Page 1 A D M I N I S T R A T I O N G U I D E FortiAnalyzer Version 3.0 MR3 www.fortinet.com...
Page 2 Version 3.0 MR3 25 September 2006 05-30003-0082-20060925 © Copyright 2006 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
Page 3: Table Of Contents
Network Attached Storage ................15 About this guide ....................15 FortiAnalyzer documentation ................. 16 Fortinet Tools and Documentation CD ............17 Fortinet Knowledge Center ................. 17 Comments on Fortinet technical documentation ......... 17 Customer service and technical support ............17 Installing the FortiAnalyzer unit .............
Page 4 Restore factory default system settings ............32 Format the log disks..................33 Restoring a FortiAnalyzer unit..............33 Restoring a FortiAnalyzer-100 or FortiAnalyzer-400 ......33 Restoring a FortiAnalyzer-100A/100B, 800, 2000 and 4000/4000A..34 Changing the firmware ................35 Changing the host name................36 Network settings....................36 Interface ......................
Page 5 Contents Network sharing....................45 Adding users ....................46 Adding groups ..................... 46 Configuring Windows shares ..............46 Assigning user access ................47 Configuring NFS shares ................48 Setting folder and file privileges ..............49 Configuring the FortiAnalyzer unit ..............49 Log Settings ....................
Page 6 Contents Adding a FortiManager unit................72 Adding a Syslog server................... 73 Device Groups ....................74 Blocked Devices ....................74 Viewing blocked devices................75 Logs ....................77 Log Viewer ....................... 77 Real-time log viewer ................... 77 Historical log viewer ..................78 Browse......................
Page 7 Contents Searching user data ..................100 Saving search results ................100 Local archive .................... 101 Forensic Reports ................... 101 Configuring reports..................101 Customizing the report properties............102 Configuring the report criteria ............. 102 Configuring the time period..............104 Configuring the report types ............... 104 Configuring the report output ..............
Page 8 FortiAnalyzer traps..................136 FortiGate MIB System Traps .............. 136 FortiGate MIB Logging Traps ............. 136 FortiGate MIB VPN Traps..............136 Fortinet MIB System fields..............136 Fortinet Administrator Accounts ............136 Fortinet Options .................. 136 Fortinet Active IP Sessions..............137 RFC-1213 (MIB II) ................137 RFC-2665 (Ethernet-like MIB) ............
Page 9 Contents Search the network traffic logs ..............146 Basic search....................146 Advanced search ..................146 Search tips ....................147 Printing the search results................. 147 Log rolling ...................... 147 Vulnerability scan ................151 Modules ......................151 Jobs ........................ 152 Adding a new vulnerability scan job ............153 Reports ......................
Page 10 Contents FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 11: Introduction
The FortiAnalyzer Unit • About this guide • FortiAnalyzer documentation • Customer service and technical support The FortiAnalyzer Unit The FortiAnalyzer family includes the following models: FortiAnalyzer-100A/100B 10/100 POWER STATUS LINK / ACT Ports 4 10/100 Ethernet ports Memory 256 MB...
Page 12: Fortianalyzer-400
The FortiAnalyzer Unit Introduction FortiAnalyzer-400 Ports 3 10/100 Ethernet ports Memory 256 MB Disk Drives 4 x 120MB hot-swappable (3.0 MR1) Disk Drive Capacity 480 GB FortiGate Devices Supported 200 FortiGate units or VDOM licenses. Supports FortiGate-50A to FortiGate-800 only. FortiClient installations Supported 2000 AC Input Voltage 100-240V 4Amp Max...
Page 13: Fortianalyzer-2000
Introduction The FortiAnalyzer Unit FortiAnalyzer-2000 Ports 4 gigabit Ethernet ports Memory 2 GB Disk Drives 6 x 400GB hot-swappable Disk Drive Capacity 2.4 TB FortiGate Devices Supported 500 FortiGate units or VDOM licenses. Supports all FortiGate models. FortiClient installations Supported 5000 AC Input Voltage 100-240V 9Amp Max...
Page 14: Fortianalyzer Features
FortiAnalyzer features Introduction FortiGate Devices Supported 500 FortiGate units or VDOM licenses. Supports all FortiGate models. FortiClient installations Supported AC Input Voltage 100-240V 9Amp Max FortiAnalyzer features The FortiAnalyzer unit receives log files from multiple FortiGate and syslog devices. Using the FortiAnalyzer unit’s robust reporting capabilities, you can monitor the traffic, attacks, and misuses from network users.
Page 15: Log Viewer
FortiAnalyzer unit. For example, a company may have a headquarters and a number of branch offices. Each branch office has a FortiGate unit and a FortiAnalyzer-100A/100B to collect local log information. The headquarters has a FortiAnalyzer-2000 as the central log aggregator.
Page 16: Fortianalyzer Documentation
FortiAnalyzer documentation Introduction • Devices describes how to add and configure FortiGate, FortiManager units and Syslog servers so that the FortiAnalyzer unit can maintain a connection with the device. • Alerts describes how to set up alert messages and configure the FortiAnalyzer unit to send messages via email through a mail server, to a syslog server or using SNMP traps.
Page 17: Fortinet Tools And Documentation Cd
Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For up-to-date versions of Fortinet documentation see the Fortinet Technical Documentation web site at http://docs.forticare.com.
Page 18 Customer service and technical support Introduction FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 19: Installing The Fortianalyzer Unit
Installing the FortiAnalyzer unit Planning the installation Installing the FortiAnalyzer unit This section describes the FortiAnalyzer hardware and how to connect the FortiAnalyzer unit to the network. This section includes the following topics: • Planning the installation • Connecting the FortiAnalyzer unit •...
Page 20: Connecting The Fortianalyzer Unit
Note: The FortiAnalyzer unit may overload your supply circuit and impact your surge protection and supply wiring. Use appropriate equipment nameplate ratings to address this concern. Make sure that the FortiAnalyzer unit has reliable grounding. Fortinet recommends direct connections to the branch circuit. Air flow •...
Page 21: Configuring The Fortianalyzer Unit
Configuring the FortiAnalyzer unit Use the web-based manager or the Command Line Interface (CLI) to configure the FortiAnalyzer unit IP address, netmask, DNS server IP address, and default gateway IP address. Table 1: FortiAnalyzer-100A and FortiAnalyzer-100B factory defaults Administrator User name: admin account...
Page 22 Configuring the FortiAnalyzer unit Installing the FortiAnalyzer unit Table 3: FortiAnalyzer-800 factory defaults Administrator User name: admin account Password: (none) 192.168.1.99 Port 1 Netmask: 255.255.255.0 Management Access: HTTP, HTTPS, PING, SSH 192.168.2.99 Port 2 Netmask: 255.255.255.0 Management Access: HTTP, HTTPS, PING, SSH Table 4: FortiAnalyzer-2000 factory defaults Administrator User name:...
Page 23: Using The Web-Based Manager
Installing the FortiAnalyzer unit Configuring the FortiAnalyzer unit Using the web-based manager The web-based manager provides a GUI interface to configure and administer the FortiAnalyzer unit. Use the web-based manager to: • configure most FortiAnalyzer settings • monitor the status of the FortiAnalyzer unit •...
Page 24: Using The Command Line Interface
(CLI) from any network that is connected to the FortiAnalyzer unit, including the Internet. This applies to all FortiAnalyzer models. You can also access the FortiAnalyzer-100A/100B, FortiAnalyzer-800 and FortiAnalyzer-4000/4000A CLI by using the null-modem cable provided to connect to the unit’s console port.
Page 25: Using The Front Panel Buttons And Lcd
Installing the FortiAnalyzer unit Upgrading the FortiAnalyzer firmware Set the primary and optionally the secondary DNS server IP address: config system dns set primary <dns-server_ip> set secondary <dns-server_ip> Set the default gateway: config system route edit 1 set device port1 set dst <destination_ip><netmask>...
Page 26: Backing Up The Fortianalyzer Hard Disk
Backing up the FortiAnalyzer hard disk Installing the FortiAnalyzer unit Backing up the FortiAnalyzer hard disk Before upgrading the FortiAnalyzer firmware, formatting the log disk or changing the RAID configuration (on a FortiAnalyzer-400, FortiAnalyzer-800, FortiAnalyzer-2000 and FortiAnalyzer-4000/4000A), it is extremely important that you back up the log data first.
Page 27: Configure The Fortianalyzer Unit
Configure the FortiAnalyzer unit Dashboard Configure the FortiAnalyzer unit The FortiAnalyzer unit provides a number of configuration options to customize the FortiAnalyzer unit using the System settings. This section describes the configuration settings you can apply to use the FortiAnalyzer in your network environment. This section includes the following topics: •...
Page 28: System Information
(for example, for HTTPS connections to the web-based manager) is excluded. Hard Disk Usage / For the FortiAnalyzer-100 and FortiAnalyzer-100A/100B, the current status of the hard disk. The web-based manager displays RAID status the amount of hard disk space used.
Page 29: License Information
Configure the FortiAnalyzer unit Dashboard License Information Support Contract The support contract number and expiry date. RVS Engine The version of the RVS engine. Select Update to upload a new version of the engine. This feature is not available on the FortiAnalyzer-100. RVS Plug-ins The version of the RVS plug-in.
Page 30: Viewing Operational History
Dashboard Configure the FortiAnalyzer unit Format log disks Format the FortiAnalyzer hard disk. Selecting this option will delete all log files and reports from the hard disk. Ensure that you back up all information before selecting this option. Formatting the hard disk will also interrupt FortiAnalyzer operations for several minutes.
Page 31: Filtering Session Information
Configure the FortiAnalyzer unit Dashboard To Port The destination port of the connection. Expires (Secs) The time in seconds remaining before the connection terminates. Filtering session information You can filter the contents to find specific content. Each column of data includes a gray filter icon.
Page 32: Setting The Time
Dashboard Configure the FortiAnalyzer unit Counter The number of occurrences of the alert event. Delete icon Select the check box for alert messages you want to delete and select the delete icon. Clicking the column headers sorts the information in ascending or descending order for that column.
Page 33: Format The Log Disks
Configure the FortiAnalyzer unit Dashboard To restore system settings to factory defaults Go to System > Dashboard. In the System Operations area, select Reset to Factory Default and select Go. Select OK to confirm. The FortiAnalyzer unit restarts with the configuration it had when it was first powered on.
Page 34: Restoring A Fortianalyzer-100A/100B, 800, 2000 And 4000/4000A
Dashboard Configure the FortiAnalyzer unit Restoring a FortiAnalyzer-100A/100B, 800, 2000 and 4000/4000A Caution: This procedure resets all FortiAnalyzer settings to their default state. This includes the interface IP addresses, as well as HTTP, HTTPS, SSH, and telnet access. “Configuring the FortiAnalyzer unit” on page Note: When connecting the Ethernet cable to the FortiAnalyzer-800, insert the cable into the LAN2 port.
Page 35: Changing The Firmware
IP address from the front panel of the FortiAnalyzer-100 and FortiAnalyzer-400, and the console for the FortiAnalyzer-800 and FortiAnalyzer-100A/100B. To change the firmware using the web-based manager Copy the firmware image file to your management computer.
Page 36: Changing The Host Name
Network settings Configure the FortiAnalyzer unit • If you revert to a previous firmware version, the FortiAnalyzer unit uploads the firmware image file, reverts to the old firmware version, resets the configuration, restarts, and displays the FortiAnalyzer unit login. This process takes a few minutes.
Page 37: Changing The Interface Settings
Configure the FortiAnalyzer unit Network settings Changing the interface settings To change the interface settings Go to System > Network > Interface. Select Modify for the port. Set the following options and select OK: Interface name The interface name is hard coded and cannot be changed. FortiDiscovery Select Enable to use the FortiDiscovery Protocol for the port to enable FortiGate devices to find the FortiAnalyzer unit...
Page 38: Dns
Network settings Configure the FortiAnalyzer unit Configure the primary and secondary DNS settings. To configure network settings, go to System > Network > DNS. Primary DNS Server Enter the primary DNS server IP address that the FortiAnalyzer unit can connect to. Several of the FortiAnalyzer functions use DNS.
Page 39: Administrator Settings
Configure the FortiAnalyzer unit Administrator settings Administrator settings Use the Admin option to configure and maintain FortiAnalyzer administrators, administrator domains (ADOMs), set a user’s administrative access and maintain passwords. When the FortiAnalyzer unit is initially installed, it is configured with a single master administrator account with the user name of “admin”.
Page 40: Changing The Administrator Password
Administrator settings Configure the FortiAnalyzer unit User information Enter the administrator name, email and other contact information. Trusted Host Enter the IP address where the administrator can log into the FortiAnalyzer unit. If you want the administrator to be able to access the FortiAnalyzer unit from any address, use the IP address 0.0.0.0 and netmask 0.0.0.0.
Page 41: Auth Groups
Configure the FortiAnalyzer unit Administrator settings Figure 8: FortiAnalyzer access privileges Only the admin administrator has access to the Global Configuration of a FortiAnalyzer unit. Every other administrator must be assigned an access profile. To create an access profile Go to System > Admin > Access Profile. Select Create New.
Page 42: Radius Server
ADOM entries from the FortiAnalyzer unit. Until you do this, the Admin Domain Configuration option will not appear in this window. Note that the Admin Domain Configuration option is not available on the FortiAnalyzer-100 or FortiAnalyzer-100A/100B. Monitor The Monitor page enables the admin account to view other administrators currently logged in to the FortiAnalyzer unit.
Page 43: Administrative Domains
Similar to the web-based manager, users who access the CLI for their ADOM are not able to see data or configuration settings for other ADOMs. Note: Administrative Domains are not available on the FortiAnalyzer-100 or FortiAnalyzer-100A/100B. Enabling administrative domains Using the default admin account, you can enable multiple ADOM operation on the FortiAnalyzer unit.
Page 44: Disabling Administrative Domains
Administrative domains Configure the FortiAnalyzer unit Global Configuration The admin administrator can access the global configuration. Select Main Menu to return to the Admin Domain Configuration page. Create New Create a new ADOM. Delete Delete the selected ADOM. Selection Enable to select the ADOM for deletion. Name The name of the ADOM.
Page 45: Creating A New Adom
Configure the FortiAnalyzer unit Network sharing Creating a new ADOM Creating a new ADOM will enable the FortiAnalyzer administrator to configure access privileges for a group of administrators and users. To create a new ADOM Select Main Menu. Select Create New. Enter a name for the new ADOM.
Page 46: Adding Users
Network sharing Configure the FortiAnalyzer unit Adding users Create user accounts to give users access to the log, reports and hard disk storage of the FortiAnalyzer unit. Users added will not have administrative access to the FortiAnalyzer hard disk or FortiAnalyzer unit. To add administrative users “Administrator settings”...
Page 47: Assigning User Access
Configure the FortiAnalyzer unit Network sharing Figure 11: Viewing user access Edit Delete Local Path The path the user has permission to connect to. Share as The name of the shared folder or file. User/Group A list of users or groups that have access to the folder or files. Permissions Permissions for the user or groups.
Page 48: Configuring Nfs Shares
Network sharing Configure the FortiAnalyzer unit To add a new Windows share configuration Go to System > Network Sharing > Windows Share. Select Create New. Select the Local Path button to select the folder for the users or groups to access. Note: The default permissions for files and folders is read and execute privileges.
Page 49: Setting Folder And File Privileges
Configure the FortiAnalyzer unit Configuring the FortiAnalyzer unit Figure 14: NFS share configuration Local Path Button Select the Local Path button to select the folder for the users or groups to access. Note: The default permissions for files and folders is read and execute privileges. The owner of the document also has write privileges.
Page 50: Log Settings
Configuring the FortiAnalyzer unit Configure the FortiAnalyzer unit Log Settings The FortiAnalyzer unit creates its own system log messages to provide information on system events occurring on the unit, such as system activity, administration events and IPSec negotiations for secure transfers of log message packets.
Page 51: Log Aggregation
FortiAnalyzer unit. For example, a company may have a headquarters and a number of branch offices. Each branch office has a FortiGate unit and a FortiAnalyzer-100A/100B to collect local log information. The headquarters has a FortiAnalyzer-2000 as the central log aggregator.
Page 52: Configuring An Aggregation Client
Rx and Tx icons are empty. Configuring an aggregation client The aggregation client is the FortiAnalyzer unit that sends logs to a aggregation server. These would include units such as the FortiAnalyzer-100A/100B or FortiAnalyzer-400. To configure the aggregation client Go to System >...
Page 53: Configuring An Aggregation Server
Configure the FortiAnalyzer unit Configuring the FortiAnalyzer unit Set the following settings and select OK: Remote FortiAnalyzer IP Enter the IP address of the FortiAnalyzer unit acting as the aggregation server. Password Enter the password for the aggregation server. Confirm Password Enter the password again for the aggregation server.
Page 54: Ip Alias Ranges
Configuring the FortiAnalyzer unit Configure the FortiAnalyzer unit To import the alias file Go to System > Config > IP Aliases. Select Import. Enter the path and file name or select Browse to locate the file. Select OK. IP alias ranges When adding an IP alias you can include an IP address range as well as individual addresses.
Page 55: Configuring Raid On The Fortianalyzer-2000 And Fortianalyzer-4000/4000A
Configure the FortiAnalyzer unit Configuring the FortiAnalyzer unit RAID Level Select a RAID level and select Apply. Free Disk Space The amount of free disk space. Total Disk Space The amount of disk space available within the RAID array. This value will change depending on the RAID type selected.
Page 56 Configuring the FortiAnalyzer unit Configure the FortiAnalyzer unit Figure 18: FortiAnalyzer-2000 RAID settings Enable RAID Select to enable RAID 5. To enable other RAID levels, use the command line interface. For command details see the FortiAnalyzer CLI Reference. Enable Hot Spare Select to enable the use of a hot spare with the RAID array.
Page 57: Maintenance
Configure the FortiAnalyzer unit Maintenance Maintenance The maintenance page enables you to backup and restore configuration files and maintain and review FortiGuard information for the FortiAnalyzer unit. Backup & Restore Go to System > Maintenance > Backup & Restore to back up and restore the system configuration and to manage firmware.
Page 58: Update Center
Update status including version numbers, expiry dates, and update dates and times, To receive scheduled updates and push updates, you must register the FortiAnalyzer unit on the Fortinet support web page. Figure 20: Update center FortiAnalyzer Version 3.0 MR3 Administration Guide...
Page 59: Raid Levels
Configure the FortiAnalyzer unit RAID levels FortiProtect The status of the connection to the FortiProtect Distribution Network (FDN). Distribution A green indicator means that the FortiAnalyzer unit can connect to the Network FDN. You can configure the FortiAnalyzer unit for scheduled updates. A red-yellow flashing indicator means that the FortiAnalyzer unit cannot connect to the FDN.
Page 60: Linear
RAID levels Configure the FortiAnalyzer unit To configure the RAID settings, go to System > Config > RAID. Note: RAID functionality is only available on the FortiAnalyzer-400, FortiAnalyzer-800, FortiAnalyzer-2000 and FortiAnalyzer-4000/4000A. These units include multiple hard disks for RAID support. The FortiAnalyzer unit support standard RAID levels linear, 0, 1 and 5.
Page 61: Raid 10
FortiAnalyzer unit remains in operation. The FortiAnalyzer-100A/100B and FortiAnalyzer-100 units each have a single hard disk. Hot swapping is not available on these units.
Page 62: Hot Swapping The Fortianalyzer-2000 And Fortianalyzer-4000/4000A
RAID levels Configure the FortiAnalyzer unit You can use any brand of hard disk to replace a failed hard disk. However, you must ensure that the hard disk size is the same size as the remaining working drives. Using a smaller drive will affect the RAID setup. The FortiAnalyzer unit will reconfigure the RAID to the smaller drive, potentially causing data loss.
Page 63 Configure the FortiAnalyzer unit RAID levels Table 8: FortiAnalyzer-2000 disk drive configuration Drive 1 (p1) Drive 4 (p4) Drive 2 (p2) Drive 5 (p5) Drive 3 (p3) Drive 6 (p6) Table 9: FortiAnalyzer-4000/4000A disk drive configuration Drive 1 (p1) Drive 4 (p4) Drive 7 (p7) Drive 10 (p10) Drive 2 (p2)
Page 64 RAID levels Configure the FortiAnalyzer unit FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 65: Devices
Devices Devices List Devices The power of the FortiAnalyzer centers on reporting, data and network analysis capability. The FortiAnalyzer unit collects log messages from multiple FortiGate devices and Syslog servers, which it then uses for generating many different report types. This section describes how to add and configure FortiGate, FortiManager units and Syslog servers so they can communicate with the FortiAnalyzer unit This section includes the following topics...
Page 66: Device Interaction With A Fortianalyzer Unit
Table 10: FortiAnalyzer Maximum supported devices FortiGate and/or Syslog FortiManager FortiClient FortiAnalyzer-100 10 (FortiGate-50A to None FortiGate-100A only) FortiAnalyzer-100A/100B 10 (FortiGate-50A to None FortiGate-100A only) FortiAnalyzer-400 200 (FortiGate-50A to 2000 FortiGate-800 only) FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 67: Unregistered Device Options
Devices Devices List FortiAnalyzer-800 250 (FortiGate-50A to 2500 FortiGate-800 only) FortiAnalyzer-2000 500 (All FortiGate models) 5000 FortiAnalyzer-4000/4000A 500 (All FortiGate models) 5000 The maximums indicate a combined total of added and unregistered devices. If there are more than the maximum allowed, the FortiAnalyzer unit will not allow you to add more devices.
Page 68: Unknown Devices Connecting To The Fortianalyzer Unit
Adding a FortiGate unit Devices Unknown devices connecting to the FortiAnalyzer unit Select what the FortiAnalyzer unit should do with the connection request for an unknown device. These devices include FortiGate units running FortiOS 2.8 or lower, FortiManager or Syslog servers. To configure unregistered device options Go to Device >...
Page 69 Devices Adding a FortiGate unit Device ID When selecting a FortiGate unit from the unregistered list, the FortiAnalyzer unit automatically adds the FortiGate unit’s serial number. If you are adding a new FortiGate unit that is not already in the unregistered list, enter the FortiGate unit’s serial number. The FortiGate unit’s serial number is available on the System menu in the Web-based GUI.
Page 70: Defining Fortigate Port Interfaces
Adding a FortiGate unit Devices Define the port interface options using the arrow buttons. For details on port interface settings see “Defining FortiGate port interfaces” on page If you want to add a VLAN or other interface, type the name of the interface and select Add.
Page 71: Adding Forticlient Installations
Devices Adding FortiClient installations To add an HA cluster Go to Device > All Select Unregistered from the Show list, and select Add from the Action column. Select Add Device. Configure the same settings as indicated in the section “Adding a FortiGate unit” on page 68, using the information for the primary unit, with the following exceptions:...
Page 72: Adding A Fortimanager Unit
Adding a FortiManager unit Devices Adding a FortiManager unit Before adding a FortiManager unit to the FortiAnalyzer, you must first configure the FortiManager to connect to the FortiAnalyzer unit. To configure the FortiManager unit On the FortiManager unit, select System Settings from the Dashboard. Go to Local Logs >...
Page 73: Adding A Syslog Server
Devices Adding a Syslog server Expand the Devices Privileges settings. Set the privileges the FortiManager unit has to the FortiAnalyzer unit. Select Allow all devices managed by FortiManager to have full access to the FortiAnalyzer unit and to Allow the FortiManager to configure the FortiAnalyzer unit.
Page 74: Device Groups
Device Groups Devices Expand the Group Membership settings. Select the group or groups where you want to include the Syslog server, and select the right arrow button to add the Syslog servers to the group. Select OK. Device Groups When you have multiple devices belonging to a department or section of the company, you can create groups to keep the devices together for easier monitoring.
Page 75: Viewing Blocked Devices
Devices Blocked Devices Viewing blocked devices To view blocked devices on the FortiAnalyzer unit, go to Device > All > Blocked Devices. Figure 22: List of blocked devices Device ID The name or serial number of the blocked device. Hardware Model The type of device, for example FortiGate, FortiManager or Syslog server.
Page 76 Blocked Devices Devices FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 77: Logs
Logs Log Viewer Logs The FortiAnalyzer unit collects log message packets from FortiGate, FortiManager, FortiClient and Syslog devices. Using the log browser, you can view device and FortiAnalyzer log files and log messages. The FortiAnalyzer unit can also view device logs in real-time, enabling you to see events and traffic occurring on a device as it happens.
Page 78: Historical Log Viewer
Log Viewer Logs Figure 23: Viewing logs in real time Column Settings Type The log type you are viewing and the device where it is originating from. Change Select to change the log type to view or the device. Stop Select to stop the FortiAnalyzer unit from refreshing the log view.
Page 79 Logs Log Viewer Select the End time by selecting the following: Current Select to include up to the minute log messages. Specified Select to set a specific end date and time for the log messages. Date Enter an end date. Use the format DD/MM/YYYY. Alternatively, select the Calendar icon and select a start date.
Page 80: Browse
Browse Logs Search Enter a keyword to perform a simple search on the log information available. Select Go to begin the search. The number of matches appears above the Search field. The FortiAnalyzer unit will search the entire log file for the keyword you enter.
Page 81: Browsing Log Files
Logs Browse Last Modified The last time the log was updated from the device. Size (bytes) The size of the log file. Action Select Delete to remove the log file from the FortiAnalyzer hard disk. Select Download to save the log file to your local hard disk. Select Display to view the contents of the log file.
Page 82: Importing A Log File
If you backup your FortiAnalyzer log, you can import the FortiAnalyzer log onto the device. You can also import normal Fortinet logs or logs in CSV format. To import a log file Go to Log > Browse.
Page 83: Customizing The Log View
Logs Customizing the log view Select one of the following and select OK. Convert to CSV Downloads the log format as a commas separated file with an extension of .csv. Each data element is separated by a comma. format Compress with gzip Download the log file in its native format with gzip compression.
Page 84: Filtering Logs
Search the logs Logs Filtering logs When viewing log files both real-time and historical, you can filter the contents to find specific content. Log filters appear when you are viewing real-time and historical data in the Log Viewer or when browsing log files on the FortiAnalyzer hard disk.
Page 85: Basic Search
Logs Search the logs Basic search The basic search performs a simple search of all log files on the FortiAnalyzer unit. The FortiAnalyzer unit maintains a search history for reference should you need to use the search keywords again. The FortiAnalyzer searches all log files and data for matches.
Page 86: Search Tips
Log rolling Logs Note: Searches using characters will not include results from the Traffic logs. Traffic logs include information for source and destination IP addresses and ports which is strictly numerical information. For example, if you are searching on User1, you may get results for User1, however, none of the results will include entries from the Traffic log.
Page 87 Logs Log rolling Figure 30: Log rolling settings Log file should not The maximum size of a log file that the FortiAnalyzer unit saves to the hard disk. exceed When the log file reaches the specified maximum size, the FortiAnalyzer unit saves the current log file with an incremental number and starts a new active log file.
Page 88 Log rolling Logs FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 89: Content Archive
Content archive Content viewer Content archive A FortiGate unit can monitor and log metadata content for all users using email, FTP and Instant Messages. The metadata content includes information such as the senders and recipients of email and instant messages and the content of those messages.
Page 90: Customizing The Content Log View
Customizing the content log view Content archive Resolve Host Name Select to view the client IP address as a real name. You must configure the IP aliases on the FortiAnalyzer for this setting to be effective. For details see “IP Aliases” on page Note this option is not available when viewing the email content archive.
Page 91: Filtering Content Logs
Content archive Log rolling Select a column name. Select the up and down arrows to change the position of the column in the list. Filtering content logs When looking at content logs for both real-time and historical, you can filter the information to find specific information.
Page 92 Log rolling Content archive When a content log file reaches its maximum size, or reaches the scheduled log rolling time, the FortiAnalyzer unit saves the content log files with an incremental number, and starts a new content log file with the same name. For example, the current content log is clog.log.
Page 93 Content archive Log rolling Upload Log files Select when the FortiAnalyzer unit should upload files to the FTP server. • Select When rolled to upload as soon as the FortiAnalyzer unit rolls the content log file, based on the settings above. •...
Page 94 Log rolling Content archive FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 95: Quarantine
Quarantine Configuring quarantine settings Quarantine The FortiAnalyzer unit provides a repository for files quarantined by a FortiGate unit. These files are considered a threat to the network, suspicious or of a questionable nature. You can use the FortiAnalyzer quarantine support as a central management location for all suspicious files under quarantine.The communication between the two units is the same IPSec tunnel a FortiGate unit uses when sending log files.
Page 96: Viewing The Quarantined Files List
Viewing the quarantined files list Quarantine Viewing the quarantined files list The quarantined files repository displays a list of quarantined files on the FortiAnalyzer hard disk and information about each quarantined file. To view quarantined files, go to Quarantine > Repository. Figure 35: Viewing quarantined files Show Select a device from the list of available devices to display the list...
Page 97: Forensic Analysis
Forensic Analysis Users and groups Forensic Analysis Forensic analysis provides a method of monitoring and reporting on individuals or groups of individuals on their internet traffic, email and Instant Messaging (IM) patterns within an organization. While the Reports and other log data also provide this information, the forensic analysis enables the administrator to narrow the information to specific individuals or groups of individuals.
Page 98: Creating Groups
Users and groups Forensic Analysis Creating groups Create user groups to obtain analysis information for a selection of users, rather than running reports for a number of individuals. You must add individual users before you can add them to a group. To add a forensic analysis group Go to Forensic Analysis >...
Page 99: Where Does Fortianalyzer Get This Information
Forensic Analysis Users and groups Figure 36: Lookup user information Lookup Select the information to look for in the log data. Username / IP Depending on the Lookup selection, enter either the username or IP address to find the associated information. Address Time frame Select the time range in the logs that the FortiAnalyzer unit...
Page 100: Searching User Data
Searching user data Forensic Analysis To enable these log types on the FortiGate unit Go to Firewall > Protection Profile Select a protection profile. Select Logging. Select the activities to log and select OK. Searching user data The user data search enables you to perform a quick search on selected activity of a specific user.
Page 101: Local Archive
Forensic Analysis Forensic Reports To save the results Select Save Archive. Enter a name for the search results. The name cannot include spaces. Enter a Description to identify what was included in the search results. Select Save. Local archive The local archive provides easy access to the forensic analysis searches that are saved on the FortiAnalyzer unit.
Page 102: Customizing The Report Properties
Forensic Reports Forensic Analysis Customizing the report properties Customize the report with company or branch information and logos to create a professional report. Figure 38: Customizing the report properties Company Name Enter the name of your company, department or branch. Header Comment Enter a title or information to include in the header of the report.
Page 103 Forensic Analysis Forensic Reports Figure 39: Configuring the forensic analysis report criteria Report Profile Select to save the report profile for future reports or On Demand to use the report profile once. Once the FortiAnalyzer unit runs the report, the profile created is removed from the system. Report Category Select the type of analysis to include in the report, either user or device.
Page 104: Configuring The Time Period
Forensic Reports Forensic Analysis Include Summary Select to include a roll up of the report contents. Information Include Table of Select to include a table of contents for the report. Contents Configuring the time period Select a time span for the report period or select a specific time frame. When the FortiAnalyzer unit generates the report, it uses the log data found within the specified time period only.
Page 105 Forensic Analysis Forensic Reports Figure 41: Forensic analysis report output configuration File output Select the file format for the generated reports that are saved to the FortiAnalyzer hard disk. To access the reports on the hard disk, see “Viewing Forensic Reports” on page 106.
Page 106: Viewing Forensic Reports
Forensic Reports Forensic Analysis Email server Select the email server to use when the FortiAnalyzer unit sends the reports as an email attachment. Email to Enter the email addresses of the recipients of the report. Add multiple recipients by pressing Enter after each email address. Addresses appear in the Email List.
Page 107: Traffic Summary And Security Events
Traffic summary and security events Traffic Summaries Traffic summary and security events Using the submitted log messages from registered devices, the FortiAnalyzer unit provides data mining features that enables you to access simple reports on a number of different intrusion attempts against your network as well as the types of traffic occurring on your network.
Page 108: Viewing Email Traffic
Traffic Summaries Traffic summary and security events Web activity within Select a time frame for viewing the web traffic. the last View Select a device or group of devices. Total Web activity for An overview of the amount of data, in megabytes, transferred via the web.
Page 109: Viewing Ftp Traffic
Traffic summary and security events Traffic Summaries Traffic The amount of data transferred through sent and received within the period. Last Activity The date and time of the last email message. Upload The number of outgoing email messages that occurred within the period.
Page 110: Filtering Traffic Summaries
Traffic Summaries Traffic summary and security events Figure 46: Viewing IM/P2P traffic IM activity within the Select a time frame for viewing the IM traffic. last View Select a device or group of devices. View per page Select the number of log messages displayed on each page. Page Enter the page number you want to display and press Enter.
Page 111: Filtering Tip
Traffic summary and security events Traffic Summaries When viewing real-time logs, you cannot filter on the time column because the time will always be the current time. Filtering tip When filtering by source or destination IP, you can use the following in the filtering criteria: •...
Page 112: Traffic Report
Traffic Summaries Traffic summary and security events Device Select a device or device group. Time frame Select the time span to display on the graphs. Traffic Report The traffic report enables you to generate a report to aggregate all the traffic summary information rather than viewing the pages in Realtime Analysis >...
Page 113: Security Event Summaries
Traffic summary and security events Security event summaries Security event summaries Security event summaries are reports that provide a snapshot of unwanted traffic that is attempting to breach the firewall. The FortiAnalyzer unit has four default event reports that are updated daily: •...
Page 114: Viewing Virus Activity
Security event summaries Traffic summary and security events Figure 50: Viewing event correlation report list Delete Edit Run report View report Report Engine The name of the report. The FortiAnalyzer unit includes three default report engines for Virus, Intrusion and Suspicious. Frequency The time when the FortiAnalyzer unit runs a report.
Page 115: Viewing Intrusion Activity
Traffic summary and security events Security event summaries Virus activity within Select the time frame to view the virus activity. the last View Select a device or group of devices. Firewall The name of the firewall. Host (Source) The source IP address of the firewall. Virus The name of the virus.
Page 116: Viewing Suspicious Activity
Security event summaries Traffic summary and security events Count The number of intrusion incidents on the network. Action Select Details to display any additional information for the entry. The details window displays further details of the virus incidents including time and date, target and protocol attempt. Select Acknowledge to reset the attack count to zero for the intrusion counter.
Page 117: Viewing Administrative Activities
Traffic summary and security events Security event summaries Last Activity The date and time of the last incident of the virus. Number of Sessions The number of incidents made by the virus on the network. Action Select Acknowledge to reset the session count to zero. Select Details to display the traffic generated by the IP address.
Page 118 Security event summaries Traffic summary and security events FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 119: Reports
Reports Configuring reports Reports The FortiAnalyzer unit collates information collected from device log files and presents the information in tabular and graphical reports. The reports provide detailed information on the type of traffic, attacks and preventative actions that occurred during a specific period on your network. Using reports you can: •...
Page 120: Configuring A Report Profile
Configuring reports Reports Figure 55: Viewing report profiles Delete Edit Clone Run Report Create New Select to create a new report profile and configure its settings and schedule. The number of report profiles on the FortiAnalyzer unit. Report The name of the report profile. Device(s) The device or device group included in the configured report profile.
Page 121: Customizing The Report Properties
Reports Configuring reports Select to run the report immediately after configuration (on demand) or run the report at configured intervals. When selecting an on demand report, the FortiAnalyzer unit does not save the report profile after the generating the report. Enter a Report Title and Description.
Page 122: Configuring The Report Devices
Configuring reports Reports Table 14: Report formats and supported logo formats PDF Reports RTF Reports JPG, PNG, GIF and WMF HTML Reports All formats supported. Configuring the report devices Select the device or device groups you want to include in the reports from the list. All registered devices and groups appear in the list.
Page 123 Reports Configuring reports Filter logs Select None to not apply a filter to the logs in the report. Select Include logs that match of the following criteria to customize the filtering. Include logs that Select the matching criteria for the filter. match Select all to include logs in the report that match all filter settings.
Page 124: Configuring The Report Types
Configuring reports Reports Service(s) Enter specific services to include in the report. Separate multiple services with a comma. Select Not to exclude the service from the report. For example, do not include any information from a specific service in the log report.
Page 125: Configuring The Report Schedule
Reports Configuring reports For some report types, you can set the top ranked items for the report. These reports have “Top” in their name, and will always display only the top n entries. For example, report on the most active mail clients within the organization rather than all mail clients.
Page 126 Configuring reports Reports Figure 61: Report output configuration File output Select the file format for the generated reports that are saved to the FortiAnalyzer hard disk. To access the reports on the hard disk, see “Viewing reports” on page 128. Select from the following: •...
Page 127: Browsing Reports
Reports Browsing reports Email from Enter an email address for the FortiAnalyzer unit or administrator requesting the report. Email server Select the email server to use when the FortiAnalyzer unit sends the reports as an email attachment. Email to Enter the email addresses of the recipients of the report. Add multiple recipients by pressing Enter after each email address.
Page 128: Viewing Reports
Browsing reports Reports Page Navigation Enter a page number to display reports when a report list spans multiple pages. Select Go to move to the page. Use the page forward and page back arrows to navigate through individual pages. Sample Reports Select to view an example of a report generated by the FortiAnalyzer unit.
Page 129: Report Types
Reports Browsing reports For details on report customization within the FortiGate unit, see the Log&Report chapter in the FortiGate Administrators Guide. Report types There are two types of the report that you can browse and view: • Roll up report •...
Page 130 Browsing reports Reports auth – Firewall authentication event pattern – Pattern update event chassis – FortiGate-4000 and FortiGate-5000 series chassis event Table 16: FortiGate 3.0 log subtypes Subtype number Subtype system – System activity event ipsec – IPSec negotiation event dhcp –...
Page 131: Alerts
Alerts Alert Events Alerts Alerts provide a method of informing you of issues arising on a FortiGate unit on your network or the FortiAnalyzer unit itself, such as system failures or network attacks, enabling you to react in a timely manner to the event. You configure the FortiAnalyzer unit alert conditions, instructing the FortiAnalyzer unit what devices and what log messages to monitor, and what to do in the event a log message appears meeting the alert conditions.
Page 132: Output
Output Alerts Configure the following options and select OK. Alert Name Enter a name indicating the type of alert the FortiAnalyzer is monitoring for. Device Selection Select the devices the FortiAnalyzer unit monitors for the alert event. Select from the Available Devices list and select the right-arrow to move the device name to the Selected Devices list.
Page 133: Mail Server
Alerts Output Mail server When configuring the FortiAnalyzer unit to send email alert messages, you need to configure a DNS server and an SMTP server. The FortiAnalyzer unit uses the SMTP server name to connect to the mail server, and must look up this name on your DNS server.
Page 134: Adding An Snmp Server
Output Alerts Figure 65: SNMP servers list Delete Edit Test Create New Select to add a new SNMP server. Name The name given to the SNMP server. Community Name The community name for the SNMP server. IP or FQDN The IP address or fully qualified domain name for the SNMP server.
Page 135: Adding A Syslog Server
RFC 1213 (MIB II) The FortiAnalyzer unit uses the FortiGate MIB for object identifiers. You can obtain the MIB files from Fortinet technical support. To be able to communicate with the SNMP agent, you must compile all of these MIBs into your SNMP manager.
Page 136: Fortianalyzer Traps
Your SNMP manager might already include standard and private MIBs in a compiled database that is ready to use. You must add the Fortinet proprietary MIB to this database. If the standard MIBs used by the Fortinet SNMP agent are already compiled into your SNMP manager you do not have to compile them again.
Page 137: Fortinet Active Ip Sessions
Alerts Output Fortinet Active IP Sessions • fnIpSessIndex • fnIpSessProto • fnIpSessFromAddr • fnIpSessFromPort • fnIpSessToAddr • fnIpSessToPort • fnIpSessExp RFC-1213 (MIB II) • mib-2.system • mib-2.interface • mib-2.at • mib-2.ip • mib-2.icmp • mib-2.tcp • mib-2.udp • mib-2.ifMIB RFC-2665 (Ethernet-like MIB) •...
Page 138 Output Alerts FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 139: Network Analyzer
Network Analyzer Connecting the FortiAnalyzer for analyzing network traffic Network Analyzer The FortiAnalyzer unit extends its log and report functionality with a network traffic sniffer that captures activity occurring on your network, using a dedicated port on the FortiAnalyzer unit. The FortiAnalyzer network analyzer enables you to reach areas of the network where FortiGate firewalls are not employed, or if you do not have a FortiGate unit as a firewall.
Page 140: Traffic Viewer
Traffic viewer Network Analyzer Traffic viewer The traffic viewer provides a real-time and historical display of network activity when connected to a network switch. The Traffic Viewer has two types of viewing options: • Real-time view displays traffic packets as the traffic packets are sent through the switch.
Page 141: Historical Traffic Viewer
Network Analyzer Traffic viewer Historical traffic viewer The Historical traffic viewer enables you to view network traffic logs stored on the FortiAnalyzer hard disk. Use the network traffic history to identify trends and any network issues. When viewing network traffic log messages, you can filter the information to find specific event information.
Page 142: Changing The Historical View Criteria
Browsing network traffic logs Network Analyzer Printable Version Select to generate a report that captures the current log messages. The web browser prompts you to save the report file for viewing or printing. The report saved is in HTML format. Note that large log messages can take a long time to load.
Page 143: Browsing Network Traffic Log Files
Network Analyzer Browsing network traffic logs Figure 69: Browsing network log files Delete Download Display Log files A list of log files on the FortiAnalyzer unit. Last Modified The last time the log was updated from the device. Size (bytes) The size of the log file.
Page 144: Downloading A Network Traffic Log File
Browsing network traffic logs Network Analyzer Resolve Host Names Select to display host names by a recognizable name rather than IP addresses. For details on configuring IP address host names, “IP Aliases” on page Resolve Service Select to display network service names rather than port numbers. For example, HTTP rather than port 80.
Page 145: Customizing The Traffic Analyzer Log View
Network Analyzer Customizing the traffic analyzer log view Customizing the traffic analyzer log view The FortiAnalyzer unit enables you to customize the way you view the logs to enable you to narrow down the information to exactly what you want to see. Customizing the log column views When viewing network traffic information in formatted view, customize the columns to suit your requirements.
Page 146: Filtering Tip
Search the network traffic logs Network Analyzer Filtering tip When filtering by source or destination IP, you can use the following in the filtering criteria: • a single address (2.2.2.2) • an address range using a wild card (1.2.2.*) • an address range (1.2.2.1-1.2.2.100) You can also use the boolean operator "or"...
Page 147: Search Tips
Network Analyzer Log rolling Search Select to begin searching the logs Basic search Select to return to the basic search. Find results with all Enter the keywords you want to use in your search. The FortiAnalyzer search engine will return all network traffic log of the words entries that contain all keywords entered.
Page 148 Log rolling Network Analyzer As the FortiAnalyzer unit receives network log records, it performs the following tasks: • verifies whether the log file has exceeded its file size limit • if the file size is not exceeded, checks to see if it is time to roll the log file. You configure the time to be either a daily or weekly occurrence, and when the roll occurs.
Page 149 Network Analyzer Log rolling Log file should not The maximum size of a network traffic log file that the FortiAnalyzer unit saves to the hard disk. exceed When the network traffic log file reaches the specified maximum size, the FortiAnalyzer unit saves current network traffic log file with an incremental number and starts a new active log file.
Page 150 Log rolling Network Analyzer FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 151: Vulnerability Scan
Vulnerability scan Modules Vulnerability scan Vulnerability reports enable you to scan vulnerabilities on a device, such as a mail server, FTP server or other UNIX or Windows host. The FortiAnalyzer unit uses predefined vulnerability modules to query for open ports and where possible gathers information about the services running for those ports.
Page 152: Jobs
Jobs Vulnerability scan Figure 74: Vulnerability scan module list View modules with Select the severity level and a condition for the level of the severity. Select from the following: severity <= less than and equal to >= greater than and equal to == equal to Select to view the severity selections.
Page 153: Adding A New Vulnerability Scan Job
Vulnerability scan Jobs Create New Select to add a job to the queue. Job Name The name of the job you configure. Target The IP addresses of the device or host that the FortiAnalyzer unit will scan. Status The current status of the job in the queue. This can include the current activity, such as running or waiting to start or it can be the date the job is set to run in the future.
Page 154 Jobs Vulnerability scan Select when you want the FortiAnalyzer unit to run the vulnerability scan. Run now starts the scan immediately after you select OK. Run later enables you to select a date or time when the FortiAnalyzer unit runs the scan.
Page 155: Reports
Vulnerability scan Reports Reports Use the web-based manager to view a list of the generated FortiAnalyzer vulnerability scan reports. To view generated reports, go to Tools > Vulnerability Scan > Reports. Figure 76: Browse generated Vulnerability Scan reports Job Name The name of the vulnerability scan job entered when setting up the job.
Page 156 Reports Vulnerability scan FortiAnalyzer Version 3.0 MR3 Administration Guide 05-30003-0082-20060925...
Page 157: Index
Index Index content archive 89 content logs access delete after upload 93 management 39 filter 91 accounts gzip format 93 administrator 39 roll settings 91 users 46 correlation report 113 acknowledge alerts 31 CPU status 28 admin idle timeout 42 administrative access 37, 39 DC (duplicate count) 96 alert 131...
Page 158 Index event fully qualified domain name 134, 135 activity 129 log numbers 129 summaries 113 gateway 38 groups 74 FortiGate unit 69 factory default 21, 30 FortiManager 73 syslog server 74 FortiProtect Distribution Network 58 user groups 46 FortiProtect Distribution Server 58 file hard disk usage 28 properties 49...
Page 159 Index historical viewer 78 properties 49 import 82 protocol, syslog 66 real-time viewer 77 resolve host names 78, 79, 81 restore 26 quarantine roll settings 86 disk space 95 search 84 duplicate count 96 settings 50 ticket number 96 mail server 133 RAID maximum status 28...
Page 160 Index roll up report 129 routing 38 TELNET 37 RTF document 104, 125 test mail server 133 SNMP server 134 scan TFTP server 33 report 152 threshold 114, 132 target 153 ticket number 96 schedule a report 125 time search NTP server 32 logs 84 period for report 122...
Page 161 www.fortinet.com...
Page 162 www.fortinet.com...

This manual is also suitable for:

Fortianalyzer-100b Fortianalyzer-400 Fortianalyzer-4000 Fortianalyzer-4000a Fortianalyzer-2000 Fortianalyzer-800

Fortinet FortiAnalyzer-100A Administration Manual

Introduction

The Fortianalyzer Unit

Fortianalyzer Features

About this Guide

Fortianalyzer Documentation

Customer Service and Technical Support

Installing the Fortianalyzer Unit

Planning the Installation

Connecting the Fortianalyzer Unit

Configuring the Fortianalyzer Unit

Upgrading the Fortianalyzer Firmware

Backing up the Fortianalyzer Hard Disk

Shutting down the Fortianalyzer Unit

Configure the Fortianalyzer Unit

Dashboard

Network Settings

Administrator Settings

Administrative Domains

Network Sharing

Configuring the Fortianalyzer Unit

Maintenance

RAID Levels

Devices

Devices List

Adding a Fortigate Unit

Adding Forticlient Installations

Adding a Fortimanager Unit

Adding a Syslog Server

Device Groups

Blocked Devices

Logs

Log Viewer

Browse

Customizing the Log View

Search the Logs

Log Rolling

Content Archive

Content Viewer

Customizing the Content Log View

Log Rolling

Quarantine

Configuring Quarantine Settings

Viewing the Quarantined Files List

Forensic Analysis

Users and Groups

Searching User Data

Forensic Reports

Traffic Summary and Security Events

Traffic Summaries

Security Event Summaries

Reports

Configuring Reports

Browsing Reports

Alerts

Alert Events

Output

Network Analyzer

Connecting the Fortianalyzer for Analyzing Network Traffic

Traffic Viewer

Browsing Network Traffic Logs

Customizing the Traffic Analyzer Log View

Search the Network Traffic Logs

Log Rolling

Vulnerability Scan

Modules

Jobs

Reports

Index

Quick Links

Related Manuals for Fortinet FortiAnalyzer-100A

Summary of Contents for Fortinet FortiAnalyzer-100A