Network Analyzer

Connecting the FortiAnalyzer unit to analyze network traffic

Network Analyzer

Network Analyzer can be used as an enhanced local network traffic sniffer to diagnose areas of the network where firewall policies may require adjustment, or where traffic anomalies occur.

Network Analyzer logs all traffic seen by the interface for which it is enabled. If that network interface is connected to the span port of a switch, observed traffic will include all traffic sent through the switch by other hosts. You can then locate traffic which should be blocked, or which contains other anomalies.

All captured traffic information is saved to the FortiAnalyzer hard disk. You can then display this traffic information directly, search it, or generate reports from it.

This section describes how to enable and view traffic captured by the Network Analyzer. It also describes Network Analyzer log storage configuration options.

Network Analyzer is not visible in Tools > Network Analyzer until enabled in the CLI. To enable Network Analyzer, access the CLI and enter the commands:

config log settings

set enable_analyzer yes

end

If you are currently logged in to the web-based manager when enabling or disabling Network Analyzer, you must log out and then log in again for the menu changes to take effect.

This section includes the following topics:

Connecting the FortiAnalyzer unit to analyze network traffic

Viewing Network Analyzer log messages

Browsing Network Analyzer log files

Customizing the Network Analyzer log view

Searching the Network Analyzer logs

Rolling and uploading Network Analyzer logs

Note: Network Analyzer available all FortiAnalzyer units except the FortiAnalyzer-100.

Connecting the FortiAnalyzer unit to analyze network traffic

You usually first connect the FortiAnalyzer unit to the span (or mirroring) port of an Ethernet switch to sniff traffic with the FortiAnalyzer unit,. Both the management and sniffing ports can be connected to the same switch.

FortiAnalyzer Version 3.0 MR7 Administration Guide

 

05-30007-0082-20080908

141

Page 151
Image 151
Fortinet 3.0 MR7 manual Network Analyzer, Config log settings Set enableanalyzer yes End