Fortinet FortiGuard Analysis 1.2.0 User Manual
ADMINISTRATION GUIDE
FortiGuard Analysis and
Management Service
Version 1.2.0
www.fortinet.com
FortiGuard Analysis and Management Service Administration Guide
Version 1.2.0
31 October 2008
13-12000-406-20081031
© Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples,
diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of
Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient,
FortiGate, FortiGate Unified Threat Management System, FortiGuard, FortiGuard-Antispam, FortiGuardAntivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet, FortiOS,
FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are
trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies
and products mentioned herein may be the trademarks of their respective owners.
Contents
Contents
Introduction ........................................................................................ 7
About this document......................................................................................... 7
Document conventions.................................................................................. 7
Typographic conventions........................................................................ 8
Fortinet documentation .................................................................................... 8
Fortinet Tools and Documentation CD .......................................................... 8
Fortinet Knowledge Center .......................................................................... 8
Comments on Fortinet technical documentation .......................................... 8
Customer service and technical support ........................................................ 9
Setup ................................................................................................. 11
About the portal web site................................................................................ 11
Obtaining a trial contract ................................................................................ 14
Configuring a device to use the service........................................................ 16
Verifying the connectivity between the service and the device ................... 17
Configuring remote logging and central management ................................ 17
Expanding or renewing service...................................................................... 19
Renewing contracts..................................................................................... 20
Adding purchased contracts........................................................................ 21
Required port numbers................................................................................... 23
Dashboard ........................................................................................ 25
The Dashboard main menu............................................................................. 25
Widgets............................................................................................................. 26
Adding and customizing pages...................................................................... 27
Configuring widgets........................................................................................ 27
Configuring the Resource Monitor .............................................................. 28
Configuring the Network Monitor................................................................. 29
Configuring the Trap Console ..................................................................... 30
Configuring the Report widgets................................................................... 31
Customizing the Dashboard page.................................................................. 34
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031 3
Contents
Management..................................................................................... 35
Device............................................................................................................... 35
Viewing device information ......................................................................... 35
Adding and editing devices ......................................................................... 37
Authorizing the service on devices ............................................................. 38
De-authorizing the service on devices ........................................................ 39
Sending manual or automatic configuration revisions ................................ 39
Viewing configuration revisions................................................................... 40
Searching configuration revisions ............................................................... 41
Comparing configuration revisions.............................................................. 41
Restoring configuration revisions................................................................ 43
Running scripts .......................................................................................... 44
Viewing available firmware images............................................................. 44
Changing firmware from the portal web site ............................................... 45
Changing firmware from the device ............................................................ 46
Scripts .............................................................................................................. 47
Creating scripts ........................................................................................... 47
Viewing available configuration scripts ....................................................... 48
Topology Tool.................................................................................................. 49
Creating a network diagram........................................................................ 52
Viewing a network diagram......................................................................... 52
Settings ............................................................................................................ 52
Viewing service account information........................................................... 53
Adding, editing and removing administrators.............................................. 55
Editing your login profile.............................................................................. 56
Changing your service account ID .............................................................. 56
Configuring an alert profile.......................................................................... 57
Analysis ............................................................................................ 59
Log Viewer ....................................................................................................... 60
Viewing logs................................................................................................ 60
Customizing the log view ............................................................................... 62
Customizing the log column views.............................................................. 62
Filtering logs................................................................................................ 63
Log File Browser ............................................................................................. 65
Deleting log files from the FortiGate web-based manager.......................... 66
Reports............................................................................................................. 67
Viewing generated reports .......................................................................... 67
Deleting reports........................................................................................... 68
e-Discovery ...................................................................................................... 69
Viewing e-Discovery tasks .......................................................................... 69
Creating tasks for e-Discovery.................................................................... 72
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
4 13-12000-406-20081031
Contents
Index .................................................................................75
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031 5
Contents
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
6 13-12000-406-20081031
Introduction About this document
Introduction
The FortiGuard Analysis and Management Service is a subscription-based
service that provides remote management and logging and reporting capabilities
for all FortiGate units. The FortiGuard Analysis and Management Service is
available for FortiGate units running FortiOS 3.0 MR6 or higher.
The subscription-based service is available from the FortiGuard Analysis and
Management Service portal web site, which provides a central location for
configuring logging, reporting and remote management. From the FortiGuard
Analysis and Management Service portal web site you can also view subscription
contract information, such as daily quota and the expiry date of the service.
This document refers to the FortiGuard Analysis and Management Service as “the
service”, a FortiGate unit as “device”, and the FortiGuard Analysis and
Management Service portal web site as the “portal web site”.
This section introduces you to FortiGuard Analysis and Management Service and
the following topics:
• About this document
• Fortinet documentation
• Customer service and technical support
About this document
This document explains how to configure and use the service. This document
contains the following sections:
• Setup – Describes how to create a service account, add a device and its
contract to the service account, and configure devices to use the service.
• Dashboard – Describes how to add widgets and pages, and customize the
Dashboard and pages.
• Management – Describes how to view service account information, add users
and devices, and create and run scripts.
• Analysis – Describes how to view and browse logs, including viewing reports.
Document conventions
The following document conventions are used in this guide:
• In the examples, private IP addresses are used for both private and public IP
addresses.
• Notes and Cautions are used to provide important information:
Note: Highlights useful additional information.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081002 7
Fortinet documentation Introduction
!
Caution: Warns you about commands or procedures that could have unexpected or
undesirable results including loss of data or damage to equipment.
Typographic conventions
Fortinet documentation uses the following typographical conventions:
Convention Example
Keyboard input In the Gateway Name field, type a name for the remote VPN
Code examples config sys global
CLI command syntax config firewall policy
Document names FortiGate Administration Guide
File content <HTML><HEAD><TITLE>Firewall
Menu commands Go to VPN > IPSEC > Phase 1 and select Create New.
Program output Welcome!
Variables
peer or client (for example, Central_Office_1).
set ips-open enable
end
edit id_integer
set http_retry_count <retry_integer>
set natip <address_ipv4mask>
end
Authentication</TITLE></HEAD>
<BODY><H4>You must authenticate to use this
service.</H4>
<address_ipv4>
Fortinet documentation
The most up-to-date publications and previous releases of Fortinet product
documentation are available from the Fortinet Technical Documentation web site.
Fortinet Tools and Documentation CD
All Fortinet documentation is available from the Fortinet Tools and Documentation
CD shipped with your Fortinet product. The documents on this CD are current at
shipping time. For up-to-date versions of Fortinet documentation visit the Fortinet
Technical Documentation web site.
Fortinet Knowledge Center
Additional Fortinet technical documentation is available from the Fortinet
Knowledge Center. The knowledge center contains troubleshooting and how-to
articles, FAQs, technical notes, a glossary and more. Visit the Fortinet Knowledge
Center.
Comments on Fortinet technical documentation
Please send information about any errors or omissions in this document, or any
Fortinet technical documentation, to techdoc@fortinet.com.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
8 13-12000-406-20081002
Introduction Customer service and technical support
Customer service and technical support
Fortinet Technical Support provides services designed to make sure that your
Fortinet systems install quickly, configure easily, and operate reliably in your
network.
Please visit the Fortinet Technical Support web site to learn about the technical
support services that Fortinet provides.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081002 9
Customer service and technical support Introduction
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
10 13-12000-406-20081002
Setup About the portal web site
Setup
This section explains how to:
• log in to the portal web site
• navigate within the portal web site
• properly set up the service
• connect a device to the service.
This section also explains how to register a purchased contract after a trial
contract has expired or if you have purchased the contract from your sales
representative without a trial. You must configure both the portal web site and the
devices you want associated with the service before you can use the service.
If you are connecting to the portal web site for the first time, you must register your
device or devices on the Fortinet Technical Support web site. You must also
create a trial contract, which is available on the portal web site, if you have not
already purchased a contract from your sales representative.
After setting up the service, you can configure additional devices to connect to the
service. You do not need to configure other Service Account IDs or additional
contracts. You only need to:
• add device serial numbers to the portal web site and authorize the device to
use the service
• configure your devices within their own web-based manager to use the Service
Account ID.
This section includes the following topics:
• About the portal web site
• Obtaining a trial contract
• Configuring a device to use the service
• Expanding or renewing service
• Required port numbers
About the portal web site
The service is provided to devices through the Internet, and managed through a
portal web site. The portal web site displays not only customer login fields, but
also a link that enables you to configure a trial contract. There is also a bulleted
list of the key features and benefits of the service. You can view the site from
https://fams.fortinet.com.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031 11
About the portal web site Setup
Figure 1: The portal web site
When you enter the email address and password for logging in, the Service
Account ID appears. You can select which Service Account ID you want to view
when logging in to the portal web site if you have multiple Service Account IDs for
one contract. Certain contracts allow for multiple Service Account IDs, which
provides more flexibility. Contracts can allow both multiple devices and multiple
service account IDs. For more information, see “Obtaining a trial contract” on
page 14.
After logging in to the web site, the layout of the information provides the
administrator quick and easy access to various features. There are three main
menus, Dashboard, Management and Analysis. These main menus contain tabs
and sections to help you view and configure settings.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
12 13-12000-406-20081031
Setup About the portal web site
Ta bs
Help
Logout
Sections
Expand Arrow
Refresh
Figure 2: Portal web site layout, Management view
Dashboard main
menu
Management
main menu
Analysis main
menu
The Dashboard main menu provides all features that are related to it,
such as customizing and adding pages. You can add widgets to the
pages as well.
Dashboard The Dashboard tab allows you to configure the
Customize The Customize link allows you to configure a new
New page The New page link allows you to add a new page to
The Management main menu provides remote management features,
such as settings and device information.
Device The Device tab provides information about the
Script The Script tab allows you to upload, input and
Topology Tool The Topology Tool tab allows you to configure a
Settings The Settings tab provides account and user
The Analysis main menu provides logging and reporting features.
Log Viewer The Log Viewer tab allows you to view recent logs
Log File Browser The Log File Browser tab allows you to browse
Report The Report tab provides access to all reports.
e-Discovery The e-Discovery tab allows you to perform advanced
widgets and their layout. You can also make the
Dashboard tab the default page.
page.
the Dashboard menu.
devices, such as connection status to the service,
tasks, and revision history. You can also schedule
upgrades for devices and run scripts.
manage scripts.
network diagram of your network.
information, and allows you to configure alert profiles.
that are received in real-time, as well as historical log
files that are stored on the FortiGuard Analysis
server.
through historical log files.
searches of email messages.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031 13
Obtaining a trial contract Setup
Section Each tab contains sections, which can display a combination of
Help Online help provides help on the various service features and
Log out Log out logs you out of the portal web site.
Refresh icon The Refresh icon, displayed on many pages, allows you to immediately
Obtaining a trial contract
When you first access the portal web site, you can immediately sign up for a trial
contract. With a trial contract, you can familiarize yourself with the features the
service provides before committing to a full contract. The trial contract lasts 30
days, after which you can purchase a full contract from your sales representative.
After purchasing a full contract, use the procedure, “To add a purchased contract
to a Service Account ID” on page 21.
After creating the service account and login, you need to authorize and configure
devices to use the service. Follow the procedures in “Configuring a device to use
the service” on page 16.
information and links to configure additional settings. You can also
expand or hide sections using the Expand Arrow.
For example, in the Device tab, shown in Figure 2 on page 13, the Tasks
section allows you to view the tasks that are occurring (or have already
occurred), as well as to configure an upgrade, run scripts, or show the
firmware available for upgrading the device.
configuration settings.
update the page contents.
Figure 3: Registering for a trial contact
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
14 13-12000-406-20081031
Setup Obtaining a trial contract
Note: If you have previously logged in to the service portal, and want to create another trial
contract or enter a purchased contract number, you may need to create a second Service
Account ID. Devices can use only one Service Account ID at a time per contract. Instead,
add new contracts to your existing Service Account ID. For more information, see
“Expanding or renewing service” on page 19.
To obtain a trial contract
1 Go to https://fams.fortinet.com/.
2 Select the Sign Up Now link.
3 Enter the appropriate information for the following fields:
Your account The information you enter in this section will be used to identify the
Your Login You will use the information that you enter here to log in to the
Questions to
Recover Password
account you associate your devices with, and to determine log
and report time periods of the devices.
Service Account ID Enter an identification name. This name
can contain both letters and numbers, and
be up to 20 characters. Use an underscore
( _ ) or hyphen (-) to separate letters or
numbers in the name.
Time Zone Select the time zone that the device is in.
Time measurements, such as log time
stamps and schedules for changing
firmware that may appear for your
managed devices in the portal web site, are
relative to this time zone.
portal web site.
Your Name Enter the email address for the main
administrator, which is similar to the default
admin administrator on a device. This
default user for the portal web site is
referred to as the admin user.
Email Enter the email address that will be used
for sending reports to.
Re-type Email Enter the email address you gave in the
Email field.
Password Enter a password for logging in to the portal
web site.
Re-type Password Enter the password you gave in the
Password field.
These questions will help to identify you when you need to recover
your password. You need to make sure the following information is
easy to retrieve when you need to recover your password.
Security Question 1 Enter a challenge that can be used to verify
your identity in the event you need to
retrieve your password.
Your Answer Enter the answer for Security Question 1.
Security Question 2 Enter a second challenge that can be used
to verify your identity in the event you need
to retrieve your password.
Your Answer Enter the answer for Security Question 2.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031 15
Configuring a device to use the service Setup
Expand Arrow
4 Select Submit.
You are automatically logged in to the portal web site. You should immediately log
out of the portal web site so that you can configure the devices to use FortiGuard
Analysis and Management Service. You will also receive an email from
fams_admin@fortinet.com verifying your trial contract.
If you want to add a purchased contract, you do not have to create a second
service account. Instead, you can add contracts to your existing service account.
For more information, see “Expanding or renewing service” on page 19.
Configuring a device to use the service
You need to configure devices to use the service after signing up for a trial
contract or after purchasing a contract. You need your Service Account ID to
enable the service on your devices. If you want multiple devices associated with
the same Service Account ID, you need to configure each device with that Service
Account ID.
Note: If you do not know your Service Account ID, you can view it by logging in to the
service portal and going to the Settings menu. The Service Account ID is located in
Account Information. Alternatively, log in to the Fortinet Technical Support web site, and
select the service.
To configure the Service Account ID and validate connectivity
1 In the FortiGate web-based manager, go to System > Maintenance >
FortiGuard.
Figure 4: The FortiGuard “Analysis & Management Service Options”, as displayed
in the FortiGate web-based manager
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
16 13-12000-406-20081031
Setup Configuring a device to use the service
2 Select the Expand Arrow beside Analysis & Management Service Options to
reveal the available options.
3 Enter the service account ID in the Account ID field.
The service account ID entered here will be used to identify that the device is
associated with that service account.
4 Select Apply.
In the FortiGuard Subscription Services area of the FortiGuard page, you should
see a green checkmark in the Analysis & Management Service row, as in Figure
4. You should also see a green checkmark on the System dashboard of your
device, under License Information (beside Analysis and Management Service). If
you see an orange X, your device is not properly connected; if you see a gray X,
your device is not connected. For more information, see “Verifying the connectivity
between the service and the device” on page 17.
After successfully configuring your device, you also need to enable central
management, and, if applicable, configure remote logging. For more information,
see “Configuring remote logging and central management” on page 17.
Verifying the connectivity between the service and the device
The device connects to the Fortinet Distribution Network (FDN) to validate
connectivity with that Service Account ID. After successful validation, the options
for configuring and using the service become available on the device’s web-based
manager. You should also see a green check mark beside Analysis and
Management Services under License Information in the System dashboard of the
device.
If you have not yet authorized the device to use the service, the service license
status may appear to be Expired or Not Registered, and the device will not be
able to connect to the service. To authorize the device, see “Authorizing the
service on devices” on page 38.
If you have authorized the device from the portal web site, but the device is still
unable to connect, verify that the device’s system time and time zone are correct.
If these are incorrect, the SSL connection will fail; you must then enter the correct
system time and zone on the FortiGate unit. For more information, see the
FortiGate Administration Guide.
Configuring remote logging and central management
After configuring the Service Account ID on the device’s web-based manager, you
need to also configure central management and, if applicable, logging. The
service provides both central management of the device as well as logging and
reporting capabilities.
The following procedures describe how to enable and configure both remote
logging and central management.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031 17
Configuring a device to use the service Setup
To configure remote logging to the service
1 In the FortiGate web-based manager, go to Log&Report > Log Config > Log
Setting.
Figure 5: FortiGuard logging options in Log Setting
2 Select the Expand Arrow beside Remote Logging to reveal the available options.
3 Select FortiGuard Analysis Service.
If this check box is grayed out, authorize the device from the portal web site and
configure the Service Account ID before performing this step. For more
information, see “To configure the Service Account ID and validate connectivity”
on page 16.
4 From “When log disk is full”, select what the service should do when the device
reaches its quota: either Overwrite oldest logs or Do not log.
5 From “Minimum log level”, select one of the following log severity levels:
0 - Emergency The system has become unstable.
1 - Alert Immediate action is required.
2 - Critical Functionality is affected.
3 - Error An error condition exists and functionality could be affected.
4 - Warning Functionality could be affected.
5 - Notification Information about normal events.
6 - Information General information about system operations.
Messages with an equal or lesser severity will be sent to the service.
6 Select Apply.
Note: Daylight Savings Time (DST) may affect your location. It is recommended to verify if
your location observes this change, since it affects the accuracy and schedule of logs. For
more information, see the Fortinet Knowledge Center article, New Daylight Saving Time
support.
To configure remote management by the service
1 In the FortiGate web-based manager, go to System > Admin > Central
Management.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
18 13-12000-406-20081031
Setup Expanding or renewing service
Figure 6: Central Management options
2 Select the check box beside Enable Central Management.
3 From Type, select FortiGuard Management Service.
4 Select Apply.
5 Select any of the following options that you want enabled:
Allow automatic
backup of
configuration on
logout/timeout
Allow configuration
updates initiated by
the management
server
Allow script updates
initiated by the
management server
Allow firmware
upgrades initiated by
the management
server
Automatically upload a new configuration revision to the service
when an administrator logs out or the session times out.
Most configuration changes cause an automatic backup.
Exceptions include VPN certificates, topology, FortiGuard license
status, host name, high availability (HA) override and priority, and
network interface media access control (MAC) address.
Allow the device to receive configuration changes scheduled
from the portal web site.
Allow the device to receive script changes scheduled from the
portal web site.
Allow the device to be upgraded by the management server.
6 Select Apply.
Note: The options for the service in Central Management appear only after you have
configured the Service Account ID.
Expanding or renewing service
You can expand or renew the service after accessing the portal web site for the
first time. The Fortinet Technical Support web site allows you to expand or renew
the service after a trial contract expires, or after you have purchased a full
contract.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031 19
Expanding or renewing service Setup
Renewing contracts
If you want to extend the service period, you can add a renewal contract to the
previous contract.
Note: Contract renewal requires an existing contract. If you have not yet added your first
contract, add the first contract, then add the renewal contract. For more information, see
“Obtaining a trial contract” on page 14 and “Adding purchased contracts” on page 21.
To add a renewal contract
1 Go to the Fortinet Technical Support web site and log in.
2 Select FortiGuard Analysis & Management Services from the menu on the left.
3 Select the Service Account ID to which you want to apply the contract number.
Figure 7: Locating the Service Account ID
Near the bottom of the page, a serial number list appears.
4 Select the Serial Number of the contract that you want to renew.
5 In the Product/Contract Maintenance area, enter the Contract Number.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
20 13-12000-406-20081031
Setup Expanding or renewing service
Figure 8: Contract Number
6 Select Renew.
The terms of the contract appear.
7 If you agree, select Agree. A contract term confirmation appears.
If you do not agree to the terms of the service contract, select Don’t Agree.
8 If your contract details appear to be correct, select Complete Registration.
If you have renewed at an increased or decreased service level, you may want to
adjust quota and other settings from the portal web site. For more information, see
“Adding and editing devices” on page 37.
Adding purchased contracts
You can continue service beyond the duration of a trial contract period by adding a
purchased contract. You can also expand the disk space available to your service
account by purchasing a contract for a larger amount of space.
If you have previously obtained a trial contract or entered a purchased service
contract, you do not need to create separate Service Account IDs for each
contract. Instead, you can add service contracts to your existing Service Account
ID. If you choose to create an additional Service Account ID, its service contracts
and portal logins will be separate. Devices can use only one Service Account ID at
a time.
Note: If you have already added your first contract, and want to renew it, see “Renewing
contracts” on page 20.
To add a purchased contract to a Service Account ID
1 Go to the Fortinet Technical Support web site and log in.
2 Select FortiGuard Analysis & Management Services from the menu on the left.
3 Select the Service Account ID to which you want to add the purchased contract.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031 21
Expanding or renewing service Setup
Figure 9: Locating the Service Account ID
Near the bottom of the page, a Product/Contract Maintenance area appears.
4 Enter the Contract Number and a Description in the appropriate fields.
Figure 10: Adding a purchased contract
5 Select Add.
The terms of the contract appear.
6 If you agree, select Agree. A contract term confirmation appears.
If you do not agree to the terms of the service contract, select Don’t Agree.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
22 13-12000-406-20081031
Setup Required port numbers
7 If your contract details appear to be correct, select Complete Registration.
If you have added a contract for a different service, or added a contract with
service levels greater than a trial contract, you may want to authorize devices to
use the new service, or adjust settings such as quota, and configure devices to
allow remote logging or central management. Continue setup with “Management”
on page 35.
Required port numbers
The service is provided to authorized devices connecting to the Fortinet
Distribution Network (FDN) through the Internet. For successful access to the
service, all NAT devices and firewalls between the FDN and the devices must
permit required protocols and port numbers.
For more information, see the Fortinet Knowledge Center article, Traffic Types
and TCP/UDP Ports used by Fortinet Products.
FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031 23
Loading...