Fortinet 3.0 MR7 manual Secure Connection Disk Space MB Used/Allocated, Action

Secure Connection

Disk Space (MB) Used/Allocated

•Tx indicates logging access for all devices managed by the FortiManager system.

•Rx indicates that the FortiManager system can remotely administer the FortiAnalyzer unit.

For more information about on configuring device connection permissions, see “Devices Privileges” on page 82.

Indicates whether an IPSec VPN tunnel has been enabled for secure transmission of logs, content and quarantined files. A locked icon indicates that Secure Connection is enabled.

Enable and configure secure connections in the CLI. The secure tunnel must be configured on both ends of the tunnel: the FortiAnalyzer unit and the device.

Secure Connections cannot be configured with FortiMail units, FortiClient installations, or Syslog devices. For more information on the CLI command, see the FortiAnalyzer CLI Reference.

On a FortiAnalyzer unit: config log device

edit <devname_str> set secure psk

set psk <presharedkey_str> set id <devid_str>

end

On a FortiGate unit:

config system fortianalyzer set encrypt enable

set psksecret <presharedkey_str> set localid <devname_str>

end

On a FortiManager unit:

config fmsystem log fortianalyzer set secure_connection enable set psk <presharedkey_str> set localid <devname_str>

end

Caution: The locked icon does not indicate successful secure transmission — it only indicates whether the Secure Connection feature is enabled.

For example, if Secure Connection is enabled but not yet configured, the locked icon will appear, but the FortiAnalyzer unit cannot create a secure tunnel without being configured first.

For more information on the secure connection and fallback behavior, see “Unregistered vs. registered devices” on page 77 Caution: Changing a device’s FortiAnalyzer settings clears sessions to its FortiAnalyzer unit’s IP address. If the FortiAnalyzer unit is behind a NAT device, such as a FortiGate unit, this also resets sessions to other hosts behind that same NAT.

To prevent disruption of other devices’ traffic, on the NAT device, create a separate virtual IP for the FortiAnalyzer unit.

The amount of the FortiAnalyzer disk space allocated for the device and how much of that space is used. For more information about on disk space usage by quarantine files, see “Viewing quarantined files” on page 131.