Manuale d’uso / di manutenzione del prodotto FortiAnalyzer 3.0 MR7 del fabbricante Fortinet
Vai alla pagina of 234
www.fortinet.com FortiA na l yz er V ersion 3.0 MR7 ADMINISTRA TION GUIDE.
FortiAnalyzer Administra tion Guide V ersion 3.0 MR7 08 September 200 8 05-30007-00 82-20080908 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examp.
Contents FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 3 Contents Introduction ............... ................................. .............................. .......... 9 About this document ........ ................. ..
FortiAnalyzer Version 3.0 MR7 Administration Guide 4 05-30007-0082-200809 08 Contents Viewing session information .......................... ................ ................ ....... 35 Filtering session informat ion ... ............. ................
Contents FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 5 Hot swapping the FortiAnalyzer- 2000/2000A and FortiAnalyz- er-4000/4000A .............. ................ ............. ................ ................ ........ 66 Configuring RAID on the FortiAnalyze r-400 and FortiAnalyzer-80 0/800B .
FortiAnalyzer Version 3.0 MR7 Administration Guide 6 05-30007-0082-200809 08 Contents Customizing the content archive view ...................... ................ .................. 108 Displaying and arranging log columns .... ...... ................
Contents FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 7 Searching the Netw ork Analyzer logs ................... ................ ................ ...... 150 Search tips .......... ................ ................ ......
FortiAnalyzer Version 3.0 MR7 Administration Guide 8 05-30007-0082-200809 08 Contents Appendix: FortiAnalyzer re ports in 3.0 MR7 ......... .............. ........ 185 FortiGate reports ..... ................ ................. ............ ...........
Introduction About this document FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 9 Introduction FortiAnalyzer unit s are network appliances that provide integra ted log collection and reporting tools.
FortiAnalyzer Version 3.0 MR7 Administration Guide 10 05-30007-0082-200809 08 Fortinet documentation Introduction • Report s describes how to co nfigure report pr ofiles for one-tim e or scheduled report s on your network devices, users, or group s.
Introduction Customer service a nd technical su pport FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 Fortinet Tools and Documentation CD All Fortinet document ation is available from the Fortinet T ools and Documen tation CD shipped with your Fortinet product.
FortiAnalyzer Version 3.0 MR7 Administration Guide 12 05-30007-0082-200809 08 Customer service and technical support Introduction.
What’s new for 3.0 MR7 FortiAnalyzerV ersion 3.0 MR7 Administration Guide 05-30007-0082-2008090 8 13 What’ s new for 3.0 MR7 This section lists and de scribes the new features and changes in Fo rtiAnalyzer 3.
FortiAnalyzerVersion 3.0 MR7 Administration Guide 14 05-30007-0082-200809 08 What’s new for 3.0 MR7 • Network Summary menu removed – The Network Summary menu was removed in FortiAnalyzer 3.0 MR7. This menu was removed because most of the informa tion that pr eviously displa yed, now dis plays as widg ets on the Dashboard .
What’s new for 3.0 MR7 3.0 MR7 new features and changes FortiAnalyzerV ersion 3.0 MR7 Administr ation Guide 05-30007-0082-20080 908 15 3.0 MR7 new features and changes The following descriptions includes only menus containing new features, chang es to features, or both .
FortiAnalyzerVersion 3.0 MR7 Administration Guide 16 05-30007-0082-200809 08 3.0 MR7 new features and changes What’s new for 3.0 MR7 For the Log Rece ive Monitor widget, a diagnose command will be introduced to provide information about to tal message rate, me ssage rate per-protocol, and message rate per-device in the CLI.
What’s new for 3.0 MR7 3.0 MR7 new features and changes FortiAnalyzerV ersion 3.0 MR7 Administr ation Guide 05-30007-0082-20080 908 17 Fortinet recommends config uring a test report layout and report schedule to familiarize yourself with ho w reports are configured in FortiAnalyzer 3.
FortiAnalyzerVersion 3.0 MR7 Administration Guide 18 05-30007-0082-200809 08 3.0 MR7 new features and changes What’s new for 3.0 MR7 Alert email configuration changes When configuring an alert email.
Administrative Domain s (ADOMs) A bout administrative domain s (ADOMs) FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 19 Administrative Domains (ADOMs) Administrative Do .
FortiAnalyzer Version 3.0 MR7 Administration Guide 20 05-30007-0082-200809 08 About administrati ve domains (ADOMs ) Administrative Domains (ADOMs) • If ADOMs are ena bled and you log in as admin , you first access Administration Domain Configuration.
Administrative Domain s (ADOMs) A bout administrative domain s (ADOMs) FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 21 • If ADOMs are enabled an d you log in as any other administrator , you enter the ADOM assigned to your account.
FortiAnalyzer Version 3.0 MR7 Administration Guide 22 05-30007-0082-200809 08 Configuring ADOMs Administrative Domains (ADOMs) Configuring ADOMs Administrativ e domains (ADOMs) ar e disabled by defa ult.
Administrative Domains (ADOMs) Configuring ADOMs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 23 T o add or edit an ADOM 1 Log in as admin . Other administrators cannot enable, disable, or configur e ADOMs. 2 Select Create New , or se lect the check box next to an ADOM and select Edit.
FortiAnalyzer Version 3.0 MR7 Administration Guide 24 05-30007-0082-200809 08 Accessing ADOMs as the admin administrator Administra tive Domains (ADOMs) Accessing ADOMs as the admin administrator When ADOMs are enabled, additiona l ADOM items become available to the admin administrator and th e structure of the web-based manage r menu changes.
System Dashboard FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 25 System The System menu contains basic FortiAna lyzer unit system se ttings , such as network inte rface.
FortiAnalyzer Version 3.0 MR7 Administration Guide 26 05-30007-0082-200809 08 Dashboard System Figure 1: Dashboard of a FortiAnalyzer-100A u nit displaying one of the new widg ets Log Receive M onitor and a tab, Branch Office T o rearrange a Dashboard widget 1 Go to System > Dashboard .
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 27 3 Select Show or Hide. The widget toggles between showin g the full widget and being minimized to show only its title bar . T o include a Dashboard widget 1 Go to System > Dashboard .
FortiAnalyzer Version 3.0 MR7 Administration Guide 28 05-30007-0082-200809 08 Dashboard System 3 Enter a new name an d press Enter . T o delete a t ab 1 Go to System > Dashboard .
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 29 Figure 4: RAID Monitor displaying a dis k that is being rebuilt System Information The System Information area of the Das hboard displa ys basic information about the FortiAnalyzer unit, such as up time and firmware version.
FortiAnalyzer Version 3.0 MR7 Administration Guide 30 05-30007-0082-200809 08 Dashboard System Figure 5: System Infor mation Setting the time Set the system time to ensu re correct report time ranges and scheduling and accurate logging.
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 31 Changing the host name Change the FortiAnalyzer host name to dif ferentiate the FortiAnalyze r from other FortiAnalyzer unit s or other devices on your network.
FortiAnalyzer Version 3.0 MR7 Administration Guide 32 05-30007-0082-200809 08 Dashboard System System Resources The System Res ources area of the Das hboard displa ys use of the FortiAna lyzer unit’s resources, including CPU, memory (RAM) and hard disk.
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 33 T o view the FortiAnalyz er operational history 1 Go to System > Dashboard .
FortiAnalyzer Version 3.0 MR7 Administration Guide 34 05-30007-0082-200809 08 Dashboard System Resetting to the default configuration Y ou can reset the FortiAnalyzer unit to its defa ult configuration. Resetting the configura tion does not rest ore the original firmwar e.
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 35 Figure 10: Alert messages Statistics The S tatistics area of the Dashboard co unts the numbers of sessions, logs, and reports ha ndled by the FortiAnalyzer unit.
FortiAnalyzer Version 3.0 MR7 Administration Guide 36 05-30007-0082-200809 08 Dashboard System T o view t he sessio n informa tion 1 Go to System > Dashboard . 2 In the S ta tistics area, next to Connections, select Det ails. Filtering session information Y ou can filter the conten ts to find specific content.
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 37 Log Receive Monitor The Log Receive Mon itor displays historical analysis of the rate at which logs are received. This widget displays this information in a graphical format.
FortiAnalyzer Version 3.0 MR7 Administration Guide 38 05-30007-0082-200809 08 Dashboard System Intrusion Activity Intrusion Activity displays the top att acks that occurr ed on the network.
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 39 Figure 15: Virus Activity wi dget T o edit the inf ormation for Virus Activi ty 1 Go to System > Dashboard . 2 In Virus Activity , selec t Ed it in the title ba r area.
FortiAnalyzer Version 3.0 MR7 Administration Guide 40 05-30007-0082-200809 08 Dashboard System T o edit the information for T op FTP T raffic 1 Go to System > Dashboard . 2 In T o p FTP Traf fic, select Edit in the tit le bar area . 3 Enter the appro priate informatio n for the following: 4 Select OK.
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 41 3 Enter the appropriate infor mation for the following: 4 Select OK. Top IM/P2P Traffic T op IM/P2P Traf fic displays the top inst ant messaging and P2P programs used, using a bar c hart.
FortiAnalyzer Version 3.0 MR7 Administration Guide 42 05-30007-0082-200809 08 Dashboard System 3 Enter the appro priate informatio n for the following: 4 Select OK. Top Traffic T op Tr affic displays the tot al amount of traffic for FortiGate unit s. T op Traf fic uses traf fic logs in determining the tota l amount of traf fic.
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 43 3 Enter the appropriate infor mation for the following: 4 Select OK. Top Web Traffic T op Web T raffic displays th e total web traf fic usage on the network.
FortiAnalyzer Version 3.0 MR7 Administration Guide 44 05-30007-0082-200809 08 Network System 3 Enter the appro priate informatio n for the following: 4 Select OK. Network Use the network settings to configure the For tiAnalyzer unit to operate in your network.
System Network FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 45 Changing interface settings T o change the interfac e setting s 1 Go to System > Network > Interface . 2 In the row correspon ding to the interface you wa nt to change, select Mod ify .
FortiAnalyzer Version 3.0 MR7 Administration Guide 46 05-30007-0082-200809 08 Network System About Fortinet Discovery Protocol FortiGate units running FortiOS version 3. 0 or greater can use Fo rtinet Discovery Protocol (FDP), a UDP protocol, to locate a FortiAnalyzer unit.
System Admin FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 47 Adding a route S tatic routes provide the Fo rtiAnalyzer unit with the inform ation it need s to forward a packet to a particular destination other than the default gateway .
FortiAnalyzer Version 3.0 MR7 Administration Guide 48 05-30007-0082-200809 08 Admin System Adding or editing an administrator account Y ou can ad d, edit or delete a FortiA nalyzer adm inistrator acco unt, except th e default administrator admin administrator acco unt.
System Admin FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 49 Changing an administrator’s password The admin administrator and adm inistrators with read and write permissions can change their own a ccount passwords. Administrato rs with read-only permis sions cannot cha nge their own password.
FortiAnalyzer Version 3.0 MR7 Administration Guide 50 05-30007-0082-200809 08 Admin System Figure 24: Acces s Profile T o create an access profile 1 Go to System > Admin > Acce ss Profile .
System Admin FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 51 RADIUS Server RADIUS servers authenticate administra tors. The following procedure expla ins how to add a RADIUS server for authenticating administrato rs. T o add a RADIUS server 1 Go to System > Admin > RADIUS Server .
FortiAnalyzer Version 3.0 MR7 Administration Guide 52 05-30007-0082-200809 08 Network Sharing System Monitor The Monitor page e nables the admin administrator to view other administrato rs currently logged in to the FortiAnalyze r unit. The admin administra tor can disconnect other admini strators, should the need arise.
System Network Sharing FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 53 3 Enter the following information for th e user account and select OK: Adding share groups Y ou can create network share user groups to maintain access privileges for a large numbe r of users at once.
FortiAnalyzer Version 3.0 MR7 Administration Guide 54 05-30007-0082-200809 08 Network Sharing System T o enable Windows sh ares 1 Go to System > Network Sharing > Windows Share . 2 Select Enable Windows Networ k Sharing. 3 Enter a W orkgroup name .
System Network Sharing FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 55 7 Select the type of access rights the users and groups will have and select the appropriate right ar row to move the user or group name to th e Read-Only Access or Read-Write Access boxes.
FortiAnalyzer Version 3.0 MR7 Administration Guide 56 05-30007-0082-200809 08 Config System 5 Select OK. 6 In Remote Clients, enter the IP address or domain name of the remote system or user ID. 7 Select the type of Permission required and select Add .
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 57 Figure 30 : FortiAnalyzer u nit log setting s Log Locally Select to save the Forti Analyzer log messages on the Fo rtiAnalyzer hard disk. Log Level Select the s everity level for th e log messages recorded to the FortiAnalyzer hard disk.
FortiAnalyzer Version 3.0 MR7 Administration Guide 58 05-30007-0082-200809 08 Config System Configuring log aggregation Log aggregation is a method of collecting log data from one or more Fo rtiAnalyzer units to a centra l FortiAnalyzer unit.
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 59 For example, a comp any may have a headquarter s and a number of branch offices. Each bran ch office has a FortiG ate un it and a FortiAnalyzer-100A/100B to collect local log information.
FortiAnalyzer Version 3.0 MR7 Administration Guide 60 05-30007-0082-200809 08 Config System Configuring an a ggregation client An aggregation client is a FortiAnalyzer unit that sends logs to a aggre gation server . These include models such as the Fort iAnalyzer-100A/100B and FortiAnalyzer-400.
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 61 3 Enter the IP address of the external syslog server in Remot e device IP . 4 Select whether to Forward all incoming logs or For ward only authorized logs (authorized according to a de vice’s permission s in the device list).
FortiAnalyzer Version 3.0 MR7 Administration Guide 62 05-30007-0082-200809 08 Config System 3 Enter the path and file name or se lect Browse to locate the file. 4 Select OK. IP alias ranges When adding a n IP alias you can include an IP address range as we ll as individual addresses.
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 63 Linear A linear RAID level combines all hard disks into one large virtual disk. It is also known as concat enation or JBOD (Just a B unch of Disks). The total space available in this option is the capacity of all disks used .
FortiAnalyzer Version 3.0 MR7 Administration Guide 64 05-30007-0082-200809 08 Config System RAID 10 RAID 10 ( or 1+0), inc ludes nes ted RAID lev els 1 and 0, or a stripe (RAID 0) o f mirrors (RAID 1). The total disk sp ace available is the total number of disks in the array (a minimum of 4) divided by 2.
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 65 Y ou can use any br and of hard disk to replace a failed hard disk, as long as it has the same capacity or greater . For example, if replac ing a 120 GB hard drive, you could use either a 120 GB or 250 GB hard drive.
FortiAnalyzer Version 3.0 MR7 Administration Guide 66 05-30007-0082-200809 08 Config System Hot swapping the Forti Analyzer-2000/2000A and FortiAnalyzer-4000/4000A The following diagram indicates the drive number a nd their location in the FortiAnalyzer unit when you are looking at the front of the unit.
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 67 The options available here will depend on the RAID level selected. For most RAID levels, you can only add the new hard disk back into the RAID array . If you are running a RAID level with hot spare, you can also add the new hard disk as the hot spare.
FortiAnalyzer Version 3.0 MR7 Administration Guide 68 05-30007-0082-200809 08 Config System RAID settings can be configured from the Dashb oard, in the RAID Monitor widget as well as from System > Conf ig > RAID .
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 69 Figure 34: LDAP settings T o define an LDAP server query 1 Go to System > Config > LDAP . 2 Select Create New . Co mplete the following: LDAP Distinguished Na me Query Name Enter the name for the LDAP server query .
FortiAnalyzer Version 3.0 MR7 Administration Guide 70 05-30007-0082-200809 08 Maintenance System 3 Select OK. The LDAP query becomes an available option when configuring var iables for report pro files. For more informa tion, see “Configuring reports” on page 1 13 .
System Maintenance FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 71 FortiGuard Center Y ou can update the engine and vulnerability scan modules in one of the following way.
FortiAnalyzer Version 3.0 MR7 Administration Guide 72 05-30007-0082-200809 08 Maintenance System Figure 36: FortiGuard Center FortiGuard Subscription Services The RVS (remote vulnerability scan) engine and module version number , date of last upda te, and status of the connection to th e Fortinet Distribution Network (FDN).
System Maintenance FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 73 Port Enter the port number of the web proxy . This is usually 8080 . Name If your web proxy requi res a login, ente r the user name that your FortiAnalyzer unit should use when connecting to the FDN through the web proxy .
FortiAnalyzer Version 3.0 MR7 Administration Guide 74 05-30007-0082-200809 08 Maintenance System.
Device Viewing the device list FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 73 Device The Device menu controls connection a ttempt handling, permissions, disk space quo.
FortiAnalyzer Version 3.0 MR7 Administration Guide 74 05-30007-0082-200809 08 Viewing the device list Device Devices may automatically app ear on the device list when the FortiAnalyzer receives a conn.
Device Viewing the device list FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 75 • Tx indicates logg ing access for all devices mana ged by the FortiManager system. • Rx indicates that the FortiManager system can remotely administer the FortiAna lyzer unit.
FortiAnalyzer Version 3.0 MR7 Administration Guide 76 05-30007-0082-200809 08 Viewing the device list Device T o delete a device 1 Go to Device > All > Device . 2 In the row corresponding to the device th at you want to delete, in the Action column, select Delete.
Device Viewing the device list FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 77 For networks with more demandi ng logging scenarios, an appropriate device rati o may be less than the allowed maximum. Perfor mance will vary according to your network size, device types, logging thresholds, and many ot her factors.
FortiAnalyzer Version 3.0 MR7 Administration Guide 78 05-30007-0082-200809 08 Configuring unregistered device connection attempt hand ling Device Configuring unregistered device connection attempt han.
Device Configuring unregistered device conne ction attempt handli ng FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 79 Figure 2: Un registered Device Option s T o configure device connection attempt han dling 1 Go to Device > All > Device .
FortiAnalyzer Version 3.0 MR7 Administration Guide 80 05-30007-0082-200809 08 Manually adding a device Device Manually adding a device Y ou can add de vices to the FortiAnaly ze r unit’s device list either manually or automatically .
Device Manually adding a device FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 81 Figure 3: Configuring a de vice Device T ype Select the device type. The type is automatically pre- selected if you are adding an unregistered device from the device list, or if you are editing an existing device.
FortiAnalyzer Version 3.0 MR7 Administration Guide 82 05-30007-0082-200809 08 Manually adding a device Device T o manually add a device or HA cluster 1 Go to Device > All > Device .
Device Manually adding a device FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 83 13 Select the blue arrow to exp and Group Membership. This option does not appear if Device T ype is FortiClient. In t hat case, also s kip the following step.
FortiAnalyzer Version 3.0 MR7 Administration Guide 84 05-30007-0082-200809 08 Manually adding a device Device T o classify network inter faces and VLAN subinterfaces of a Fo rtiGate unit 1 Go to Device > All > Device . 2 Configure the FortiGate device.
Device Manually adding a device FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 85 T o enable the FortiAnalyzer unit to reply to FDP pac kets 1 On the FortiAn alyzer unit, go to Device > All . 2 Go to System > Network .
FortiAnalyzer Version 3.0 MR7 Administration Guide 86 05-30007-0082-200809 08 Blocking device connection attempts Device T est Connectivity does not verify connectivity by Syslog. Syslog is required to send log messages. T o verify Syslog connec tivity , trigger FortiGate logs, then go to Log&Repor t > Log Access > Remote .
Device Configuring device groups FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 87 T o block a device 1 Go to Device > All > Device . 2 From Show , select U nregistered. If the device is currently registered, you must first delete the de vice before you can block it.
FortiAnalyzer Version 3.0 MR7 Administration Guide 88 05-30007-0082-200809 08 Configuring device groups Device Figure 5: List of device group s T o configure a device gro up 1 Go to Device > Group > Device G roup . 2 Select Create New to configure a new device group, or select Edit to reconfigure an existing device group.
Log Viewing log messages FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 91 Log FortiAnalyzer units collect logs from netw ork hosts suc h as FortiGat e, FortiMail, FortiClient, FortiManager , and Syslog devices.
FortiAnalyzer Version 3.0 MR7 Administration Guide 92 05-30007-0082-200809 08 Viewing log messages Log Figure 1: Vi ewing current logs Viewing historical log messages The Historical tab in Log > Log Vi ewer displays logs for a selected device and log type for a specific time range.
Log Viewing log messages FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 93 Figure 2: Viewing historical lo gs Devices Select the type of device you want to view logs from. If you select All FortiGates, all log message s fr om all registered FortiGate units appear .
FortiAnalyzer Version 3.0 MR7 Administration Guide 94 05-30007-0082-200809 08 Browsing log files Log T o view historical logs 1 Go to Log > Log V iewer > Historical . 2 From Dev ices, select th e device who se logs you want to view . Unregistered devices wi ll not appear in the list.
Log Browsing log files FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 95 Viewing log file contents The Log Browser ta b enables you to view all log messages within local or device log files.
FortiAnalyzer Version 3.0 MR7 Administration Guide 96 05-30007-0082-200809 08 Browsing log files Log Importing a log file Y ou can import devices’ log files.
Log Browsing log files FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 97 5 In Filename, enter the path and file name of the log file, or select Browse. 6 Select OK. A message appears, stating th at the upload is beginning, but will be cancelled if you leave the page.
FortiAnalyzer Version 3.0 MR7 Administration Guide 98 05-30007-0082-200809 08 Customizing the log view Log 5 Select Download Current V iew . 6 Configure the following: 7 Select OK. 8 If prompted by your web browser , select a location to save the file, or open it without saving.
Log Customizing the log view FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 99 Figure 5: Displayi ng and arranging l og columns T o display or hide columns 1 Go to a page which displays log messages, s uch as Log > Log Viewer > Real- time .
FortiAnalyzer Version 3.0 MR7 Administration Guide 100 05-30007-0082-200809 08 Customizing the log view Log Figure 6: Filter icon s T o filter log messages by co lumn content s 1 In the heading of the column that you wa nt to filter , select the filter icon.
Log Searching the logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 101 • 1.1.1.1 or 2.2.2.1-2.2.2.10 Most column filters require that you enter th e column’s entire .
FortiAnalyzer Version 3.0 MR7 Administration Guide 102 05-30007-0082-200809 08 Searching the logs Log Device/Group Select to search logs from the Fo rtiAnalyzer unit (LocalLogs), a device , or a device group.
Log Searching the logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 103 T o search the logs 1 Go to Log > Search . 2 From Device/Group, select which device or device group’ s logs you want to search.
FortiAnalyzer Version 3.0 MR7 Administration Guide 104 05-30007-0082-200809 08 Searching the logs Log • Some keywords will not match unless you include both the lo g field name and its value ( type=webfilter ). • Remove unnecessary keywords and search filters which can exclud e results.
Log Rolling and u ploading logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 105 T o download log search results 1 Go to Log > Search .
FortiAnalyzer Version 3.0 MR7 Administration Guide 106 05-30007-0082-200809 08 Rolling and uploadi ng logs Log Figure 8: D evice Log Settings Log file sho uld not exceed Enter the maximum size of each device log file.
Log Rolling and u ploading logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 107 Upload rolled files in gzipped format Select to compress the log files in gzipped format before uploadin g to the server .
FortiAnalyzer Version 3.0 MR7 Administration Guide 108 05-30007-0082-200809 08 Rolling and uploadi ng logs Log.
Content Archive Viewing content archives FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 107 Content Archive Content archiving provides a method of simult aneously logging and archiving copies of content transmitted over your network, such as email and web pages.
FortiAnalyzer Version 3.0 MR7 Administration Guide 108 05-30007-0082-200809 08 View ing content arch ives Content Archi ve • whether the FortiAnalyzer unit has the c opy of the file or me ssage asso.
Content Archive Customizing the content archive view FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 109 Customizing the content archive view Log messages can be d isplayed in either Raw or Formatted view . • Raw view displays log messages exactly as they appear in the log file.
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 0 05-30007-0082-200809 08 Customizi ng the content archiv e view Content Archi ve 3 Select which columns to hide or displ ay .
Content Archive Customizing the content archive view FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 111 4 Enter the text that matching log messages must contain. Matching log messages will be excluded or included in your view based upon whether you have selected or deselecte d NOT .
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 2 05-30007-0082-200809 08 Searching full email content archives Content Archi ve Searching full email content archives Y ou can search full email content archives to quickly locate and view messages, such as those wh ose body contain s a specific term.
Content Archive Searching full email content archives FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 3 To The recipient’s email address. Last activity The date and time that the FortiAnalyzer unit recei ved the content archive.
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 4 05-30007-0082-200809 08 Searching full email content archives Content Archi ve.
Reports Configuring reports FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 11 3 Report s FortiAnalyzer unit s can collate information collected from device log files and present the information in tabular and graphical report s, which provides quick analysis of what is occurring on the network.
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 4 05-30007-0082-200809 08 Configuring reports Reports Configuring report layout The Layout t ab enables you to configure an d de fine multiple repo rt layout s, which can then be applied to report sch edules or generated immediately .
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 5 Figure 2: Layout There are also default repor t layouts for you to choose fro m as well, and they appear in the rep ort layout list with the repo rt layouts you created.
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 6 05-30007-0082-200809 08 Configuring reports Reports 4 Select [Add Chart(s)]. 5 Enter the appro priate informatio n for the following: 6 Select OK. If you want to edit chart s immediately af ter configu ring them, go to the procedure “T o edit a chart” on page 1 17 .
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 7 Editing charts in a report layout Y ou can edit charts at any time as well as rearra nge the charts from within the Chart List. Y ou can also edit T ext and Section as well.
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 8 05-30007-0082-200809 08 Configuring reports Reports T o edit a chart 1 Select Edit beside the chart name.
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 9 3 Select OK. If you want to rearrange the char ts so that they are presented in a dif ferent order , select and drag a chart (using your mouse) to above or below another chart.
FortiAnalyzer Version 3.0 MR7 Administration Guide 120 05-30007-0082-200809 08 Configuring reports Reports T o configure a report schedule 1 Go to Report > Schedule . 2 Select Create New . 3 Enter the appro priate informatio n for the following: Create New Select to create a new report schedul e and configure the settings.
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 121 4 Select OK. Monthly Select to generate the report on a specific day or days of the month.
FortiAnalyzer Version 3.0 MR7 Administration Guide 122 05-30007-0082-200809 08 Configuring reports Reports Configuring data filter templates Y ou can configure multiple data filter templates for reports in Report > Config > Dat a Filter . These templates can be applied to any re port schedule you want.
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 123 Figure 5: Configuring a dat a filter template T o configure data filters for a report 1 Go to Report > Config > Dat a Filter . 2 Select Create New .
FortiAnalyzer Version 3.0 MR7 Administration Guide 124 05-30007-0082-200809 08 Configuring reports Reports Alias Select the appropriate alias from the drop-down list. See Configuring IP alias on page 50 for more information ab out configuring IP aliases.
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 125 4 Select OK. Configuring report output templates Y ou can configure the FortiAnalyzer unit to.
FortiAnalyzer Version 3.0 MR7 Administration Guide 126 05-30007-0082-200809 08 Configuring reports Reports When conf iguring the F ortiAnalyzer unit to ema il a report, y ou must fir st configure the FortiAnalyzer unit to connect to an ema il server .
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 127 Send Report by Mail V erify this check box is selected. If you do not want to sen d a report by email, unselect the check box. If the check box is unselected, the availabl e options under Send Report by Mail are hidden.
FortiAnalyzer Version 3.0 MR7 Administration Guide 128 05-30007-0082-200809 08 Configuring reports Reports 4 Select OK. Configuring language When creating a report la yout, you can select which language the report will be written in.
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 129 Keys are required and must not be removed or changed.
FortiAnalyzer Version 3.0 MR7 Administration Guide 130 05-30007-0082-200809 08 Configuring reports Reports Figure 8: Languages T o create a report la nguage customization 1 Go to Report > Config > Language . 2 Locate the de fault language th at you want to custom ize.
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 131 6 If you changed the encoding of the string file, open the format file using a plain text editor that supp orts Unix-style line endings, suc h as jEdit , and edit the encoding and characte r set values for ea ch file format.
FortiAnalyzer Version 3.0 MR7 Administration Guide 132 05-30007-0082-200809 08 Browsing reports Reports T o change a report language cust omization 1 Go to Report > Config > Language . 2 Locate the customized language whose font, string, or format file you want to change and in that language’ s row , select Edit from the Action column.
Reports Browsing reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 133 Figure 9: Viewi ng reports in Report > Browse Refresh Select to refresh the list. If the FortiAnalyzer unit is in the process of generating a report, use Refresh to update the status of the report generation.
FortiAnalyzer Version 3.0 MR7 Administration Guide 134 05-30007-0082-200809 08 Browsing reports Reports.
Quarantine Viewing quarantined files FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 131 Quarantine FortiAnalyzer unit s can act as a central repository for fi les that are suspicious or known to be infected b y a virus, and have therefor e be en quarantined by your FortiGate units.
FortiAnalyzer Version 3.0 MR7 Administration Guide 132 05-30007-0082-200809 08 Viewing quarantined files Quarantine Date & T ime The date and time the FortiGate q uaranti ned the file, in the format yyyy/mm/dd hh:mm:ss . The time and date indicates the time that the first file was quarantined, if dupli cate files are quarantin ed.
Alert Alert Events FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 133 Alert Alerts pro vide a method of informing you of issues arising o n a FortiGate unit, FortiClient installation, or th e FortiAnalyzer unit itself, such as system failures or network attacks, ena bling you to react in a timely manner to th e event.
FortiAnalyzer Version 3.0 MR7 Administration Guide 134 05-30007-0082-200809 08 Alert Events Alert Adding an alert event Adding an alert event e nables you to rece ive notification when ce rt ain types of log messages are received. T o add a new alert event 1 Go to Alert > Alert Event .
Alert Output FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 135 4 Select OK. Output When the FortiAnalyzer unit receive s a log messages meeting the alert event conditions, it sends an alert message as an email, syslog mess age or SNMP T rap, informing an admin istrator of the issue and where it is occurring.
FortiAnalyzer Version 3.0 MR7 Administration Guide 136 05-30007-0082-200809 08 Output Alert T o add a mail server for alert s 1 Go to Alert > Output > Mail Server .
Alert Output FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 137 Figure 3: SNMP Ac cess List SNMP Agent Select to enable the SNMP agent. Description Enter a descriptive name fo r this FortiAnalyzer uni t. Location Enter the physical location of the FortiAnalyzer unit, such as a city or floor number.
FortiAnalyzer Version 3.0 MR7 Administration Guide 138 05-30007-0082-200809 08 Output Alert Adding an SNMP server Y ou ca n add an SN MP server to define a destination IP address that can be selected as the recipien t of FortiAnal yzer unit SNMP alert s.
Alert Output FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 139 Fortinet MIB Sy stem T rap s • fnT rapCpuHigh • fnT rapMemLow • fnT rapIpChange Fortinet MIB Logging T.
FortiAnalyzer Version 3.0 MR7 Administration Guide 140 05-30007-0082-200809 08 Output Alert RFC-1213 (MIB II) • mib-2.system • mib-2.interface •m i b - 2 . a t •m i b - 2 . i p • mib-2.icmp • mib-2.tcp •m i b - 2 . u d p • mib-2.ifMIB RFC-2665 (Ethernet- like MIB) • .
Alert Output FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 141 3 Configure the following options, and select OK. Name Enter a name for the SNMP server . IP address (or FQDN) Enter the IP address or fully qual ified domain name for the SNMP server .
FortiAnalyzer Version 3.0 MR7 Administration Guide 142 05-30007-0082-200809 08 Output Alert.
Network Analyzer Connecting the FortiAnalyz e r unit to analyze network traffic FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 141 Network Analyzer Network Analyzer can be .
FortiAnalyzer Version 3.0 MR7 Administration Guide 142 05-30007-0082-200809 08 Connecting the FortiAnalyzer unit to anal yze network traffic Network Analyzer Figure 1: Ex ample network topology for Ne.
Network Analyzer Viewing Network Analyzer log messages FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 143 V iewing Network Analyzer log messages After att aching a FortiAnalyzer unit inte rface to the network and enabled the Network Analyzer for that interfac e, traffic information displays.
FortiAnalyzer Version 3.0 MR7 Administration Guide 144 05-30007-0082-200809 08 View ing Network Analyzer log messages Network Analyzer Viewing historical Netw ork Analyzer log messages The Historical tab in To o l s > Network Analyze r displays Network A nalyzer logs for a specific time ran ge.
Network Analyzer Browsing Network Analyzer log files FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 145 Browsing Network Analyzer log files The Browse ta b in To o l s >.
FortiAnalyzer Version 3.0 MR7 Administration Guide 146 05-30007-0082-200809 08 Browsing Network Analyzer log files Network Analyzer Figure 5: Viewing Network Analyzer logs Ty p e The type of log you are vi ewing an d the device where it originated. Change Select to view a dif ferent log file.
Network Analyzer Browsing Network Analyzer log files FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 147 Downloading a Networ k Analyzer log file Y ou can download a log file to save it as a backup or for use outside the FortiAnalyzer unit.
FortiAnalyzer Version 3.0 MR7 Administration Guide 148 05-30007-0082-200809 08 Customizing the Network Analyzer log view Network Analyzer Customizing the Network Analyzer log view Log messages can be displayed in either Raw or Forma tted view . • Raw view displays log messages exac tly as they appear in the log file.
Network Analyzer Customizing the Network Analyzer lo g view FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 149 3 Select which columns to hide or display .
FortiAnalyzer Version 3.0 MR7 Administration Guide 150 05-30007-0082-200809 08 Customizing the Network Analyzer log view Network Analyzer 3 If you want to exclude log messages with matching cont ent in this column, select NOT . If you want to include log me ssages with matching content in this column, deselect NOT .
Network Analyzer Searching the Network Analyzer logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 151 Searching the Network Analyzer logs Y ou can search the Network Analyzer log f iles for matching text using two search types: Quick Search and Full Se arch.
FortiAnalyzer Version 3.0 MR7 Administration Guide 152 05-30007-0082-200809 08 Searching the Network Analyzer logs Network Analyzer T o search the logs 1 Go to To o l s > Ne twork An alyzer > Search .
Network Analyzer Searching the Network Analyzer logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 153 • Y ou can search for IP ranges, including subn ets. For example: • 172.168.1.1/24 or 172.168.1.1/255.255.255.0 matches all IP addresses in the su bnet 172.
FortiAnalyzer Version 3.0 MR7 Administration Guide 154 05-30007-0082-200809 08 Rolling and uploading Network Anal yzer logs Network Analyzer 4 Select the download options that you want, then select OK. 5 If prompted by your web browser , select a location to save the file, or open it without saving.
Network Analyzer Rolling and uploading Ne twork Analyzer logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 155 Figure 9: T raffic Log Settings Enable Netwo rk Analyzer on Select the port on which Network Analyzer observes traffic.
FortiAnalyzer Version 3.0 MR7 Administration Guide 156 05-30007-0082-200809 08 Rolling and uploading Network Anal yzer logs Network Analyzer Enable log uploadin g Select to upload log files to an server when a log fi le rolls.
To o l s Preparing for the vulnerability scan job FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 157 To o l s The T ools menu provides vulnerability scann ing as well as viewing the files that are on your FortiAnalyzer un it.
FortiAnalyzer Version 3.0 MR7 Administration Guide 158 05-30007-0082-200809 08 Preparing for the vulnerability scan job To o l s authenticating without r oot or admini strator credentials are typicall.
To o l s Preparing for the vulnerability scan job FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 159 Some vulnerability scan modu les , such as those that test file permissions or check installed patch and software versions , require full access to the t arget host.
FortiAnalyzer Version 3.0 MR7 Administration Guide 160 05-30007-0082-200809 08 Preparing for the vulnerability scan job To o l s Figure 1: C onfiguring the security model for local acc ounts authenticating remotely 4 Select Local Computer Policy . 5 Select Computer Configuration.
To o l s Viewing vulnerability scan modules FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 161 9 Select OK. 10 Select OK. 11 Select Close. 12 After the vuln erability scan job completes, revert the NetBIOS settings configured in this procedure.
FortiAnalyzer Version 3.0 MR7 Administration Guide 162 05-30007-0082-200809 08 Viewing vulnerability scan modules To o l s When configuring a full vulnerability scan, y ou can restrict the sc an job to use only those modules for vulnerabil ities that me et or e xceed your sp ecified sev erity threshold.
To o l s Configuring vulnerabi lity scan jobs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 163 T o filter the module view by vulnerability thr eshold 1 Go to T ools > Vulnerability Scan > Module .
FortiAnalyzer Version 3.0 MR7 Administration Guide 164 05-30007-0082-200809 08 Configuring vulnerability scan jobs To o l s Configuring a custom scan allows you to provide th e user name and password .
To o l s Configuring vulnerabi lity scan jobs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 165 T o configure a vulnerability scan job 1 Go to T ools > Vulnerability Scan > Job . 2 Select Create New . 3 Complete the following: 4 Select the blue arrow to exp and Scan Option.
FortiAnalyzer Version 3.0 MR7 Administration Guide 166 05-30007-0082-200809 08 Configuring vulnerability scan jobs To o l s 6 Select the blue arrow to expand Schedule Option. 7 From Schedule, select ei ther Run Now or Run Later . If you select Run Later , also select the Date or T ime when the FortiAnalyzer unit will run the scan.
To o l s Viewing vulnerability scan reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 167 10 Select OK. V iewing vulnerability scan report s The Report t ab in T ools > Vulnerability Scan displays a list of the finished vulnerability scan reports.
FortiAnalyzer Version 3.0 MR7 Administration Guide 168 05-30007-0082-200809 08 File Explorer To o l s T o view a vulnerability scan report 1 Go to To o l s > Vulnerability Scan > Report . 2 T o view the report in HTML format, in the Job N ame column, select the nam e of the report.
To o l s File Explorer FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 169 Figure 5: File Expl orer Figure 6: File Explorer with Storage directory expanded.
FortiAnalyzer Version 3.0 MR7 Administration Guide 170 05-30007-0082-200809 08 File Explorer To o l s.
Managing firmwa re versions Backing up your configurati on FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 169 Managing firmware versions Before upgrading to For tiAnalyzer 3.0, it is recommended to review this chap ter so you can be fully aware of the procedures and issues when upgrading to FortiAnalyzer 3.
FortiAnalyzer Version 3.0 MR7 Administration Guide 170 05-30007-0082-200809 08 Backing up your configuratio n Managing firmware versions Backing up your configuration using the web-based manager The following procedures describe how to back up your cu rrent configuration using the web-based ma nager .
Managing firmwa re versions Backing up your configurati on FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 171 5 Select OK. 6 Select a location when prompted by your we b browser to save the file.
FortiAnalyzer Version 3.0 MR7 Administration Guide 172 05-30007-0082-200809 08 T esting fi rmware before upgrading Managing firmware versions T esting firmware before upgrading Y ou may want to test the firmware you wa nt to install before upgrading to a new firmware ve rsion, main tenance or patch release.
Managing firmwa re versions T esting firmw are before upgrading FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 173 8 T ype G to get t he new fir mware imag e from the TFTP serv er . The following m essage appears: Enter TFTP server address [192.
FortiAnalyzer Version 3.0 MR7 Administration Guide 174 05-30007-0082-200809 08 Upgrading your FortiAnalyzer unit Managing firmware versions Upgrading your FortiAnalyzer unit After backing up your current configu ration, you can now upgrade the firmware on your FortiAnalyzer unit.
Managing firmwa re versions Upgrading your FortiAn alyzer unit FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 175 T o upgrade to FortiAnalyzer 3.0 using the web-based manager 1 Copy the firmware image file to your manage ment computer .
FortiAnalyzer Version 3.0 MR7 Administration Guide 176 05-30007-0082-200809 08 Upgrading your FortiAnalyzer unit Managing firmware versions This operation will replace the current firmware version! Do you want to continue? (y/n) 6 Ty p e y .
Managing firmware versions Reverting to a previous firmware version FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 177 Reverting to a previous firmware version Y ou may need to revert to a previous firmware version if the upgrade did not install successfully .
FortiAnalyzer Version 3.0 MR7 Administration Guide 178 05-30007-0082-200809 08 Reverting to a previous firmware version Managing firmware versions Verifying the downgrade After succe ssfully downgrading to FortiLog 1.6, verify your connections and settings.
Managing firmware versions Reverting to a previous firmware version FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 179 8 Reconnect to the CLI.
FortiAnalyzer Version 3.0 MR7 Administration Guide 180 05-30007-0082-200809 08 Restoring your configuration Managing firmware versions Restoring your configuration Y our co nfiguration settings ma y not carry forward after do wngrading to FortiLog 1.6.
Managing firmwa re versions Restoring your configurati on FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 181 6 When this message appears: Press any key to display configuration menu... immediately press a key to interrupt the system st artup.
FortiAnalyzer Version 3.0 MR7 Administration Guide 182 05-30007-0082-200809 08 Restoring your configuration Managing firmware versions Restoring your configur ation settings using the web-based manager The following restores your FortiLog 1.6 configur ation settings using the web-based manage r .
Managing firmwa re versions Restoring your configurati on FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 183 6 Ty p e y . The FortiAnalyzer unit uplo ads the backup configuration file. Af ter the file uploads, a message, similar to the following, is displayed: Getting file confall from tftp server 192.
FortiAnalyzer Version 3.0 MR7 Administration Guide 184 05-30007-0082-200809 08 Restoring your configuration Managing firmware versions.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 005-30007-0082-200809 08 185 Appendix: FortiAnalyzer report s in 3.0 MR7 Reports have changed dram atically in FortiAnalyzer 3.0 MR7, from how you configure them to the de fault naming scheme given when generated.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Intrusion Activity The following table expla ins what Intrus ion Activity report s have ch anged and what they were changed to in FortiAnalyze r 3.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 187 T op Infected Files by Date T op Infected Files T op Infect.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 T o p Virus Destinations over IMAP by Date T op Virus Destina.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 189 The following report s were removed: • T op Virus Agent s.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Antispam Activity The following table expla ins what Antisp am Activity report s have changed and what they were changed to in FortiAnalyze r 3.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 191 The following report s are unchanged: • T op S p am Sourc.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 VoIP reports The following table cont ains the new V oIP reports that are availa ble in FortiAnalyzer 3.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 193 Content Activity The following t able explains what Content Activity reports have changed and what they were changed to in FortiAnalyzer 3.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Network Activity The following table expla ins what Network Activity reports have changed a nd what they were changed to in FortiAn alyzer 3.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 195 The following report s are unchanged: • T raffic V olume .
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 The following report s were removed: • T op Web Pages (Hits.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 197 Terminal Activity The following table explains what T erm inal Activity re ports have change d and what they were changed to in FortiAnalyzer 3.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Event Activity The following table expla ins what Event Ac tivity reports ha ve changed and what they were changed to in FortiAn alyzer 3.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 199 The report, T op Event Categories by S tatus, was removed. P2P Activity The following t able explains what P2P Activity report s have changed and what they were changed to in FortiAnalyzer 3.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Audit Activity The following report s for Audit Activity are unchanged but were moved to a new category in Fort iAnalyzer 3.
Appendix: FortiAnalyzer reports in 3.0 MR7 Summary Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 201 Summary Report s The following t able explains what Summary repo rts have changed and wh at they were changed to in Fort iAnalyzer 3.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 Forensic Reports Appendix: FortiAnalyzer reports in 3.0 MR7 • T op S pam Destina tions is now found in Ant iS pam Activi.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 203 Summary The following t able explains what Summary Foren sic reports have cha nged and what they were changed to in FortiAnalyzer 3.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiMail Reports Appendix: Fo rtiAnalyzer reports in 3.0 MR7 T o p Client IP by Hour of Day T o p Client IP T o p Client .
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 205 Mail Sender The following t able explains what Mail Sender report s have changed and what they were changed to in FortiAnalyzer 3.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiMail Reports Appendix: Fo rtiAnalyzer reports in 3.0 MR7 Mail Recipient Activity The following table expla ins what Mail Re cipient Activity reports ha ve changed and what they were chan ged to in FortiAnalyze r 3.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 207 Spam Sender The following t able explains what S pam Sender report s have changed and wha t they were changed to in FortiAnalyzer 3.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiMail Reports Appendix: Fo rtiAnalyzer reports in 3.0 MR7 Spam Recipient The followin g table explains what S pam Recipient reports have ch anged and w hat they were changed to in FortiAn alyzer 3.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 209 Spam Destination IP The following t able explains what S pam Destination IP report s have changed and what they were changed to in FortiAnalyzer 3.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiMail Reports Appendix: Fo rtiAnalyzer reports in 3.0 MR7 T able 36: Virus Sen der reports MR6 reports MR7 reports T o.
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 21 1 Virus Recipient The following t able explains what V irus Recipient reports have changed an d what they were changed to in FortiAnalyzer 3.
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiClient Reports Appendix: FortiAnalyzer reports in 3.0 MR7 Virus Destination IP The following table expla ins what Virus Destin ation IP reports have changed and what they were changed to in FortiAnalyze r 3.
Index FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 213 Index A access adminis trative ports 46 profile, administrator 4 8, 50 access privileges 19 accounts administrator 48 share users 53 Active Directory. See LDAP ActiveX.
FortiAnalyzer Version 3.0 MR7 Administration Guide 214 05-30007-0082-200809 08 Index deleting tabs 27 denial of service (DoS) 158 device add 80 alerts 133 blocked 77, 79, 86 group 88 HA See also high .
Index FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 215 Fortinet MIB 138 Fortinet Technical Support 11 , 138 FTP content archive 107 upload to 105, 155 G gateway 47 gid 54.
FortiAnalyzer Version 3.0 MR7 Administration Guide 216 05-30007-0082-200809 08 Index M mail server 135 Main Menu 20 managing firmware backing up configuration using the CLI 170 backing up configuration usin g web-based manag- er 170 backing up log files 17 0 downgrading to FortiLog 1.
Index FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 217 SFTP 105, 155 SNMP 73 SOAP 46 SSH 46, 58, 160 telnet 46 TFTP 180 UDP 47, 85 VoIP 107 PSK 75 See also IPSec VPN tunnel Q quarantine 131 duplicate count 132 from device 73 ticket number 131 quota.
FortiAnalyzer Version 3.0 MR7 Administration Guide 218 05-30007-0082-200809 08 Index sniffer 141, 144 See also network an alyzer SNMP 73 manager 138 MIB 138 server, test 137 traps 136 SOAP 46 span por.
Index FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 219 registered device’s hard limits 15 report configuration enhance ments 16 voip reports 17 Windows AD.
FortiAnalyzer Version 3.0 MR7 Administration Guide 220 05-30007-0082-200809 08 Index.
www.fortinet.com.
www.fortinet.com.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Fortinet FortiAnalyzer 3.0 MR7 è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Fortinet FortiAnalyzer 3.0 MR7 - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Fortinet FortiAnalyzer 3.0 MR7 imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Fortinet FortiAnalyzer 3.0 MR7 ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Fortinet FortiAnalyzer 3.0 MR7, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Fortinet FortiAnalyzer 3.0 MR7.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Fortinet FortiAnalyzer 3.0 MR7. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Fortinet FortiAnalyzer 3.0 MR7 insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.