www.fortinet.comFortiAnalyzerVersion 3.0 MR7ADMINISTRATION GUIDE
FortiAnalyzer Version 3.0 MR7 Administration Guide10 05-30007-0082-20080908Fortinet documentation Introduction• Reports describes how to configure rep
FortiAnalyzer Version 3.0 MR7 Administration Guide100 05-30007-0082-20080908Customizing the log view LogFigure 6: Filter iconsTo filter log messages b
Log Searching the logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 101• 1.1.1.1 or 2.2.2.1-2.2.2.10Most column filters re
FortiAnalyzer Version 3.0 MR7 Administration Guide102 05-30007-0082-20080908Searching the logs LogDevice/Group Select to search logs from the FortiAna
Log Searching the logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 103To search the logs1 Go to Log > Search.2 From De
FortiAnalyzer Version 3.0 MR7 Administration Guide104 05-30007-0082-20080908Searching the logs Log• Some keywords will not match unless you include bo
Log Rolling and uploading logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 105To download log search results1 Go to Log &
FortiAnalyzer Version 3.0 MR7 Administration Guide106 05-30007-0082-20080908Rolling and uploading logs LogFigure 8: Device Log SettingsLog file should
Log Rolling and uploading logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 107Upload rolled files in gzipped formatSelect
FortiAnalyzer Version 3.0 MR7 Administration Guide108 05-30007-0082-20080908Rolling and uploading logs Log
Content Archive Viewing content archivesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 107Content ArchiveContent archiving
Introduction Customer service and technical supportFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 11Fortinet Tools and Docu
FortiAnalyzer Version 3.0 MR7 Administration Guide108 05-30007-0082-20080908Viewing content archives Content Archive• whether the FortiAnalyzer unit h
Content Archive Customizing the content archive viewFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 109Customizing the conte
FortiAnalyzer Version 3.0 MR7 Administration Guide110 05-30007-0082-20080908Customizing the content archive view Content Archive3 Select which columns
Content Archive Customizing the content archive viewFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1114 Enter the text that
FortiAnalyzer Version 3.0 MR7 Administration Guide112 05-30007-0082-20080908Searching full email content archives Content ArchiveSearching full email
Content Archive Searching full email content archivesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 113To The recipient’s e
FortiAnalyzer Version 3.0 MR7 Administration Guide114 05-30007-0082-20080908Searching full email content archives Content Archive
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 113ReportsFortiAnalyzer units can collate informa
FortiAnalyzer Version 3.0 MR7 Administration Guide114 05-30007-0082-20080908Configuring reports ReportsConfiguring report layoutThe Layout tab enables
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 115Figure 2: LayoutThere are also default report
FortiAnalyzer Version 3.0 MR7 Administration Guide12 05-30007-0082-20080908Customer service and technical support Introduction
FortiAnalyzer Version 3.0 MR7 Administration Guide116 05-30007-0082-20080908Configuring reports Reports4 Select [Add Chart(s)]. 5 Enter the appropriat
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 117Editing charts in a report layoutYou can edit
FortiAnalyzer Version 3.0 MR7 Administration Guide118 05-30007-0082-20080908Configuring reports ReportsTo edit a chart 1 Select Edit beside the chart
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1193 Select OK. If you want to rearrange the char
FortiAnalyzer Version 3.0 MR7 Administration Guide120 05-30007-0082-20080908Configuring reports ReportsTo configure a report schedule1 Go to Report &g
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1214 Select OK. Monthly Select to generate the re
FortiAnalyzer Version 3.0 MR7 Administration Guide122 05-30007-0082-20080908Configuring reports ReportsConfiguring data filter templates You can confi
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 123Figure 5: Configuring a data filter templateTo
FortiAnalyzer Version 3.0 MR7 Administration Guide124 05-30007-0082-20080908Configuring reports ReportsAlias Select the appropriate alias from the dro
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1254 Select OK. Configuring report output templat
What’s new for 3.0 MR7 FortiAnalyzerVersion 3.0 MR7 Administration Guide05-30007-0082-20080908 13What’s new for 3.0 MR7This section lists and describe
FortiAnalyzer Version 3.0 MR7 Administration Guide126 05-30007-0082-20080908Configuring reports ReportsWhen configuring the FortiAnalyzer unit to emai
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 127Send Report by Mail Verify this check box is s
FortiAnalyzer Version 3.0 MR7 Administration Guide128 05-30007-0082-20080908Configuring reports Reports4 Select OK. Configuring languageWhen creating
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 129Keys are required and must not be removed or c
FortiAnalyzer Version 3.0 MR7 Administration Guide130 05-30007-0082-20080908Configuring reports ReportsFigure 8: LanguagesTo create a report language
Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1316 If you changed the encoding of the string fi
FortiAnalyzer Version 3.0 MR7 Administration Guide132 05-30007-0082-20080908Browsing reports ReportsTo change a report language customization1 Go to R
Reports Browsing reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 133Figure 9: Viewing reports in Report > BrowseRe
FortiAnalyzer Version 3.0 MR7 Administration Guide134 05-30007-0082-20080908Browsing reports Reports
Quarantine Viewing quarantined filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 131QuarantineFortiAnalyzer units can act
FortiAnalyzerVersion 3.0 MR7 Administration Guide14 05-30007-0082-20080908What’s new for 3.0 MR7• Network Summary menu removed – The Network Summary m
FortiAnalyzer Version 3.0 MR7 Administration Guide132 05-30007-0082-20080908Viewing quarantined files QuarantineDate & Time The date and time the
Alert Alert EventsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 133AlertAlerts provide a method of informing you of issues
FortiAnalyzer Version 3.0 MR7 Administration Guide134 05-30007-0082-20080908Alert Events AlertAdding an alert eventAdding an alert event enables you t
Alert OutputFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1354 Select OK.OutputWhen the FortiAnalyzer unit receives a log
FortiAnalyzer Version 3.0 MR7 Administration Guide136 05-30007-0082-20080908Output AlertTo add a mail server for alerts1 Go to Alert > Output >
Alert OutputFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 137Figure 3: SNMP Access ListSNMP Agent Select to enable the SNM
FortiAnalyzer Version 3.0 MR7 Administration Guide138 05-30007-0082-20080908Output AlertAdding an SNMP serverYou can add an SNMP server to define a de
Alert OutputFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 139Fortinet MIB System Traps• fnTrapCpuHigh• fnTrapMemLow• fnTra
FortiAnalyzer Version 3.0 MR7 Administration Guide140 05-30007-0082-20080908Output AlertRFC-1213 (MIB II)• mib-2.system• mib-2.interface•mib-2.at•mib-
Alert OutputFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1413 Configure the following options, and select OK.Name Enter a
What’s new for 3.0 MR7 3.0 MR7 new features and changesFortiAnalyzerVersion 3.0 MR7 Administration Guide05-30007-0082-20080908 153.0 MR7 new features
FortiAnalyzer Version 3.0 MR7 Administration Guide142 05-30007-0082-20080908Output Alert
Network Analyzer Connecting the FortiAnalyzer unit to analyze network trafficFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908
FortiAnalyzer Version 3.0 MR7 Administration Guide142 05-30007-0082-20080908Connecting the FortiAnalyzer unit to analyze network traffic Network Analy
Network Analyzer Viewing Network Analyzer log messagesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 143Viewing Network Ana
FortiAnalyzer Version 3.0 MR7 Administration Guide144 05-30007-0082-20080908Viewing Network Analyzer log messages Network AnalyzerViewing historical N
Network Analyzer Browsing Network Analyzer log filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 145Browsing Network Anal
FortiAnalyzer Version 3.0 MR7 Administration Guide146 05-30007-0082-20080908Browsing Network Analyzer log files Network AnalyzerFigure 5: Viewing Netw
Network Analyzer Browsing Network Analyzer log filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 147Downloading a Network
FortiAnalyzer Version 3.0 MR7 Administration Guide148 05-30007-0082-20080908Customizing the Network Analyzer log view Network AnalyzerCustomizing the
Network Analyzer Customizing the Network Analyzer log viewFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1493 Select which
FortiAnalyzerVersion 3.0 MR7 Administration Guide16 05-30007-0082-200809083.0 MR7 new features and changes What’s new for 3.0 MR7For the Log Receive M
FortiAnalyzer Version 3.0 MR7 Administration Guide150 05-30007-0082-20080908Customizing the Network Analyzer log view Network Analyzer3 If you want to
Network Analyzer Searching the Network Analyzer logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 151Searching the Network
FortiAnalyzer Version 3.0 MR7 Administration Guide152 05-30007-0082-20080908Searching the Network Analyzer logs Network AnalyzerTo search the logs1 Go
Network Analyzer Searching the Network Analyzer logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 153• You can search for
FortiAnalyzer Version 3.0 MR7 Administration Guide154 05-30007-0082-20080908Rolling and uploading Network Analyzer logs Network Analyzer4 Select the d
Network Analyzer Rolling and uploading Network Analyzer logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 155Figure 9: Tra
FortiAnalyzer Version 3.0 MR7 Administration Guide156 05-30007-0082-20080908Rolling and uploading Network Analyzer logs Network AnalyzerEnable log upl
Tools Preparing for the vulnerability scan jobFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 157ToolsThe Tools menu provide
FortiAnalyzer Version 3.0 MR7 Administration Guide158 05-30007-0082-20080908Preparing for the vulnerability scan job Toolsauthenticating without root
Tools Preparing for the vulnerability scan jobFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 159Some vulnerability scan mod
What’s new for 3.0 MR7 3.0 MR7 new features and changesFortiAnalyzerVersion 3.0 MR7 Administration Guide05-30007-0082-20080908 17Fortinet recommends
FortiAnalyzer Version 3.0 MR7 Administration Guide160 05-30007-0082-20080908Preparing for the vulnerability scan job ToolsFigure 1: Configuring the se
Tools Viewing vulnerability scan modulesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1619 Select OK.10 Select OK.11 Selec
FortiAnalyzer Version 3.0 MR7 Administration Guide162 05-30007-0082-20080908Viewing vulnerability scan modules ToolsWhen configuring a full vulnerabil
Tools Configuring vulnerability scan jobsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 163To filter the module view by vul
FortiAnalyzer Version 3.0 MR7 Administration Guide164 05-30007-0082-20080908Configuring vulnerability scan jobs ToolsConfiguring a custom scan allows
Tools Configuring vulnerability scan jobsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 165To configure a vulnerability sca
FortiAnalyzer Version 3.0 MR7 Administration Guide166 05-30007-0082-20080908Configuring vulnerability scan jobs Tools6 Select the blue arrow to expand
Tools Viewing vulnerability scan reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 16710 Select OK.Viewing vulnerabilit
FortiAnalyzer Version 3.0 MR7 Administration Guide168 05-30007-0082-20080908File Explorer ToolsTo view a vulnerability scan report1 Go to Tools > V
Tools File ExplorerFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 169Figure 5: File ExplorerFigure 6: File Explorer with St
FortiAnalyzerVersion 3.0 MR7 Administration Guide18 05-30007-0082-200809083.0 MR7 new features and changes What’s new for 3.0 MR7Alert email configura
FortiAnalyzer Version 3.0 MR7 Administration Guide170 05-30007-0082-20080908File Explorer Tools
Managing firmware versions Backing up your configurationFortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080908 169Managing firmwar
FortiAnalyzer Version 3.0 MR7 Administration Guide170 05-30007-0082-20080908Backing up your configuration Managing firmware versionsBacking up your co
Managing firmware versions Backing up your configurationFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1715 Select OK.6 Sel
FortiAnalyzer Version 3.0 MR7 Administration Guide172 05-30007-0082-20080908Testing firmware before upgrading Managing firmware versionsTesting firmwa
Managing firmware versions Testing firmware before upgradingFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1738 Type G to g
FortiAnalyzer Version 3.0 MR7 Administration Guide174 05-30007-0082-20080908Upgrading your FortiAnalyzer unit Managing firmware versionsUpgrading your
Managing firmware versions Upgrading your FortiAnalyzer unitFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 175To upgrade to
FortiAnalyzer Version 3.0 MR7 Administration Guide176 05-30007-0082-20080908Upgrading your FortiAnalyzer unit Managing firmware versionsThis operation
Managing firmware versions Reverting to a previous firmware versionFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 177Revert
Administrative Domains (ADOMs) About administrative domains (ADOMs)FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 19Adminis
FortiAnalyzer Version 3.0 MR7 Administration Guide178 05-30007-0082-20080908Reverting to a previous firmware version Managing firmware versionsVerifyi
Managing firmware versions Reverting to a previous firmware versionFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1798 Reco
FortiAnalyzer Version 3.0 MR7 Administration Guide180 05-30007-0082-20080908Restoring your configuration Managing firmware versionsRestoring your conf
Managing firmware versions Restoring your configurationFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1816 When this messag
FortiAnalyzer Version 3.0 MR7 Administration Guide182 05-30007-0082-20080908Restoring your configuration Managing firmware versionsRestoring your conf
Managing firmware versions Restoring your configurationFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1836 Type y.The Forti
FortiAnalyzer Version 3.0 MR7 Administration Guide184 05-30007-0082-20080908Restoring your configuration Managing firmware versions
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reportsFortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 185Appendix: Fo
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Intrusion Activ
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 187Top Infecte
FortiAnalyzer Administration GuideVersion 3.0 MR708 September 200805-30007-0082-20080908© Copyright 2008 Fortinet, Inc. All rights reserved. No part o
FortiAnalyzer Version 3.0 MR7 Administration Guide20 05-30007-0082-20080908About administrative domains (ADOMs) Administrative Domains (ADOMs)• If ADO
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Top Virus Desti
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 189The followi
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Antispam Activi
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 191The followi
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7VoIP reportsThe
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 193Content Act
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Network Activit
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 195The followi
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7The following r
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 197Terminal Ac
Administrative Domains (ADOMs) About administrative domains (ADOMs)FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 21• If AD
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Event ActivityT
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 199The report,
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Audit ActivityT
Appendix: FortiAnalyzer reports in 3.0 MR7 Summary Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 201Summary Repor
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908Forensic Reports Appendix: FortiAnalyzer reports in 3.0 MR7• Top Spam Desti
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 203SummaryThe
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiMail Reports Appendix: FortiAnalyzer reports in 3.0 MR7Top Client IP b
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 205Mail Sender
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiMail Reports Appendix: FortiAnalyzer reports in 3.0 MR7Mail Recipient
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 207Spam Sender
FortiAnalyzer Version 3.0 MR7 Administration Guide22 05-30007-0082-20080908Configuring ADOMs Administrative Domains (ADOMs)Configuring ADOMsAdministra
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiMail Reports Appendix: FortiAnalyzer reports in 3.0 MR7Spam RecipientT
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 209Spam Destin
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiMail Reports Appendix: FortiAnalyzer reports in 3.0 MR7Table 36: Virus
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 211Virus Recip
FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiClient Reports Appendix: FortiAnalyzer reports in 3.0 MR7Virus Destina
Index FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 213IndexAaccessadministrative ports 46profile, administrator 48, 50acce
FortiAnalyzer Version 3.0 MR7 Administration Guide214 05-30007-0082-20080908Indexdeleting tabs 27denial of service (DoS) 158deviceadd 80alerts 133bloc
Index FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 215Fortinet MIB 138Fortinet Technical Support 11, 138FTPcontent archive
FortiAnalyzer Version 3.0 MR7 Administration Guide216 05-30007-0082-20080908IndexMmail server 135Main Menu 20managing firmwarebacking up configuration
Index FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 217SFTP 105, 155SNMP 73SOAP 46SSH 46, 58, 160telnet 46TFTP 180UDP 47, 8
Administrative Domains (ADOMs) Configuring ADOMsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 23To add or edit an ADOM1 Lo
FortiAnalyzer Version 3.0 MR7 Administration Guide218 05-30007-0082-20080908Indexsniffer 141, 144See also network analyzerSNMP 73manager 138MIB 138se
Index FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 219registered device’s hard limits 15report configuration enhancements
FortiAnalyzer Version 3.0 MR7 Administration Guide220 05-30007-0082-20080908Index
www.fortinet.com
www.fortinet.com
FortiAnalyzer Version 3.0 MR7 Administration Guide24 05-30007-0082-20080908Accessing ADOMs as the admin administrator Administrative Domains (ADOMs)Ac
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 25SystemThe System menu contains basic FortiAnalyzer unit sy
FortiAnalyzer Version 3.0 MR7 Administration Guide26 05-30007-0082-20080908Dashboard SystemFigure 1: Dashboard of a FortiAnalyzer-100A unit displaying
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 273 Select Show or Hide.The widget toggles between showing t
FortiAnalyzer Version 3.0 MR7 Administration Guide28 05-30007-0082-20080908Dashboard System3 Enter a new name and press Enter. To delete a tab1 Go to
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 29Figure 4: RAID Monitor displaying a disk that is being reb
Contents FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 3ContentsIntroduction ...
FortiAnalyzer Version 3.0 MR7 Administration Guide30 05-30007-0082-20080908Dashboard SystemFigure 5: System InformationSetting the timeSet the system
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 31Changing the host nameChange the FortiAnalyzer host name t
FortiAnalyzer Version 3.0 MR7 Administration Guide32 05-30007-0082-20080908Dashboard SystemSystem ResourcesThe System Resources area of the Dashboard
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 33To view the FortiAnalyzer operational history1 Go to Syste
FortiAnalyzer Version 3.0 MR7 Administration Guide34 05-30007-0082-20080908Dashboard SystemResetting to the default configurationYou can reset the For
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 35Figure 10: Alert messagesStatisticsThe Statistics area of
FortiAnalyzer Version 3.0 MR7 Administration Guide36 05-30007-0082-20080908Dashboard SystemTo view the session information1 Go to System > Dashboar
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 37Log Receive MonitorThe Log Receive Monitor displays histor
FortiAnalyzer Version 3.0 MR7 Administration Guide38 05-30007-0082-20080908Dashboard SystemIntrusion ActivityIntrusion Activity displays the top attac
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 39Figure 15: Virus Activity widgetTo edit the information fo
FortiAnalyzer Version 3.0 MR7 Administration Guide4 05-30007-0082-20080908ContentsViewing session information ...
FortiAnalyzer Version 3.0 MR7 Administration Guide40 05-30007-0082-20080908Dashboard SystemTo edit the information for Top FTP Traffic1 Go to System &
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 413 Enter the appropriate information for the following: 4 S
FortiAnalyzer Version 3.0 MR7 Administration Guide42 05-30007-0082-20080908Dashboard System3 Enter the appropriate information for the following: 4 Se
System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 433 Enter the appropriate information for the following: 4 S
FortiAnalyzer Version 3.0 MR7 Administration Guide44 05-30007-0082-20080908Network System3 Enter the appropriate information for the following: 4 Sele
System NetworkFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 45Changing interface settingsTo change the interface settings1
FortiAnalyzer Version 3.0 MR7 Administration Guide46 05-30007-0082-20080908Network SystemAbout Fortinet Discovery ProtocolFortiGate units running Fort
System AdminFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 47Adding a routeStatic routes provide the FortiAnalyzer unit wit
FortiAnalyzer Version 3.0 MR7 Administration Guide48 05-30007-0082-20080908Admin SystemAdding or editing an administrator accountYou can add, edit or
System AdminFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 49Changing an administrator’s passwordThe admin administrator an
Contents FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 5Hot swapping the FortiAnalyzer-2000/2000A and FortiAnalyz-er-4000/4
FortiAnalyzer Version 3.0 MR7 Administration Guide50 05-30007-0082-20080908Admin SystemFigure 24: Access ProfileTo create an access profile1 Go to Sys
System AdminFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 51RADIUS ServerRADIUS servers authenticate administrators. The f
FortiAnalyzer Version 3.0 MR7 Administration Guide52 05-30007-0082-20080908Network Sharing SystemMonitorThe Monitor page enables the admin administrat
System Network SharingFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 533 Enter the following information for the user accou
FortiAnalyzer Version 3.0 MR7 Administration Guide54 05-30007-0082-20080908Network Sharing SystemTo enable Windows shares1 Go to System > Network S
System Network SharingFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 557 Select the type of access rights the users and gro
FortiAnalyzer Version 3.0 MR7 Administration Guide56 05-30007-0082-20080908Config System5 Select OK.6 In Remote Clients, enter the IP address or domai
System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 57Figure 30: FortiAnalyzer unit log settingsLog Locally Select
FortiAnalyzer Version 3.0 MR7 Administration Guide58 05-30007-0082-20080908Config SystemConfiguring log aggregationLog aggregation is a method of coll
System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 59For example, a company may have a headquarters and a number o
FortiAnalyzer Version 3.0 MR7 Administration Guide6 05-30007-0082-20080908ContentsCustomizing the content archive view ...
FortiAnalyzer Version 3.0 MR7 Administration Guide60 05-30007-0082-20080908Config SystemConfiguring an aggregation clientAn aggregation client is a Fo
System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 613 Enter the IP address of the external syslog server in Remot
FortiAnalyzer Version 3.0 MR7 Administration Guide62 05-30007-0082-20080908Config System3 Enter the path and file name or select Browse to locate the
System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 63LinearA linear RAID level combines all hard disks into one la
FortiAnalyzer Version 3.0 MR7 Administration Guide64 05-30007-0082-20080908Config SystemRAID 10RAID 10 (or 1+0), includes nested RAID levels 1 and 0,
System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 65You can use any brand of hard disk to replace a failed hard d
FortiAnalyzer Version 3.0 MR7 Administration Guide66 05-30007-0082-20080908Config SystemHot swapping the FortiAnalyzer-2000/2000A and FortiAnalyzer-40
System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 67The options available here will depend on the RAID level sele
FortiAnalyzer Version 3.0 MR7 Administration Guide68 05-30007-0082-20080908Config SystemRAID settings can be configured from the Dashboard, in the RAI
System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 69Figure 34: LDAP settingsTo define an LDAP server query1 Go to
Contents FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 7Searching the Network Analyzer logs ...
FortiAnalyzer Version 3.0 MR7 Administration Guide70 05-30007-0082-20080908Maintenance System3 Select OK.The LDAP query becomes an available option wh
System MaintenanceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 71FortiGuard CenterYou can update the engine and vulnerabi
FortiAnalyzer Version 3.0 MR7 Administration Guide72 05-30007-0082-20080908Maintenance SystemFigure 36: FortiGuard CenterFortiGuard Subscription Servi
System MaintenanceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 73Port Enter the port number of the web proxy.This is usua
FortiAnalyzer Version 3.0 MR7 Administration Guide74 05-30007-0082-20080908Maintenance System
Device Viewing the device listFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 73DeviceThe Device menu controls connection at
FortiAnalyzer Version 3.0 MR7 Administration Guide74 05-30007-0082-20080908Viewing the device list DeviceDevices may automatically appear on the devic
Device Viewing the device listFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 75• Tx indicates logging access for all device
FortiAnalyzer Version 3.0 MR7 Administration Guide76 05-30007-0082-20080908Viewing the device list DeviceTo delete a device1 Go to Device > All >
Device Viewing the device listFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 77For networks with more demanding logging sce
FortiAnalyzer Version 3.0 MR7 Administration Guide8 05-30007-0082-20080908ContentsAppendix: FortiAnalyzer reports in 3.0 MR7 ...
FortiAnalyzer Version 3.0 MR7 Administration Guide78 05-30007-0082-20080908Configuring unregistered device connection attempt handling DeviceConfiguri
Device Configuring unregistered device connection attempt handlingFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 79Figure 2
FortiAnalyzer Version 3.0 MR7 Administration Guide80 05-30007-0082-20080908Manually adding a device DeviceManually adding a deviceYou can add devices
Device Manually adding a deviceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 81Figure 3: Configuring a deviceDevice Type S
FortiAnalyzer Version 3.0 MR7 Administration Guide82 05-30007-0082-20080908Manually adding a device DeviceTo manually add a device or HA cluster1 Go t
Device Manually adding a deviceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 8313 Select the blue arrow to expand Group Me
FortiAnalyzer Version 3.0 MR7 Administration Guide84 05-30007-0082-20080908Manually adding a device DeviceTo classify network interfaces and VLAN subi
Device Manually adding a deviceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 85To enable the FortiAnalyzer unit to reply t
FortiAnalyzer Version 3.0 MR7 Administration Guide86 05-30007-0082-20080908Blocking device connection attempts DeviceTest Connectivity does not verify
Device Configuring device groupsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 87To block a device1 Go to Device > All &
Introduction About this documentFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 9IntroductionFortiAnalyzer units are network
FortiAnalyzer Version 3.0 MR7 Administration Guide88 05-30007-0082-20080908Configuring device groups DeviceFigure 5: List of device groupsTo configure
Log Viewing log messagesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 91LogFortiAnalyzer units collect logs from network h
FortiAnalyzer Version 3.0 MR7 Administration Guide92 05-30007-0082-20080908Viewing log messages LogFigure 1: Viewing current logsViewing historical lo
Log Viewing log messagesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 93Figure 2: Viewing historical logsDevices Select th
FortiAnalyzer Version 3.0 MR7 Administration Guide94 05-30007-0082-20080908Browsing log files LogTo view historical logs1 Go to Log > Log Viewer &g
Log Browsing log filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 95Viewing log file contentsThe Log Browser tab enables
FortiAnalyzer Version 3.0 MR7 Administration Guide96 05-30007-0082-20080908Browsing log files LogImporting a log fileYou can import devices’ log files
Log Browsing log filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 975 In Filename, enter the path and file name of the l
FortiAnalyzer Version 3.0 MR7 Administration Guide98 05-30007-0082-20080908Customizing the log view Log5 Select Download Current View.6 Configure the
Log Customizing the log viewFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 99Figure 5: Displaying and arranging log columns
Kommentare zu diesen Handbüchern