Fortinet Fortianalyzer Quick Start Manual

QUICKSTART GUIDE

FORTIANALYZER

REGISTER YOUR FORTINET
PRODUCT TO RECEIVE:

• Technical Support

• New product features

• Protection from new threats

VOUS DEVEZ ENREGISTRER
LE PRODUIT POUR
RECEVOIR:

• Support technique

• Nouvelles fonctionnalitées du produit

• Protection contre de nouvelles menaces

LA REISTRAZIONE TI
PERMETTE DI USUFRUIRE
DI:

• Supporto Tecnico

• Nuove funzionalita

• Proteezione dalle ultime minaccce

DEBE REGISTRAR EL
PRODUCTO PARA RECIBIR:

• Apoyo técnico

• Nuevas funcionalidades del producto

• Protección contra ataques

登録のお願い

本日、フォーティネット製品の登録をしてください。
登録すると次のメリットがあります。
テクニカルサポート • 新機能の追加 • 新しい脅威
への防御

请马上注册

您的飞塔产品
您在注册以后才能得到技术支持、新产品特
点信息、最新威胁防护

SUPPORT

http://forti.net/support

Toll free: 1 866 648 4638

Phone: 1 408 486 7899
Fax: 1 408 235 7737
Email: register@fortinet.com

REGISTER FOR SUPPORT

October 1, 2015
01-000-245798-20151001

Copyright© 2015 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered
trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other
product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in
internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments
and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all
warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel,
with a purchaser that expressly warrants that the identied product will perform according to certain expressly-identied performance metrics
and, in such event, only the specic performance metrics expressly identied in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims
in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

HTTP://FORTI.NET/DOCS/FAZ

DEVICE GUIDE

INCLUDED ACCESSORIES LIST

PORT GUIDE

LED GUIDE

MOUNTING GUIDE

DSL PPPOE

BEFORE YOU BEGIN

CABLE MODEM DHCP

Password

T1/E1, STATIC BROADBAND, CABLE,
OR DSL WITH A STATIC IP ADDRESS

IP Address

Username

It is normal to not require a hostname, but your ISP may require it.

Hostname

Write down details that you may need from your network administrator or ISP.

Subnet Mark

Default Gateway

Primary/Secondary DNS

DAY 1

FORTIANALYZER SETUP

.

.

5 4

1. Connect the Ethernet cable.

2. Congure the management computer to

be on the same subnet as the internal

interface as the FortiAnalyzer unit:

IP address: 192.168.1.2

Netmask: 255.255.255.0

Ethernet Port

Internet

Connect your device to a power outlet and an Internet connection. This is

usually a modem, but could also be another device on your network.

Power Connection

Ethernet Port

BASIC CONNECTIONS

3. Visit 192.168.1.99 in your web browser.

4. Login using username “admin” and no

password.

5. Congure your device and save your

settings.

6. Register your device from the dashboard

page.

WEB-BASED MANAGER SETUP

2

1

1. Connect the device’s console port to

the management computer using the

provided console cable.

2. Start a terminal emulation program

on the management computer, select

the COMport, and use the following

settings:

Baud Rate: 9600

Data bits: 8

Parity: None

Stop bits: 1

Flow Control: None

Console Port Serial Port

3. Press Enter on your keyboard to connect

to the CLI.

4. Login using username “admin” and no

password. You can now proceed with

conguring your device.

5. Get started by typing “?” for a list of

available commands.

6. Begin typing a command then type “?”

for a list of available ways to complete.

7. For example “cong ?” will show the

lowest level of conguration options.

For a detailed CLI guide visit

http://forti.net/cli.

ALTERNATIVE SETUP: CONNECT TO THE CLI

.

.

7 6

SETTING UP FORTIANALYZER

Following is an overview of how to congure a FortiAnalyzer unit in

analyzer mode with ADOMs enabled. Analyzer mode is the default mode.

After the summary procedure are the details of each step.

1. Connect to the GUI by using the default admin account.

2. Congure IP addresses and administrator access.

3. Congure administrator accounts.

4. Log in again by using the new IP address and your new administrator

account.

5. Congure the RAID level, if the FortiAnalyzer unit supports RAID.

6. (Optional) Create administrative domains (ADOMs).

7. Add devices to the FortiAnalyzer unit. The devices send logs to the

FortiAnalyzer unit.

8. Promote devices to ADOMs.

9. Back up the system conguration.

FortiAnalyzer is congured to collect and analyze the logs it receives from

the devices that you added.

CONNECTING TO THE GUI

1. Connect the FortiAnalyzer unit to a management computer by using an

Ethernet cable.

2. Congure the management computer to be on the same subnet as the

internal interface of the FortiAnalyzer unit:

IP address: 192.168.1.2

Netmask: 255.255.255.0

3. On the management computer, start a supported web browser, and

browse to https://192.168.1.99.

4. Type admin in the User Name eld, leave the Password eld blank, and

select “Login”.

5. You should now be able to use the FortiAnalyzer GUI.

If the URL is correct and you still cannot access the GUI, you

may also need to congure static routes.

CONFIGURING IP ADDRESSES AND
ADMINISTRATOR ACCESS

You must congure one or more ports for the FortiAnalyzer unit. You must

also specify what port and methods that administrators can use to access

the FortiAnalyzer unit. You can also congure static routes if required.

1. Go to System Settings > Network.

2. Congure the settings for port1, and click “Apply”.

3. Congure additional ports as needed:

a. Click “All Interfaces”.

b. Right-click a port, and select “Edit”.

c. Complete the settings, and click “OK”.

d. Repeat step 3 for each port that you want to congure.

TO ADD A STATIC ROUTE

1. Go to System Settings > Network.

2. Select the Routing Table button to add an IPv4 static route or the IPv6

Routing Table button to add an IPv6 static route.

3. Select “Create New”.

4. Congure the settings, and select “OK” to create the new static route.

PLACE IMAGE HERE

.

.

9 8

CONFIGURING ADMINISTRATOR ACCOUNTS

The administrator settings are used to control and monitor administrator

access to the FortiAnalyzer unit. Local and remote authentication is

supported as well as two-factor authentication.

FortiAnalyzer includes administrator proles that dene different types of

administrators and what level of access each type of administrator has

to devices connected to the FortiAnalyzer unit and to the FortiAnalyzer

features. You can assign an administrator prole to each administrator

account.

When you create an administrator account in FortiAnalyzer, you can

specify the following items for the administrator:

• Authentication method

• Administrator prole

• ADOMs that the administrator can access

You are currently logged into FortiAnalyzer by using the default

administrator account named admin, which is assigned the administrative

prole named Super_User that gives the admin administrator account full

privileges. In addition to any administrator accounts you create for others,

you should create an administrator account for yourself and assign the

Super_User prole to it.

TO CREATE ADMINISTRATOR ACCOUNTS

1. Go to System Settings > Admin > Administrator and select “Create

New”. The New Administrator dialog box appears.

2. Complete the options, and select “OK” to create the new administrator

account.

LOGGING INTO FORTIANALYZER

After conguring the network for the FortiAnalyzer unit and creating an

administrator account for yourself, you should log into the FortiAnalyzer

unit by using the new IP address and your new administrator account to

complete the conguration.

1. On the management computer, browse to the IP address that you

congured for the FortiAnalyzer unit.

2. Type your user name and password, and select “Login”. You are no

longer logged into the FortiAnalyzer unit with the default administrator

account named admin. You are now logged in under your administrator

account.

CONFIGURING THE RAID

If the FortiAnalyzer unit supports RAID, you can choose a RAID level.

1. Go to System Settings > RAID Management, in the RAID Level eld,

select “Change”.

2. The RAID Settings dialog box opens.

3. From the RAID Level list, select the RAID level, and select “OK”. Once

selected, depending on the RAID level, it may take a signicant amount

of time to generate the RAID array.

CREATING ADOMS

FortiAnalyzer administrative domains (ADOMs) enable the admin

administrator to create groupings of devices for congured administrators

to monitor and manage. You must enable the ADOM feature before you

can create ADOMs.

If you change the RAID settings, all data will be deleted.

PLACE IMAGE HERE

.

.

11 10

TO ENABLE THE ADOM FEATURE

1. Go to System Settings > Dashboard.

2. In the System Information widget, select “Enable” next to Administrative

Domain.

3. Select “OK” in the conrmation dialog box.

4. Type your login and password.

TO ADD AN ADOM

1. Go to System Settings > All ADOMs and select “Create New” in the
toolbar. The Create ADOM dialog box opens.

2. Complete the options, and select “OK” to create the ADOM.

ADDING DEVICES

You must add devices to FortiAnalyzer to enable the FortiAnalyzer unit to
collect logs from the devices. You can use the Add Devicewizard to add
devices.

1. Go to the Device Manager tab.

2. Select “Add Device” from the toolbar.

PLACE IMAGE HERE

PLACE IMAGE HERE

The Add Device wizard opens.

3. Complete the options, and select “Next” to continue through all of the

pages of the wizard.

4. Select “Finish” to add the device.

PROMOTING DEVICES TO ADOMS

After adding a device to the FortiAnalyzer unit, you must promote the

device to an ADOM, when ADOMs are enabled.

When a device is successfully promoted to an ADOM, the device status is

green, which indicates that the device is sending logs to the FortiAnalyzer

unit.

1. Go to the Device Manager tab.

2. Right-click the device, and select “Promote”.

3. TBA

BACKING UP THE SYSTEM CONFIGURATION

Fortinet recommends that you back up your FortiAnalyzer conguration to

your management computer on a regular basis

This operation does not back up log les.

TO BACK UP THE FORTIANALYZER
CONFIGURATION

1. Go to System Settings > Dashboard.

2. In the System Information widget, in the System Conguration eld,

select Backup. The Backup dialog box appears.

3. Congure the options, and select “OK” and save the backup le on your

management computer.

PLACE IMAGE HERE