Blocking device connection attempts

Device

Test Connectivity does not verify connectivity by Syslog. Syslog is required to send log messages. To verify Syslog connectivity, trigger FortiGate logs, then go to Log&Report > Log Access > Remote. Steps required to trigger sending log messages from the FortiGate unit varies by the log type. For example, event logs are not configured in the same location as logs resulting from firewall policies and protection profiles. For more information, see the FortiGate Administration Guide.

When full connectivity is verified, the FortiGate unit can send log and other data to the FortiAnalyzer unit. For more information about configuring FortiGate unit quarantining, content archiving, and/or remote logging, see the FortiGate Administration Guide.

Blocking device connection attempts

Blocking devices prevents them from being able to attempt connections to the FortiAnalyzer unit.

FortiAnalyzer units support a maximum number of devices, including registered and unregistered devices combined. For more information, see “Maximum number of devices” on page 76. You can manually block unregistered devices that you do not want in the FortiAnalyzer device list to free a spot in the device list.

Devices may automatically appear on your list of blocked devices. This can occur when devices attempt to connect after the maximum number of allowed devices has been reached. To resume adding devices, you must first block a device that is currently on your device list, then unblock the device you want to add, and add it to the device list.

To view blocked devices, go to Device > All > Blocked Devices.

Note: See “Configuring unregistered device connection attempt handling” on page 79 to prevent unregistered devices from automatically appearing in the device list.

Figure 4: List of blocked devices

 

Delete

 

 

 

 

 

 

Unblock

 

Device ID

The name or serial number of the blocked device.

Hardware Model

The type of device, such as FortiGate, FortiManager, FortiMail, or

 

Syslog server.

IP Address

The IP address of the blocked device.

Action

Select Delete to remove the device from the list of blocked

 

devices. If the device attempts to connect to the FortiAnalyzer

 

unit, it may appear in the device list as an Unregistered device,

 

according to your configuration of Unregistered Device Options.

 

For more information, see “Configuring unregistered device

 

connection attempt handling” on page 79.

 

Select Unblock to add the device to the FortiAnalyzer unit’s device

 

list. For more information, see “Viewing the device list” on

 

page 73.

 

FortiAnalyzer Version 3.0 MR7 Administration Guide

86

05-30007-0082-20080908

Page 88
Image 88
Fortinet 3.0 MR7 manual Blocking device connection attempts, Hardware Model