Related Manuals for Fortinet FortiGuard Analysis and Management Service 1.2.0
Summary of Contents for Fortinet FortiGuard Analysis and Management Service 1.2.0
- Page 1 A D M I N I S T R A T I O N G U I D E FortiGuard Analysis and Management Service Version 1.2.0 www.fortinet.com...
- Page 2 31 October 2008 13-12000-406-20081031 © Copyright 2008 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
-
Page 3: Table Of Contents
Introduction ... 7 About this document... 7 Document conventions... 7 Fortinet documentation ... 8 Fortinet Tools and Documentation CD ... 8 Fortinet Knowledge Center ... 8 Comments on Fortinet technical documentation ... 8 Customer service and technical support ... 9 Setup ... - Page 4 Management ... 35 Analysis ... 59 Device ... 35 Viewing device information ... 35 Adding and editing devices ... 37 Authorizing the service on devices ... 38 De-authorizing the service on devices ... 39 Sending manual or automatic configuration revisions ... 39 Viewing configuration revisions...
- Page 5 Contents Index ... 75 FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081031...
- Page 6 Contents FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081031...
-
Page 7: Introduction
This section introduces you to FortiGuard Analysis and Management Service and the following topics: • About this document • Fortinet documentation • Customer service and technical support About this document This document explains how to configure and use the service. This document contains the following sections: •... -
Page 8: Typographic Conventions
All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For up-to-date versions of Fortinet documentation visit the Technical Documentation web site. -
Page 9: Customer Service And Technical Support
Introduction Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network. Please visit the support services that Fortinet provides. FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide... - Page 10 Customer service and technical support Introduction FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081002...
-
Page 11: Setup
If you are connecting to the portal web site for the first time, you must register your device or devices on the Fortinet Technical Support web site. You must also create a trial contract, which is available on the portal web site, if you have not already purchased a contract from your sales representative. - Page 12 About the portal web site Setup Figure 1: The portal web site When you enter the email address and password for logging in, the Service Account ID appears. You can select which Service Account ID you want to view when logging in to the portal web site if you have multiple Service Account IDs for one contract.
- Page 13 Setup Figure 2: Portal web site layout, Management view Expand Arrow Dashboard main menu Management main menu Analysis main menu FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081031 Tabs Sections The Dashboard main menu provides all features that are related to it, such as customizing and adding pages.
-
Page 14: Obtaining A Trial Contract
Obtaining a trial contract Obtaining a trial contract Section Each tab contains sections, which can display a combination of information and links to configure additional settings. You can also expand or hide sections using the Expand Arrow. For example, in the Device tab, shown in section allows you to view the tasks that are occurring (or have already occurred), as well as to configure an upgrade, run scripts, or show the firmware available for upgrading the device. - Page 15 Service Account ID. For more information, see “Expanding or renewing service” on page To obtain a trial contract Go to https://fams.fortinet.com/. Select the Sign Up Now link. Enter the appropriate information for the following fields:...
-
Page 16: Configuring A Device To Use The Service
Note: If you do not know your Service Account ID, you can view it by logging in to the service portal and going to the Settings menu. The Service Account ID is located in Account Information. Alternatively, log in to the Fortinet Technical Support web site, and select the service. -
Page 17: Verifying The Connectivity Between The Service And The Device
“Configuring remote logging and central management” on page Verifying the connectivity between the service and the device The device connects to the Fortinet Distribution Network (FDN) to validate connectivity with that Service Account ID. After successful validation, the options for configuring and using the service become available on the device’s web-based manager. - Page 18 Note: Daylight Savings Time (DST) may affect your location. It is recommended to verify if your location observes this change, since it affects the accuracy and schedule of logs. For more information, see the Fortinet Knowledge Center article, support. To configure remote management by the service In the FortiGate web-based manager, go to System >...
-
Page 19: Expanding Or Renewing Service
You can expand or renew the service after accessing the portal web site for the first time. The Fortinet Technical Support web site allows you to expand or renew the service after a trial contract expires, or after you have purchased a full contract. -
Page 20: Renewing Contracts
“Obtaining a trial contract” on page 14 To add a renewal contract Go to the Fortinet Technical Support Select FortiGuard Analysis & Management Services from the menu on the left. Select the Service Account ID to which you want to apply the contract number. -
Page 21: Adding Purchased Contracts
Select FortiGuard Analysis & Management Services from the menu on the left. Select the Service Account ID to which you want to add the purchased contract. FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081031 Fortinet Technical Support web site and log in. Expanding or renewing service “Renewing... - Page 22 Expanding or renewing service Figure 9: Locating the Service Account ID Near the bottom of the page, a Product/Contract Maintenance area appears. Enter the Contract Number and a Description in the appropriate fields. Figure 10: Adding a purchased contract Select Add. The terms of the contract appear.
-
Page 23: Required Port Numbers
Required port numbers The service is provided to authorized devices connecting to the Fortinet Distribution Network (FDN) through the Internet. For successful access to the service, all NAT devices and firewalls between the FDN and the devices must permit required protocols and port numbers. - Page 24 Required port numbers Setup FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081031...
-
Page 25: Dashboard
Dashboard Dashboard The Dashboard main menu allows users to customize what system information they want to monitor, such as virus activity and system resources, which are displayed as widgets. Within this menu, users can also add tabs, which are referred to as pages. These pages contain widgets which you can customize. The information provided by the widgets allows users to quickly assess what is occurring on their networks and on the devices. -
Page 26: Widgets
Widgets Widgets Figure 11: Customized Dashboard page The Dashboard widgets provide valuable information about what is happening on your network. The information gathered is received from logs and SNMP requests. You can customize the Dashboard page (the default tab and any that you add), to display a variety of these widgets.You can also customize each widget to your requirements. -
Page 27: Adding And Customizing Pages
Dashboard Adding and customizing pages You can add up to nine pages within the Dashboard main menu, and you can customize the widgets that you apply to those pages. The following procedure explains how to do so. To add and customize a page Go to the Dashboard main menu. -
Page 28: Configuring The Network Monitor
Configuring widgets Configuring the Network Monitor Figure 12: Resource Monitor Monitor Name Enter the name of the resource monitor (for example, Resource_Monitor_Headquarters). Device Select the device that the information is gathered from. Polling Interval Select how often the server will poll the device to receive information, in intervals of 60 seconds, 2 minutes, or 5 minutes. -
Page 29: Configuring The Trap Console
Dashboard Figure 13: Network Monitor Monitor Name Device Polling Interval Monitor(s) Add Another Charting Options Select the check box if you want the line in the graph to fill in below • Configuring the Trap Console The Trap Console provides information about SNMP traps. The Trap Console provides monitor or alert information, helping you to determine what trap you need to monitor. -
Page 30: Configuring The Report Widgets
Configuring widgets Configuring the Report widgets To configure a Trap Console widget, select Add Trap Console in Add Widgets, follow the instructions in the table below, and select OK. If you want to edit an existing Trap Console widget, select the Edit icon in the widget and then follow the instructions in the table below. - Page 31 Dashboard • Event Report – provides information about event activity that is based on event logs, such as an administrator logging in to that device’s web-based manager. • Virus Report – provides specific information about each real or suspected virus that the device detects;...
- Page 32 Configuring widgets To date The end date and time of the time range. Appears only when Specify is selected in Report period. Select the calendar to configure the end date and time. Select OK after configuring both the date and time. Enter the top number of entries to be displayed.
-
Page 33: Customizing The Dashboard Page
Dashboard Figure 18: Web Report bar chart displaying the web category names Figure 19: Web Report bar chart displaying second-level information for the Sports Customizing the Dashboard page You can customize the Dashboard page by adding, rearranging or removing widgets. The customized widgets and layout can then be saved for future logins. The following procedure describes how to customize the Dashboard page, rename it, and delete it. - Page 34 Customizing the Dashboard page Dashboard FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081031...
-
Page 35: Management
Management Management The Management menu provides remote management features, allowing you to upload scripts, schedule when to upgrade firmware on a device, and view account information. This section includes the following topics: • Device • Scripts • Topology Tool • Settings Device The Device tab provides information about devices, and allows you to schedule... - Page 36 Device The Device Detail tab displays the Basic Information section, which shows information such as the internal IP address of the device and the current firmware version running on the device. This tab also displays the Tasks section, which shows information about scheduled tasks.
-
Page 37: Adding And Editing Devices
Management Basic Information section Time Zone Firmware Automatically Upload Config Tasks section Upgrade Firmware Run Script Show Available Firmware Scheduled Task Type Scheduled Time Status Action Revision History section Adding and editing devices You can add devices to the contract or edit the daily volume and quota for a device. -
Page 38: Authorizing The Service On Devices
Device Authorizing the service on devices De-authorizing the service on devices To edit a device Go to Management > Device. In the Device section, select Edit. Enter the appropriate information for the following: New Quota (G) Enter the total amount of disk space that the device is allowed to use. -
Page 39: Sending Manual Or Automatic Configuration Revisions
Management Sending manual or automatic configuration revisions The service can receive manual and automatic configuration backups when you change a licensed device’s configuration. After the service receives the revisions, you can view or search them. You can also use a configuration revision to restore a device’s previous configuration, or to create a script. -
Page 40: Searching Configuration Revisions
Device Searching configuration revisions Start Date Select the start date of the time range of configuration files to display. End Date Select the end date of the time range of configuration files to display. Keywords Enter search terms, such as CLI keywords, then select Search to display specific configuration files. -
Page 41: Comparing Configuration Revisions
Management Comparing configuration revisions As you accrue configuration revisions, you may want to determine what changed between two revisions. This can be useful for troubleshooting a configuration change, or for creating scripts. Both the FortiGate web-based manager and the portal web site provides a “diff” tool, which enables you to view changes either within the context of each whole file or as isolated change lines. -
Page 42: Restoring Configuration Revisions
Device Restoring configuration revisions To compare configuration revisions from within the FortiGate web-based manager In the FortiGate web-based manager, go to System > Maintenance > Revision Control. In the Action column, in the row corresponding to either one of the revisions that you want to compare, select Diff. -
Page 43: Running Scripts
Management Note: Instead of restoring a previous configuration, you can also apply a configuration script. For more information, see Running scripts Caution: Verify configuration scripts before deployment. Deploying a configuration script that alters host name, IP address, or the service settings can result in interrupted connectivity. -
Page 44: Changing Firmware From The Portal Web Site
Device Changing firmware from the portal web site Release The version numbers of firmware images currently available from the FDN for your authorized devices. Releases towards the top of the list are more recent. Select the Expand Arrows to expand or hide releases within the major or minor version number. -
Page 45: Changing Firmware From The Device
Management Changing firmware from the device Caution: Back up the configuration before downgrading. Downgrading the firmware may reset the device to that firmware’s default configuration, resulting in data loss. This includes the interface IP addresses, as well as HTTP, HTTPS, SSH, and Telnet administrative access. -
Page 46: Creating Scripts
Scripts Creating scripts With a plain text editor, you can create scripts from backed up configuration files, and then upload them as a script. Alternatively, you can type CLI commands directly into a script in the portal web site. The following procedure requires a plain text editor. Note: Configuration files contain CLI commands. -
Page 47: Creating Scripts
Management Select Submit. The script is added to the list of available scripts. Note: Verify configuration scripts before deployment. Deploying a configuration script that alters host name, IP address, or the service settings can result in interrupted connectivity. For more information about CLI commands, see the FortiGate CLI Reference. Viewing available configuration scripts The Script tab displays all configuration scripts that you have uploaded or input, and any deployment schedules for each script. -
Page 48: Topology Tool
The Topology Tool tab provides all the things you need to create a network diagram, such as Fortinet device icons, connector lines, and text boxes. There are also two modes to select from: View mode displays the network diagram and Edit mode provides what you need to create a network diagram. -
Page 49: Topology Tool
Management Figure 25: Network diagram in Edit mode Within the Topology Tool section, additional menus allow you to access network diagrams and customize the view. These additional menus differ between View mode and Edit mode, but you can access them the same way. For example, to open a saved network diagram, go to File >... -
Page 50: Creating A Network Diagram
You can create a network diagram easily in the Topology Tool tab using the Edit mode. In Edit mode, you can choose the shapes you want in your diagram, such as Fortinet product icons or computers, and connector lines as well as many other options. -
Page 51: Viewing A Network Diagram
Management Select Save to save the network diagram to the service’s server. You can save the network diagram to either the Private or Shared folders. If you save the network diagram to the Private folders, it is accessible only to you. The Shared folder can be accessed by anyone. - Page 52 You can also add administrators. FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide Management Delete Edit Fortinet Technical Support The serial number of the contract you purchased. The date the service contract expires. The maximum amount of disk space that you can allocate to devices using the service.
-
Page 53: Adding, Editing And Removing Administrators
Management Alert Profile Note: In high availability (HA) clusters, daily quota that is assigned in HA clusters will be added up for each member transparently on the FortiOS side; however, at the same time, the current volume on each member is also counted together by the primary unit. Adding, editing and removing administrators If multiple users will be accessing the service portal, you can add those users to the account from the User Information area. -
Page 54: Editing Your Login Profile
Settings Editing your login profile To add or edit account users Go to Management > Settings. In User Information, select either Add User to create a new user, or select the Edit icon in the row of the user you want to change. Enter the following information: User Name Enter or change the name of the user. -
Page 55: Changing Your Service Account Id
Management Service Account ID User Name Email Re-type Email Password Re-type Password Security Question 1 Your Answer Security Question 2 Your Answer Select Submit. Changing your service account ID The Account Information area includes the Service Account ID and time zone, and is displayed the same way for all users and devices connecting to the account. - Page 56 Settings Name Enter a name for the alert profile. When [<nn>] Select a number from the first list to specify the number of alerts that must occur before an email notification is sent to the occurrences within specified email address. [<nn_min_hr>] Select a number from the second list to specify when alert notification email will be sent if that number of alerts is reached.
-
Page 57: Analysis
Note: DST is now extended by four weeks in the United States and Canada and may affect your location. It is recommended to verify if your location observes this change, since it affects the scope of the report. Fortinet has released supporting firmware. For more information, see the Fortinet Knowledge Center article, In previous firmware releases of the service, the feature IP alias was available. -
Page 58: Log Viewer
The FortiGate Logging in FortiOS 3.0 Technical Note provides detailed information about all log messages and is available from the Fortinet Knowledge Center web site. You can search both recent and historical log messages when viewing them in either Recent or Specified, by using Type, Level, or Column Settings. - Page 59 Analysis Figure 27: Viewing recent event log messages Device Current Page Device Type Level Column Settings icon Select to add or remove columns. This changes what log Period: Recent | Specified Formatted | Raw Current Page FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081031 Column Settings...
-
Page 60: Customizing The Log View
Customizing the log view Customizing the log view Customizing the log column views Figure 28: Viewing historical event log messages Column Settings The service allows you to customize what columns and log information are displayed when viewing logs, providing another way to find specific log information. -
Page 61: Filtering Logs
Analysis Figure 29: Column Display Settings window for Event log To show or hide columns Select Column Settings. A list of columns available for that log type appears. Select columns that you want displayed or hidden by doing one of the following: •... - Page 62 Customizing the log view Figure 30: Filter icons for logs Filter icon enabled When filtering by source or destination IP, you can use the following in the filtering criteria: • a single address (2.2.2.2) • an address range using a wild card (1.2.2.*) •...
-
Page 63: Log File Browser
Analysis Log File Browser You can download all log files stored on each device. By downloading the log files, you can view all log messages that were recorded in that log file outside of the portal web site. When you download a log file, it is saved as a plain text file. You can view the downloaded file in any plain text editor, such as Notepad. -
Page 64: Deleting Log Files From The Fortigate Web-Based Manager
Deleting log files from the FortiGate web-based manager Deleting log files from the FortiGate web-based manager Reports To download a log file Go to Analysis > Log File Browser. In the row containing the file you want to download, select Download. After the log file downloads to your computer, open the log file. -
Page 65: Viewing Generated Reports
Analysis You can access reports on the portal web site either from the Dashboard menu or from Analysis > Report. The FortiGuard Analysis server provides reports for each device, and can generate the reports whenever you need them. You can save reports to your computer if you want to view them outside of the portal web site. -
Page 66: Deleting Reports
Deleting reports provides more space on the FortiGuard Analysis server for current reports. Fortinet recommends that you save the report before deleting it, to ensure you have the report should you require it afterward. You must specify when the reports were generated before deleting them. For example, if you specify reports from August 31 to September 22, all reports within this time period are deleted as well. -
Page 67: E-Discovery
Analysis Select the dates using the calendars in Delete Reports. When selecting dates, remember that reports within the time period will be deleted as well. For example, if you select September 1 to September 5, the reports generated on September 2, 3, and 4 will also be deleted. Select Submit. - Page 68 e-Discovery Figure 34: An e-Discovery task in the e-Discovery menu Details of the <Task name> <Task Name> Task List This section displays the current tasks. You can create tasks by selecting New Tasks. Task Name The name of the configured task. Description The description given to the task.
- Page 69 Analysis Search Criteria This section provides detailed information about the search criteria, Search Results This tab provides all the email messages that were found during the Figure 35: Search Results tab with email messages found during the search FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081031 Viewers The users who have permission to...
-
Page 70: Creating Tasks For E-Discovery
e-Discovery Creating tasks for e-Discovery You can create detailed tasks for both users and third-party administrators to view. You can also copy an existing task to form the basis of a new task. The following procedures describe how to create a task, copy a task to use as the basis for a new task, and how to delete a task. - Page 71 Analysis Date Range Email Search Criteria To create tasks for e-Discovery Go to Analysis > e-Discovery. In Tasks, select New Task. Enter the appropriate information in the available fields. Select Submit. To copy a task and apply it to a new task Go to Analysis >...
- Page 72 e-Discovery Analysis FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide 13-12000-406-20081031...
-
Page 73: Log File Browser
46 changing from portal web site 45 FortiGate documentation commenting on 8 FortiGuard Analysis and Management Service 7 Fortinet documentation 8 Fortinet Knowledge Center 8 introduction Fortinet documentation 8 login profile, editing 56 logs browsing 65... -
Page 74: Viewing Generated Reports
topology tool 49 obtaining a trial contract 14 port numbers required for the service 23 portal web site URL 11 recent logs, viewing 60 remote logging 18 renewing contracts 20 reports deleting reports 69 viewing generated reports 68 required port numbers 23 restoring configuation revisions 43 running scripts 44 script... - Page 75 www.fortinet.com...
- Page 76 www.fortinet.com...