FortiAnalyzer Version 3.0 MR7 Administration Guide
84
05-30007-0082-20080908
Manually adding a device
Device
To classify network interfaces and VLAN subinterfaces of a FortiGate unit
1
Go to
Device
>
All
>
Device
.
2
Configure the FortiGate device.
For more information, see
“Manually adding a device” on page 80
.
3
Select the blue arrow to expand FortiGate Interface Specifications.
This area may be automatically pre-configured with default classifications. In this
case, verify that the network interface classifications match your network topology.
If no modification is necessary, select OK, and do not perform the following steps.
4
For each network interface, in Available Interfaces, enter the name of the network
interface as it appears in log messages, then select Add.
The name of each network interface appears in the Available Interfaces area.
5
For each network interface name in the Available Interfaces area, select the name
of the network interface, then either leave it in Available Interfaces (which results
in a class of None), or move it to the LAN, DMZ, or WAN area using the right arrow
for that class.
6
From Default type for interfaces not listed here, select None, LAN, WAN, or DMZ
to indicate the default class of any network interfaces that you have not manually
classified.
7
Select OK.
Manually adding a FortiGate unit using the Fortinet Discovery Protocol (FDP)
If you configure the FortiAnalyzer unit to respond to Fortinet Discovery Protocol
(FDP) packets, FortiGate units running FortiOS version 3.0 or greater can use
FDP to locate a FortiAnalyzer unit. To use FDP, both units must be on the same
subnet, and they must be able to connect using UDP.
When a FortiGate administrator selects Automatic Discovery, the FortiGate unit
sends FDP packets to locate FortiAnalyzer units on the same subnet. If FDP has
been enabled for its interface to that subnet, the FortiAnalyzer unit will respond.
Upon receiving an FDP response, the FortiGate unit knows the IP address of the
FortiAnalyzer unit, and the administrator can configure the FortiGate unit to begin
sending log, content archive, and/or quarantine data to that IP address. When the
FortiGate unit attempts to send data to the FortiAnalyzer unit, the FortiAnalyzer
unit detects the connection attempt.
Connection attempts from devices not registered with the FortiAnalyzer unit’s
device list may not be automatically accepted. In this case, you may need to
manually add the device to the device list. For more information, see
“Configuring
unregistered device connection attempt handling” on page 79
.
For a diagram of traffic types, ports and protocols that FortiAnalyzer units use to
communicate with other devices and services, see the Knowledge Center article
Traffic Types and TCP/UDP Ports used by Fortinet Products
.
Note:
Due to the nature of connectivity for certain high availability (HA) modes, full content
archiving and quarantining may not be available for FortiGate units in an HA cluster. For
more information, see the
FortiGate HA Overview
.
Unregistered Device Options apply to all device types attempting to connect, not just
FortiGate units.
Summary of Contents for FortiAnalyzer 3.0 MR7
Page 1: ...www fortinet com FortiAnalyzer Version 3 0 MR7 A D M I N I S T R A T I O N G U I D E...
Page 150: ...FortiAnalyzer Version 3 0 MR7 Administration Guide 142 05 30007 0082 20080908 Output Alert...
Page 232: ...FortiAnalyzer Version 3 0 MR7 Administration Guide 220 05 30007 0082 20080908 Index...
Page 233: ...www fortinet com...
Page 234: ...www fortinet com...