profile and click Edit.
  3. Configure the following information:
Name Enter a name to identify the camera profile.
Video Profiles  
Recording profile Select a video profile from the dropdown list to set the resolution, frames per second, video codec, bitrate, quality, and audio of the recorded video. See Configuring video profiles on page 147.
Viewing profile Select a video profile from the dropdown list to set the resolution, frames per second, video codec, bitrate, quality, and audio of the streaming video. See Configuring video profiles on page 147.
Schedule By default, the schedule is set to Always.

New schedules can initially only be added through the FortiAnalyzer CLI. See Assigning camera schedules to a profile on page 148.
Recording & Detection Settings  
Recording type Select the recording type(s). l Continuous: Records video for the entire duration of the schedule, regardless of movement.

l Motion detection: Records a video clip each time the camera’s sensor detects movement.

See Enabling motion detection on page 150.
Schedule By default, the schedule is set as Always.

New schedules can initially only be added through the FortiAnalyzer CLI. See Assigning camera schedules to a profile on page 148.
Storage Options  
Continuous recordings Select the storage options for continuous recordings: l Keep until overwritten: Retain video until all available disk space is nearly full. The oldest video will be overwritten.

l Delete: Remove video when it exceeds the specified maximum age. Note that if the disk is full before the maximum age is reached, the oldest video will still be overwritten.
Detection recordings Select the storage options for detection recordings: l Keep until overwritten: Retain video until all available disk space is nearly full. The oldest video will be overwritten. l Delete: Remove video when it exceeds the specified maximum age. Note that if the disk is full before the maximum age is reached, the oldest video will still be overwritten.

l Use continuous recordings if available: If a recording of the detected event is already stored as a continuous recording, the detection recording will not be saved to avoid duplication.
  1. Select OK.

Configuring video profiles

By default, there are three video profiles.

l low-resolution l med-resolution l high-resolution

The default video profiles can be customized, and new profiles can be created.

To create or edit a video profile:

  1. Go to FortiRecorder > Camera Manager > Video Profile.
  2. Click Create New or select an existing video profile and click Edit.
  3. Configure the following information:
Name Enter a name to identify the video profile.
Video codec Select a video codec from Default, H.264 AVC, and H.265 HEVC.
Resolution Select the amount of detail in the image from the dropdown menu.

Lower resolutions feature less detail but are faster to transmit.

Higher resolutions produce a clearer image but require more bandwidth. A higher resolution is preferable if the camera is recording a large space, such as a parking lot, where small details like faces and license plates could be important.

Note: Resolution greatly impacts performance, bandwidth, and the rate at which the disk space is consumed.
Frames per second Type the number of frames per second (FPS).

Conventional video is 24 frames per second. More frames per second may be useful if you need to record very fast motion, but increasing FPS will also increase disk usage and CPU usage.
Bitrate mode Select a bitrate:

Variable: Automatically adjust the stream to the minimum bitrate required by the current video frames while maintaining video quality.

Fixed: Manually specify a constant bitrate.

Specifying a bitrate that is too low may result in poor quality. Specifying a bitrate that is too high may needlessly consume extra bandwidth.
Bitrate Type the bitrate that will be used.

This setting appears and is applicable only if the Bitrate mode is Fixed.
Quality Select the video quality from Extra Low, Low, Normal, High, and Extra High.
Audio enable Toggle to enable or disable audio in the video stream or recording.
  1. Select OK.

Creating and editing camera schedules

The FortiRecorder module includes one default schedule: Always.

The default schedule can be customized, and new schedules can be created.

To use a custom camera schedule, it must first be assigned to the camera profile through the FortiAnalyzer CLI.

Once assigned, you can use the FortiAnalyzer GUI to select the new schedule for each recording stream or recording type. See Assigning camera schedules to a profile on page 148.

To create or edit a camera schedule:

  1. Go to FortiRecorder > Camera Manager > Schedule.
  2. Click Create New or select an existing schedule and click Edit.
  3. Configure the following information:
Setting name Description
Name Enter a name to identify the camera schedule.
Description Enter a description of the schedule (optional).
Type Select a schedule type:

l Recurring: The schedule happens at specified times on selected days. l One-time: The schedule happens only during the specified date-range.
Days Select the days you want the camera to begin recording if you have selected the Recurring schedule type.
All day Select this option if you want the camera to record all day long.
Start time/End time Select the start and end time for the Recurring recording or the start and end date for the One-time recording.
  1. Select Save.

Assigning camera schedules to a profile

By default, camera profiles are set to use the Always schedule.

To assign a custom schedule to a camera profile, you must first enable it through the CLI. Once enabled, a table is added to the Camera Profile editor which allows you to select the custom schedule.

After the first custom schedule has been enabled on a profile, subsequent schedules can be selected directly through the GUI. New schedules can be created by clicking the Create New button above the table.

For more information on creating a custom schedule, see Creating and editing camera schedules on page 148.

To enable a recording schedule in the FortiAnalyzer CLI:

config fortirecorder camera profile edit [profile name] config recording-schedule edit [schedule name]

end

To enable a video schedule in the FortiAnalyzer CLI:

config fortirecorder camera profile edit [profile name] config video-schedule edit [schedule name]

end

To assign the schedule through the GUI:

  1. Go to FortiRecorder > Camera Manager > Camera Profile.
  2. Select the camera profile and click Edit.

A table appears underneath the Video Profiles and/or Recordings & Detections Settings sections, depending on where you enabled the schedule.

  1. Select a recording type or recording stream, then click Edit.
  2. Select a schedule from the dropdown menu.
  3. Click OK.

 

Enabling motion detection

Motion detection can be enabled on cameras through the Camera Profile.

To enable motion detection:

  1. Go to FortiRecorder > Camera Profile.
  2. Click Create New or select an existing camera profile and click Edit.
  3. In Recordings & Detections Settings select Motion detection as the recording type.

Both Continuous and Motion detection recording types can be enabled at the same time.

  1. Enter any additional settings you want to configure for this camera profile and click OK.
  2. Go to FortiRecorder > Camera and double click the camera where motion detection is to be enabled.
  3. In the camera settings, select the profile where motion detection is enabled.
  4. Select OK.

Motion detected recordings can be viewed in the Monitor dashboard, and is identified in red in the camera’s activity timeline. See Watching live and recorded video in the Monitor on page 150.

Watching live and recorded video in the Monitor

The Monitor pane allows you to view the streaming and recorded video captured by devices configured to the FortiAnalyzer.

To view a video stream:

  1. Go to FortiRecorder > Monitor.
  2. Click Add Widget.
  3. Select the device to be displayed from the dropdown menu.
  4. Once added, the widget displays the video stream from the selected camera.

To watch recorded video:

  1. Go to FortiRecorder > Monitor. The recorded video clips for each camera appear in a timeline below the video stream.
  2. To locate a video clip, use the scroll wheel on your mouse to zoom in on a time frame. Ensure that your mouse cursor is centered in the area that you want to zoom in. You can also navigate the timeline by dragging it to the left or right.
  3. Click on a recorded video in the timeline to begin playback. Time periods in the timeline panel are color-coded: l Light blue: Recorded video clips. l Red: A motion detection-based recording that was not initiated by a schedule. l White/blank: No recording at that time period.
  4. To return to the live stream from the recording view, click Back to Live.

Video can also be viewed in a Picture in picture mode.

This option opens a small window which persists outside of the browser.

To launch Picture in picture mode, select the menu icon on the bottom-right side of the video and choose Picture in picture.

Enabling and disabling FortiRecorder

By default, the FortiRecorder module is disabled in FortiAnalyzer.

The FortiRecorder module can be enabled or disabled on supported platforms through the FortiAnalyzer CLI.

To enable the FortiRecorder module in the CLI:

config system global set disable-module none

end

To disable the FortiRecorder module in the CLI:

config system global set disable-module fortirecorder

end

Supported platforms and cameras

Supported platforms

Below is a list of the FortiAnalyzer appliances that support the FortiRecorder module.

Platform   Maximum number of cameras Storage (TB)
FAZ-200F   4 4
FAZ-300F   6 4
FAZ-400E   12 6
FAZ-800F   16 8
FAZ-1000E   30 18
FAZ-2000E   40 30
FAZ-3000F   50 42
FAZ-3700F   60 216

Supported cameras

The following FortiCamera models are supported in the FortiRecorder module: l FCM-CB20 l FCM-FD20 l FCM-FD20B l FCM-FD40 l FCM-MB40 l FCM-MD20 l FCM-MD40 l FCM-OB30

 

Basic FortiGate Configuration on FortiOS 6.4.0

May 19, 2020, 8:54 pm
$
0
0

The below video goes into detail on how to perform a basic configuration on a FortiGate running FortiOS 6.4.0

Remote Access via SSL VPN on FortiOS 6.4

May 20, 2020, 8:54 pm
$
0
0

This video explains how to configure remote access on a FortiGate running FortiOS 6.4

 

Search

FortiAnalyzer – Dashboard – FortiOS 6.2.3

May 21, 2020, 8:54 pm
$
0
0

Dashboard

The Dashboard contains widgets that provide performance and status information and enable you to configure basic system settings.

The following widgets are available:

Widget Description
System Information Displays basic information about the FortiAnalyzer system, such as up time and firmware version. You can also enable or disable Administrative Domains and adjust the operation mode. For more information, see System Information widget on page 157.

From this widget you can manually update the FortiAnalyzer firmware to a different release. For more information, see Updating the system firmware on page 159.

The widget fields will vary based on how the FortiAnalyzer is configured, for example, if ADOMs are enabled.
System Resources Displays the real-time and historical usage status of the CPU, memory and hard disk. For more information, see System Resources widget on page 161.
License Information Displays how many devices of the supported maximum are connected to the FortiAnalyzer unit. See License Information widget on page 162.

From this widget you can manually upload a license for VM systems.
Widget Description
Unit Operation Displays status and connection information for the ports of the FortiAnalyzer unit. It also enables you to shutdown and restart the FortiAnalyzer unit or reformat a hard disk. For more information, see Unit Operation widget on page 163.
Alert Message Console Displays log-based alert messages for both the FortiAnalyzer unit and connected devices. For more information, see Alert Messages Console widget on page 163.
Log Receive Monitor Displays a real-time monitor of logs received. You can view data per device or per log type. For more information, see Log Receive Monitor widget on page 164.
Insert Rate vs Receive Rate Displays the log insert and receive rates. For more information, see Insert Rate vs Receive Rate widget on page 164.

The Insert Rate vs Receive Rate widget is hidden when the FortiAnalyzer is operating in Collector mode, and the SQL database is disabled.
Log Insert Lag Time Displays how many seconds the database is behind in processing the logs. For more information, see Log Insert Lag Time widget on page 165.

The Log Insert Lag Time widget is hidden when the FortiAnalyzer is operating in Collector mode, and the SQL database is disabled.
Receive Rate vs Forwarding Rate Displays the Receive Rate, which is the rate at which FortiAnalyzer is receiving logs. When log forwarding is configured, the widget also displays the log forwarding rate for each configured server. For more information, see Receive Rate vs Forwarding Rate widget on page 165.
Disk I/O Displays the disk utilization, transaction rate, or throughput as a percentage over time. For more information, see Disk I/O widget on page 166.

Customizing the dashboard

The FortiAnalyzer system dashboard can be customized. You can select which widgets to display, where they are located on the page, and whether they are minimized or maximized. It can also be viewed in full screen by selecting the full screen button on the far right side of the toolbar.

Action Steps
Move a widget Move the widget by clicking and dragging its title bar, then dropping it in its new location
Add a widget Select Toggle Widgets from the toolbar, then select the name widget you need to add.
Delete a widget Click the Close icon in the widget’s title bar.
Customize a widget For widgets with an edit icon, you can customize the widget by clicking the Edit icon and configuring the settings.
Reset the dashboard Select Toggle Widgets > Reset to Default from the toolbar. The dashboards will be reset to the default view.

System Information widget

The information displayed in the System Information widget is dependent on the FortiAnalyzer model and device settings. The following information is available on this widget:

Host Name The identifying name assigned to this FortiAnalyzer unit. Click the edit host name button to change the host name. For more information, see Changing the host name on page 158.
Serial Number The serial number of the FortiAnalyzer unit. The serial number is unique to the FortiAnalyzer unit and does not change with firmware upgrades. The serial number is used for identification when connecting to the FortiGuard server.
Platform Type Displays the FortiAnalyzer platform type, for example FAZVM64 (virtual machine).
HA Status Displays if FortiAnalyzer unit is in High Availability mode and whether it is the Master or Slave unit in the HA cluster.
System Time The current time on the FortiAnalyzer internal clock. Click the edit system time button to change system time settings. For more information, see Configuring the system time on page 158.
Firmware Version The version number and build number of the firmware installed on the

FortiAnalyzer unit. To update the firmware, you must download the latest version from the Customer Service & Support website at https://support.fortinet.com. Click the update button, then select the firmware image to load from the local hard disk or network volume. For more information, see Updating the system firmware on page 159.
System Configuration The date of the last system configuration backup. The following actions are available:

l  Click the backup button to backup the system configuration to a file; see Backing up the system on page 160.

l  Click the restore to restore the configuration from a backup file; see Restoring the configuration on page 160. You can also migrate the configuration to a different FortiAnalyzer model by using the CLI. See Migrating the configuration on page 160.
Current Administrators The number of administrators currently logged in. Click the current session list button to view the session details for all currently logged in administrators.
Up Time The duration of time the FortiAnalyzer unit has been running since it was last started or restarted.
Administrative Domain Displays whether ADOMs are enabled. Toggle the switch to change the Administrative Domain state. See Enabling and disabling the ADOM feature on page 179.
Operation Mode Displays the current operation mode of the FortiAnalyzer. Click the other mode to change to it. For more information on operation modes, see Two operation modes on page 19.

FortiAnalyzer – Changing The Host Name – FortiOS 6.2.3

May 22, 2020, 8:54 pm
$
0
0

Changing the host name

The host name of the FortiAnalyzer unit is used in several places.

l It appears in the System Information widget on the dashboard. l It is used in the command prompt of the CLI. l It is used as the SNMP system name.

The System Information widget and the get system status CLI command will display the full host name. However, if the host name is longer than 16 characters, the CLI and other places display the host name in a truncated form ending with a tilde ( ~ ) to indicate that additional characters exist, but are not displayed. For example, if the host name is FortiAnalyzer1234567890, the CLI prompt would be FortiAnalyzer123456~#.

To change the host name:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, click the edit host name button next to the Host Name
  3. In the Host Name box, type a new host name.

The host name may be up to 35 characters in length. It may include US-ASCII letters, numbers, hyphens, and underscores. Spaces and special characters are not allowed.

  1. Click the checkmark to change the host name.

Configuring the System Time – FortiAnalyzer 6.2.3

May 23, 2020, 8:54 pm
$
0
0

Configuring the system time

You can either manually set the FortiAnalyzer system time or configure the FortiAnalyzer unit to automatically keep its system time correct by synchronizing with a Network Time Protocol (NTP) server.

To configure the date and time:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, click the edit system time button next to the System Time
  3. Configure the following settings to either manually configure the system time, or to automatically synchronize the FortiAnalyzer unit’s clock with an NTP server:
  System Time   The date and time according to the FortiAnalyzer unit’s clock at the time that this pane was loaded or when you last clicked the Refresh button.
  Time Zone   Select the time zone in which the FortiAnalyzer unit is located and whether or not the system automatically adjusts for daylight savings time.
  Update Time By   Select Set time to manually set the time, or Synchronize with NTP Server to automatically synchronize the time.
  Set Time   Manually set the data and time.
Select Date Set the date from the calendar or by manually entering it in the format: YYYY/MM/DD.  
Select Time Select the time.  
Synchronize with NTP Server Automatically synchronize the date and time.  
Sync Interval Enter how often, in minutes, the device should synchronize its time with the NTP server. For example, entering 1440 causes the Fortinet unit to synchronize its time once a day.  
Server Enter the IP address or domain name of an NTP server. Click the plus icon to add more servers. To find an NTP server that you can use, go to http://www.ntp.org.  
  1. Click the checkmark to apply your changes.

Updating the system firmware – FortiAnalyzer 6.2.3

May 24, 2020, 8:55 pm
$
0
0

Updating the system firmware

To take advantage of the latest features and fixes, the FortiAnalyzer firmware can be updated. For information about upgrading your FortiAnalyzer device, see the FortiAnalyzerUpgrade Guide or contact Fortinet Customer Service & Support.

Backup the configuration and database before changing the firmware of your FortiAnalyzer unit. Changing the firmware to an older or incompatible version may reset the configuration and database to the default values for that firmware version, resulting in data loss. For information on backing up the configuration, see Backing up the system on page 160.

Before you can download firmware updates for your FortiAnalyzer unit, you must first register your FortiAnalyzer unit with Customer Service & Support. For details, go to https://support.fortinet.com/ or contact Customer Service & Support.

To update the FortiAnalyzer firmware:

  1. Download the firmware (the .out file) from the Customer Service & Support website, https://support.fortinet.com/.
  2. Go to System Settings > Dashboard.
  3. In the System Information widget, in the Firmware Version field, click Upgrade Firmware. The Firmware Upload dialog box opens.
  4. Drag and drop the file onto the dialog box, or click Browse to locate the firmware package (.out file) that you downloaded from the Customer Service & Support portal and then click Open.
  5. Click OK. Your device will upload the firmware image and you will receive a confirmation message noting that the upgrade was successful.

Optionally, you can upgrade firmware stored on an FTP or TFTP server using the following CLI command:

execute restore image {ftp | tftp} <file path to server> <IP of server> <username on server> <password>

For more information, see the FortiAnalyzerCLI Reference.

  1. Refresh the browser and log back into the device.
  2. Launch the Device Manager module and make sure that all formerly added devices are still listed.
  3. Launch other functional modules and make sure they work properly.

Backing Up The System – FortiAnalyzer 6.2.3

May 25, 2020, 8:55 pm
$
0
0

Backing up the system

Fortinet recommends that you back up your FortiAnalyzer configuration to your management computer on a regular basis to ensure that, should the system fail, you can quickly get the system back to its original state with minimal affect to the network. You should also perform a back up after making any changes to the FortiAnalyzer configuration or settings that affect the connected devices.

Fortinet recommends backing up all configuration settings from your FortiAnalyzer unit before upgrading the FortiAnalyzer firmware.

To back up the FortiAnalyzer configuration:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens
  3. If you want to encrypt the backup file, select the Encryption box, then type and confirm the password you want to use. The password can be a maximum of 63 characters.
  4. Select OK and save the backup file on your management computer.

Restoring the Configuration – FortiAnalyzer 6.2.3

May 26, 2020, 9:01 pm
$
0
0

Restoring the configuration

You can use the following procedure to restore your FortiAnalyzer configuration from a backup file on your management computer.

To restore the FortiAnalyzer configuration:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, click the restore button next to System Configuration. The Restore System dialog box opens.
  3. Configure the following settings then select OK.
Choose Backup File Select Browse to find the configuration backup file you want to restore, or drag and drop the file onto the dialog box.
Password Type the encryption password, if applicable.
Overwrite current IP and routing settings Select the checkbox to overwrite the current IP and routing settings.

Migrating the configuration – FortiAnalyzer 6.2.3

May 27, 2020, 9:02 pm
$
0
0

Migrating the configuration

You can back up the system of one FortiAnalyzer model, and then use the CLI and the FTP, SCP, or SFTP protocol to migrate the settings to another FortiAnalyzer model.

If you encrypted the FortiAnalyzer configuration file when you created it, you need the password to decrypt the configuration file when you migrate the file to another FortiAnalyzer model.

To migrate the FortiAnalyzer configuration:

  1. In one FortiAnalyzer model, go to System Settings > Dashboard.
  2. Back up the system. See Backing up the system on page 160.
  3. In the other FortiAnalyzer model, go to System Settings > Dashboard.
  4. In the CLI Console widget, type the following command:

execute migrate all-settings <ftp | scp | sftp> <server> <filepath> <user> <password> [cryptpasswd]

Search

Configuring the operation mode – FortiAnalyzer 6.2.3

May 28, 2020, 9:02 pm
$
0
0

Configuring the operation mode

The FortiAnalyzer unit has two operation modes: Analyzer and Collector. For more information, see Two operation modes on page 19.

When FortiAnalyzer is operating in Collector mode, the SQL database is disabled by default so logs that require the SQL database are not available in Collector mode unless the SQL database is enabled.

To change the operation mode:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, select Analyzer or Collector in the Operation Mode field
  3. Click OK in the confirmation dialog box to change the operation mode.

Stop Using 3rd Party VPN Clients

May 29, 2020, 9:02 pm
$
0
0

There are a lot of folks out there spending a lot of money on SSL VPN solutions when they have the feature built into the FortiGate already. Watch this video discussing this.

 

How to import FortiGate policy to a FortiManager (FortiOS 6.2.3)

May 30, 2020, 9:06 pm
$
0
0

This video goes over some of the steps and explains how to import policy into the FortiManager from a FortiGate that has already been unleashed into the wild.

 

Automate Scripting On The FortiGate

May 31, 2020, 9:13 pm
$
0
0

This video discusses how to automate your commands and scripting that you are having to do on a regular basis. That way you can focus on other more pressing items.

5 Simple Security Hardening Tips For Your FortiGate Admin Access

June 1, 2020, 9:14 pm
$
0
0

A lot of people are using the default account, ports, and much more for administrative access. This video will go into detail on how to secure that a bit to help lighten your threat of a compromise to your administrative accounts.

 

Viewing all 2380 articles
Browse latest View live
Search