Fortinet 3.0 MR7

Device Manually adding a device

FortiAnalyzer Version 3.0 MR7 Administration Guide

05-30007-0082-20080908 85

To enable the FortiAnalyzer unit to reply to FDP packets

1On the FortiAnalyzer unit, go to Device > All.

2Go to System > Network.

3Select Modify for the network interface that should reply to FDP packets.

4Enable Fortinet Discovery Protocol.

5Select OK.

The FortiAnalyzer unit is now configured to respond to FDP packets on that

network interface, including those from FortiGate units’ Automatic Discovery

feature. For more information about connecting the FortiGate unit using FDP, see

“To connect a FortiGate unit to a FortiAnalyzer unit using FDP” on page 85.

To connect a FortiGate unit to a FortiAnalyzer unit using FDP

1On the FortiGate unit, go to Log&Report > Log Config > Log Setting.

2Select Remote Logging.

3Select FortiAnalyzer.

4From Minimum log level, select the severity threshold that log messages must

meet or exceed to be remotely logged to the FortiAnalyzer unit.

5In the FortiAnalyzer IP area, select Automatic Discovery.

6If the FortiAnalyzer unit does not appear in the Connect To list, select Discover.

The FortiGate unit sends FDP packets to other hosts on the FortiGate unit’s

subnet. If a FortiAnalyzer unit exists on the subnet and is configured to reply to

FDP packets, it sends a reply, and its IP address appears in the Connect To list.

If your FortiGate unit is connecting to a FortiAnalyzer unit from another network,

such as through the Internet or through other firewalls, this may fail to locate the

FortiAnalyzer unit, and you may need to configure an IPSec VPN tunnel to

facilitate the connection. For more information and examples, see the Fortinet

Knowledge Center article Sending remote FortiGate logs to a FortiAnalyzer unit

behind a local FortiGate unit.

7From the Connect To list, select a FortiAnalyzer unit.

8Select Apply.

9To verify connectivity with the FortiAnalyzer unit, select Test Connectivity.

Test Connectivity verifies connectivity by OFTP. OFTP is required by device

registration, content archiving, quarantining, and remote viewing of logs and

reports, and display connection permissions, but not to send log messages. If Test

Connectivity fails, the FortiAnalyzer unit’s Unregistered Device Options may

require that you manually register the FortiGate unit with the device list. For more

information, see “Configuring unregistered device connection attempt handling”

on page 79. For more information about manually registering the device, see

“Manually adding a device” on page 80. If the FortiGate unit is registered but Test

Connectivity still fails, verify configurations of any intermediate devices such as

routers or firewalls.