Configuring Network Interfaces

Fortinet devices can be connected to any of the FortiAnalyzer unit’s interfaces. The DNS servers must be on the networks to which the FortiAnalyzer unit connects, and should have two different IP addresses.

The following port configuration is recommended:

Use port 1 for device log traffic, and disable unneeded services on it, such as SSH, Web Service, and so on.
Use a second port for administrator access, and enable HTTPS, Web Service, and SSH for this port. Leave other services disabled.

To configure port 1:

Go to System Settings > Network. The System Network Management Interface pane is displayed.
Configure the following settings for port1, then click Apply to apply your changes.

Name	Displays the name of the interface.
IP Address/Netmask	The IP address and netmask associated with this interface.
IPv6 Address	The IPv6 address associated with this interface.
Administrative Access	Select the allowed administrative service protocols from: HTTPS, HTTP, PING, SSH, SNMP, Web Service, and FortiManager.
IPv6 Administrative Access	Select the allowed IPv6 administrative service protocols from: HTTPS, HTTP, PING, SSH, SNMP, Web Service, and FortiManager.
Default Gateway	The default gateway associated with this interface.
Primary DNS Server	The primary DNS server IP address.
Secondary DNS Server	The secondary DNS server IP address.

To configure additional ports:

Go to System Settings > Network and click All Interfaces. The interface list opens.
Double-click on a port, right-click on a port then select Edit from the pop-up menu, or select a port then click Edit in the toolbar. The Edit System Interface pane is displayed.
Configure the settings as required.
Click OK to apply your changes.

Disabling ports

Ports can be disabled to prevent them from accepting network traffic

To disable a port:

Go to System Settings > Network and click All Interfaces. The interface list opens.
Double-click on a port, right-click on a port then select Edit from the pop-up menu, or select a port then click Edit in the toolbar. The Edit System Interface pane is displayed. In the Status field, click Disable
Click OK to disable the port.

Changing administrative access

Administrative access defines the protocols that can be used to connect to the FortiAnalyzer through an interface. The available options are: HTTPS, HTTP, PING, SSH, SNMP, Web Service, and FortiManager.

To change administrative access:

Go to System Settings > Network and click All Interfaces. The interface list opens.
Double-click on a port, right-click on a port then select Edit from the pop-up menu, or select a port then click Edit in the toolbar. The Edit System Interface pane is displayed.
Select one or more access protocols for the interface for IPv4 and IPv6, if applicable.
Click OK to apply your changes.

Static routes

Static routes can be managed from the routing tables for IPv4 and IPv6 routes.

The routing tables can be accessed by going to System Settings > Network and clicking Routing Table and IPv6 Routing Table.

To add a static route:

From the IPv4 or IPv6 routing table, click Create New in the toolbar. The Create New Network Route pane opens.
Enter the destination IP address and netmask, or IPv6 prefix, and gateway in the requisite fields.
Select the network interface that connects to the gateway from the dropdown list.
Click OK to create the new static route.

To edit a static route:

From the IPv4 or IPv6 routing table: double-click on a route, right-click on a route then select Edit from the pop-up menu, or select a route then click Edit in the toolbar. The Edit Network Route pane opens.
Edit the configuration as required. The route ID cannot be changed.
Click OK to apply your changes.

To delete a static route or routes:

From the IPv4 or IPv6 routing table, right-click on a route then select Delete from the pop-up menu, or select a route or routes then click Delete in the toolbar.
Click OK in the confirmation dialog box to delete the selected route or routes.

Packet capture

Packets can be captured on configured interfaces by going to System > Network > Packet Capture.

The following information is available:

Interface	The name of the configured interface for which packets can be captured. For information on configuring an interface, see Configuring network interfaces on page 167.
Filter Criteria	The values used to filter the packet.
# Packets	The number of packets.
Maximum Packet Count	The maximum number of packets that can be captured on a sniffer.
Progress	The status of the packet capture process.
Actions	Allows you to start and stop the capturing process, and download the most recently captured packets.

To start capturing packets on an interface, select the Start capturing button in the Actions column for that interface. The Progress column changes to Running, and the Stop capturing and Download buttons become available in the Actions column.

To add a packet sniffer:

From the Packet Capture table, click Create New in the toolbar. The Create New Sniffer pane opens.
Configure the following options:

Interface	The interface name (non-changeable).
Max. Packets to Save	Enter the maximum number of packets to capture, between 1-10000. The default is 4000 packets.
Include IPv6 Packets	Select to include IPv6 packets when capturing packets.
Include Non-IP Packets	Select to include non-IP packets when capturing packets.
Enable Filters	You can filter the packet by Host(s), Port(s), VLAN(s), and Protocol.

Click OK.

To download captured packets:

In the Actions column, click the Download button for the interface whose captured packets you want to download. If no packets have been captured for that interface, click the Start capturing
When prompted, save the packet file (sniffer_[interface].pcap) to your management computer. The file can then be opened using packet analyzer software.

To edit a packet sniffer:

From the Packet Capture table, click Edit in the toolbar. The Edit Sniffer pane opens. 2. Configure the packet sniffer options
Click OK.

Configuring Network Interfaces – FortiAnalyzer – FortiOS 6.2.3