Quarantine
Configuring quarantine settings
FortiAnalyzer Version 3.0 MR3 Administration Guide
05-30003-0082-20060925
95
Quarantine
The FortiAnalyzer unit provides a repository for files quarantined by a FortiGate
unit. These files are considered a threat to the network, suspicious or of a
questionable nature. You can use the FortiAnalyzer quarantine support as a
central management location for all suspicious files under quarantine.The
communication between the two units is the same IPSec tunnel a FortiGate unit
uses when sending log files.
This section describes how to configure the FortiAnalyzer unit to receive these
quarantined files and view them on the FortiAnalyzer hard disk.
For details on configuring the FortiGate unit to send quarantined files to the
FortiAnalyzer unit, see the
FortiGate Administration Guide
.
This section includes the following topics:
•
Configuring quarantine settings
•
Viewing the quarantined files list
Configuring quarantine settings
Configure the quarantine settings to define the amount of hard disk space
allocated on the FortiAnalyzer unit for suspicious files.
To set the quarantine options, go to
Quarantine
>
Config
, and enter the amount
of disk space to allocate for storing quarantine files sent from the FortiGate units.
The FortiAnalyzer unit divides the amount of disk space you allocated for files
evenly between all registered FortiGate devices. For example, if you allocate 500
MB to quarantine files and you have five registered FortiGate units, each
FortiGate unit has 100 MB of space available for quarantined files. If you add
another FortiGate unit, each FortiGate unit will have less space available because
the allocated amount is now divided between more units.
The amount of disk space for quarantine files is allotted from the total disk space
allocated for the device. For example, if you allocate 500 MB for a FortiGate unit,
and 100 MB is allocated for quarantined files, the total space available for log files
is 400MB. For details see
“Adding a FortiGate unit” on page 68
.
Note:
Sending quarantine files to the FortiAnalyzer unit is only available on FortiGate units
running FortiOS 3.0.
Note:
The FortiAnalyzer unit is simply a recipient, or holding place of quarantined files from
the FortiGate unit. You need to configure the action the FortiGate unit performs when the
allocated disk space is filled with quarantined files. You can choose to overwrite older files
or drop the new quarantine files. For details on configuring the quarantine options, see the
FortiGate Administration Guide
.
Summary of Contents for FortiAnalyzer-100A
Page 1: ...www fortinet com FortiAnalyzer Version 3 0 MR3 A D M I N I S T R A T I O N G U I D E...
Page 10: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 10 05 30003 0082 20060925 Contents...
Page 88: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 88 05 30003 0082 20060925 Log rolling Logs...
Page 138: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 138 05 30003 0082 20060925 Output Alerts...
Page 161: ...www fortinet com...
Page 162: ...www fortinet com...