Fortinet 3.0 MR7 Bedienungsanleitung
- Schauen Sie die Anleitung online durch oderladen Sie diese herunter
- 234 Seiten
- 4.75 mb
Zur Seite of
Ähnliche Gebrauchsanleitungen
-
Network Card
Fortinet 310B
62 Seiten 1.7 mb -
Network Card
Fortinet FortiGate ASM-CX4
1 Seiten 0.34 mb -
Network Card
Fortinet 3.0 MR7
234 Seiten 4.75 mb -
Network Card
Fortinet 5001FA2-LENC
34 Seiten 1.26 mb -
Network Card
Fortinet FortiGate 3016B
2 Seiten 0.82 mb -
Network Card
Fortinet FortiGate v3.0 MR7
66 Seiten 0.92 mb -
Network Card
Fortinet FortiGate 1000A-LENC
2 Seiten 0.42 mb -
Network Card
Fortinet 400
2 Seiten 0.69 mb
Richtige Gebrauchsanleitung
Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Fortinet 3.0 MR7 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Fortinet 3.0 MR7, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.
Was ist eine Gebrauchsanleitung?
Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Fortinet 3.0 MR7 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.
Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Fortinet 3.0 MR7. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.
Was sollte also eine ideale Gebrauchsanleitung beinhalten?
Die Gebrauchsanleitung Fortinet 3.0 MR7 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Fortinet 3.0 MR7
- Den Namen des Produzenten und das Produktionsjahr des Geräts Fortinet 3.0 MR7
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Fortinet 3.0 MR7
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen
Warum lesen wir keine Gebrauchsanleitungen?
Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Fortinet 3.0 MR7 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Fortinet 3.0 MR7 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Fortinet finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Fortinet 3.0 MR7 zu überspringen, wie es bei der Papierform passiert.
Warum sollte man Gebrauchsanleitungen lesen?
In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Fortinet 3.0 MR7, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.
Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Fortinet 3.0 MR7 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.
Inhaltsverzeichnis der Gebrauchsanleitungen
-
Seite 1
www.fortinet.com FortiA na l yz er V ersion 3.0 MR7 ADMINISTRA TION GUIDE[...]
-
Seite 2
FortiAnalyzer Administra tion Guide V ersion 3.0 MR7 08 September 200 8 05-30007-00 82-20080908 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examples , diagrams or illustrations may be reproduced, tra nsmitted, or translated in any form or by any means, electronic, mechanical, manual, op tical o[...]
-
Seite 3
Contents FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 3 Contents Introduction ............... ................................. .............................. .......... 9 About this document ............... ................ ................ ................ ............. ............. 9 Fortinet documentation.... ....[...]
-
Seite 4
FortiAnalyzer Version 3.0 MR7 Administration Guide 4 05-30007-0082-200809 08 Contents Viewing session information .......................... ................ ................ ....... 35 Filtering session informat ion ...... ................ ................. ............ .............. 36 Report Engine ..................... ............. ..........[...]
-
Seite 5
Contents FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 5 Hot swapping the FortiAnalyzer- 2000/2000A and FortiAnalyz- er-4000/4000A .............. ................ ............. ................ ................ ........ 66 Configuring RAID on the FortiAnalyze r-400 and FortiAnalyzer-80 0/800B . 67 Configuring RAID on th[...]
-
Seite 6
FortiAnalyzer Version 3.0 MR7 Administration Guide 6 05-30007-0082-200809 08 Contents Customizing the content archive view ...................... ................ .................. 108 Displaying and arranging log columns .... ...... ................ ............. ............... 109 Filtering logs ..... ................ ................ .........[...]
-
Seite 7
Contents FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 7 Searching the Netw ork Analyzer logs ................... ................ ................ ...... 150 Search tips .......... ................ ................ ............. ................ ................ ......... 152 Printing the search results ...............[...]
-
Seite 8
FortiAnalyzer Version 3.0 MR7 Administration Guide 8 05-30007-0082-200809 08 Contents Appendix: FortiAnalyzer re ports in 3.0 MR7 ......... .............. ........ 185 FortiGate reports ..... ................ ................. ............ ................. ............ ............ 185 Intrusion Activity ............ ................ .............[...]
-
Seite 9
Introduction About this document FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 9 Introduction FortiAnalyzer unit s are network appliances that provide integra ted log collection and reporting tools. Report s analyze logs for ema il, FTP , web browsing, se curity events, an d other network activity to help identify sec[...]
-
Seite 10
FortiAnalyzer Version 3.0 MR7 Administration Guide 10 05-30007-0082-200809 08 Fortinet documentation Introduction • Report s describes how to co nfigure report pr ofiles for one-tim e or scheduled report s on your network devices, users, or group s. • Alert descr ibes how define log message criteria that signify critical network events. As log [...]
-
Seite 11
Introduction Customer service a nd technical su pport FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 Fortinet Tools and Documentation CD All Fortinet document ation is available from the Fortinet T ools and Documen tation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For[...]
-
Seite 12
FortiAnalyzer Version 3.0 MR7 Administration Guide 12 05-30007-0082-200809 08 Customer service and technical support Introduction[...]
-
Seite 13
What’s new for 3.0 MR7 FortiAnalyzerV ersion 3.0 MR7 Administration Guide 05-30007-0082-2008090 8 13 What’ s new for 3.0 MR7 This section lists and de scribes the new features and changes in Fo rtiAnalyzer 3.0 MR7. Th e chapter , “Managing firmware version s” on page 169 , p rovides detailed informatio n about how t o properly upgrade to F [...]
-
Seite 14
FortiAnalyzerVersion 3.0 MR7 Administration Guide 14 05-30007-0082-200809 08 What’s new for 3.0 MR7 • Network Summary menu removed – The Network Summary menu was removed in FortiAnalyzer 3.0 MR7. This menu was removed because most of the informa tion that pr eviously displa yed, now dis plays as widg ets on the Dashboard . See “Dashboard”[...]
-
Seite 15
What’s new for 3.0 MR7 3.0 MR7 new features and changes FortiAnalyzerV ersion 3.0 MR7 Administr ation Guide 05-30007-0082-20080 908 15 3.0 MR7 new features and changes The following descriptions includes only menus containing new features, chang es to features, or both . Additional informat ion is provided within this document. Power supply monit[...]
-
Seite 16
FortiAnalyzerVersion 3.0 MR7 Administration Guide 16 05-30007-0082-200809 08 3.0 MR7 new features and changes What’s new for 3.0 MR7 For the Log Rece ive Monitor widget, a diagnose command will be introduced to provide information about to tal message rate, me ssage rate per-protocol, and message rate per-device in the CLI. See “System” on p [...]
-
Seite 17
What’s new for 3.0 MR7 3.0 MR7 new features and changes FortiAnalyzerV ersion 3.0 MR7 Administr ation Guide 05-30007-0082-20080 908 17 Fortinet recommends config uring a test report layout and report schedule to familiarize yourself with ho w reports are configured in FortiAnalyzer 3.0 MR7. See “Reports” on page 1 13 about how to configure re[...]
-
Seite 18
FortiAnalyzerVersion 3.0 MR7 Administration Guide 18 05-30007-0082-200809 08 3.0 MR7 new features and changes What’s new for 3.0 MR7 Alert email configuration changes When configuring an alert email in Alert > Alert Event , you now are requ ired to enter information in the following fields: •a l e r t n a m e • destination (or destinations[...]
-
Seite 19
Administrative Domain s (ADOMs) A bout administrative domain s (ADOMs) FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 19 Administrative Domains (ADOMs) Administrative Do main s (ADOMs) enable the admin administrator to constrain other FortiAna lyzer unit adminis trators’ access privileges to a subs et of devices in t[...]
-
Seite 20
FortiAnalyzer Version 3.0 MR7 Administration Guide 20 05-30007-0082-200809 08 About administrati ve domains (ADOMs ) Administrative Domains (ADOMs) • If ADOMs are ena bled and you log in as admin , you first access Administration Domain Configuration. A superset of the typical menus and CLI commands appear , allowing unrestricted access and ADOM [...]
-
Seite 21
Administrative Domain s (ADOMs) A bout administrative domain s (ADOMs) FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 21 • If ADOMs are enabled an d you log in as any other administrator , you enter the ADOM assigned to your account. A subset of the typical men us or CLI commands appear , allowing access only to only l[...]
-
Seite 22
FortiAnalyzer Version 3.0 MR7 Administration Guide 22 05-30007-0082-200809 08 Configuring ADOMs Administrative Domains (ADOMs) Configuring ADOMs Administrativ e domains (ADOMs) ar e disabled by defa ult. T o use ad ministrative domains, the admin administrator must first enable the feature , create ADOMs, and assign other FortiA nalyzer ad ministra[...]
-
Seite 23
Administrative Domains (ADOMs) Configuring ADOMs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 23 T o add or edit an ADOM 1 Log in as admin . Other administrators cannot enable, disable, or configur e ADOMs. 2 Select Create New , or se lect the check box next to an ADOM and select Edit. 3 Enter a Name for the ADOM. 4 Se[...]
-
Seite 24
FortiAnalyzer Version 3.0 MR7 Administration Guide 24 05-30007-0082-200809 08 Accessing ADOMs as the admin administrator Administra tive Domains (ADOMs) Accessing ADOMs as the admin administrator When ADOMs are enabled, additiona l ADOM items become available to the admin administrator and th e structure of the web-based manage r menu changes. Afte[...]
-
Seite 25
System Dashboard FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 25 System The System menu contains basic FortiAna lyzer unit system se ttings , such as network inte rfaces, DN S, routing, loca l logging, ad ministrators , and network shares, and displays system statistics a nd provides basic system operations fr om the[...]
-
Seite 26
FortiAnalyzer Version 3.0 MR7 Administration Guide 26 05-30007-0082-200809 08 Dashboard System Figure 1: Dashboard of a FortiAnalyzer-100A u nit displaying one of the new widg ets Log Receive M onitor and a tab, Branch Office T o rearrange a Dashboard widget 1 Go to System > Dashboard . 2 Place your mouse cursor over th e widget’s title bar ar[...]
-
Seite 27
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 27 3 Select Show or Hide. The widget toggles between showin g the full widget and being minimized to show only its title bar . T o include a Dashboard widget 1 Go to System > Dashboard . 2 Select “+ Widget”. 3 A widget sele ction overlay appears. 4 Se[...]
-
Seite 28
FortiAnalyzer Version 3.0 MR7 Administration Guide 28 05-30007-0082-200809 08 Dashboard System 3 Enter a new name an d press Enter . T o delete a t ab 1 Go to System > Dashboard . 2 Double-click on the name of the t ab and select the (X) symbol. RAID Monitor The RAID Monitor area of the Dashboard displays information about th e status of RAID di[...]
-
Seite 29
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 29 Figure 4: RAID Monitor displaying a dis k that is being rebuilt System Information The System Information area of the Das hboard displa ys basic information about the FortiAnalyzer unit, such as up time and firmware version. Array St atus Displays the fol[...]
-
Seite 30
FortiAnalyzer Version 3.0 MR7 Administration Guide 30 05-30007-0082-200809 08 Dashboard System Figure 5: System Infor mation Setting the time Set the system time to ensu re correct report time ranges and scheduling and accurate logging. Y ou can either manually set the FortiAnalyze r system time or you can configure the FortiAnalyzer u nit to autom[...]
-
Seite 31
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 31 Changing the host name Change the FortiAnalyzer host name to dif ferentiate the FortiAnalyze r from other FortiAnalyzer unit s or other devices on your network. T o change the host name 1 Go to System > Dashboard . 2 In the System Information area, sel[...]
-
Seite 32
FortiAnalyzer Version 3.0 MR7 Administration Guide 32 05-30007-0082-200809 08 Dashboard System System Resources The System Res ources area of the Das hboard displa ys use of the FortiAna lyzer unit’s resources, including CPU, memory (RAM) and hard disk. Figure 8: Sy stem Resources Viewing operational history The System resource history pag e disp[...]
-
Seite 33
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 33 T o view the FortiAnalyz er operational history 1 Go to System > Dashboard . 2 Select History in th e upper right co rner of the System Resources area. System Operation Some basic operations can be p erformed directly from the Dashboard in the System O[...]
-
Seite 34
FortiAnalyzer Version 3.0 MR7 Administration Guide 34 05-30007-0082-200809 08 Dashboard System Resetting to the default configuration Y ou can reset the FortiAnalyzer unit to its defa ult configuration. Resetting the configura tion does not rest ore the original firmwar e. Configuration and firmware are distinct. Use th e procedures in “Managing [...]
-
Seite 35
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 35 Figure 10: Alert messages Statistics The S tatistics area of the Dashboard co unts the numbers of sessions, logs, and reports ha ndled by the FortiAnalyzer unit. Figure 1 1: St atistics Viewing session information Session information displays informa tion[...]
-
Seite 36
FortiAnalyzer Version 3.0 MR7 Administration Guide 36 05-30007-0082-200809 08 Dashboard System T o view t he sessio n informa tion 1 Go to System > Dashboard . 2 In the S ta tistics area, next to Connections, select Det ails. Filtering session information Y ou can filter the conten ts to find specific content. Each column of data includes a gray[...]
-
Seite 37
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 37 Log Receive Monitor The Log Receive Mon itor displays historical analysis of the rate at which logs are received. This widget displays this information in a graphical format. Y ou can display information by the type of logs or by device and you can also s[...]
-
Seite 38
FortiAnalyzer Version 3.0 MR7 Administration Guide 38 05-30007-0082-200809 08 Dashboard System Intrusion Activity Intrusion Activity displays the top att acks that occurr ed on the network. This information is gathered from att ack logs. Y ou ca n edit the I ntrusion Activit y widget to display specific information by using the followin g procedur [...]
-
Seite 39
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 39 Figure 15: Virus Activity wi dget T o edit the inf ormation for Virus Activi ty 1 Go to System > Dashboard . 2 In Virus Activity , selec t Ed it in the title ba r area. 3 Enter the appropriate infor mation for the following: 4 Select OK. Top FTP Traffi[...]
-
Seite 40
FortiAnalyzer Version 3.0 MR7 Administration Guide 40 05-30007-0082-200809 08 Dashboard System T o edit the information for T op FTP T raffic 1 Go to System > Dashboard . 2 In T o p FTP Traf fic, select Edit in the tit le bar area . 3 Enter the appro priate informatio n for the following: 4 Select OK. Top Email Traffic T op Email Tr affic displa[...]
-
Seite 41
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 41 3 Enter the appropriate infor mation for the following: 4 Select OK. Top IM/P2P Traffic T op IM/P2P Traf fic displays the top inst ant messaging and P2P programs used, using a bar c hart. The information displays each I M and P2P program separately by use[...]
-
Seite 42
FortiAnalyzer Version 3.0 MR7 Administration Guide 42 05-30007-0082-200809 08 Dashboard System 3 Enter the appro priate informatio n for the following: 4 Select OK. Top Traffic T op Tr affic displays the tot al amount of traffic for FortiGate unit s. T op Traf fic uses traf fic logs in determining the tota l amount of traf fic. This information dis[...]
-
Seite 43
System Dashboard FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 43 3 Enter the appropriate infor mation for the following: 4 Select OK. Top Web Traffic T op Web T raffic displays th e total web traf fic usage on the network. This information is displayed as a bart ch art. Inform ation for t his widget is gat hered from t[...]
-
Seite 44
FortiAnalyzer Version 3.0 MR7 Administration Guide 44 05-30007-0082-200809 08 Network System 3 Enter the appro priate informatio n for the following: 4 Select OK. Network Use the network settings to configure the For tiAnalyzer unit to operate in your network. Ba sic network s ettings incl ude co nfiguring interfaces, DNS settings and static routes[...]
-
Seite 45
System Network FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 45 Changing interface settings T o change the interfac e setting s 1 Go to System > Network > Interface . 2 In the row correspon ding to the interface you wa nt to change, select Mod ify . 3 Configure the following options: 4 Select OK. Stat us T he stat[...]
-
Seite 46
FortiAnalyzer Version 3.0 MR7 Administration Guide 46 05-30007-0082-200809 08 Network System About Fortinet Discovery Protocol FortiGate units running FortiOS version 3. 0 or greater can use Fo rtinet Discovery Protocol (FDP), a UDP protocol, to locate a FortiAnalyzer unit. When a FortiGa te administrator select s Automatic Discovery , the FortiGat[...]
-
Seite 47
System Admin FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 47 Adding a route S tatic routes provide the Fo rtiAnalyzer unit with the inform ation it need s to forward a packet to a particular destination other than the default gateway . T o add a static route 1 Go to System > Network > Routing . 2 Select Create Ne[...]
-
Seite 48
FortiAnalyzer Version 3.0 MR7 Administration Guide 48 05-30007-0082-200809 08 Admin System Adding or editing an administrator account Y ou can ad d, edit or delete a FortiA nalyzer adm inistrator acco unt, except th e default administrator admin administrator acco unt. When configuring the administrator ’s informatio n, you can add the @ symbol t[...]
-
Seite 49
System Admin FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 49 Changing an administrator’s password The admin administrator and adm inistrators with read and write permissions can change their own a ccount passwords. Administrato rs with read-only permis sions cannot cha nge their own password. Instead, the admin admin[...]
-
Seite 50
FortiAnalyzer Version 3.0 MR7 Administration Guide 50 05-30007-0082-200809 08 Admin System Figure 24: Acces s Profile T o create an access profile 1 Go to System > Admin > Acce ss Profile . 2 Select Create New . 3 Enter a name for the profile. 4 Select a filter for each option: Auth Group Auth Group enables you to group RADIUS server s in to [...]
-
Seite 51
System Admin FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 51 RADIUS Server RADIUS servers authenticate administra tors. The following procedure expla ins how to add a RADIUS server for authenticating administrato rs. T o add a RADIUS server 1 Go to System > Admin > RADIUS Server . 2 Select Create New . 3 Configur[...]
-
Seite 52
FortiAnalyzer Version 3.0 MR7 Administration Guide 52 05-30007-0082-200809 08 Network Sharing System Monitor The Monitor page e nables the admin administrator to view other administrato rs currently logged in to the FortiAnalyze r unit. The admin administra tor can disconnect other admini strators, should the need arise. T o monitor current adminis[...]
-
Seite 53
System Network Sharing FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 53 3 Enter the following information for th e user account and select OK: Adding share groups Y ou can create network share user groups to maintain access privileges for a large numbe r of users at once. T o add a user group 1 Go to System > Network[...]
-
Seite 54
FortiAnalyzer Version 3.0 MR7 Administration Guide 54 05-30007-0082-200809 08 Network Sharing System T o enable Windows sh ares 1 Go to System > Network Sharing > Windows Share . 2 Select Enable Windows Networ k Sharing. 3 Enter a W orkgroup name . 4 Select Apply . 5 Configure a share fo lder and us er permissio ns to access that share . For [...]
-
Seite 55
System Network Sharing FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 55 7 Select the type of access rights the users and groups will have and select the appropriate right ar row to move the user or group name to th e Read-Only Access or Read-Write Access boxes. 8 Select Ok. Configuring NFS shares Y ou can configure the [...]
-
Seite 56
FortiAnalyzer Version 3.0 MR7 Administration Guide 56 05-30007-0082-200809 08 Config System 5 Select OK. 6 In Remote Clients, enter the IP address or domain name of the remote system or user ID. 7 Select the type of Permission required and select Add . 8 Select OK. Default file permi ssions on NFS shares By default, when a user adds a new file or f[...]
-
Seite 57
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 57 Figure 30 : FortiAnalyzer u nit log setting s Log Locally Select to save the Forti Analyzer log messages on the Fo rtiAnalyzer hard disk. Log Level Select the s everity level for th e log messages recorded to the FortiAnalyzer hard disk. The FortiAna lyzer u[...]
-
Seite 58
FortiAnalyzer Version 3.0 MR7 Administration Guide 58 05-30007-0082-200809 08 Config System Configuring log aggregation Log aggregation is a method of collecting log data from one or more Fo rtiAnalyzer units to a centra l FortiAnalyzer unit. Log aggr egation involve s one or m ore FortiAn alyzer units config ured to act as aggregation client s, an[...]
-
Seite 59
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 59 For example, a comp any may have a headquarter s and a number of branch offices. Each bran ch office has a FortiG ate un it and a FortiAnalyzer-100A/100B to collect local log information. Those branch office FortiAnalyzer unit s are configured as log aggreg [...]
-
Seite 60
FortiAnalyzer Version 3.0 MR7 Administration Guide 60 05-30007-0082-200809 08 Config System Configuring an a ggregation client An aggregation client is a FortiAnalyzer unit that sends logs to a aggre gation server . These include models such as the Fort iAnalyzer-100A/100B and FortiAnalyzer-400. T o configure the aggrega tion client 1 Go to System [...]
-
Seite 61
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 61 3 Enter the IP address of the external syslog server in Remot e device IP . 4 Select whether to Forward all incoming logs or For ward only authorized logs (authorized according to a de vice’s permission s in the device list). 5 Select the Minimum Severity [...]
-
Seite 62
FortiAnalyzer Version 3.0 MR7 Administration Guide 62 05-30007-0082-200809 08 Config System 3 Enter the path and file name or se lect Browse to locate the file. 4 Select OK. IP alias ranges When adding a n IP alias you can include an IP address range as we ll as individual addresses. For example: • 10.10.10.1 - 10.10.10.50 • 10.10.10.1 - 10.10.[...]
-
Seite 63
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 63 Linear A linear RAID level combines all hard disks into one large virtual disk. It is also known as concat enation or JBOD (Just a B unch of Disks). The total space available in this option is the capacity of all disks used . There is ve ry little performanc[...]
-
Seite 64
FortiAnalyzer Version 3.0 MR7 Administration Guide 64 05-30007-0082-200809 08 Config System RAID 10 RAID 10 ( or 1+0), inc ludes nes ted RAID lev els 1 and 0, or a stripe (RAID 0) o f mirrors (RAID 1). The total disk sp ace available is the total number of disks in the array (a minimum of 4) divided by 2. Any drive from a RAID 1 array can fail with[...]
-
Seite 65
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 65 Y ou can use any br and of hard disk to replace a failed hard disk, as long as it has the same capacity or greater . For example, if replac ing a 120 GB hard drive, you could use either a 120 GB or 250 GB hard drive. Hot swapping in the FortiAnalyzer -400 an[...]
-
Seite 66
FortiAnalyzer Version 3.0 MR7 Administration Guide 66 05-30007-0082-200809 08 Config System Hot swapping the Forti Analyzer-2000/2000A and FortiAnalyzer-4000/4000A The following diagram indicates the drive number a nd their location in the FortiAnalyzer unit when you are looking at the front of the unit. Refer to this diagram before removin g the d[...]
-
Seite 67
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 67 The options available here will depend on the RAID level selected. For most RAID levels, you can only add the new hard disk back into the RAID array . If you are running a RAID level with hot spare, you can also add the new hard disk as the hot spare. Config[...]
-
Seite 68
FortiAnalyzer Version 3.0 MR7 Administration Guide 68 05-30007-0082-200809 08 Config System RAID settings can be configured from the Dashb oard, in the RAID Monitor widget as well as from System > Conf ig > RAID . Figure 33: For tiAnalyzer-2000/2 000A RAID settings Configuring L DAP connections On the LDAP tab, you can configu re an LDAP quer[...]
-
Seite 69
System Config FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 69 Figure 34: LDAP settings T o define an LDAP server query 1 Go to System > Config > LDAP . 2 Select Create New . Co mplete the following: LDAP Distinguished Na me Query Name Enter the name for the LDAP server query . Server Name/IP Enter the LDAP server[...]
-
Seite 70
FortiAnalyzer Version 3.0 MR7 Administration Guide 70 05-30007-0082-200809 08 Maintenance System 3 Select OK. The LDAP query becomes an available option when configuring var iables for report pro files. For more informa tion, see “Configuring reports” on page 1 13 . Maintenance Maintenance enables you to backup and restore configuration files f[...]
-
Seite 71
System Maintenance FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 71 FortiGuard Center Y ou can update the engine and vulnerability scan modules in one of the following ways: • manually upload update package s to the FortiAnalyzer unit from your managem ent comp uter • configure the For tiAnalyzer unit to periodicall[...]
-
Seite 72
FortiAnalyzer Version 3.0 MR7 Administration Guide 72 05-30007-0082-200809 08 Maintenance System Figure 36: FortiGuard Center FortiGuard Subscription Services The RVS (remote vulnerability scan) engine and module version number , date of last upda te, and status of the connection to th e Fortinet Distribution Network (FDN). A green indicator means [...]
-
Seite 73
System Maintenance FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 73 Port Enter the port number of the web proxy . This is usually 8080 . Name If your web proxy requi res a login, ente r the user name that your FortiAnalyzer unit should use when connecting to the FDN through the web proxy . Password If your web proxy req[...]
-
Seite 74
FortiAnalyzer Version 3.0 MR7 Administration Guide 74 05-30007-0082-200809 08 Maintenance System[...]
-
Seite 75
Device Viewing the device list FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 73 Device The Device menu controls connection a ttempt handling, permissions, disk space quota , and other aspect s of devices connecting to the For tiAnalyzer unit for remote logging, conten t archiving, quarantining, and/o r remote manageme[...]
-
Seite 76
FortiAnalyzer Version 3.0 MR7 Administration Guide 74 05-30007-0082-200809 08 Viewing the device list Device Devices may automatically app ear on the device list when the FortiAnalyzer receives a connection attempt, according to your configuration of Unregistered Device Options, but devices may also automatically appear as a result of importing log[...]
-
Seite 77
Device Viewing the device list FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 75 • Tx indicates logg ing access for all devices mana ged by the FortiManager system. • Rx indicates that the FortiManager system can remotely administer the FortiAna lyzer unit. For more information about on configuring de vice connection[...]
-
Seite 78
FortiAnalyzer Version 3.0 MR7 Administration Guide 76 05-30007-0082-200809 08 Viewing the device list Device T o delete a device 1 Go to Device > All > Device . 2 In the row corresponding to the device th at you want to delete, in the Action column, select Delete. A confirmation dialog appears. The Delete option may not appear if the device i[...]
-
Seite 79
Device Viewing the device list FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 77 For networks with more demandi ng logging scenarios, an appropriate device rati o may be less than the allowed maximum. Perfor mance will vary according to your network size, device types, logging thresholds, and many ot her factors. When ch[...]
-
Seite 80
FortiAnalyzer Version 3.0 MR7 Administration Guide 78 05-30007-0082-200809 08 Configuring unregistered device connection attempt hand ling Device Configuring unregistered device connection attempt handling Y ou can configure the FortiAnalyzer uni t to acce pt and handles connection attempts automatically , or to allow connections only from devices [...]
-
Seite 81
Device Configuring unregistered device conne ction attempt handli ng FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 79 Figure 2: Un registered Device Option s T o configure device connection attempt han dling 1 Go to Device > All > Device . 2 Select Unregistered Devices Options. 3 Select from the fo llowing options[...]
-
Seite 82
FortiAnalyzer Version 3.0 MR7 Administration Guide 80 05-30007-0082-200809 08 Manually adding a device Device Manually adding a device Y ou can add de vices to the FortiAnaly ze r unit’s device list either manually or automatically . If you have configured Unregistered Device Optio ns to automatically register know n-type devices, you may only ne[...]
-
Seite 83
Device Manually adding a device FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 81 Figure 3: Configuring a de vice Device T ype Select the device type. The type is automatically pre- selected if you are adding an unregistered device from the device list, or if you are editing an existing device. Other device options vary [...]
-
Seite 84
FortiAnalyzer Version 3.0 MR7 Administration Guide 82 05-30007-0082-200809 08 Manually adding a device Device T o manually add a device or HA cluster 1 Go to Device > All > Device . 2 If the device appears in the d evice list but is unregistered, from Show , select Unregistered, then in row correspondin g to the device, in the Action column, [...]
-
Seite 85
Device Manually adding a device FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 83 13 Select the blue arrow to exp and Group Membership. This option does not appear if Device T ype is FortiClient. In t hat case, also s kip the following step. 14 From the Availa ble Groups area, select a device gr oup or groups, if any , t[...]
-
Seite 86
FortiAnalyzer Version 3.0 MR7 Administration Guide 84 05-30007-0082-200809 08 Manually adding a device Device T o classify network inter faces and VLAN subinterfaces of a Fo rtiGate unit 1 Go to Device > All > Device . 2 Configure the FortiGate device. For more information, see “Manually adding a device” on page 8 0 . 3 Select the blue ar[...]
-
Seite 87
Device Manually adding a device FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 85 T o enable the FortiAnalyzer unit to reply to FDP pac kets 1 On the FortiAn alyzer unit, go to Device > All . 2 Go to System > Network . 3 Select Modify for the ne twork interface that should reply to FDP p ackets. 4 Enable Fortinet D[...]
-
Seite 88
FortiAnalyzer Version 3.0 MR7 Administration Guide 86 05-30007-0082-200809 08 Blocking device connection attempts Device T est Connectivity does not verify connectivity by Syslog. Syslog is required to send log messages. T o verify Syslog connec tivity , trigger FortiGate logs, then go to Log&Repor t > Log Access > Remote . S teps re quir[...]
-
Seite 89
Device Configuring device groups FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 87 T o block a device 1 Go to Device > All > Device . 2 From Show , select U nregistered. If the device is currently registered, you must first delete the de vice before you can block it. For more information, se e “Vie wing the devic[...]
-
Seite 90
FortiAnalyzer Version 3.0 MR7 Administration Guide 88 05-30007-0082-200809 08 Configuring device groups Device Figure 5: List of device group s T o configure a device gro up 1 Go to Device > Group > Device G roup . 2 Select Create New to configure a new device group, or select Edit to reconfigure an existing device group. 3 In Group Name, e n[...]
-
Seite 91
Log Viewing log messages FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 91 Log FortiAnalyzer units collect logs from netw ork hosts suc h as FortiGat e, FortiMail, FortiClient, FortiManager , and Syslog devices. By using the Log menu, you can view both device and FortiAnalyzer log files and message s, as well as conten[...]
-
Seite 92
FortiAnalyzer Version 3.0 MR7 Administration Guide 92 05-30007-0082-200809 08 Viewing log messages Log Figure 1: Vi ewing current logs Viewing historical log messages The Historical tab in Log > Log Vi ewer displays logs for a selected device and log type for a specific time range. When vi ewing lo g messages, you can filter the information to f[...]
-
Seite 93
Log Viewing log messages FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 93 Figure 2: Viewing historical lo gs Devices Select the type of device you want to view logs from. If you select All FortiGates, all log message s fr om all registered FortiGate units appear . Log T ype s Sel ect to view a different device’s logs,[...]
-
Seite 94
FortiAnalyzer Version 3.0 MR7 Administration Guide 94 05-30007-0082-200809 08 Browsing log files Log T o view historical logs 1 Go to Log > Log V iewer > Historical . 2 From Dev ices, select th e device who se logs you want to view . Unregistered devices wi ll not appear in the list. T o view a device’s logs, you must register the device fi[...]
-
Seite 95
Log Browsing log files FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 95 Viewing log file contents The Log Browser ta b enables you to view all log messages within local or device log files. If you displa y the log m essages in For matted view , you can display and arrange columns and/or filter log messages by co lumn co[...]
-
Seite 96
FortiAnalyzer Version 3.0 MR7 Administration Guide 96 05-30007-0082-200809 08 Browsing log files Log Importing a log file Y ou can import devices’ log files. This can be useful when restoring data or loading log dat a for temporary use. For example, if you have older log files from a device, you ca n import these logs onto the FortiAnalyzer unit [...]
-
Seite 97
Log Browsing log files FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 97 5 In Filename, enter the path and file name of the log file, or select Browse. 6 Select OK. A message appears, stating th at the upload is beginning, but will be cancelled if you leave the page. 7 Select OK. Upload time varies by the size of th e fi[...]
-
Seite 98
FortiAnalyzer Version 3.0 MR7 Administration Guide 98 05-30007-0082-200809 08 Customizing the log view Log 5 Select Download Current V iew . 6 Configure the following: 7 Select OK. 8 If prompted by your web browser , select a location to save the file, or open it without saving. Customizing the log view Log messages can be displayed in either Raw o[...]
-
Seite 99
Log Customizing the log view FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 99 Figure 5: Displayi ng and arranging l og columns T o display or hide columns 1 Go to a page which displays log messages, s uch as Log > Log Viewer > Real- time . 2 Select Column Settings. Lists of av ailable and displayed columns for the[...]
-
Seite 100
FortiAnalyzer Version 3.0 MR7 Administration Guide 100 05-30007-0082-200809 08 Customizing the log view Log Figure 6: Filter icon s T o filter log messages by co lumn content s 1 In the heading of the column that you wa nt to filter , select the filter icon. 2 Select Enable. 3 If you want to exclude log messages with matching cont ent in this colum[...]
-
Seite 101
Log Searching the logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 101 • 1.1.1.1 or 2.2.2.1-2.2.2.10 Most column filters require that you enter th e column’s entire content s to successfully match and filter content s; partial entrie s do not match the entire contents, and so will not create the intended column fi[...]
-
Seite 102
FortiAnalyzer Version 3.0 MR7 Administration Guide 102 05-30007-0082-200809 08 Searching the logs Log Device/Group Select to search logs from the Fo rtiAnalyzer unit (LocalLogs), a device , or a device group. Date Select to search logs from a time frame, or select S pecify and define a custom time frame b y selecting the From and T o date a nd time[...]
-
Seite 103
Log Searching the logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 103 T o search the logs 1 Go to Log > Search . 2 From Device/Group, select which device or device group’ s logs you want to search. 3 From Date, select Any time to search l og messages from all time periods, select a predefined time period, o r se[...]
-
Seite 104
FortiAnalyzer Version 3.0 MR7 Administration Guide 104 05-30007-0082-200809 08 Searching the logs Log • Some keywords will not match unless you include both the lo g field name and its value ( type=webfilter ). • Remove unnecessary keywords and search filters which can exclud e results. In More Options, if All Words is selected, for a log messa[...]
-
Seite 105
Log Rolling and u ploading logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 105 T o download log search results 1 Go to Log > Search . 2 Perform a search using either basic or advanced search. If your search finds one or more matchi ng log events, a Download Cu rrent View button appears next to the Printa ble V e r[...]
-
Seite 106
FortiAnalyzer Version 3.0 MR7 Administration Guide 106 05-30007-0082-200809 08 Rolling and uploadi ng logs Log Figure 8: D evice Log Settings Log file sho uld not exceed Enter the maximum size of each device log file. When the l og file reac hes th e specified maximum size, the FortiAnalyzer unit saves the current log file with an incremental numbe[...]
-
Seite 107
Log Rolling and u ploading logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 107 Upload rolled files in gzipped format Select to compress the log files in gzipped format before uploadin g to the server . Delete files af ter uploading Select to remove the log file from the FortiAnalyzer hard disk after the FortiAnalyzer[...]
-
Seite 108
FortiAnalyzer Version 3.0 MR7 Administration Guide 108 05-30007-0082-200809 08 Rolling and uploadi ng logs Log[...]
-
Seite 109
Content Archive Viewing content archives FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 107 Content Archive Content archiving provides a method of simult aneously logging and archiving copies of content transmitted over your network, such as email and web pages. FortiGate u nits can log me tadata for common u ser conte[...]
-
Seite 110
FortiAnalyzer Version 3.0 MR7 Administration Guide 108 05-30007-0082-200809 08 View ing content arch ives Content Archi ve • whether the FortiAnalyzer unit has the c opy of the file or me ssage associated with the summary log message (that is, full co ntent archives do not appear if you have deleted the associated cop y of the file or message) Fo[...]
-
Seite 111
Content Archive Customizing the content archive view FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 109 Customizing the content archive view Log messages can be d isplayed in either Raw or Formatted view . • Raw view displays log messages exactly as they appear in the log file. • Formatted view d isplays log messages[...]
-
Seite 112
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 0 05-30007-0082-20080908 Customizi ng the content archiv e view Content Archi ve 3 Select which columns to hide or displ ay . • In the Available Fields ar ea, select th e names of individual columns you want to display , then select the single right ar row to move them to the Display Fields ar[...]
-
Seite 113
Content Archive Customizing the content archive view FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 111 4 Enter the text that matching log messages must contain. Matching log messages will be excluded or included in your view based upon whether you have selected or deselecte d NOT . 5 Select OK. A column’ s filter icon[...]
-
Seite 114
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 2 05-30007-0082-20080908 Searching full email content archives Content Archi ve Searching full email content archives Y ou can search full email content archives to quickly locate and view messages, such as those wh ose body contain s a specific term. Full email content archive se arches create [...]
-
Seite 115
Content Archive Searching full email content archives FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 3 To The recipient’s email address. Last activity The date and time that the FortiAnalyzer unit recei ved the content archive. Subject The subject line of the email. Select the subject line of the email to view the e[...]
-
Seite 116
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 4 05-30007-0082-20080908 Searching full email content archives Content Archi ve[...]
-
Seite 117
Reports Configuring reports FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 11 3 Report s FortiAnalyzer unit s can collate information collected from device log files and present the information in tabular and graphical report s, which provides quick analysis of what is occurring on the network. By using report s, you c[...]
-
Seite 118
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 4 05-30007-0082-20080908 Configuring reports Reports Configuring report layout The Layout t ab enables you to configure an d de fine multiple repo rt layout s, which can then be applied to report sch edules or generated immediately . Figure 1: report layouts in Reports > Config > Layout No[...]
-
Seite 119
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 5 Figure 2: Layout There are also default repor t layouts for you to choose fro m as well, and they appear in the rep ort layout list with the repo rt layouts you created. The default layouts are: • Bandwidth _Analysis – is an overview of b[...]
-
Seite 120
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 6 05-30007-0082-20080908 Configuring reports Reports 4 Select [Add Chart(s)]. 5 Enter the appro priate informatio n for the following: 6 Select OK. If you want to edit chart s immediately af ter configu ring them, go to the procedure “T o edit a chart” on page 1 17 . 7 Select [Add Section]. [...]
-
Seite 121
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 7 Editing charts in a report layout Y ou can edit charts at any time as well as rearra nge the charts from within the Chart List. Y ou can also edit T ext and Section as well. The following procedure assumes you have already selected the report[...]
-
Seite 122
FortiAnalyzer Version 3.0 MR7 Administration Guide 11 8 05-30007-0082-20080908 Configuring reports Reports T o edit a chart 1 Select Edit beside the chart name. 2 Enter the appro priate informatio n for the following: Chart Output Select one of the following to display chart informatio n: • T ab le & Graph – d isplays both a table and graph[...]
-
Seite 123
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 11 9 3 Select OK. If you want to rearrange the char ts so that they are presented in a dif ferent order , select and drag a chart (using your mouse) to above or below another chart. The order is reflected in the generated report. T o edit text 1 S[...]
-
Seite 124
FortiAnalyzer Version 3.0 MR7 Administration Guide 120 05-30007-0082-200809 08 Configuring reports Reports T o configure a report schedule 1 Go to Report > Schedule . 2 Select Create New . 3 Enter the appro priate informatio n for the following: Create New Select to create a new report schedul e and configure the settings. Delete Select to remov[...]
-
Seite 125
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 121 4 Select OK. Monthly Select to generate the report on a specific day or days of the month. Enter the days with a comma to separate the days. For example, you want to generate the report on the first day , the 2 1st day and 30th day: 1, 21, 30 [...]
-
Seite 126
FortiAnalyzer Version 3.0 MR7 Administration Guide 122 05-30007-0082-200809 08 Configuring reports Reports Configuring data filter templates Y ou can configure multiple data filter templates for reports in Report > Config > Dat a Filter . These templates can be applied to any re port schedule you want. Figure 4: Data filter templates Data fil[...]
-
Seite 127
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 123 Figure 5: Configuring a dat a filter template T o configure data filters for a report 1 Go to Report > Config > Dat a Filter . 2 Select Create New . 3 Enter and/or select the appr opriate information for the fields and check boxes for th[...]
-
Seite 128
FortiAnalyzer Version 3.0 MR7 Administration Guide 124 05-30007-0082-200809 08 Configuring reports Reports Alias Select the appropriate alias from the drop-down list. See Configuring IP alias on page 50 for more information ab out configuring IP aliases. Y ou can filter on IP ranges or subnets. For example: • 172.20.1 10.0-255 matches all IP addr[...]
-
Seite 129
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 125 4 Select OK. Configuring report output templates Y ou can configure the FortiAnalyzer unit to output the report in one or more file formats, save the repo rts of selected file formats to th e FortiAnalyzer h ard disk, and email the report to r[...]
-
Seite 130
FortiAnalyzer Version 3.0 MR7 Administration Guide 126 05-30007-0082-200809 08 Configuring reports Reports When conf iguring the F ortiAnalyzer unit to ema il a report, y ou must fir st configure the FortiAnalyzer unit to connect to an ema il server . For more information, se e “Configuring alert s by email server” on p age 135 . If HTML report[...]
-
Seite 131
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 127 Send Report by Mail V erify this check box is selected. If you do not want to sen d a report by email, unselect the check box. If the check box is unselected, the availabl e options under Send Report by Mail are hidden. Email Output If you wan[...]
-
Seite 132
FortiAnalyzer Version 3.0 MR7 Administration Guide 128 05-30007-0082-200809 08 Configuring reports Reports 4 Select OK. Configuring language When creating a report la yout, you can select which language the report will be written in. If your preferred langu ages require modi fication, you can create your own report language customization, wh ich th[...]
-
Seite 133
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 129 Keys are required and must not be removed or changed. Keys map a string to a location in the report, and are the same in each language file. If you change or remove keys, the Fo rtiAnalyzer unit cannot associate your string with a location in [...]
-
Seite 134
FortiAnalyzer Version 3.0 MR7 Administration Guide 130 05-30007-0082-200809 08 Configuring reports Reports Figure 8: Languages T o create a report la nguage customization 1 Go to Report > Config > Language . 2 Locate the de fault language th at you want to custom ize. In that languag e’s row , select Download Format F ile and Downloa d S tr[...]
-
Seite 135
Reports Configuring reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 131 6 If you changed the encoding of the string file, open the format file using a plain text editor that supp orts Unix-style line endings, suc h as jEdit , and edit the encoding and characte r set values for ea ch file format. If you have switch[...]
-
Seite 136
FortiAnalyzer Version 3.0 MR7 Administration Guide 132 05-30007-0082-200809 08 Browsing reports Reports T o change a report language cust omization 1 Go to Report > Config > Language . 2 Locate the customized language whose font, string, or format file you want to change and in that language’ s row , select Edit from the Action column. 3 Fo[...]
-
Seite 137
Reports Browsing reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 133 Figure 9: Viewi ng reports in Report > Browse Refresh Select to refresh the list. If the FortiAnalyzer unit is in the process of generating a report, use Refresh to update the status of the report generation. Delete Select the reports from the[...]
-
Seite 138
FortiAnalyzer Version 3.0 MR7 Administration Guide 134 05-30007-0082-200809 08 Browsing reports Reports[...]
-
Seite 139
Quarantine Viewing quarantined files FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 131 Quarantine FortiAnalyzer unit s can act as a central repository for fi les that are suspicious or known to be infected b y a virus, and have therefor e be en quarantined by your FortiGate units. This sec tion describes how to view q[...]
-
Seite 140
FortiAnalyzer Version 3.0 MR7 Administration Guide 132 05-30007-0082-200809 08 Viewing quarantined files Quarantine Date & T ime The date and time the FortiGate q uaranti ned the file, in the format yyyy/mm/dd hh:mm:ss . The time and date indicates the time that the first file was quarantined, if dupli cate files are quarantin ed. Service The s[...]
-
Seite 141
Alert Alert Events FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 133 Alert Alerts pro vide a method of informing you of issues arising o n a FortiGate unit, FortiClient installation, or th e FortiAnalyzer unit itself, such as system failures or network attacks, ena bling you to react in a timely manner to th e event. [...]
-
Seite 142
FortiAnalyzer Version 3.0 MR7 Administration Guide 134 05-30007-0082-200809 08 Alert Events Alert Adding an alert event Adding an alert event e nables you to rece ive notification when ce rt ain types of log messages are received. T o add a new alert event 1 Go to Alert > Alert Event . 2 Select Create New . 3 Configure the following options: Ale[...]
-
Seite 143
Alert Output FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 135 4 Select OK. Output When the FortiAnalyzer unit receive s a log messages meeting the alert event conditions, it sends an alert message as an email, syslog mess age or SNMP T rap, informing an admin istrator of the issue and where it is occurring. Y ou can co[...]
-
Seite 144
FortiAnalyzer Version 3.0 MR7 Administration Guide 136 05-30007-0082-200809 08 Output Alert T o add a mail server for alert s 1 Go to Alert > Output > Mail Server . 2 Select Create New . 3 Configure the following options: 4 Select Apply . Testing the mail server configuration Y ou can send a test email message to verify that alert s can be se[...]
-
Seite 145
Alert Output FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 137 Figure 3: SNMP Ac cess List SNMP Agent Select to enable the SNMP agent. Description Enter a descriptive name fo r this FortiAnalyzer uni t. Location Enter the physical location of the FortiAnalyzer unit, such as a city or floor number. Contact Enter a contac[...]
-
Seite 146
FortiAnalyzer Version 3.0 MR7 Administration Guide 138 05-30007-0082-200809 08 Output Alert Adding an SNMP server Y ou ca n add an SN MP server to define a destination IP address that can be selected as the recipien t of FortiAnal yzer unit SNMP alert s. Defined SNMP servers are als o granted perm ission to reque st FortiAnalyzer unit system inform[...]
-
Seite 147
Alert Output FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 139 Fortinet MIB Sy stem T rap s • fnT rapCpuHigh • fnT rapMemLow • fnT rapIpChange Fortinet MIB Logging T rap s • fnT rapLogF ull Fortinet MIB VPN T raps • fnT rapVpnT unUp • fnT rapVpnTunDown • fnT rapFlgEventCount Fortinet MIB System fields • [...]
-
Seite 148
FortiAnalyzer Version 3.0 MR7 Administration Guide 140 05-30007-0082-200809 08 Output Alert RFC-1213 (MIB II) • mib-2.system • mib-2.interface •m i b - 2 . a t •m i b - 2 . i p • mib-2.icmp • mib-2.tcp •m i b - 2 . u d p • mib-2.ifMIB RFC-2665 (Ethernet- like MIB) • .dot3S tatsT able • .dot3CollT able • .dot3ControlT able • [...]
-
Seite 149
Alert Output FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 141 3 Configure the following options, and select OK. Name Enter a name for the SNMP server . IP address (or FQDN) Enter the IP address or fully qual ified domain name for the SNMP server . Port Enter the Syslog server port number . The default Syslog port is 51[...]
-
Seite 150
FortiAnalyzer Version 3.0 MR7 Administration Guide 142 05-30007-0082-200809 08 Output Alert[...]
-
Seite 151
Network Analyzer Connecting the FortiAnalyz e r unit to analyze network traffic FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 141 Network Analyzer Network Analyzer can be used as an enhanced local network traf fic sniffer to diagnose areas of the ne twork where fire wall policies may requ ire ad justment, or where traff[...]
-
Seite 152
FortiAnalyzer Version 3.0 MR7 Administration Guide 142 05-30007-0082-200809 08 Connecting the FortiAnalyzer unit to anal yze network traffic Network Analyzer Figure 1: Ex ample network topology for Network Analyzer use T o connect the FortiAn alyzer unit for use with Network Analyzer 1 Connect an Ethernet cable to a port on the Fo rtiAnalyzer unit [...]
-
Seite 153
Network Analyzer Viewing Network Analyzer log messages FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 143 V iewing Network Analyzer log messages After att aching a FortiAnalyzer unit inte rface to the network and enabled the Network Analyzer for that interfac e, traffic information displays. The Network Analyzer ’s log[...]
-
Seite 154
FortiAnalyzer Version 3.0 MR7 Administration Guide 144 05-30007-0082-200809 08 View ing Network Analyzer log messages Network Analyzer Viewing historical Netw ork Analyzer log messages The Historical tab in To o l s > Network An alyzer displays Netw ork Analyzer logs for a specific time ran ge. When viewing log messages, you can filter the infor[...]
-
Seite 155
Network Analyzer Browsing Network Analyzer log files FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 145 Browsing Network Analyzer log files The Browse ta b in To o l s > Netwo rk Analyzer enables you to see all stored Network Analyzer log files, view the Ne twork Analyzer logs, download log files to your hard disk or [...]
-
Seite 156
FortiAnalyzer Version 3.0 MR7 Administration Guide 146 05-30007-0082-200809 08 Browsing Network Analyzer log files Network Analyzer Figure 5: Viewing Network Analyzer logs Ty p e Th e type of log you are vi ewing an d the device where it originated. Change Select to view a dif ferent log file. Formatted | Raw Select a view of the log file. Selectin[...]
-
Seite 157
Network Analyzer Browsing Network Analyzer log files FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 147 Downloading a Networ k Analyzer log file Y ou can download a log file to save it as a backup or for use outside the FortiAnalyzer unit. Y ou can choose to download either the entire file or only log messages selected b[...]
-
Seite 158
FortiAnalyzer Version 3.0 MR7 Administration Guide 148 05-30007-0082-200809 08 Customizing the Network Analyzer log view Network Analyzer Customizing the Network Analyzer log view Log messages can be displayed in either Raw or Forma tted view . • Raw view displays log messages exac tly as they appear in the log file. • Formatted view displays l[...]
-
Seite 159
Network Analyzer Customizing the Network Analyzer lo g view FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 149 3 Select which columns to hide or display . • In the Availab le Fields area, select t he names of individual columns you want to display , then select the single right a rrow to move them to the Display Fields[...]
-
Seite 160
FortiAnalyzer Version 3.0 MR7 Administration Guide 150 05-30007-0082-200809 08 Customizing the Network Analyzer log view Network Analyzer 3 If you want to exclude log messages with matching cont ent in this column, select NOT . If you want to include log me ssages with matching content in this column, deselect NOT . 4 Enter the text that matching l[...]
-
Seite 161
Network Analyzer Searching the Network Analyzer logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 151 Searching the Network Analyzer logs Y ou can search the Network Analyzer log f iles for matching text using two search types: Quick Search and Full Se arch. Y ou can use Quick Search to find result s more quickly if yo[...]
-
Seite 162
FortiAnalyzer Version 3.0 MR7 Administration Guide 152 05-30007-0082-200809 08 Searching the Network Analyzer logs Network Analyzer T o search the logs 1 Go to To o l s > Network Analyzer > Search . 2 From Date, select Any time to search log messages from all time periods, select a predefined time p eriod, or select S pecif y and then define [...]
-
Seite 163
Network Analyzer Searching the Network Analyzer logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 153 • Y ou can search for IP ranges, including subn ets. For example: • 172.168.1.1/24 or 172.168.1.1/255.255.255.0 matches all IP addresses in the su bnet 172.168.1.1/ 255.255.255 .0 • 172.168.1.1-140.255 matches al[...]
-
Seite 164
FortiAnalyzer Version 3.0 MR7 Administration Guide 154 05-30007-0082-200809 08 Rolling and uploading Network Anal yzer logs Network Analyzer 4 Select the download options that you want, then select OK. 5 If prompted by your web browser , select a location to save the file, or open it without saving. Rolling and uploading Network Analyzer logs Y ou [...]
-
Seite 165
Network Analyzer Rolling and uploading Ne twork Analyzer logs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 155 Figure 9: T raffic Log Settings Enable Netwo rk Analyzer on Select the port on which Network Analyzer observes traffic. If you disable thi s option and l og out, Network Analyzer will be hidden in the web-base[...]
-
Seite 166
FortiAnalyzer Version 3.0 MR7 Administration Guide 156 05-30007-0082-200809 08 Rolling and uploading Network Anal yzer logs Network Analyzer Enable log uploadin g Select to upload log files to an server when a log fi le rolls. Server type Select the protocol to use w hen uploading to the server: • File Transfer Protocol (FTP) • Secure File Tran[...]
-
Seite 167
To o l s Preparing for the vulnerability scan job FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 157 To o l s The T ools menu provides vulnerability scann ing as well as viewing the files that are on your FortiAnalyzer un it. These tools help administr ators either when issues appear or when trying to determine if ther[...]
-
Seite 168
FortiAnalyzer Version 3.0 MR7 Administration Guide 158 05-30007-0082-200809 08 Preparing for the vulnerability scan job To o l s authenticating without r oot or admini strator credentials are typically not able to view sensitive areas of the system soft wa re or configuration; scans involving those part s cannot be accurately assessed without admin[...]
-
Seite 169
To o l s Preparing for the vulnerability scan job FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 159 Some vulnerability scan modu les , such as those that test file permissions or check installed patch and software versions , require full access to the t arget host. V ulnerability scan modules for Microsoft Windows hosts[...]
-
Seite 170
FortiAnalyzer Version 3.0 MR7 Administration Guide 160 05-30007-0082-200809 08 Preparing for the vulnerability scan job To o l s Figure 1: C onfiguring the security model for local acc ounts authenticating remotely 4 Select Local Computer Policy . 5 Select Computer Configuration. 6 Select Windows Settings. 7 Select Security Settings. 8 Select Local[...]
-
Seite 171
To o l s Viewing vulnerability scan modules FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 161 9 Select OK. 10 Select OK. 11 Select Close. 12 After the vuln erability scan job completes, revert the NetBIOS settings configured in this procedure. Preparing Unix target hosts V ulnerability scan modules ta rgeting Unix va ri[...]
-
Seite 172
FortiAnalyzer Version 3.0 MR7 Administration Guide 162 05-30007-0082-200809 08 Viewing vulnerability scan modules To o l s When configuring a full vulnerability scan, y ou can restrict the sc an job to use only those modules for vulnerabil ities that me et or e xceed your sp ecified sev erity threshold. For more infor mation, see “Configuring vul[...]
-
Seite 173
To o l s Configuring vulnerabi lity scan jobs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 163 T o filter the module view by vulnerability thr eshold 1 Go to T ools > Vulnerability Scan > Module . 2 From View mo dules with severity , select the subset: • == : equal to • >= : greater than or equal to • &l[...]
-
Seite 174
FortiAnalyzer Version 3.0 MR7 Administration Guide 164 05-30007-0082-200809 08 Configuring vulnerability scan jobs To o l s Configuring a custom scan allows you to provide th e user name and password of an administrator or root account fo r modules that require full access, and to specify the severity threshold of vulnerabilities for which you wa n[...]
-
Seite 175
To o l s Configuring vulnerabi lity scan jobs FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 165 T o configure a vulnerability scan job 1 Go to T ools > Vulnerability Scan > Job . 2 Select Create New . 3 Complete the following: 4 Select the blue arrow to exp and Scan Option. 5 Complete the following: Job Name Enter[...]
-
Seite 176
FortiAnalyzer Version 3.0 MR7 Administration Guide 166 05-30007-0082-200809 08 Configuring vulnerability scan jobs To o l s 6 Select the blue arrow to expand Schedule Option. 7 From Schedule, select ei ther Run Now or Run Later . If you select Run Later , also select the Date or T ime when the FortiAnalyzer unit will run the scan. For example, you [...]
-
Seite 177
To o l s Viewing vulnerability scan reports FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 167 10 Select OK. V iewing vulnerability scan report s The Report t ab in T ools > Vulnerability Scan displays a list of the finished vulnerability scan reports. V ulnerability scan reports reflect the re sul ts of the vulnerabi[...]
-
Seite 178
FortiAnalyzer Version 3.0 MR7 Administration Guide 168 05-30007-0082-200809 08 File Explorer To o l s T o view a vulnerability scan report 1 Go to To o l s > V ulnerability Scan > Report . 2 T o view the report in HTML format, in the Job N ame column, select the nam e of the report. 3 T o view the report in PDF or MSWord (R TF) format, in the[...]
-
Seite 179
To o l s File Explorer FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 169 Figure 5: File Expl orer Figure 6: File Explorer with Storage directory expanded[...]
-
Seite 180
FortiAnalyzer Version 3.0 MR7 Administration Guide 170 05-30007-0082-200809 08 File Explorer To o l s[...]
-
Seite 181
Managing firmwa re versions Backing up your configurati on FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 169 Managing firmware versions Before upgrading to For tiAnalyzer 3.0, it is recommended to review this chap ter so you can be fully aware of the procedures and issues when upgrading to FortiAnalyzer 3.0. This chap[...]
-
Seite 182
FortiAnalyzer Version 3.0 MR7 Administration Guide 170 05-30007-0082-200809 08 Backing up your configuratio n Managing firmware versions Backing up your configuration using the web-based manager The following procedures describe how to back up your cu rrent configuration using the web-based ma nager . T o back up your configurat ion file in FortiLo[...]
-
Seite 183
Managing firmwa re versions Backing up your configurati on FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 171 5 Select OK. 6 Select a location when prompted by your we b browser to save the file. T o back up log files using the CLI Enter the following to ba ck up all log files: execute backup logs all {ftp | sftp | scp| [...]
-
Seite 184
FortiAnalyzer Version 3.0 MR7 Administration Guide 172 05-30007-0082-200809 08 T esting fi rmware before upgrading Managing firmware versions T esting firmware before upgrading Y ou may want to test the firmware you wa nt to install before upgrading to a new firmware ve rsion, main tenance or patch release. By testing the firmware im age, you can f[...]
-
Seite 185
Managing firmwa re versions T esting firmw are before upgrading FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 173 8 T ype G to get t he new fir mware imag e from the TFTP serv er . The following m essage appears: Enter TFTP server address [192.168.1.168]: 9 T ype the address of the TFTP ser ver and press Enter . The fol[...]
-
Seite 186
FortiAnalyzer Version 3.0 MR7 Administration Guide 174 05-30007-0082-200809 08 Upgrading your FortiAnalyzer unit Managing firmware versions Upgrading your FortiAnalyzer unit After backing up your current configu ration, you can now upgrade the firmware on your FortiAnalyzer unit. The following pr ocedures are used every time you are upgrading the f[...]
-
Seite 187
Managing firmwa re versions Upgrading your FortiAn alyzer unit FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 175 T o upgrade to FortiAnalyzer 3.0 using the web-based manager 1 Copy the firmware image file to your manage ment computer . 2 Log into the web-ba sed manager as th e administrative user . 3 Go to System > D[...]
-
Seite 188
FortiAnalyzer Version 3.0 MR7 Administration Guide 176 05-30007-0082-200809 08 Upgrading your FortiAnalyzer unit Managing firmware versions This operation will replace the current firmware version! Do you want to continue? (y/n) 6 Ty p e y . The FortiAnalyzer unit uplo ads the firmware image file, upgrades to the new firmware version, and rest arts[...]
-
Seite 189
Managing firmware versions Reverting to a previous firmware version FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 177 Reverting to a previous firmware version Y ou may need to revert to a previous firmware version if the upgrade did not install successfully . The following sections will help you to back up your current [...]
-
Seite 190
FortiAnalyzer Version 3.0 MR7 Administration Guide 178 05-30007-0082-200809 08 Reverting to a previous firmware version Managing firmware versions Verifying the downgrade After succe ssfully downgrading to FortiLog 1.6, verify your connections and settings. If you are unable to con nect to the web-based manager , make sure your administration acces[...]
-
Seite 191
Managing firmware versions Reverting to a previous firmware version FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 179 8 Reconnect to the CLI. 9 Enter the following command to confirm th e firmware image installed successfully: get system status See “Restoring your configuration” on p age 180 to restore you FortiLog [...]
-
Seite 192
FortiAnalyzer Version 3.0 MR7 Administration Guide 180 05-30007-0082-200809 08 Restoring your configuration Managing firmware versions Restoring your configuration Y our co nfiguration settings ma y not carry forward after do wngrading to FortiLog 1.6. Y ou can restore your configurat ion settings for FortiLog 1.6 with the configuration file(s) you[...]
-
Seite 193
Managing firmwa re versions Restoring your configurati on FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 181 6 When this message appears: Press any key to display configuration menu... immediately press a key to interrupt the system st artup. If you successfully int errupt the startup process, the followin g messages app[...]
-
Seite 194
FortiAnalyzer Version 3.0 MR7 Administration Guide 182 05-30007-0082-200809 08 Restoring your configuration Managing firmware versions Restoring your configur ation settings using the web-based manager The following restores your FortiLog 1.6 configur ation settings using the web-based manage r . T o restore configurat ion settings using the web-ba[...]
-
Seite 195
Managing firmwa re versions Restoring your configurati on FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 183 6 Ty p e y . The FortiAnalyzer unit uplo ads the backup configuration file. Af ter the file uploads, a message, similar to the following, is displayed: Getting file confall from tftp server 192.168.1.168 ## Restor[...]
-
Seite 196
FortiAnalyzer Version 3.0 MR7 Administration Guide 184 05-30007-0082-200809 08 Restoring your configuration Managing firmware versions[...]
-
Seite 197
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 005-30007-0082-200809 08 185 Appendix: FortiAnalyzer report s in 3.0 MR7 Reports have changed dram atically in FortiAnalyzer 3.0 MR7, from how you configure them to the de fault naming scheme given when generated. For tinet recommends r[...]
-
Seite 198
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Intrusion Activity The following table expla ins what Intrus ion Activity report s have ch anged and what they were changed to in FortiAnalyze r 3.0 MR7. The FortiAnalyzer 3.0 MR6 report, T op Attack Source s, d[...]
-
Seite 199
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 187 T op Infected Files by Date T op Infected Files T op Infected Files by Month T op Infected Files T op Infected Files by Day of Week T op Infecte d Files T op Infected Files by Hour of Day T op Infected Files T[...]
-
Seite 200
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 T o p Virus Destinations over IMAP by Date T op Virus Destinations over IMAP T o p Virus Destinations over IMAP by Month T o p Virus Destinations over IMAP T o p Infected File Extensions over POP3 by Month T o p[...]
-
Seite 201
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 189 The following report s were removed: • T op Virus Agent s by Virus Name • T op Virus Rece ivers over HTTP The following repor ts are unchanged : • T op Viruses • T op Infected Files Webfilter Activity [...]
-
Seite 202
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Antispam Activity The following table expla ins what Antisp am Activity report s have changed and what they were changed to in FortiAnalyze r 3.0 MR7. Web Hit s for each S tatus by Day of Wee k T otal Hits per S[...]
-
Seite 203
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 191 The following report s are unchanged: • T op S p am Sources • T op S pam Destinations The following report s were removed: • T op S pamm ers Senders by Date • T op S pammer s by Month • T op S pammer[...]
-
Seite 204
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 VoIP reports The following table cont ains the new V oIP reports that are availa ble in FortiAnalyzer 3.0 MR7. T o p Blocked Remote IM Users by Month T o p Blocked Remote IM Users T o p Local IM Users by Date T [...]
-
Seite 205
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 193 Content Activity The following t able explains what Content Activity reports have changed and what they were changed to in FortiAnalyzer 3.0 MR7. T op Blocke d SCCP Callers by Day of Week T op Blocke d SCCP Ca[...]
-
Seite 206
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Network Activity The following table expla ins what Network Activity reports have changed a nd what they were changed to in FortiAn alyzer 3.0 MR7. T able 16: Content Activity report s MR6 reports MR7 reports Un[...]
-
Seite 207
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 195 The following report s are unchanged: • T raffic V olume by Direction • T op Denied Policies • T op Denied Services • T op Denied Sources • T op Denied Destinations Web Activity The following t able [...]
-
Seite 208
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 The following report s were removed: • T op Web Pages (Hits) • T op Web Pages (Traf fic) • T op Web Client s (Browse T ime) • T op Web Users (Brows e T ime) Mail Activity The following table expla ins wh[...]
-
Seite 209
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 197 Terminal Activity The following table explains what T erm inal Activity re ports have change d and what they were changed to in FortiAnalyzer 3.0 MR7. VPN Activity The following t able explains what VPN Activi[...]
-
Seite 210
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Event Activity The following table expla ins what Event Ac tivity reports ha ve changed and what they were changed to in FortiAn alyzer 3.0 MR7. T able 22: VPN Ac tivity report s MR6 reports MR7 reports VPN T ra[...]
-
Seite 211
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiGate reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 199 The report, T op Event Categories by S tatus, was removed. P2P Activity The following t able explains what P2P Activity report s have changed and what they were changed to in FortiAnalyzer 3.0 MR7. T op Error [...]
-
Seite 212
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiGate reports Appendix: FortiAnalyzer reports in 3.0 MR7 Audit Activity The following report s for Audit Activity are unchanged but were moved to a new category in Fort iAnalyzer 3.0 MR7. • System Administration Summary – is now in the Event Act ivity category •[...]
-
Seite 213
Appendix: FortiAnalyzer reports in 3.0 MR7 Summary Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 201 Summary Report s The following t able explains what Summary repo rts have changed and wh at they were changed to in Fort iAnalyzer 3.0 MR7, including the category , if applicable, of where the re-named FortiAnal[...]
-
Seite 214
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 Forensic Reports Appendix: FortiAnalyzer reports in 3.0 MR7 • T op S pam Destina tions is now found in Ant iS pam Activity • T op S pam Sources is now found in the AntiS pam Activity Forensic Report s The following forensic report s explain what was changed for FortiA[...]
-
Seite 215
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 203 Summary The following t able explains what Summary Foren sic reports have cha nged and what they were changed to in FortiAnalyzer 3.0 MR7, including the category , if applicable, of where th e re-named FortiAn[...]
-
Seite 216
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiMail Reports Appendix: Fo rtiAnalyzer reports in 3.0 MR7 T o p Client IP by Hour of Day T o p Client IP T o p Client IP by Day of Week T o p Client IP T o p Client IP by Day of Month T op Client IP T o p Client IP by Week of Y ear T op Clien t IP T o p Client IP by M[...]
-
Seite 217
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 205 Mail Sender The following t able explains what Mail Sender report s have changed and what they were changed to in FortiAnalyzer 3.0 MR7. Virus by Month T op Virus System User by Date System User System User by[...]
-
Seite 218
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiMail Reports Appendix: Fo rtiAnalyzer reports in 3.0 MR7 Mail Recipient Activity The following table expla ins what Mail Re cipient Activity reports ha ve changed and what they were chan ged to in FortiAnalyze r 3.0 MR7. Mail Destination IP The following table expla [...]
-
Seite 219
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 207 Spam Sender The following t able explains what S pam Sender report s have changed and wha t they were changed to in FortiAnalyzer 3.0 MR7. T able 32: Mail Destination IP report s MR6 reports MR7 reports T op M[...]
-
Seite 220
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiMail Reports Appendix: Fo rtiAnalyzer reports in 3.0 MR7 Spam Recipient The followin g table explains what S pam Recipient reports have ch anged and w hat they were changed to in FortiAn alyzer 3.0 MR7. T o p Local S pam Sender by Month T op L ocal S pam Sender T o p[...]
-
Seite 221
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 209 Spam Destination IP The following t able explains what S pam Destination IP report s have changed and what they were changed to in FortiAnalyzer 3.0 MR7. Virus Sender The following t able explains what V irus [...]
-
Seite 222
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiMail Reports Appendix: Fo rtiAnalyzer reports in 3.0 MR7 T able 36: Virus Sen der reports MR6 reports MR7 reports T o p Virus Sender by Date T op Virus Sender T o p Virus Sender by Hour of Day T o p Virus Sender T o p Virus Sender by Day of W eek T op Virus Sender T [...]
-
Seite 223
Appendix: FortiAnalyzer reports in 3.0 MR7 FortiMail Reports FortiAnalyzer Version 3.0 MR7 Administration Guide 005-30007-0082-2008 0908 21 1 Virus Recipient The following t able explains what V irus Recipient reports have changed an d what they were changed to in FortiAnalyzer 3.0 MR7. T op Remote Virus Sender by Week of Y ear T op Remote Virus Se[...]
-
Seite 224
FortiAnalyzer Ve rsion 3.0 MR7 Administrati on Guide 005-30007-0082-200809 08 FortiClient Reports Appendix: FortiAnalyzer reports in 3.0 MR7 Virus Destination IP The following table expla ins what Virus Destin ation IP reports have changed and what they were changed to in FortiAnalyze r 3.0 MR7. FortiClient Report s The following FortiClient re por[...]
-
Seite 225
Index FortiAnalyzer Ve rsion 3.0 MR7 Admi nistration Guide 05-30007-0082-2008090 8 213 Index A access adminis trative ports 46 profile, administrator 4 8, 50 access privileges 19 accounts administrator 48 share users 53 Active Directory. See LDAP ActiveX. See web filtering adding tabs 27 admin access 46 authentication 51 disconnect 52 idle timeout [...]
-
Seite 226
FortiAnalyzer Version 3.0 MR7 Administration Guide 214 05-30007-0082-200809 08 Index deleting tabs 27 denial of service (DoS) 158 device add 80 alerts 133 blocked 77, 79, 86 group 88 HA See also high availabi lity (HA) 76, 82 license 31, 76 maximum allowed 76 permissions 73, 74, 82, 8 3 registration and reports 79, 91, 114, 131 unregistered 77, 79,[...]
-
Seite 227
Index FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 215 Fortinet MIB 138 Fortinet Technical Support 11 , 138 FTP content archive 107 upload to 105, 155 G gateway 47 gid 54 Global Configu ration 20 group device 83 , 88 share users 54 group ID (gid) 161 Group Policy Object Editor 159 gzip 96, 97, 104, 10 5, 147, 153, 1 55[...]
-
Seite 228
FortiAnalyzer Version 3.0 MR7 Administration Guide 216 05-30007-0082-200809 08 Index M mail server 135 Main Menu 20 managing firmware backing up configuration using the CLI 170 backing up configuration usin g web-based manag- er 170 backing up log files 17 0 downgrading to FortiLog 1.6 177 downgrading to FortiLog 1.6 using the CLI 178 patch release[...]
-
Seite 229
Index FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 217 SFTP 105, 155 SNMP 73 SOAP 46 SSH 46, 58, 160 telnet 46 TFTP 180 UDP 47, 85 VoIP 107 PSK 75 See also IPSec VPN tunnel Q quarantine 131 duplicate count 132 from device 73 ticket number 131 quota. See disk space R RADIUS 49, 51 RAID 62, 64 hot swap 64 status 3 2 raid[...]
-
Seite 230
FortiAnalyzer Version 3.0 MR7 Administration Guide 218 05-30007-0082-200809 08 Index sniffer 141, 144 See also network an alyzer SNMP 73 manager 138 MIB 138 server, test 137 traps 136 SOAP 46 span port 141 SSH 46, 160 See also protocol stop logging 82 string file 126 striping 63 See also RAID subject 165 subnet 47, 85, 102, 152 subscription service[...]
-
Seite 231
Index FortiAnalyzer Version 3.0 MR7 Administration Guide 05-30007-0082-20080 908 219 registered device’s hard limits 15 report configuration enhance ments 16 voip reports 17 Windows AD. See LDAP Windows shares 53, 5 4 X XML. See WEBSERVICES[...]
-
Seite 232
FortiAnalyzer Version 3.0 MR7 Administration Guide 220 05-30007-0082-200809 08 Index[...]
-
Seite 233
www.fortinet.com[...]
-
Seite 234
www.fortinet.com[...]