OFTP – Optimized Fabric Transfer Protocol
The Optimized Fabric Transfer Protocol (OFTP) is used when information is synchronized between FortiAnalyzer and FortiGate. Remote logging and archiving can be configured on the FortiGate to send logs to a FortiAnalyzer (and/or FortiManager) unit.
OFTP listens on ports TCP/514 and UDP/514.
You can connect to a FortiAnalyzer unit from a FortiGate unit using Automatic Discovery, so long as both units are on the same network. Connecting these devices in this way does not use OFTP. Instead, the Fortinet Discovery Protocol (FDP) is used to locate the FortiAnalyzer unit.
When you select Automatic Discovery, the FortiGate unit uses HELLO packets to locate any FortiAnalyzer units that are available on the network within the same subnet. When the FortiGate unit discovers the FortiAnalyzer unit, the FortiGate unit automatically enables logging to the FortiAnalyzer unit and begins sending log data.
CLI command – To connect to FortiAnalyzer using Automatic Discovery:
config log fortianalyzer setting set status [enable | disable] set server <ip_address> set gui-display [enable | disable] set address-mode auto-discovery
To send logs from FortiGate to FortiAnalyzer:
- Go to Log & Report > Log Settings and enable Send Logs to FortiAnalyzer/FortiManager (under Remote Logging and Archiving).
- Enter the FortiAnalyzer unit’s IP address in the IP Address field provided.
- For Upload Option, select Store & Upload Logs to set when the uploads occur (either Daily, Weekly, or Monthly), and the time when the unit uploads the logs. Select Realtime to upload logs as they come across the FortiGate unit.
- Logs sent to FortiAnalyzer can be encrypted by enabling Encrypt Log Transmission.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!