Fortinet 3.0 MR7 manual

www.fortinet.com

FortiAnalyzer

Version 3.0 MR7

ADMINISTRATION GUIDE

Contents

Main Page Contents Whats new for 3.0 MR7................................................................... 13 Administrative Domains (ADOMs).................................................. 19 Page Content Archive ............................................................................. 107 Network Analyzer........................................................................... 141 Managing firmware versions......................................................... 169 Appendix: FortiAnalyzer reports in 3.0 MR7 ............................... 185 Introduction About this document Fortinet documentation Fortinet Tools and Documentation CD Fortinet Knowledge Center Comments on Fortinet technical documentation Customer service and technical support Page Whats new for 3.0 MR7 Page 3.0 MR7 new features and changes Power supply monitoring for FortiAnlayzer-2000A and 4000A Registered devices hard limits CLI displays the tasks in the upload queue Dashboard enhancements Custom fields for log messages Reports Report configuration enhancements VoIP reports Alert email configuration changes Administrative Domains (ADOMs) About administrative domains (ADOMs) Page Page Configuring ADOMs Page Accessing ADOMs as the admin administrator Assigning administrators to an ADOM System Dashboard Page Tabs RAID Monitor System Information Rebuilding icon Setting the time Changing the host name Changing the firmware License Information System Resources Viewing operational history System Operation Formatting the log disks Resetting to the default configuration Alert Message Console Viewing alert console messages Statistics Viewing session information Filtering session information Report Engine Log Receive Monitor Intrusion Activity Virus Activity Top FTP Traffic Top Email Traffic Top IM/P2P Traffic Top Traffic Top Web Traffic 3Enter the appropriate information for the following: 4Select OK. Network Interface Changing interface settings About Fortinet Discovery Protocol DNS Routing Adding a route Admin Adding or editing an administrator account 3Configure the following options and select OK. Changing an administrators password Access Profile Auth Group RADIUS Server Administrator Settings Monitor Network Sharing Adding share users Adding share groups Configuring Windows shares Assigning user permissions Configuring NFS shares Default file permissions on NFS shares Config Automatic file deletion and local log settings Page Configuring log aggregation Page Configuring an aggregation client Configuring an aggregation server Configuring log forwarding Configuring IP aliases Importing an IP alias list file IP alias ranges Configuring RAID RAID levels Page Hot swapping hard disks Page Hot swapping the FortiAnalyzer-2000/2000A and FortiAnalyzer-4000/4000A Configuring RAID on the FortiAnalyzer-400 and FortiAnalyzer-800/800B Configuring RAID on the FortiAnalyzer-2000/2000A and FortiAnalyzer-4000/4000A Configuring LDAP connections Page Maintenance Backup & Restore FortiGuard Center Page Page Page Device Viewing the device list Page Page Maximum number of devices Unregistered vs. registered devices Configuring unregistered device connection attempt handling or the following options for unknown device types: Manually adding a device Page Page Classifying FortiGate network interfaces Manually adding a FortiGate unit using the Fortinet Discovery Protocol (FDP) Page Blocking device connection attempts Configuring device groups Page Log Viewing log messages Viewing current log messages Viewing historical log messages Column Settings Browsing log files Viewing log file contents Importing a log file Downloading a log file Customizing the log view Page Page Searching the logs Page Search tips Printing the search results Downloading the search results Rolling and uploading logs Page Page Page Content Archive Viewing content archives Page Customizing the content archive view Page Page Searching full email content archives Page Page Reports Configuring reports Configuring report layout Page Page Page Page Configuring report schedules Page Page Configuring data filter templates Page Page 4Select OK. Configuring report output templates Page Page Configuring language Page Page Page Browsing reports Page Page Quarantine Viewing quarantined files Page Alert Alert Events Adding an alert event 3Configure the following options: Output Configuring alerts by email server Testing the mail server configuration Configuring SNMP traps and alerts Page Adding an SNMP server FortiAnalyzer SNMP support Page Configuring alerts by Syslog server Adding a Syslog server Page Page Network Analyzer Connecting the FortiAnalyzer unit to analyze network traffic Page Viewing Network Analyzer log messages Viewing current Network Analyzer log messages Viewing historical Network Analyzer log messages Browsing Network Analyzer log files Viewing Network Analyzer log file contents Page Downloading a Network Analyzer log file Customizing the Network Analyzer log view Page Page Searching the Network Analyzer logs Search tips Printing the search results Downloading the search results Rolling and uploading Network Analyzer logs Page Page Tools Preparing for the vulnerability scan job Preparing Windows target hosts Page Page Preparing Unix target hosts Viewing vulnerability scan modules Page Configuring vulnerability scan jobs Page To configure a vulnerability scan job 1Go to Tools > Vulnerability Scan > Job. 3Complete the following: 4Select the blue arrow to expand Scan Option. 5Complete the following: Page Viewing vulnerability scan reports File Explorer Page Page Managing firmware versions Backing up your configuration Backing up your configuration using the web-based manager Backing up your configuration using the CLI Backing up your log files Page Testing firmware before upgrading Page Upgrading your FortiAnalyzer unit Upgrading to FortiAnalyzer 3.0 Upgrading using the web-based manager Upgrading using the CLI Verifying the upgrade Reverting to a previous firmware version Downgrading to FortiLog 1.6 Verifying the downgrade Downgrading to FortiLog 1.6 using the CLI Page Restoring your configuration Restoring configuration settings on a FortiAnalyzer unit Page Restoring your configuration settings using the web-based manager Restoring your configuration settings using the CLI Page Page Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports Intrusion Activity The FortiAnalyzer 3.0 MR6 report, Top Attack Sources, did not changed in FortiAnalyzer 3.0 MR7. Antivirus Activity Page Page Webfilter Activity Antispam Activity IM Activity VoIP reports The following table contains the new VoIP reports that are available in FortiAnalyzer 3.0 MR7. Content Activity Network Activity Web Activity Mail Activity FTP Activity Terminal Activity VPN Activity Event Activity The report, Top Event Categories by Status, was removed. P2P Activity Audit Activity Summary Reports The following reports remain unchanged but are moved to a new category in FortiAnalyzer 3.0 MR7: Forensic Reports Audit Detailed The report, Top Client Requests to Permitted Sites, was removed. Summary FortiMail Reports The following tables explain what FortiMail reports changed in FortiAnalyzer 3.0 MR7. Mail High Level Page Mail Sender Mail Recipient Activity Mail Destination IP Spam Sender Spam Recipient Spam Destination IP Virus Sender Page Virus Recipient Virus Destination IP FortiClient Reports Index A B C D E F G H I K L M N O P Q R S T U V W X