Fortinet FortiAnalyzer 3.0 MR7 Bedienungsanleitung

www.fortinet.comFortiAnalyzerVersion 3.0 MR7ADMINISTRATION GUIDE

FortiAnalyzer Version 3.0 MR7 Administration Guide10 05-30007-0082-20080908Fortinet documentation Introduction• Reports describes how to configure rep

FortiAnalyzer Version 3.0 MR7 Administration Guide100 05-30007-0082-20080908Customizing the log view LogFigure 6: Filter iconsTo filter log messages b

Log Searching the logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 101• 1.1.1.1 or 2.2.2.1-2.2.2.10Most column filters re

FortiAnalyzer Version 3.0 MR7 Administration Guide102 05-30007-0082-20080908Searching the logs LogDevice/Group Select to search logs from the FortiAna

Log Searching the logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 103To search the logs1 Go to Log > Search.2 From De

FortiAnalyzer Version 3.0 MR7 Administration Guide104 05-30007-0082-20080908Searching the logs Log• Some keywords will not match unless you include bo

Log Rolling and uploading logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 105To download log search results1 Go to Log &

FortiAnalyzer Version 3.0 MR7 Administration Guide106 05-30007-0082-20080908Rolling and uploading logs LogFigure 8: Device Log SettingsLog file should

Log Rolling and uploading logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 107Upload rolled files in gzipped formatSelect

FortiAnalyzer Version 3.0 MR7 Administration Guide108 05-30007-0082-20080908Rolling and uploading logs Log

Content Archive Viewing content archivesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 107Content ArchiveContent archiving

Introduction Customer service and technical supportFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 11Fortinet Tools and Docu

FortiAnalyzer Version 3.0 MR7 Administration Guide108 05-30007-0082-20080908Viewing content archives Content Archive• whether the FortiAnalyzer unit h

Content Archive Customizing the content archive viewFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 109Customizing the conte

FortiAnalyzer Version 3.0 MR7 Administration Guide110 05-30007-0082-20080908Customizing the content archive view Content Archive3 Select which columns

Content Archive Customizing the content archive viewFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1114 Enter the text that

FortiAnalyzer Version 3.0 MR7 Administration Guide112 05-30007-0082-20080908Searching full email content archives Content ArchiveSearching full email

Content Archive Searching full email content archivesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 113To The recipient’s e

FortiAnalyzer Version 3.0 MR7 Administration Guide114 05-30007-0082-20080908Searching full email content archives Content Archive

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 113ReportsFortiAnalyzer units can collate informa

FortiAnalyzer Version 3.0 MR7 Administration Guide114 05-30007-0082-20080908Configuring reports ReportsConfiguring report layoutThe Layout tab enables

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 115Figure 2: LayoutThere are also default report

FortiAnalyzer Version 3.0 MR7 Administration Guide12 05-30007-0082-20080908Customer service and technical support Introduction

FortiAnalyzer Version 3.0 MR7 Administration Guide116 05-30007-0082-20080908Configuring reports Reports4 Select [Add Chart(s)]. 5 Enter the appropriat

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 117Editing charts in a report layoutYou can edit

FortiAnalyzer Version 3.0 MR7 Administration Guide118 05-30007-0082-20080908Configuring reports ReportsTo edit a chart 1 Select Edit beside the chart

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1193 Select OK. If you want to rearrange the char

FortiAnalyzer Version 3.0 MR7 Administration Guide120 05-30007-0082-20080908Configuring reports ReportsTo configure a report schedule1 Go to Report &g

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1214 Select OK. Monthly Select to generate the re

FortiAnalyzer Version 3.0 MR7 Administration Guide122 05-30007-0082-20080908Configuring reports ReportsConfiguring data filter templates You can confi

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 123Figure 5: Configuring a data filter templateTo

FortiAnalyzer Version 3.0 MR7 Administration Guide124 05-30007-0082-20080908Configuring reports ReportsAlias Select the appropriate alias from the dro

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1254 Select OK. Configuring report output templat

What’s new for 3.0 MR7 FortiAnalyzerVersion 3.0 MR7 Administration Guide05-30007-0082-20080908 13What’s new for 3.0 MR7This section lists and describe

FortiAnalyzer Version 3.0 MR7 Administration Guide126 05-30007-0082-20080908Configuring reports ReportsWhen configuring the FortiAnalyzer unit to emai

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 127Send Report by Mail Verify this check box is s

FortiAnalyzer Version 3.0 MR7 Administration Guide128 05-30007-0082-20080908Configuring reports Reports4 Select OK. Configuring languageWhen creating

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 129Keys are required and must not be removed or c

FortiAnalyzer Version 3.0 MR7 Administration Guide130 05-30007-0082-20080908Configuring reports ReportsFigure 8: LanguagesTo create a report language

Reports Configuring reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1316 If you changed the encoding of the string fi

FortiAnalyzer Version 3.0 MR7 Administration Guide132 05-30007-0082-20080908Browsing reports ReportsTo change a report language customization1 Go to R

Reports Browsing reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 133Figure 9: Viewing reports in Report > BrowseRe

FortiAnalyzer Version 3.0 MR7 Administration Guide134 05-30007-0082-20080908Browsing reports Reports

Quarantine Viewing quarantined filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 131QuarantineFortiAnalyzer units can act

FortiAnalyzerVersion 3.0 MR7 Administration Guide14 05-30007-0082-20080908What’s new for 3.0 MR7• Network Summary menu removed – The Network Summary m

FortiAnalyzer Version 3.0 MR7 Administration Guide132 05-30007-0082-20080908Viewing quarantined files QuarantineDate & Time The date and time the

Alert Alert EventsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 133AlertAlerts provide a method of informing you of issues

FortiAnalyzer Version 3.0 MR7 Administration Guide134 05-30007-0082-20080908Alert Events AlertAdding an alert eventAdding an alert event enables you t

Alert OutputFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1354 Select OK.OutputWhen the FortiAnalyzer unit receives a log

FortiAnalyzer Version 3.0 MR7 Administration Guide136 05-30007-0082-20080908Output AlertTo add a mail server for alerts1 Go to Alert > Output >

Alert OutputFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 137Figure 3: SNMP Access ListSNMP Agent Select to enable the SNM

FortiAnalyzer Version 3.0 MR7 Administration Guide138 05-30007-0082-20080908Output AlertAdding an SNMP serverYou can add an SNMP server to define a de

Alert OutputFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 139Fortinet MIB System Traps• fnTrapCpuHigh• fnTrapMemLow• fnTra

FortiAnalyzer Version 3.0 MR7 Administration Guide140 05-30007-0082-20080908Output AlertRFC-1213 (MIB II)• mib-2.system• mib-2.interface•mib-2.at•mib-

Alert OutputFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1413 Configure the following options, and select OK.Name Enter a

What’s new for 3.0 MR7 3.0 MR7 new features and changesFortiAnalyzerVersion 3.0 MR7 Administration Guide05-30007-0082-20080908 153.0 MR7 new features

FortiAnalyzer Version 3.0 MR7 Administration Guide142 05-30007-0082-20080908Output Alert

Network Analyzer Connecting the FortiAnalyzer unit to analyze network trafficFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908

FortiAnalyzer Version 3.0 MR7 Administration Guide142 05-30007-0082-20080908Connecting the FortiAnalyzer unit to analyze network traffic Network Analy

Network Analyzer Viewing Network Analyzer log messagesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 143Viewing Network Ana

FortiAnalyzer Version 3.0 MR7 Administration Guide144 05-30007-0082-20080908Viewing Network Analyzer log messages Network AnalyzerViewing historical N

Network Analyzer Browsing Network Analyzer log filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 145Browsing Network Anal

FortiAnalyzer Version 3.0 MR7 Administration Guide146 05-30007-0082-20080908Browsing Network Analyzer log files Network AnalyzerFigure 5: Viewing Netw

Network Analyzer Browsing Network Analyzer log filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 147Downloading a Network

FortiAnalyzer Version 3.0 MR7 Administration Guide148 05-30007-0082-20080908Customizing the Network Analyzer log view Network AnalyzerCustomizing the

Network Analyzer Customizing the Network Analyzer log viewFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1493 Select which

FortiAnalyzerVersion 3.0 MR7 Administration Guide16 05-30007-0082-200809083.0 MR7 new features and changes What’s new for 3.0 MR7For the Log Receive M

FortiAnalyzer Version 3.0 MR7 Administration Guide150 05-30007-0082-20080908Customizing the Network Analyzer log view Network Analyzer3 If you want to

Network Analyzer Searching the Network Analyzer logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 151Searching the Network

FortiAnalyzer Version 3.0 MR7 Administration Guide152 05-30007-0082-20080908Searching the Network Analyzer logs Network AnalyzerTo search the logs1 Go

Network Analyzer Searching the Network Analyzer logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 153• You can search for

FortiAnalyzer Version 3.0 MR7 Administration Guide154 05-30007-0082-20080908Rolling and uploading Network Analyzer logs Network Analyzer4 Select the d

Network Analyzer Rolling and uploading Network Analyzer logsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 155Figure 9: Tra

FortiAnalyzer Version 3.0 MR7 Administration Guide156 05-30007-0082-20080908Rolling and uploading Network Analyzer logs Network AnalyzerEnable log upl

Tools Preparing for the vulnerability scan jobFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 157ToolsThe Tools menu provide

FortiAnalyzer Version 3.0 MR7 Administration Guide158 05-30007-0082-20080908Preparing for the vulnerability scan job Toolsauthenticating without root

Tools Preparing for the vulnerability scan jobFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 159Some vulnerability scan mod

What’s new for 3.0 MR7 3.0 MR7 new features and changesFortiAnalyzerVersion 3.0 MR7 Administration Guide05-30007-0082-20080908 17Fortinet recommends

FortiAnalyzer Version 3.0 MR7 Administration Guide160 05-30007-0082-20080908Preparing for the vulnerability scan job ToolsFigure 1: Configuring the se

Tools Viewing vulnerability scan modulesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1619 Select OK.10 Select OK.11 Selec

FortiAnalyzer Version 3.0 MR7 Administration Guide162 05-30007-0082-20080908Viewing vulnerability scan modules ToolsWhen configuring a full vulnerabil

Tools Configuring vulnerability scan jobsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 163To filter the module view by vul

FortiAnalyzer Version 3.0 MR7 Administration Guide164 05-30007-0082-20080908Configuring vulnerability scan jobs ToolsConfiguring a custom scan allows

Tools Configuring vulnerability scan jobsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 165To configure a vulnerability sca

FortiAnalyzer Version 3.0 MR7 Administration Guide166 05-30007-0082-20080908Configuring vulnerability scan jobs Tools6 Select the blue arrow to expand

Tools Viewing vulnerability scan reportsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 16710 Select OK.Viewing vulnerabilit

FortiAnalyzer Version 3.0 MR7 Administration Guide168 05-30007-0082-20080908File Explorer ToolsTo view a vulnerability scan report1 Go to Tools > V

Tools File ExplorerFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 169Figure 5: File ExplorerFigure 6: File Explorer with St

FortiAnalyzerVersion 3.0 MR7 Administration Guide18 05-30007-0082-200809083.0 MR7 new features and changes What’s new for 3.0 MR7Alert email configura

FortiAnalyzer Version 3.0 MR7 Administration Guide170 05-30007-0082-20080908File Explorer Tools

Managing firmware versions Backing up your configurationFortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080908 169Managing firmwar

FortiAnalyzer Version 3.0 MR7 Administration Guide170 05-30007-0082-20080908Backing up your configuration Managing firmware versionsBacking up your co

Managing firmware versions Backing up your configurationFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1715 Select OK.6 Sel

FortiAnalyzer Version 3.0 MR7 Administration Guide172 05-30007-0082-20080908Testing firmware before upgrading Managing firmware versionsTesting firmwa

Managing firmware versions Testing firmware before upgradingFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1738 Type G to g

FortiAnalyzer Version 3.0 MR7 Administration Guide174 05-30007-0082-20080908Upgrading your FortiAnalyzer unit Managing firmware versionsUpgrading your

Managing firmware versions Upgrading your FortiAnalyzer unitFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 175To upgrade to

FortiAnalyzer Version 3.0 MR7 Administration Guide176 05-30007-0082-20080908Upgrading your FortiAnalyzer unit Managing firmware versionsThis operation

Managing firmware versions Reverting to a previous firmware versionFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 177Revert

Administrative Domains (ADOMs) About administrative domains (ADOMs)FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 19Adminis

FortiAnalyzer Version 3.0 MR7 Administration Guide178 05-30007-0082-20080908Reverting to a previous firmware version Managing firmware versionsVerifyi

Managing firmware versions Reverting to a previous firmware versionFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1798 Reco

FortiAnalyzer Version 3.0 MR7 Administration Guide180 05-30007-0082-20080908Restoring your configuration Managing firmware versionsRestoring your conf

Managing firmware versions Restoring your configurationFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1816 When this messag

FortiAnalyzer Version 3.0 MR7 Administration Guide182 05-30007-0082-20080908Restoring your configuration Managing firmware versionsRestoring your conf

Managing firmware versions Restoring your configurationFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 1836 Type y.The Forti

FortiAnalyzer Version 3.0 MR7 Administration Guide184 05-30007-0082-20080908Restoring your configuration Managing firmware versions

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reportsFortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 185Appendix: Fo

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Intrusion Activ

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 187Top Infecte

FortiAnalyzer Administration GuideVersion 3.0 MR708 September 200805-30007-0082-20080908© Copyright 2008 Fortinet, Inc. All rights reserved. No part o

FortiAnalyzer Version 3.0 MR7 Administration Guide20 05-30007-0082-20080908About administrative domains (ADOMs) Administrative Domains (ADOMs)• If ADO

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Top Virus Desti

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 189The followi

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Antispam Activi

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 191The followi

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7VoIP reportsThe

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 193Content Act

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Network Activit

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 195The followi

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7The following r

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 197Terminal Ac

Administrative Domains (ADOMs) About administrative domains (ADOMs)FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 21• If AD

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Event ActivityT

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 199The report,

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7Audit ActivityT

Appendix: FortiAnalyzer reports in 3.0 MR7 Summary Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 201Summary Repor

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908Forensic Reports Appendix: FortiAnalyzer reports in 3.0 MR7• Top Spam Desti

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 203SummaryThe

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiMail Reports Appendix: FortiAnalyzer reports in 3.0 MR7Top Client IP b

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 205Mail Sender

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiMail Reports Appendix: FortiAnalyzer reports in 3.0 MR7Mail Recipient

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 207Spam Sender

FortiAnalyzer Version 3.0 MR7 Administration Guide22 05-30007-0082-20080908Configuring ADOMs Administrative Domains (ADOMs)Configuring ADOMsAdministra

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiMail Reports Appendix: FortiAnalyzer reports in 3.0 MR7Spam RecipientT

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 209Spam Destin

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiMail Reports Appendix: FortiAnalyzer reports in 3.0 MR7Table 36: Virus

Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide005-30007-0082-20080908 211Virus Recip

FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-20080908FortiClient Reports Appendix: FortiAnalyzer reports in 3.0 MR7Virus Destina

Index FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 213IndexAaccessadministrative ports 46profile, administrator 48, 50acce

FortiAnalyzer Version 3.0 MR7 Administration Guide214 05-30007-0082-20080908Indexdeleting tabs 27denial of service (DoS) 158deviceadd 80alerts 133bloc

Index FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 215Fortinet MIB 138Fortinet Technical Support 11, 138FTPcontent archive

FortiAnalyzer Version 3.0 MR7 Administration Guide216 05-30007-0082-20080908IndexMmail server 135Main Menu 20managing firmwarebacking up configuration

Index FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 217SFTP 105, 155SNMP 73SOAP 46SSH 46, 58, 160telnet 46TFTP 180UDP 47, 8

Administrative Domains (ADOMs) Configuring ADOMsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 23To add or edit an ADOM1 Lo

FortiAnalyzer Version 3.0 MR7 Administration Guide218 05-30007-0082-20080908Indexsniffer 141, 144See also network analyzerSNMP 73manager 138MIB 138se

Index FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 219registered device’s hard limits 15report configuration enhancements

FortiAnalyzer Version 3.0 MR7 Administration Guide220 05-30007-0082-20080908Index

www.fortinet.com

www.fortinet.com

FortiAnalyzer Version 3.0 MR7 Administration Guide24 05-30007-0082-20080908Accessing ADOMs as the admin administrator Administrative Domains (ADOMs)Ac

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 25SystemThe System menu contains basic FortiAnalyzer unit sy

FortiAnalyzer Version 3.0 MR7 Administration Guide26 05-30007-0082-20080908Dashboard SystemFigure 1: Dashboard of a FortiAnalyzer-100A unit displaying

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 273 Select Show or Hide.The widget toggles between showing t

FortiAnalyzer Version 3.0 MR7 Administration Guide28 05-30007-0082-20080908Dashboard System3 Enter a new name and press Enter. To delete a tab1 Go to

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 29Figure 4: RAID Monitor displaying a disk that is being reb

Contents FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 3ContentsIntroduction ...

FortiAnalyzer Version 3.0 MR7 Administration Guide30 05-30007-0082-20080908Dashboard SystemFigure 5: System InformationSetting the timeSet the system

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 31Changing the host nameChange the FortiAnalyzer host name t

FortiAnalyzer Version 3.0 MR7 Administration Guide32 05-30007-0082-20080908Dashboard SystemSystem ResourcesThe System Resources area of the Dashboard

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 33To view the FortiAnalyzer operational history1 Go to Syste

FortiAnalyzer Version 3.0 MR7 Administration Guide34 05-30007-0082-20080908Dashboard SystemResetting to the default configurationYou can reset the For

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 35Figure 10: Alert messagesStatisticsThe Statistics area of

FortiAnalyzer Version 3.0 MR7 Administration Guide36 05-30007-0082-20080908Dashboard SystemTo view the session information1 Go to System > Dashboar

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 37Log Receive MonitorThe Log Receive Monitor displays histor

FortiAnalyzer Version 3.0 MR7 Administration Guide38 05-30007-0082-20080908Dashboard SystemIntrusion ActivityIntrusion Activity displays the top attac

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 39Figure 15: Virus Activity widgetTo edit the information fo

FortiAnalyzer Version 3.0 MR7 Administration Guide4 05-30007-0082-20080908ContentsViewing session information ...

FortiAnalyzer Version 3.0 MR7 Administration Guide40 05-30007-0082-20080908Dashboard SystemTo edit the information for Top FTP Traffic1 Go to System &

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 413 Enter the appropriate information for the following: 4 S

FortiAnalyzer Version 3.0 MR7 Administration Guide42 05-30007-0082-20080908Dashboard System3 Enter the appropriate information for the following: 4 Se

System DashboardFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 433 Enter the appropriate information for the following: 4 S

FortiAnalyzer Version 3.0 MR7 Administration Guide44 05-30007-0082-20080908Network System3 Enter the appropriate information for the following: 4 Sele

System NetworkFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 45Changing interface settingsTo change the interface settings1

FortiAnalyzer Version 3.0 MR7 Administration Guide46 05-30007-0082-20080908Network SystemAbout Fortinet Discovery ProtocolFortiGate units running Fort

System AdminFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 47Adding a routeStatic routes provide the FortiAnalyzer unit wit

FortiAnalyzer Version 3.0 MR7 Administration Guide48 05-30007-0082-20080908Admin SystemAdding or editing an administrator accountYou can add, edit or

System AdminFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 49Changing an administrator’s passwordThe admin administrator an

Contents FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 5Hot swapping the FortiAnalyzer-2000/2000A and FortiAnalyz-er-4000/4

FortiAnalyzer Version 3.0 MR7 Administration Guide50 05-30007-0082-20080908Admin SystemFigure 24: Access ProfileTo create an access profile1 Go to Sys

System AdminFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 51RADIUS ServerRADIUS servers authenticate administrators. The f

FortiAnalyzer Version 3.0 MR7 Administration Guide52 05-30007-0082-20080908Network Sharing SystemMonitorThe Monitor page enables the admin administrat

System Network SharingFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 533 Enter the following information for the user accou

FortiAnalyzer Version 3.0 MR7 Administration Guide54 05-30007-0082-20080908Network Sharing SystemTo enable Windows shares1 Go to System > Network S

System Network SharingFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 557 Select the type of access rights the users and gro

FortiAnalyzer Version 3.0 MR7 Administration Guide56 05-30007-0082-20080908Config System5 Select OK.6 In Remote Clients, enter the IP address or domai

System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 57Figure 30: FortiAnalyzer unit log settingsLog Locally Select

FortiAnalyzer Version 3.0 MR7 Administration Guide58 05-30007-0082-20080908Config SystemConfiguring log aggregationLog aggregation is a method of coll

System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 59For example, a company may have a headquarters and a number o

FortiAnalyzer Version 3.0 MR7 Administration Guide6 05-30007-0082-20080908ContentsCustomizing the content archive view ...

FortiAnalyzer Version 3.0 MR7 Administration Guide60 05-30007-0082-20080908Config SystemConfiguring an aggregation clientAn aggregation client is a Fo

System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 613 Enter the IP address of the external syslog server in Remot

FortiAnalyzer Version 3.0 MR7 Administration Guide62 05-30007-0082-20080908Config System3 Enter the path and file name or select Browse to locate the

System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 63LinearA linear RAID level combines all hard disks into one la

FortiAnalyzer Version 3.0 MR7 Administration Guide64 05-30007-0082-20080908Config SystemRAID 10RAID 10 (or 1+0), includes nested RAID levels 1 and 0,

System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 65You can use any brand of hard disk to replace a failed hard d

FortiAnalyzer Version 3.0 MR7 Administration Guide66 05-30007-0082-20080908Config SystemHot swapping the FortiAnalyzer-2000/2000A and FortiAnalyzer-40

System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 67The options available here will depend on the RAID level sele

FortiAnalyzer Version 3.0 MR7 Administration Guide68 05-30007-0082-20080908Config SystemRAID settings can be configured from the Dashboard, in the RAI

System ConfigFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 69Figure 34: LDAP settingsTo define an LDAP server query1 Go to

Contents FortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 7Searching the Network Analyzer logs ...

FortiAnalyzer Version 3.0 MR7 Administration Guide70 05-30007-0082-20080908Maintenance System3 Select OK.The LDAP query becomes an available option wh

System MaintenanceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 71FortiGuard CenterYou can update the engine and vulnerabi

FortiAnalyzer Version 3.0 MR7 Administration Guide72 05-30007-0082-20080908Maintenance SystemFigure 36: FortiGuard CenterFortiGuard Subscription Servi

System MaintenanceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 73Port Enter the port number of the web proxy.This is usua

FortiAnalyzer Version 3.0 MR7 Administration Guide74 05-30007-0082-20080908Maintenance System

Device Viewing the device listFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 73DeviceThe Device menu controls connection at

FortiAnalyzer Version 3.0 MR7 Administration Guide74 05-30007-0082-20080908Viewing the device list DeviceDevices may automatically appear on the devic

Device Viewing the device listFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 75• Tx indicates logging access for all device

FortiAnalyzer Version 3.0 MR7 Administration Guide76 05-30007-0082-20080908Viewing the device list DeviceTo delete a device1 Go to Device > All >

Device Viewing the device listFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 77For networks with more demanding logging sce

FortiAnalyzer Version 3.0 MR7 Administration Guide8 05-30007-0082-20080908ContentsAppendix: FortiAnalyzer reports in 3.0 MR7 ...

FortiAnalyzer Version 3.0 MR7 Administration Guide78 05-30007-0082-20080908Configuring unregistered device connection attempt handling DeviceConfiguri

Device Configuring unregistered device connection attempt handlingFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 79Figure 2

FortiAnalyzer Version 3.0 MR7 Administration Guide80 05-30007-0082-20080908Manually adding a device DeviceManually adding a deviceYou can add devices

Device Manually adding a deviceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 81Figure 3: Configuring a deviceDevice Type S

FortiAnalyzer Version 3.0 MR7 Administration Guide82 05-30007-0082-20080908Manually adding a device DeviceTo manually add a device or HA cluster1 Go t

Device Manually adding a deviceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 8313 Select the blue arrow to expand Group Me

FortiAnalyzer Version 3.0 MR7 Administration Guide84 05-30007-0082-20080908Manually adding a device DeviceTo classify network interfaces and VLAN subi

Device Manually adding a deviceFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 85To enable the FortiAnalyzer unit to reply t

FortiAnalyzer Version 3.0 MR7 Administration Guide86 05-30007-0082-20080908Blocking device connection attempts DeviceTest Connectivity does not verify

Device Configuring device groupsFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 87To block a device1 Go to Device > All &

Introduction About this documentFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 9IntroductionFortiAnalyzer units are network

FortiAnalyzer Version 3.0 MR7 Administration Guide88 05-30007-0082-20080908Configuring device groups DeviceFigure 5: List of device groupsTo configure

Log Viewing log messagesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 91LogFortiAnalyzer units collect logs from network h

FortiAnalyzer Version 3.0 MR7 Administration Guide92 05-30007-0082-20080908Viewing log messages LogFigure 1: Viewing current logsViewing historical lo

Log Viewing log messagesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 93Figure 2: Viewing historical logsDevices Select th

FortiAnalyzer Version 3.0 MR7 Administration Guide94 05-30007-0082-20080908Browsing log files LogTo view historical logs1 Go to Log > Log Viewer &g

Log Browsing log filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 95Viewing log file contentsThe Log Browser tab enables

FortiAnalyzer Version 3.0 MR7 Administration Guide96 05-30007-0082-20080908Browsing log files LogImporting a log fileYou can import devices’ log files

Log Browsing log filesFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 975 In Filename, enter the path and file name of the l

FortiAnalyzer Version 3.0 MR7 Administration Guide98 05-30007-0082-20080908Customizing the log view Log5 Select Download Current View.6 Configure the

Log Customizing the log viewFortiAnalyzer Version 3.0 MR7 Administration Guide05-30007-0082-20080908 99Figure 5: Displaying and arranging log columns