SSLv3 on Fortianalyzer 5.4 VM64 Amazon Web Services

SSLv3 on FortiAnalyzer-VM64-AWS

Due to known vulnerabilities in the SSLv3 protocol, FortiAnalyzer-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run: config system global set ssl-protocol t1sv1 end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Log Aggregation or Forwarding – FortiAnalyzer 5.4

Log Aggregation or Forwarding

FortiAnalyzer 5.4 cannot aggregate or forward logs to FortiAnalyzer 5.2 units. Please use the same FortiAnalyzer 5.4 version across all units.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Authentication Settings for Log Aggregation – FortiAnalyzer 5.4

Authentication Settings for Log Aggregation

FortiAnalyzer version 5.4.0 requires an administrator to be defined on the log aggregation server. For authentication to the log aggregation server, the administrator and its password must be set on all log aggregation forwarders.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

SQL Storage Settings For Collect Mode – FortiAnalyzer 5.4.0

SQL Storage Settings for Collector Mode

During upgrade to FortiAnalyzer 5.4.0, the SQL database in units running in Collector mode are disabled to optimize performance. You can re-enable the SQL storage settings to view logs and analytics with the following CLI command:

config system sql
set status local
end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

FortiAnalyzer 5.4 Has Been Released!

If you are using a FortiAnalyzer in any capacity, go ahead and upgrade to 5.4. You will be thankful!

There are some things you need to take note of though before proceeding:

  • in 5.4, Fortinet changed the raw log / SQL design and support per vdom log file and also quota is now ADOM based, so a rebuild of SQL db is needed.

What’s new in FortiAnalyzer version 5.4.0

The following is a list of new features and enhancements in FortiAnalyzer version 5.4.0.

  • New GUI look
  • Remote SQL database deprecated
  • Device support improvements
  • Log forwarding improvements
  • Log storage improvements
  • Fetch offline logs
  • FortiClient improvements
  • FortiView improvements
  • Reports improvements
  • Others
    • Improved Event Management usability
    • Added Factory Reset option to Event Handler

Introduction

  • Improved Action and Security Action for the Traffic Log
  • Improved HA Conversion efficiency
  • Correlated FortiClient Logs with FortiOS Logs for Application Detection
  • Added logging support for FortiDDoS l JSON API Syntax Validation for Report Configuration
  • Added SSN/Credit DLP Charts
  • PCI DSS Compliance Report
  • Added View Related Logs Option in FortiView
  • Added the ability to clone a chart from report layout
  • Added options for chart import and export l Added CVE Information to FortiView and Reports
  • Supporting EMS Managed Endpoint Logs
  • Support FortiOS Web Application Firewall (WAF) and GTP Logs

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Client Threat Assessment Program – Easy Money

So, if you are a Fortinet partner and you aren’t utilizing the Client Threat Assessment Program (CTAP) you are losing money all over the place. Here is a list of why:

  • It’s Free
  • Fortinet PAYS YOU to do them
  • It provides excellent insight into potential new clients networks
  • It’s FREE

That is pretty much it. If your sales people can’t give away free, no obligation necessary, assessments then you might have bigger issues at your office. I am currently ranked #1 in the South East (good ol southern boy after all) for these things and it is literally some of the easiest money I have ever made. Not to mention, it enables me to get my foot in the door at potential new clients without any real hassle or pain.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

What’s New – FortiAnalyzer 5.2

So, for those of you that utilize the FortiAnalyzer (in place of or in addition to Splunk, ArcSight etc) here is the “What’s New” for FortiAnalyzer 5.2. This is a copy of the Fortinet direct documentation for those that don’t have access to it.

What’s New in FortiAnalyzer v5.2

FortiAnalyzer v5.2 includes the following new features and enhancements.

FortiAnalyzer v5.2.0

FortiAnalyzer v5.2.0 includes the following new features and enhancements.

Event Management

  • Event Handler for local FortiAnalyzer event logs
  • FortiOS v4.0 MR3 logs are now supported.
  • Support subject customization of alert email.

FortiView

  • New FortiView module

Logging

  • Updated compact log v3 format from FortiGate • Explicit proxy traffic logging support
  • Improved FortiAnalyzer insert rate performance
  • Log filter improvements
  • FortiSandbox logging support
  • Syslog server logging support

Reports

  • Improvements to report configuration
  • Improvements to the Admin and System Events Report template
  • Improvements to the VPN Report template
  • Improvements to the Wireless PCI Compliance Report template
  • Improvements to the Security Analysis Report template
  • New Intrusion Prevention System (IPS) Report template
  • New Detailed Application Usage and Risk Report template
  • New FortiMail Analysis Report template
  • New pre-defined Application and Websites report templates
  • Macro library support
  • Option to display or upload reports in HTML format
  • FortiCache reporting support

 

Other

  • HA cluster auto discover

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

HA With Different Revision Hardware

So, I have run into some instances as of late where I was forced to use different revisions of the same hardware (two FortiGate’s that match model wise but are different hardware revisions, you know, cause Fortinet likes to evolve things half way through a lifecycle) in high available (HA) clusters. This is easily done with a few tweaks at the CLI level to enable it to properly function. I ignore 4.x version code because if you are still running that you are going to have a bad time in general.

execute ha ignore-hardware-revision enable
execute ha ignore-hardware-revision status

This will make the hardware work with ease in an HA cluster. Take note, you still need the same model, this just helps with variances in hardware revision between the two!


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!