Tag Archives: fortianalyzer device manager

Device Manager

Device Manager

The Device Manager tab allows you to add and edit devices and VDOMs, and view completed reports for devices and VDOMs.

Figure 9 shows the Device Manager tab.

Figure 9: Device manager tab

The tree menu shows the devices and VDOMs within the selected ADOM. If ADOMs are disabled, the tree menu simply shows the devices. When ADOMs are enabled, the ADOM is selected using the drop-down list in the toolbar.

The device and VDOM list can be searched using the search box in the content pane toolbar. The columns shown in the list can be customized, and the list can be sorted by selecting a column header.

 

To change the column settings:

  1. Right-click on a column heading in the content pane.

Columns currently included in the content pane table have a green check mark next them.

Figure 10:Column right-click menu

  1. Select a column from the list to add or remove that column from the table.

Select Reset to Default to reset the table to its default state

Devices

Devices are organized by device type. VDOMs and model devices can be created and deleted.

Devices and VDOMs

Device models can be added and deleted, devices can be edited, and VDOMs can be deleted. The Add Device wizard is used to add model devices.

To add a model device:

  1. Right-click on a group in the tree menu or in the content pane and, from the right-click menu, select Add Device, or, if ADOMs are not enabled, select Add Device from the toolbar.

The Add Device wizard opens.

Figure 11:Add device wizard login screen

  1. Enter the device IP address, user name, and password in the requisite fields.
  2. Select Next to continue to the next page of the wizard: Add Device.

Figure 12:Add device wizard add device screen

  1. Enter the following information:
Name Enter a name for the device.
Description Enter a description for the device (optional).
Device Type Select the device type from the drop-down list. Select FortiGate for FortiGate ADOMs, FortiSwitch for FortiSwitch ADOMs, etc.
Device Model Select the device model from the drop-down list.
Firmware Version Select the firmware version from the drop-down list.
HA Cluster Select if the device is part of a high availability cluster.
Serial Number Enter the device serial number. This value must match the device model selected.

When HA Cluster is enabled, you can enter the serial numbers of all members of the cluster.

Disk Log Quota

(min. 100MB)

Enter the disk log quota in MB.

This option is only available for certain device types.

When Allocated

Disk Space is Full

Select to overwrite the oldest logs or to stop logging when the allocated disk space is full.
Device Permissions Select the device permissions from: Logs, DLP Archive, Quarantine, and IPS Packet Log.
Other Device

Information

Enter other device information (optional), including:

Company/Organization, Contact, City, Province/State, and Country.

  1. Select Next to proceed to the next add device page.

Figure 13:Add device wizard add device screen two

  1. After the device has been created successfully, select Next to proceed to the summary page.

Figure 14:Add device wizard summary screen

  1. Select Finish to add the device model.

To edit a device:

  1. In the Device Manager tab, in the tree menu, select the group that contains the device you need to edit.
  2. In the content pane, right-click on the on the device and select Edit from the right-click menu.

The Edit Device dialog box opens.

Figure 15:Edit a device

  1. Edit the following information as needed:
Name The name of the device.
Description Descriptive information about the device.

Company/Organization Company or organization information.

Country Enter the country.
Province/State Enter the province or state.
City Enter the city.
Contact Enter the contact name.
IP Address The IP address of the device.
Admin User The administrator username.
Password The administrator password.
Device Information Information about the device, including serial number, device model, firmware version, connected interface.
HA Cluster Select if the device is part of a high availability cluster.
Serial No. When HA Cluster is enabled, you can enter the serial numbers of all members of the cluster.
Disk Log Quota (min.

100MB)

The amount of space that the disk log is allowed to use, in MB.
When Allocated Disk

Space is Full

The action for the system to take when the disk log quota is filled, either Overwrite Oldest Logs, or Stop Logging.
Secure Connection Select check box to enable this feature. Secure Connection secures Odette File Transfer Protocol (OFTP) traffic through an IPsec tunnel.
ID The device serial number.
Pre-Shared Key The pre-shared key for the IPsec connection between the FortiGate and FortiAnalyzer.
Device Permissions The device’s permissions. Select any of: Logs, DLP Archive, Quarantine, and IPS Packet Log.
  1. Select OK to finish editing the device.

To delete a device or VDOM:

  1. In the Device Manager tab, in the tree menu, select the group that contains the device or VDOM you need to delete.
  2. In the content pane, right-click on the on the device or VDOM and select Delete in the right-click menu.
  3. Select OK in the confirmation window to delete the device or VDOM.

Unregistered devices

In FortiAnalyzer v5.2.0 and later, the config system global set unregister-pop-up command is disabled by default. When a device is configured to send logs to FortiAnalyzer, the unregistered device table will not be displayed. Instead, a new entry named Unregistered Devices will appear in the Device Manager tab tree menu. You can then add devices to specific ADOMs or delete devices using the toolbar buttons or right-click menu.

Figure 16:Unregistered devices

Device reports

You can view, download, and delete device reports in the Device Manager content pane. Selecting a device or VDOM in the tree menu will display all reports associated with that device or VDOM in the content pane. For more information, see “View report tab” on page 173.

To view latest reports from the Device Manager tab:

  1. In the Device Manager tab select the ADOM that contains the device whose reports you would like to view from the drop-down list.
  2. Select the device or VDOM from the tree menu.
  3. The report history is shown in the content pane, showing a list of all the reports that have been run for that device or VDOM.

Figure 17:Report history

  1. In the Format column, select HTML to display the report in a browser window, or select PDF to download the report as a PDF file to your management computer.

Log forwarding

When your FortiAnalyzer device is configured in collector mode, you can configure log forwarding in the Device Manager tab. You can configure to forward logs for selected devices to another FortiAnalyzer, a syslog server, or a Common Event Format (CEF) server.

To put your FortiAnalyzer in collector mode:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, in the Operation Mode field, select [Change].
  3. In the Change Operation Mode dialog box, select Collector, and then select OK.

The Web-based Manager will refresh and the Device Manager, Log View, and System Settings tabs will be available. See “Changing the operation mode” on page 50 for more information.

To configure log forwarding:

  1. Go to the Device Manager tab and select Log Forwarding.
  2. Select Create New from the toolbar.

The Add log forwarding page is displayed.

Figure 18:Add log forwarding dialog box

  1. Configure the following settings:

Server Name             Enter a name to identify the remote server.

Remote Server Type Select the remote server type. Select one of the following: FortiAnalyzer, Syslog, Common Event Format (CEF).

Server IP Enter the server IP address.
Select Devices Select the add icon,       , to select devices. Select devices and select OK to add the devices.
Enable Log

Aggregation

Select to enable log aggregation. This option is only available when Remote Server Type is set to FortiAnalyzer.
Password Enter the server password.
Confirm

Password

Re-enter the server password.
Upload Daily at Select a time from the drop-down list.
Enable Real-time

Forwarding

Select to enable real-time log forwarding.
Level Select the logging level from the drop-down list. Select one of the following: Emergency, Alert, Critical, Error, Warning, Notification, Information, or Debug.
Server Port Enter the server port. When Remote Server Type is FortiAnalyzer, the port cannot be changed. The default port is 514.
  1. Select OK to save the setting.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!