manualshive.com logo in svg

Fortinet FortiRecorder 400D, Administration Manual

Share
Download
Fortinet FortiRecorder 400D Administration Manual Download Page 118

Page 118

Fine-tuning & best practices

This topic is a collection of fine-tuning and best practice tips and guidelines to help you 
configure your FortiRecorder appliances for the most secure and reliable operation.

While many features are optional or flexible such that they can be used in many ways, some 
practices are generally a good idea because they reduce complication, risk, or potential issues.

Hardening security 

FortiRecorder NVRs are designed to manage IP cameras and store video. While FortiRecorder 
does have some security features, its primary focus is surveillance. It always should be 
protected by a network firewall, and physically kept in a restricted access area.

Should you wish to protect the appliance from accidental or malicious misuse from people 
within your private network, this section lists tips to further enhance security.

Topology

• To protect your surveillance system from hackers and unauthorized network access, install 

the FortiRecorder appliance and cameras behind a network firewall such as a FortiGate. 

yec hNatecIacfhofne frfihcagrvvl

 FortiRecorder appliances are designed specifically to 

manage cameras and store video.

• If remote cameras or people will be accessing the appliance via the Internet, through a 

virtual IP or port forward on your router or FortiGate, configure your router or firewall to 
restrict access, allowing only their IP addresses. Require firewall authentication for 
connections from network administrators and security guards.

• Make sure traffic cannot bypass the FortiRecorder appliance in a complex network 

environment, accessing the cameras directly. 

• If remote access while travelling or at home is not necessary, do not configure 

“Configuring 

system timeout, ports, and public access”

, and do not configure your Internet firewall to 

forward traffic to FortiRecorder. If you do require remote access, be sure to apply strict 
firewall policies to the connection, and harden all accounts and administrative access (see 

“Administrator access”

 and 

“Operator access”

) as well as keeping the FortiRecorder 

software up-to-date (see 

“Patches”

).

• Disable all network interfaces that should not receive any traffic.

This section includes 

only

 recommendations that apply to a combination of multiple features, to 

the entire appliance, or to your overall network environment.
For feature-specific recommendations, see the tips in each feature’s instructions.

Summary of Contents for FortiRecorder 400D

Page 1: ...FortiRecorder 2 4 2 Administration Guide...

Page 2: ...Fortinet s General Counsel with a purchaser that expressly warrants that the identified product will perform according to certain expressly identified performance metrics and in such event only the sp...

Page 3: ...ity 11 Client Performance 12 GUI and CLI 13 NVR configuration 14 Connecting to FortiRecorder web UI 14 Connecting to FortiRecorder CLI 15 Basic NVR configuration 17 Setting the admin account password...

Page 4: ...ADIUS authentication 66 Notifications 68 Notification configuration workflow 68 Configuring FortiRecorder to send notification email 68 Configuring FortiRecorder to send SMS messages 70 Configuring ca...

Page 5: ...certificate from Microsoft Windows 2003 Server 108 Revoking certificates 109 Revoking certificates by OCSP query 109 Updating the firmware 111 Installing NVR firmware 111 Installing alternate firmwar...

Page 6: ...Unauthorized DHCP clients or DHCP pool exhaustion 134 Establishing IP sessions 134 Resolving IP address conflicts 136 Packet capture 137 Resource issues 142 Data storage issues 143 Resetting the conf...

Page 7: ...management for configuring your cameras recording your video feeds viewing recordings and live video feeds Camera support The FortiRecorder NVR supports FortiCam series cameras from Fortinet and third...

Page 8: ...ario since the NVR can automatically discover the cameras Routed network deployments If there are routers between the cameras and the NVR the routers must be configured to allow mDNS multicast packets...

Page 9: ...View live video Motion detection will record a video clip up to about 40 seconds long each time the camera s sensor detects movement In contrast continuous video records for the entire duration of th...

Page 10: ...rate mode means the bandwidth used by the camera will stay relatively constant regardless of what the camera is seeing The constant bit rate mode is therefore more predictable in deployments where ba...

Page 11: ...meters to demonstrate the video retention period FortiRecorder 100D has a built in 1 TB hard drive and it can connect up to 16 cameras We configure 16 cameras with 1280 x 720 resolution using 30 FPS w...

Page 12: ...after installation to achieve the desired balance between quality and bandwidth Client Performance If you need to display 8 or more camera live views you may need to configure the second camera strea...

Page 13: ...of live views reduce the resolution quality and or frames per second of the second video streams Ten FPS is a good general setting for live views which provides a reasonable frame rate for the live vi...

Page 14: ...Time 7 7 9 QuickTime typical install does not install the web plugin by default You have to use custom install and select the web plugin Starting from FortiRecorder version 2 4 HTML5 is supported On m...

Page 15: ...these two ways a local serial console connection an SSH connection either local or through the network To connect to the CLI using a local serial console connection you must have a computer with a se...

Page 16: ...ord for this account To connect to the CLI using an SSH connection 1 On your management computer configure the Ethernet port with the static IP address 192 168 1 2 with a netmask of 255 255 255 0 2 Us...

Page 17: ...count password Configuring the network settings Configuring the DHCP server Setting the system time Setting the admin account password The default administrator account named admin initially has no pa...

Page 18: ...ount 2 Go to System Network Interface 3 Double click the row to select the physical network interface that you want to modify 4 If you want to manually assign an IP address and subnet mask to this net...

Page 19: ...ng system timeout ports and public access To upload a certificate see Replacing the default certificate for the web UI PING Enable to allow ICMP type 8 ECHO_REQUEST UDP ports 33434 to 33534 for ping a...

Page 20: ...can be intercepted by a third party If possible enable this option only for network interfaces connected to a trusted private network or directly to your management computer Failure to restrict admini...

Page 21: ...ation IP netmask Type the destination IP address and network mask of packets that will be subject to this static route separated by a slash The value 0 0 0 0 0 results in a default route which matches...

Page 22: ...therwise rule out problems at the physical network and transport layer If these tests succeed a route exists but you cannot connect using HTTP or HTTPS an application layer problem is preventing conne...

Page 23: ...192 0 43 10 57 243 ms 57 146 ms 57 001 ms If the DNS query fails you will see an error message such as www fortinet com Temporary failure in name resolution Cannot handle host cmdline arg www fortinet...

Page 24: ...er 1 and DNS server 2 DNS server 1 Type the IP address of a DNS server that DHCP clients can use to resolve domain names For performance reasons if you have one it is preferable to use a DNS server on...

Page 25: ...f your network is smaller or typically has low latency to ping replies you can safely decrease this setting s value to improve DHCP speed and performance In most cases 3 seconds is enough Lease time S...

Page 26: ...led NTP and the NTP query for the current time succeeds the new clock time should appear in System time If the query reply is slow DHCP Excluded Range To configure IPs that should be omitted from the...

Page 27: ...r NTP server IP or name routing and that your firewalls or routers do not block or proxy UDP port 123 See also Connectivity issues NTP on FortiRecorder complies with RFC 5905 If the current system tim...

Page 28: ...configuring camera settings under Camera Configuration Camera schedules are used to specify when to use different camera settings such as DNR level brightness contrast saturation and sharpness For det...

Page 29: ...remote access connecting from a home or a branch office through the Internet to your FortiRecorder NVR for either using the web UI or snapshot notification video clips while you are out of the office...

Page 30: ...s VLANs use ID tags to logically separate devices on a network into smaller broadcast domains These smaller domains forward packets only to devices that are part of that VLAN domain This reduces traff...

Page 31: ...t is not monitored by HA When a physical interface is included in a redundant interface it is not listed on the System Network Interface page You cannot configure the interface anymore Aggregate inter...

Page 32: ...ion should start When a log file reaches either the age or size limit the FortiRecorder appliance rotates the current log file that is it renames the current log file elog log with a file name indicat...

Page 33: ...Log severity levels Caution Avoid recording log messages using low severity thresholds such as Information or Notification to the local hard disk for an extended period of time A low log severity thr...

Page 34: ...ifications such as motion detection For this kind of video related notifications see Notifications 4 Click Create 5 Go to Logs and Alerts Alert Email Categories Mark the check boxes of all appliance e...

Page 35: ...NVR configuration Page 35 FortiRecorder 2 4 2 Administration Guide...

Page 36: ...tails see Configuring camera profiles 3 Connect the camera to the NVR FortiRecorder NVR can discover the connected cameras automatically and display them under Camera Configuration Camera with Status...

Page 37: ...lot where small details like faces and license plates could be important Note Resolution greatly impacts performance bandwidth and the rate at which disk space is consumed See Video performance Frame...

Page 38: ...duration of the schedule regardless of movement or any other triggers Motion detection records a video clip up to about 40 seconds long each time the camera s sensor detects movement Digital input rec...

Page 39: ...when it exceeds a maximum age This option appears if you have configured network storage see External storage If you choose to delete old video also configure the maximum amount of time to keep video...

Page 40: ...would supply power to the cameras and through it the cameras would be able to access the DHCP server For information about FortiRecorder DHCP server configuration see Configuring the DHCP server on pa...

Page 41: ...1 or greater plug in installed for your web browsers At the camera s location on the network power over Ethernet PoE This could be provided by a FortiSwitch 80 PoE or perhaps your ISP s cable modem I...

Page 42: ...ort1to a PoE switch Do ne connect the camera to the switch at this stage 3 On your PC open a web browser and connect to https 192 168 1 99 Log in to the admin administrator account with Name admin and...

Page 43: ...a to the PoE switch now Make sure to enable it If you connect the camera to the switch before you have configured and enabled the DHCP server on FortiRecorder the camera will use its default IP addres...

Page 44: ...o change the settings But if you are adding a remote camera or adding a new camera before connecting it to FortiRecorder you must specify all the camera settings 1 Go to Camera Configuration Camera Fo...

Page 45: ...FortiRecorder NVR will not connect to the camera s DHCP address Instead the NVR will connect through the static external usually public network IP address and port numbers called a virtual IP or VIP...

Page 46: ...munication to be secure encrypted you can use HTTPS tunnelling The tunnel is between the camera and the NVR Profile Select the camera profile that indicates the recording schedule video quality and ot...

Page 47: ...ur cameras with a static IP or configure your DHCP server with lease reservations see Configuring the DHCP server Without reservations the IP address provided by the DHCP server may appear to work ini...

Page 48: ...with a thick white border will appear over the preview image indicating the area that will be monitored for movement To resize it to your intended area click and drag the edges of the rectangle To mo...

Page 49: ...area click the plus sign again For audio detection and DIDO configure the following settings Setting name Description Audio Sensitivity If the camera supports audio surveillance specify the sensitivit...

Page 50: ...ital output DO can be configured to either be grounded or open when in the triggered state When not triggered it will be in the opposite state For example if opening a door causes a sensor switch to o...

Page 51: ...stem Status Console and enter the command execute ping camera_ipv4 where camera_ipv4 is the camera s IP address or virtual IP port forward If you receive messages such as Timeout to locate the point o...

Page 52: ...nistration Guide 13 If desired you can specify different camera settings such as brightness and contrast for the camera to use as different times For details see Configuring schedules on page 28 See a...

Page 53: ...rder NVR or camera configuration reducing risk of accidental misconfiguration Viewer Suited to a security guard Only assigned live camera feeds It cannot view previous recordings and therefore cannot...

Page 54: ...allowed to access and when users are allowed to access the cameras The user profiles will be used in the user settings you need to configure in the next step For details about configuring camera group...

Page 55: ...rder see Configuring FortiRecorder to send notification email If you do not know the email address and cannot provide it don t worry The person still will be able to view camera related notifications...

Page 56: ...nimize the security risk For information on administrative access protocols see NVR configuration Tip For improved security restrict all trusted host addresses to single IP addresses of computer s fro...

Page 57: ...reating an administrator account you can specify an access profile to grant the account certain access privileges To configure an access profile go to System Administrator Access Profile The administr...

Page 58: ...or by querying the accounts stored locally in the FortiRecorder appliance s configuration Also configure RADIUS profile and Check permission attribute on RADIUS server LDAP Authenticate by querying a...

Page 59: ...rator Some RADIUS servers already include the Fortinet vendor ID and subtype ID in their default dictionaries In this case no server side configuration is necessary Otherwise you must configure your s...

Page 60: ...his attribute value pair FortiRecorder will use whichever permissions you defined locally for the account in Type If the packet does not contain the attribute value pair and you have not configured Ty...

Page 61: ...ive Directory server if any that can be queried if the primary server fails to respond according to the threshold configured in Timeout on page 64 Port Type the port number on which the authentication...

Page 62: ...ple dc example dc com User objects should be child nodes of this location Bind DN Enter the bind DN such as cn FortiRecorderA dc example dc com of an LDAP user account with permissions to query the Ba...

Page 63: ...r to dereference attributes whose values are references Never Do not dereference Always Always dereference Search Dereference only when searching Find Dereference only when finding the base search obj...

Page 64: ...es the user s email address for notifications SMS profile attribute This attribute specifies which SMS profile the user will use The SMS profile attribute must match the name of the profile configured...

Page 65: ...y between when you update LDAP directory information and when the FortiRecorder appliance begins using that new information but also has the benefit of reducing the amount of LDAP network traffic asso...

Page 66: ...ile attempts to authenticate Server port Type the port number on which the authentication server listens for queries The IANA standard port number for RADIUS is 1812 Protocol Select which authenticati...

Page 67: ...User management Page 67 FortiRecorder 2 4 2 Administration Guide See also NVR configuration Connectivity issues Login issues...

Page 68: ...ortiRecorder to send notification email 2 Configure the SMS server settings so that FortiRecorder can send out SMS messages See Configuring FortiRecorder to send SMS messages 3 Configure the camera se...

Page 69: ...are not displayed For example if the host name is FortiRecorder1234567890 the CLI prompt would be FortiRecorder123 Mail server name Type the fully qualified domain name FQDN of your SMTP server such a...

Page 70: ...ation methods AUTO Automatically detect and use the most secure SMTP authentication type supported by the email server PLAIN Provides an unencrypted scrambled password LOGIN Provides an unencrypted sc...

Page 71: ...RL the HTTP or HTTPS URL to contact to send SMS messages for example https myprovider com sendsms HTTP method either Get or Post HTTP S Parameters configure all the parameters and values required by t...

Page 72: ...sole and enter the CLI command execute traceroute syslog_ipv4 where syslog_ipv4 is the IPv4 address of your email server If that connectivity succeeds verify that your alert email has not been classif...

Page 73: ...e cameras Watching live video feeds Once the cameras are connected and configured administrators can use the web UI to view live video feeds from the cameras Administrators will use the surveillance s...

Page 74: ...e right to expand the image adjustment control panels 3 If you logged in as an administrator on the right pane in the Selection area choose which cameras you want to view 4 If you logged in using a no...

Page 75: ...he beginning of the code is the IP of the FortiRecorder The attribute ID is the name of the camera as defined on the FRC The attribute dimensions should match the size of the iframe The username and p...

Page 76: ...picture 4 Enter the necessary FTP information 5 Add the camera group you wish the user to view by selecting the group from the Camera Group List and then selecting the right arrow button 6 Select OK W...

Page 77: ...arker and click Insert Marker the camera will start to record Red A motion detection based recording that was not initiated by schedule A white blank space means there is no recording at that period o...

Page 78: ...This applies to files stored locally remotely and downloaded Quality of previously recorded video depends on the camera s settings in Configuring video profiles on page 36 Click the Lock button to loc...

Page 79: ...ipients can quickly assess whether or not the event is serious or just a false alarm Occasionally as an administrator you may sometimes be required to review these notifications if for example the usu...

Page 80: ...ideo monitoring Page 80 FortiRecorder 2 4 2 Administration Guide 4 To view a video clip from the notification click its key frame image The notification window will be replaced with a video clip playe...

Page 81: ...der videos to an external location Configuring RAID levels FortiRecorder 400D model comes with two pre installed hard drives in its four HDD bays and supports software RAID This means that you can add...

Page 82: ...t the bay into the unit 4 Go to System Storage Local Storage 5 Click Refresh 6 The newly added disk will appear under Drives 7 Add the disk to an array 8 Click Refresh again The new array will appear...

Page 83: ...will be automatically added to the array if one of the hard disks in the array fails The FortiRecorder unit rebuilds the RAID array with the new hard disk Time required varies by the size of the arra...

Page 84: ...dia External USB External USB device iSCSI Server An iSCSI Internet Small Computer System Interface server NFS A network file system NFS server Note Support for NFS varies Many Linux based NAS solutio...

Page 85: ...ry where the FortiRecorder appliance will store the data This setting appears only if Protocol is NFS Note Do not use special characters such as a tilde This will cause the storage to fail Encryption...

Page 86: ...this way you can use an SNMP manager to monitor the FortiRecorder appliance Before you can use SNMP you must activate the FortiRecorder appliance s SNMP agent and add it as a member of at least one co...

Page 87: ...erscores _ Contact Type the contact information for the administrator or other person responsible for this FortiRecorder appliance such as a phone number 555 5555 or name jdoe The contact information...

Page 88: ...can also add the IP addresses of up to 8 SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiRecorder appliance To add an SNMP...

Page 89: ...ach port number 161 by default on which the FortiRecorder appliance listens for SNMP queries from the SNMP managers in this community then enable it Port numbers vary by SNMP v1 and SNMP v2c Traps Typ...

Page 90: ...via the web UI 3 Under User click New A dialog appears 4 Configure these settings Setting name Description User name Type the name of the SNMP user This must match the name of the account as it is co...

Page 91: ...d MIBs used by the SNMP agent are already compiled into your SNMP manager you do not have to compile them again To view a trap or query s name object identifier OID and description open its MIB file i...

Page 92: ...e log messages to its memory or to a remote location such as a Syslog server or FortiAnalyzer appliance For more information see Configuring logging See also Log types Log severity levels Log types Ea...

Page 93: ...downloaded log file indicates its contents To view log messages 1 Go to either Monitor Log Viewer Event to view event logs about the appliance itself or Monitor Log Viewer Camera to view logs about c...

Page 94: ...ing log columns rows The index number of the log message within the log file not the order of rows in the web UI By default the rows are sorted by timestamp in descending order the same as they are wi...

Page 95: ...h column 4 Select which columns to hide or display Subtype The category of the log message such as admin for events such as authentication or configuration changes or system for events such as disk co...

Page 96: ...y persist when changing pages nor from session to session If you want to keep the settings you must click Save View See also Logging Searching logs About logs Downloading log messages You can download...

Page 97: ...rd may appear in any of the fields of the log message e g Action and or Message in any part of that field s value If entering multiple words they must occur uninterrupted in that exact order For examp...

Page 98: ...f your cameras have recorded a crime or other incident you may need to provide the video clip to the police or other authorities Your FortiRecorder NVR uses the mp4 file format with the H 264 video co...

Page 99: ...L terminator during the handshake When you connect to the web UI via HTTPS your FortiRecorder appliance is the SSL terminator matrwoafoatwch ufoa hnbofTwo frbcaaPf dafcaowv fIasanIof e dfenf daf rssvh...

Page 100: ...DH RSA DES CBC SHA 40 bit 56 bit RC4 SHA 128 bit RC4 MD5 40 bit 128 bit SEED SHA 128 bit AES 256 and SHA 1 are preferable Generally speaking for security reasons avoid using SSL 2 0 TLS 1 0 Older hash...

Page 101: ...ate to replace the certificate with one that is signed by your own CA so that it will be trusted Thereafter a security alert will only occur if the certificate expires your CA revokes the certificate...

Page 102: ...liance to use a certificate click its row to select it then click this button A confirmation dialog will appear asking if you want to use it as the default currently in use certificate Click OK The St...

Page 103: ...the FortiRecorder appliance Host IP Select if the FortiRecorder appliance has a static IP address and enter the public IP address of the FortiRecorder appliance in the IP field If the FortiRecorder a...

Page 104: ...h as admin example com This option appears only if ID Type is E Mail Key type Displays the type of algorithm used to generate the key This option cannot be changed but appears in order to indicate tha...

Page 105: ...ce If you do not install these those computers may not trust your new certificate 10 When you receive the signed certificate from the CA upload the certificate to the FortiRecorder appliance see Uploa...

Page 106: ...ings Setting name Description Type Select the type of certificate file to upload either Local Certificate An unencrypted certificate in PEM format Certificate An unencrypted certificate in PEM format...

Page 107: ...rusted shared root CA that they have in common Like a direct signature by a known CA this proves that the certificate can be trusted For more information on how to include a signing chain see Uploadin...

Page 108: ...e same cipher suites and SSL TLS protocols Also verify that your routers and firewalls are configured to allow the connection See also Revoking certificates User management Example Downloading the CA...

Page 109: ...CA To upload a CRL file 1 Go to System Certificate Certificate Revocation List 2 Click Import 3 In Certificate name type the name of the certificate as it will be referred to in the appliance s config...

Page 110: ...sted OCSP CRL servers To view or upload a remote certificate 1 From your OCSP CRL server download its server certificate 2 Go to System Certificate Remote 3 Click Import 4 In Certificate name type the...

Page 111: ...ing NVR firmware You can use either the web UI or the CLI to upgrade or downgrade the appliance s operating system Firmware changes are either an update to a newer version a reversion to an earlier ve...

Page 112: ...couple minutes until the appliance becomes available again 7 Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all interface changes For d...

Page 113: ...tftpd Windows Mac OS X or Linux on your management computer 7 Verify that the TFTP server is currently running and that the FortiRecorder appliance can reach the TFTP server To use the FortiRecorder C...

Page 114: ...e FortiRecorder appliance directly or to the same subnet as a TFTP server 5 Initiate a connection from your management computer to the CLI of the FortiRecorder appliance and log in as the admin admini...

Page 115: ...er The following message appears Enter local address 192 168 1 188 13 Type a temporary IP address that can be used by the FortiRecorder appliance to connect to the TFTP server The following message ap...

Page 116: ...owing messages appears G Get firmware image from TFTP server F Format boot device B Boot with backup firmware and set as default Q Quit menu and continue to boot with default firmware H Display this l...

Page 117: ...downloaded firmware images After the firmware is successfully uploaded the Availability column will show Local 5 Go to Camera Configuration Camera 6 Select the camera that you want to upgrade downgrad...

Page 118: ...s are designed specifically to manage cameras and store video If remote cameras or people will be accessing the appliance via the Internet through a virtual IP or port forward on your router or FortiG...

Page 119: ...ernal hosts On those computers that you have designated for management apply strict patch and security policies Always password encrypt any FortiRecorder configuration backup that you download to thos...

Page 120: ...is connected to port2 and cameras are connected to port3 you would disable bring down port4 This would prevent an attacker with physical access from connecting a cable to port4 and thereby gaining ac...

Page 121: ...w efficiently a specific raw stream can be compressed higher resolutions can multiply the bandwidth and or disk space required per camera and per login session For example assuming a FortiCam 20A came...

Page 122: ...cause undue wear on the hard disk and may cause premature failure See Configuring logging Figure 9 Logs and Alerts Log Setting Local Log Settings Packet capture performance Packet capture can be usef...

Page 123: ...es This will ensure that you can rapidly restore your configuration exactly to its previous state if a change does not work as planned To back up the configuration 1 Log in to the web UI as the admin...

Page 124: ...rtiRecorder appliance restarts 5 To continue using the web UI if you have not changed the IP address and static routes of the web UI simply refresh the web page and log in again Otherwise to access th...

Page 125: ...can connect with your FortiRecorder but you cannot view video that is streamed or stored on FortiRecorder first check that you have installed software that can view live streams which use RTP and fil...

Page 126: ...pshot notification issues If you are not receiving any email after motion detection records a clip but you have configured camera notifications first verify that your FortiRecorder NVR s SMTP email se...

Page 127: ...troubleshoot connectivity between the appliance and your authentication server If routing exists but authentication still fails you can verify correct vendor specific attributes and other protocol sp...

Page 128: ...CLI rather then a network connection you may be experiencing bootup problems Contact Fortinet Technical Support Bringing up network interfaces If the network interface was disabled all connections wil...

Page 129: ...ull route as long as the routers can pass along the packet You must configure FortiRecorder with at least one static route that points to a router often a router that is the gateway to the Internet Yo...

Page 130: ...like systems and Windows you will need to allow both protocols inbound through your firewall UDP ports 33434 33534 and ICMP type 8 Some networks block ICMP packets because they can be used in a ping f...

Page 131: ...nation to minimize hops If the routing test fails and ping shows total packet loss verify cabling to eliminate loose connections continue to the next step In networks using features such as asymmetric...

Page 132: ...on both the camera temporarily the computer and FortiRecorder to locate the point of failure along the route the router hop or host at which the connection fails For example if it fails at the second...

Page 133: ...ally must be on the same IP subnet as the NVR and must not be impeded by firewalls or other network filtering If cameras are not on the same subnet you may still be able to facilitate discovery traffi...

Page 134: ...a lease execute dhcp clear lease New clients that were previously unable to get an IP address will obtain an IP address for the first time Returning clients s IP addresses may change as the built in...

Page 135: ...fresh GUI item Description Protocol The protocol of the session according to the protocol ID number field or for IPv6 next header in the IP header of the packets icmp 1 Due to the speed of ICMP messag...

Page 136: ...s you have accidentally configured a device with a static IP address that belongs to the DHCP pool 2 DHCP servers accidentally have pools in the same range of IP addresses and are each independently a...

Page 137: ...tcp port 80 or enter none for no filters Filters use tcpdump syntax packets_int is the number of packets the sniffer reads before stopping Packet capture output is printed to your CLI display until yo...

Page 138: ...0x0010 ac14 820f 08d8 a64e 0084 b75a 80e0 3dee N Z 0x0020 71b8 d617 38fa 3fd8 419b 5006 053c 99c1 q 8 A P 0x0030 e961 93bc 21c9 3197 a030 a709 76dc 0ed8 a 1 0 v 0x0040 98f8 ceef 6afb e7f2 7773 98e1 5e...

Page 139: ...d8d2 0000 0000 a002 B f 0x0030 16d0 4f72 0000 0204 05b4 0402 080a 03ab Or 0x0040 86bb 0000 0000 0103 0303 Instead of reading packet capture output directly in your CLI display you usually should save...

Page 140: ...ent computer start PuTTY 2 Use PuTTY to connect to the FortiRecorder appliance using either a local console SSH or Telnet connection 3 Type the packet capture command such as diag sniffer packet port1...

Page 141: ...ereal using the fgt2eth pl Perl script To download fgt2eth pl see the Fortinet Knowledge Base article Using the FortiOS built in packet sniffer To use fgt2eth pl open a command prompt then enter a com...

Page 142: ...ation Figure 11 Viewing sniffer output in Wireshark For additional information on packet capture see the Fortinet Knowledge Base article Using the FortiOS built in packet sniffer Resource issues If th...

Page 143: ...e Mounted on none 180M 104M 77M 58 none 0 0 0 proc none 0 0 0 sys none 0 0 0 dev pts none 10M 32K 10M 1 dev shm dev sdb1 284M 54M 230M 19 data dev sda2 92G 333M 87G 1 var log dev sda3 824G 118G 665G 1...

Page 144: ...ures that were current at the time that the firmware image file was created Also restoring firmware can only be done during a boot interrupt before network connectivity is available and therefore requ...

Page 145: ...ver 8 Enter the following command to restart the FortiRecorder appliance execute reboot 9 As the FortiRecorder appliances starts a series of system startup messages appear Press any key to display con...

Page 146: ...erver and displays a message similar to the following Save as Default firmware Backup firmware Run image without saving D B R 16 Type D The FortiRecorder appliance downloads the firmware image file fr...

Page 147: ...d FortiCam equipment in a lab environment If you install the FortiRecorder NVR and FortiCam cameras in a dedicated network the topology of this scenario will also apply 1 Change your PC s IP address t...

Page 148: ...ers Page 148 FortiRecorder 2 4 2 Administration Guide 4 On the FortiRecorder web UI go to System Network DHCP and click New to create a new DHCP server on port1 Make sure to enable Make sure to select...

Page 149: ...mera to the PoE switch now Make sure to enable it If you connect the camera to the switch before you have configured and enabled the DHCP server on FortiRecorder the camera will use its default IP add...

Page 150: ...n this scenario you already have a DHCP server running in your existing network and you are installing the FortiRecorder NVR and FortiCam cameras in your network Note that the NVR will be using a stat...

Page 151: ...nfiguration Camera and click Discover After several seconds a list of discovered cameras should appear Newly discovered cameras will be highlighted in yellow and their Status column will contain Not C...

Page 152: ...e marker and click Insert Marker the camera will start to record Red A motion detection based recording that was not initiated by schedule A white blank space means there is no recording at that perio...

Page 153: ...SA 2048 bit signature to provide tamper protection This applies to files stored locally remotely and downloaded Quality of previously recorded video depends on the camera s video profile setting Click...

Page 154: ...following picture Figure 14 Inserted marker How to use DIDO terminal connectors on FortiCam MB13 cameras FortiCam MB13 FCM MB13 cameras come with Digital input and output DIDO terminal connectors Acco...

Page 155: ...er grounded or open when in the triggered state When not triggered it will be in the opposite state For example if opening a door causes a sensor switch to open then the switch could be wired between...

Page 156: ...stration Guide 3 Go to Camera Schedule and enable Digital input when you create a recording schedule The schedules will be used in camera profiles which will eventually be used by the camera settings...

Page 157: ...for backups restoration and firmware updates See commands such as execute backup or execute restore 80 HTTP Sending network settings and recording signals to cameras See Configuring video profiles 12...

Page 158: ...HTTPS administrative web UI access Only occurs if the destination address is a network interface s IP address See NVR configuration Dynamic UDP Receiving video from cameras RTP See Configuring video p...

Page 159: ...corder VM Cameras connected 16 64 Up to 1024 Controlled by licences See FortiRecorder VM Install Guide for details Routes 250 250 250 Administrator accounts 50 50 50 System interface 10 10 10 Routes 2...

Page 160: ...Maximum values Page 160 FortiRecorder 2 4 2 Administration Guide SNMP user hosts 16 16 16 Remote log servers 3 3 3 Motion detection windows 3 3 3 Privacy mask windows 3 3 3 Table 16 Maximum configurat...

Page 161: ...e middle 101 ping 19 attribute 31 66 ID 59 vendor specific 59 authentication 58 60 administrator 58 local 58 RADIUS 58 60 SNMP 90 authorization error 60 B backup 122 configuration 123 firmware 114 pas...

Page 162: ...connecting CLI 15 web UI 14 connection state 137 contact information SNMP 87 contrast 79 154 CPU usage 37 87 142 143 D dashboard 86 default administrator account 14 15 17 112 114 certificate 100 conf...

Page 163: ...overy of cameras 133 blocking FortiRecorder 130 157 firmware 111 alternate 114 downgrade 111 restore 144 update 111 flag IP 137 video 79 154 flip 47 48 forgotten password 127 format boot device 144 CI...

Page 164: ...25 26 47 134 link layer 138 status 128 Linux 78 98 153 live video 74 78 152 buffering 74 delay 126 performance 121 load traffic 143 local certificate 100 logs 93 location 44 log 31 about 92 camera 12...

Page 165: ...122 137 loss 130 132 partition 87 112 114 115 144 password 14 15 16 17 admin changing 127 administrator 55 backup 119 forgotten 127 LDAP bind 62 reset 127 SNMP 90 strength 55 strong 119 with certifica...

Page 166: ...66 2665 91 3721 84 5905 27 792 19 risk 56 RJ 45 14 15 root CA 105 107 directory 114 route asymmetric 131 dynamic 131 static 129 table 22 132 router 30 blocking FortiRecorder 157 hop 132 next hop 21 1...

Page 167: ...oute 19 22 129 130 157 tracert 22 130 132 transactions 137 transport layer 22 133 layer security TLS 107 trap 86 87 89 91 troubleshooting connectivity 22 DHCP 133 hardware 128 routing 132 video no lon...

Page 168: ...Index Page 168 FortiRecorder 2 4 2 Administration Guide X X 509 100 105...

Page 169: ......

Reviews:

No comments

Brands by name

Popular brands

Load more brands