manualshive.com logo in svg

Fortinet FortiRecorder 400D, Руководство администратора

Поделиться
Скачать
Fortinet FortiRecorder 400D Скачать руководство пользователя страница 107

Secure connections and certificates

Page 107

FortiRecorder 2.4.2 Administration Guide

4.

Click 

OK

.

5.

To use a certificate, click its row to select it, then click 

Set status

 to put it in force.

6.

If your web browser does not yet have your CA’s certificate installed, download it and add it 
to your web browser’s trust store so that it will be able to validate the appliance’s certificate 
(see 

“Uploading trusted CAs’ certificates”

).

Uploading trusted CAs’ certificates

In order to authenticate other devices’ certificates, FortiRecorder has a store of trusted CAs’ 
certificates. 

Until you upload at least one CA certificate, FortiRecorder does not know and 

trust any CAs, it cannot validate any other client or device’s certificate, and all of those 
secure connections will fail.

 

Certificate authorities (CAs) validate and sign others’ certificates. When FortiRecorder needs to 
know whether a client or device’s certificate is genuine, it will examine the CA’s signature, 
comparing it with the copy of the CA’s certificate that you have uploaded in order to determine if 
they were both made using the same private key. If they were, the CA’s signature is genuine, 
and therefore the client or device’s certificate is legitimate.

If the signing CA is not known, that CA’s own certificate must likewise be signed by one or more 
other intermediary CAs, until both the FortiRecorder appliance and the client or device can 
demonstrate a signing chain that ultimately leads to a mutually trusted (shared “root”) CA that 
they have in common. Like a direct signature by a known CA, this proves that the certificate can 
be trusted. For more information on how to include a signing chain, see 

“Uploading & selecting 

to use a certificate”

.

To upload a CA’s certificate

1.

Obtain a copy of your CA’s certificate file.

If you are using a commercial CA, your web browser should already contain a copy in its CA 
trust store. Export a copy of the file to your desktop or other folder.

If you are using your own private CA, download a copy from your CA’s server. See 

“Example: 

Downloading the CA’s certificate from Microsoft Windows 2003 Server”

.

2.

Go to 

System > Certificate > CA Certificate

.

To view the selected certificate’s issuer, subject, and range of dates within which the 
certificate is valid, click a certificate’s row to select it, then click 

View

.

3.

Click 

Import

.

A dialog appears.

4.

In 

Certificate name

, type a name for the certificate that can be referenced by other parts of 

the configuration. Do not use spaces or special characters. The maximum length is 35 
characters.

FortiRecorder may require you to upload certificates and CRLs even if you do not use HTTPS.

For example, when sending alert email via SMTPS, or querying an authentication server via 
LDAPS, FortiRecorder will validate the server’s certificate by comparing the server certificate’s 
CA signature with the certificates of CAs that are known and trusted by the FortiRecorder 
appliance.

Verify that your private CA’s certificate does not contain its private keys. Disclosure of private 
keys compromises the security of your network, and will require you to revoke and regenerate 
all certificates signed by that CA.

Содержание FortiRecorder 400D

Страница 1: ...FortiRecorder 2 4 2 Administration Guide...

Страница 2: ...Fortinet s General Counsel with a purchaser that expressly warrants that the identified product will perform according to certain expressly identified performance metrics and in such event only the sp...

Страница 3: ...ity 11 Client Performance 12 GUI and CLI 13 NVR configuration 14 Connecting to FortiRecorder web UI 14 Connecting to FortiRecorder CLI 15 Basic NVR configuration 17 Setting the admin account password...

Страница 4: ...ADIUS authentication 66 Notifications 68 Notification configuration workflow 68 Configuring FortiRecorder to send notification email 68 Configuring FortiRecorder to send SMS messages 70 Configuring ca...

Страница 5: ...certificate from Microsoft Windows 2003 Server 108 Revoking certificates 109 Revoking certificates by OCSP query 109 Updating the firmware 111 Installing NVR firmware 111 Installing alternate firmwar...

Страница 6: ...Unauthorized DHCP clients or DHCP pool exhaustion 134 Establishing IP sessions 134 Resolving IP address conflicts 136 Packet capture 137 Resource issues 142 Data storage issues 143 Resetting the conf...

Страница 7: ...management for configuring your cameras recording your video feeds viewing recordings and live video feeds Camera support The FortiRecorder NVR supports FortiCam series cameras from Fortinet and third...

Страница 8: ...ario since the NVR can automatically discover the cameras Routed network deployments If there are routers between the cameras and the NVR the routers must be configured to allow mDNS multicast packets...

Страница 9: ...View live video Motion detection will record a video clip up to about 40 seconds long each time the camera s sensor detects movement In contrast continuous video records for the entire duration of th...

Страница 10: ...rate mode means the bandwidth used by the camera will stay relatively constant regardless of what the camera is seeing The constant bit rate mode is therefore more predictable in deployments where ba...

Страница 11: ...meters to demonstrate the video retention period FortiRecorder 100D has a built in 1 TB hard drive and it can connect up to 16 cameras We configure 16 cameras with 1280 x 720 resolution using 30 FPS w...

Страница 12: ...after installation to achieve the desired balance between quality and bandwidth Client Performance If you need to display 8 or more camera live views you may need to configure the second camera strea...

Страница 13: ...of live views reduce the resolution quality and or frames per second of the second video streams Ten FPS is a good general setting for live views which provides a reasonable frame rate for the live vi...

Страница 14: ...Time 7 7 9 QuickTime typical install does not install the web plugin by default You have to use custom install and select the web plugin Starting from FortiRecorder version 2 4 HTML5 is supported On m...

Страница 15: ...these two ways a local serial console connection an SSH connection either local or through the network To connect to the CLI using a local serial console connection you must have a computer with a se...

Страница 16: ...ord for this account To connect to the CLI using an SSH connection 1 On your management computer configure the Ethernet port with the static IP address 192 168 1 2 with a netmask of 255 255 255 0 2 Us...

Страница 17: ...count password Configuring the network settings Configuring the DHCP server Setting the system time Setting the admin account password The default administrator account named admin initially has no pa...

Страница 18: ...ount 2 Go to System Network Interface 3 Double click the row to select the physical network interface that you want to modify 4 If you want to manually assign an IP address and subnet mask to this net...

Страница 19: ...ng system timeout ports and public access To upload a certificate see Replacing the default certificate for the web UI PING Enable to allow ICMP type 8 ECHO_REQUEST UDP ports 33434 to 33534 for ping a...

Страница 20: ...can be intercepted by a third party If possible enable this option only for network interfaces connected to a trusted private network or directly to your management computer Failure to restrict admini...

Страница 21: ...ation IP netmask Type the destination IP address and network mask of packets that will be subject to this static route separated by a slash The value 0 0 0 0 0 results in a default route which matches...

Страница 22: ...therwise rule out problems at the physical network and transport layer If these tests succeed a route exists but you cannot connect using HTTP or HTTPS an application layer problem is preventing conne...

Страница 23: ...192 0 43 10 57 243 ms 57 146 ms 57 001 ms If the DNS query fails you will see an error message such as www fortinet com Temporary failure in name resolution Cannot handle host cmdline arg www fortinet...

Страница 24: ...er 1 and DNS server 2 DNS server 1 Type the IP address of a DNS server that DHCP clients can use to resolve domain names For performance reasons if you have one it is preferable to use a DNS server on...

Страница 25: ...f your network is smaller or typically has low latency to ping replies you can safely decrease this setting s value to improve DHCP speed and performance In most cases 3 seconds is enough Lease time S...

Страница 26: ...led NTP and the NTP query for the current time succeeds the new clock time should appear in System time If the query reply is slow DHCP Excluded Range To configure IPs that should be omitted from the...

Страница 27: ...r NTP server IP or name routing and that your firewalls or routers do not block or proxy UDP port 123 See also Connectivity issues NTP on FortiRecorder complies with RFC 5905 If the current system tim...

Страница 28: ...configuring camera settings under Camera Configuration Camera schedules are used to specify when to use different camera settings such as DNR level brightness contrast saturation and sharpness For det...

Страница 29: ...remote access connecting from a home or a branch office through the Internet to your FortiRecorder NVR for either using the web UI or snapshot notification video clips while you are out of the office...

Страница 30: ...s VLANs use ID tags to logically separate devices on a network into smaller broadcast domains These smaller domains forward packets only to devices that are part of that VLAN domain This reduces traff...

Страница 31: ...t is not monitored by HA When a physical interface is included in a redundant interface it is not listed on the System Network Interface page You cannot configure the interface anymore Aggregate inter...

Страница 32: ...ion should start When a log file reaches either the age or size limit the FortiRecorder appliance rotates the current log file that is it renames the current log file elog log with a file name indicat...

Страница 33: ...Log severity levels Caution Avoid recording log messages using low severity thresholds such as Information or Notification to the local hard disk for an extended period of time A low log severity thr...

Страница 34: ...ifications such as motion detection For this kind of video related notifications see Notifications 4 Click Create 5 Go to Logs and Alerts Alert Email Categories Mark the check boxes of all appliance e...

Страница 35: ...NVR configuration Page 35 FortiRecorder 2 4 2 Administration Guide...

Страница 36: ...tails see Configuring camera profiles 3 Connect the camera to the NVR FortiRecorder NVR can discover the connected cameras automatically and display them under Camera Configuration Camera with Status...

Страница 37: ...lot where small details like faces and license plates could be important Note Resolution greatly impacts performance bandwidth and the rate at which disk space is consumed See Video performance Frame...

Страница 38: ...duration of the schedule regardless of movement or any other triggers Motion detection records a video clip up to about 40 seconds long each time the camera s sensor detects movement Digital input rec...

Страница 39: ...when it exceeds a maximum age This option appears if you have configured network storage see External storage If you choose to delete old video also configure the maximum amount of time to keep video...

Страница 40: ...would supply power to the cameras and through it the cameras would be able to access the DHCP server For information about FortiRecorder DHCP server configuration see Configuring the DHCP server on pa...

Страница 41: ...1 or greater plug in installed for your web browsers At the camera s location on the network power over Ethernet PoE This could be provided by a FortiSwitch 80 PoE or perhaps your ISP s cable modem I...

Страница 42: ...ort1to a PoE switch Do ne connect the camera to the switch at this stage 3 On your PC open a web browser and connect to https 192 168 1 99 Log in to the admin administrator account with Name admin and...

Страница 43: ...a to the PoE switch now Make sure to enable it If you connect the camera to the switch before you have configured and enabled the DHCP server on FortiRecorder the camera will use its default IP addres...

Страница 44: ...o change the settings But if you are adding a remote camera or adding a new camera before connecting it to FortiRecorder you must specify all the camera settings 1 Go to Camera Configuration Camera Fo...

Страница 45: ...FortiRecorder NVR will not connect to the camera s DHCP address Instead the NVR will connect through the static external usually public network IP address and port numbers called a virtual IP or VIP...

Страница 46: ...munication to be secure encrypted you can use HTTPS tunnelling The tunnel is between the camera and the NVR Profile Select the camera profile that indicates the recording schedule video quality and ot...

Страница 47: ...ur cameras with a static IP or configure your DHCP server with lease reservations see Configuring the DHCP server Without reservations the IP address provided by the DHCP server may appear to work ini...

Страница 48: ...with a thick white border will appear over the preview image indicating the area that will be monitored for movement To resize it to your intended area click and drag the edges of the rectangle To mo...

Страница 49: ...area click the plus sign again For audio detection and DIDO configure the following settings Setting name Description Audio Sensitivity If the camera supports audio surveillance specify the sensitivit...

Страница 50: ...ital output DO can be configured to either be grounded or open when in the triggered state When not triggered it will be in the opposite state For example if opening a door causes a sensor switch to o...

Страница 51: ...stem Status Console and enter the command execute ping camera_ipv4 where camera_ipv4 is the camera s IP address or virtual IP port forward If you receive messages such as Timeout to locate the point o...

Страница 52: ...nistration Guide 13 If desired you can specify different camera settings such as brightness and contrast for the camera to use as different times For details see Configuring schedules on page 28 See a...

Страница 53: ...rder NVR or camera configuration reducing risk of accidental misconfiguration Viewer Suited to a security guard Only assigned live camera feeds It cannot view previous recordings and therefore cannot...

Страница 54: ...allowed to access and when users are allowed to access the cameras The user profiles will be used in the user settings you need to configure in the next step For details about configuring camera group...

Страница 55: ...rder see Configuring FortiRecorder to send notification email If you do not know the email address and cannot provide it don t worry The person still will be able to view camera related notifications...

Страница 56: ...nimize the security risk For information on administrative access protocols see NVR configuration Tip For improved security restrict all trusted host addresses to single IP addresses of computer s fro...

Страница 57: ...reating an administrator account you can specify an access profile to grant the account certain access privileges To configure an access profile go to System Administrator Access Profile The administr...

Страница 58: ...or by querying the accounts stored locally in the FortiRecorder appliance s configuration Also configure RADIUS profile and Check permission attribute on RADIUS server LDAP Authenticate by querying a...

Страница 59: ...rator Some RADIUS servers already include the Fortinet vendor ID and subtype ID in their default dictionaries In this case no server side configuration is necessary Otherwise you must configure your s...

Страница 60: ...his attribute value pair FortiRecorder will use whichever permissions you defined locally for the account in Type If the packet does not contain the attribute value pair and you have not configured Ty...

Страница 61: ...ive Directory server if any that can be queried if the primary server fails to respond according to the threshold configured in Timeout on page 64 Port Type the port number on which the authentication...

Страница 62: ...ple dc example dc com User objects should be child nodes of this location Bind DN Enter the bind DN such as cn FortiRecorderA dc example dc com of an LDAP user account with permissions to query the Ba...

Страница 63: ...r to dereference attributes whose values are references Never Do not dereference Always Always dereference Search Dereference only when searching Find Dereference only when finding the base search obj...

Страница 64: ...es the user s email address for notifications SMS profile attribute This attribute specifies which SMS profile the user will use The SMS profile attribute must match the name of the profile configured...

Страница 65: ...y between when you update LDAP directory information and when the FortiRecorder appliance begins using that new information but also has the benefit of reducing the amount of LDAP network traffic asso...

Страница 66: ...ile attempts to authenticate Server port Type the port number on which the authentication server listens for queries The IANA standard port number for RADIUS is 1812 Protocol Select which authenticati...

Страница 67: ...User management Page 67 FortiRecorder 2 4 2 Administration Guide See also NVR configuration Connectivity issues Login issues...

Страница 68: ...ortiRecorder to send notification email 2 Configure the SMS server settings so that FortiRecorder can send out SMS messages See Configuring FortiRecorder to send SMS messages 3 Configure the camera se...

Страница 69: ...are not displayed For example if the host name is FortiRecorder1234567890 the CLI prompt would be FortiRecorder123 Mail server name Type the fully qualified domain name FQDN of your SMTP server such a...

Страница 70: ...ation methods AUTO Automatically detect and use the most secure SMTP authentication type supported by the email server PLAIN Provides an unencrypted scrambled password LOGIN Provides an unencrypted sc...

Страница 71: ...RL the HTTP or HTTPS URL to contact to send SMS messages for example https myprovider com sendsms HTTP method either Get or Post HTTP S Parameters configure all the parameters and values required by t...

Страница 72: ...sole and enter the CLI command execute traceroute syslog_ipv4 where syslog_ipv4 is the IPv4 address of your email server If that connectivity succeeds verify that your alert email has not been classif...

Страница 73: ...e cameras Watching live video feeds Once the cameras are connected and configured administrators can use the web UI to view live video feeds from the cameras Administrators will use the surveillance s...

Страница 74: ...e right to expand the image adjustment control panels 3 If you logged in as an administrator on the right pane in the Selection area choose which cameras you want to view 4 If you logged in using a no...

Страница 75: ...he beginning of the code is the IP of the FortiRecorder The attribute ID is the name of the camera as defined on the FRC The attribute dimensions should match the size of the iframe The username and p...

Страница 76: ...picture 4 Enter the necessary FTP information 5 Add the camera group you wish the user to view by selecting the group from the Camera Group List and then selecting the right arrow button 6 Select OK W...

Страница 77: ...arker and click Insert Marker the camera will start to record Red A motion detection based recording that was not initiated by schedule A white blank space means there is no recording at that period o...

Страница 78: ...This applies to files stored locally remotely and downloaded Quality of previously recorded video depends on the camera s settings in Configuring video profiles on page 36 Click the Lock button to loc...

Страница 79: ...ipients can quickly assess whether or not the event is serious or just a false alarm Occasionally as an administrator you may sometimes be required to review these notifications if for example the usu...

Страница 80: ...ideo monitoring Page 80 FortiRecorder 2 4 2 Administration Guide 4 To view a video clip from the notification click its key frame image The notification window will be replaced with a video clip playe...

Страница 81: ...der videos to an external location Configuring RAID levels FortiRecorder 400D model comes with two pre installed hard drives in its four HDD bays and supports software RAID This means that you can add...

Страница 82: ...t the bay into the unit 4 Go to System Storage Local Storage 5 Click Refresh 6 The newly added disk will appear under Drives 7 Add the disk to an array 8 Click Refresh again The new array will appear...

Страница 83: ...will be automatically added to the array if one of the hard disks in the array fails The FortiRecorder unit rebuilds the RAID array with the new hard disk Time required varies by the size of the arra...

Страница 84: ...dia External USB External USB device iSCSI Server An iSCSI Internet Small Computer System Interface server NFS A network file system NFS server Note Support for NFS varies Many Linux based NAS solutio...

Страница 85: ...ry where the FortiRecorder appliance will store the data This setting appears only if Protocol is NFS Note Do not use special characters such as a tilde This will cause the storage to fail Encryption...

Страница 86: ...this way you can use an SNMP manager to monitor the FortiRecorder appliance Before you can use SNMP you must activate the FortiRecorder appliance s SNMP agent and add it as a member of at least one co...

Страница 87: ...erscores _ Contact Type the contact information for the administrator or other person responsible for this FortiRecorder appliance such as a phone number 555 5555 or name jdoe The contact information...

Страница 88: ...can also add the IP addresses of up to 8 SNMP managers to each community to designate the destination of traps and which IP addresses are permitted to query the FortiRecorder appliance To add an SNMP...

Страница 89: ...ach port number 161 by default on which the FortiRecorder appliance listens for SNMP queries from the SNMP managers in this community then enable it Port numbers vary by SNMP v1 and SNMP v2c Traps Typ...

Страница 90: ...via the web UI 3 Under User click New A dialog appears 4 Configure these settings Setting name Description User name Type the name of the SNMP user This must match the name of the account as it is co...

Страница 91: ...d MIBs used by the SNMP agent are already compiled into your SNMP manager you do not have to compile them again To view a trap or query s name object identifier OID and description open its MIB file i...

Страница 92: ...e log messages to its memory or to a remote location such as a Syslog server or FortiAnalyzer appliance For more information see Configuring logging See also Log types Log severity levels Log types Ea...

Страница 93: ...downloaded log file indicates its contents To view log messages 1 Go to either Monitor Log Viewer Event to view event logs about the appliance itself or Monitor Log Viewer Camera to view logs about c...

Страница 94: ...ing log columns rows The index number of the log message within the log file not the order of rows in the web UI By default the rows are sorted by timestamp in descending order the same as they are wi...

Страница 95: ...h column 4 Select which columns to hide or display Subtype The category of the log message such as admin for events such as authentication or configuration changes or system for events such as disk co...

Страница 96: ...y persist when changing pages nor from session to session If you want to keep the settings you must click Save View See also Logging Searching logs About logs Downloading log messages You can download...

Страница 97: ...rd may appear in any of the fields of the log message e g Action and or Message in any part of that field s value If entering multiple words they must occur uninterrupted in that exact order For examp...

Страница 98: ...f your cameras have recorded a crime or other incident you may need to provide the video clip to the police or other authorities Your FortiRecorder NVR uses the mp4 file format with the H 264 video co...

Страница 99: ...L terminator during the handshake When you connect to the web UI via HTTPS your FortiRecorder appliance is the SSL terminator matrwoafoatwch ufoa hnbofTwo frbcaaPf dafcaowv fIasanIof e dfenf daf rssvh...

Страница 100: ...DH RSA DES CBC SHA 40 bit 56 bit RC4 SHA 128 bit RC4 MD5 40 bit 128 bit SEED SHA 128 bit AES 256 and SHA 1 are preferable Generally speaking for security reasons avoid using SSL 2 0 TLS 1 0 Older hash...

Страница 101: ...ate to replace the certificate with one that is signed by your own CA so that it will be trusted Thereafter a security alert will only occur if the certificate expires your CA revokes the certificate...

Страница 102: ...liance to use a certificate click its row to select it then click this button A confirmation dialog will appear asking if you want to use it as the default currently in use certificate Click OK The St...

Страница 103: ...the FortiRecorder appliance Host IP Select if the FortiRecorder appliance has a static IP address and enter the public IP address of the FortiRecorder appliance in the IP field If the FortiRecorder a...

Страница 104: ...h as admin example com This option appears only if ID Type is E Mail Key type Displays the type of algorithm used to generate the key This option cannot be changed but appears in order to indicate tha...

Страница 105: ...ce If you do not install these those computers may not trust your new certificate 10 When you receive the signed certificate from the CA upload the certificate to the FortiRecorder appliance see Uploa...

Страница 106: ...ings Setting name Description Type Select the type of certificate file to upload either Local Certificate An unencrypted certificate in PEM format Certificate An unencrypted certificate in PEM format...

Страница 107: ...rusted shared root CA that they have in common Like a direct signature by a known CA this proves that the certificate can be trusted For more information on how to include a signing chain see Uploadin...

Страница 108: ...e same cipher suites and SSL TLS protocols Also verify that your routers and firewalls are configured to allow the connection See also Revoking certificates User management Example Downloading the CA...

Страница 109: ...CA To upload a CRL file 1 Go to System Certificate Certificate Revocation List 2 Click Import 3 In Certificate name type the name of the certificate as it will be referred to in the appliance s config...

Страница 110: ...sted OCSP CRL servers To view or upload a remote certificate 1 From your OCSP CRL server download its server certificate 2 Go to System Certificate Remote 3 Click Import 4 In Certificate name type the...

Страница 111: ...ing NVR firmware You can use either the web UI or the CLI to upgrade or downgrade the appliance s operating system Firmware changes are either an update to a newer version a reversion to an earlier ve...

Страница 112: ...couple minutes until the appliance becomes available again 7 Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all interface changes For d...

Страница 113: ...tftpd Windows Mac OS X or Linux on your management computer 7 Verify that the TFTP server is currently running and that the FortiRecorder appliance can reach the TFTP server To use the FortiRecorder C...

Страница 114: ...e FortiRecorder appliance directly or to the same subnet as a TFTP server 5 Initiate a connection from your management computer to the CLI of the FortiRecorder appliance and log in as the admin admini...

Страница 115: ...er The following message appears Enter local address 192 168 1 188 13 Type a temporary IP address that can be used by the FortiRecorder appliance to connect to the TFTP server The following message ap...

Страница 116: ...owing messages appears G Get firmware image from TFTP server F Format boot device B Boot with backup firmware and set as default Q Quit menu and continue to boot with default firmware H Display this l...

Страница 117: ...downloaded firmware images After the firmware is successfully uploaded the Availability column will show Local 5 Go to Camera Configuration Camera 6 Select the camera that you want to upgrade downgrad...

Страница 118: ...s are designed specifically to manage cameras and store video If remote cameras or people will be accessing the appliance via the Internet through a virtual IP or port forward on your router or FortiG...

Страница 119: ...ernal hosts On those computers that you have designated for management apply strict patch and security policies Always password encrypt any FortiRecorder configuration backup that you download to thos...

Страница 120: ...is connected to port2 and cameras are connected to port3 you would disable bring down port4 This would prevent an attacker with physical access from connecting a cable to port4 and thereby gaining ac...

Страница 121: ...w efficiently a specific raw stream can be compressed higher resolutions can multiply the bandwidth and or disk space required per camera and per login session For example assuming a FortiCam 20A came...

Страница 122: ...cause undue wear on the hard disk and may cause premature failure See Configuring logging Figure 9 Logs and Alerts Log Setting Local Log Settings Packet capture performance Packet capture can be usef...

Страница 123: ...es This will ensure that you can rapidly restore your configuration exactly to its previous state if a change does not work as planned To back up the configuration 1 Log in to the web UI as the admin...

Страница 124: ...rtiRecorder appliance restarts 5 To continue using the web UI if you have not changed the IP address and static routes of the web UI simply refresh the web page and log in again Otherwise to access th...

Страница 125: ...can connect with your FortiRecorder but you cannot view video that is streamed or stored on FortiRecorder first check that you have installed software that can view live streams which use RTP and fil...

Страница 126: ...pshot notification issues If you are not receiving any email after motion detection records a clip but you have configured camera notifications first verify that your FortiRecorder NVR s SMTP email se...

Страница 127: ...troubleshoot connectivity between the appliance and your authentication server If routing exists but authentication still fails you can verify correct vendor specific attributes and other protocol sp...

Страница 128: ...CLI rather then a network connection you may be experiencing bootup problems Contact Fortinet Technical Support Bringing up network interfaces If the network interface was disabled all connections wil...

Страница 129: ...ull route as long as the routers can pass along the packet You must configure FortiRecorder with at least one static route that points to a router often a router that is the gateway to the Internet Yo...

Страница 130: ...like systems and Windows you will need to allow both protocols inbound through your firewall UDP ports 33434 33534 and ICMP type 8 Some networks block ICMP packets because they can be used in a ping f...

Страница 131: ...nation to minimize hops If the routing test fails and ping shows total packet loss verify cabling to eliminate loose connections continue to the next step In networks using features such as asymmetric...

Страница 132: ...on both the camera temporarily the computer and FortiRecorder to locate the point of failure along the route the router hop or host at which the connection fails For example if it fails at the second...

Страница 133: ...ally must be on the same IP subnet as the NVR and must not be impeded by firewalls or other network filtering If cameras are not on the same subnet you may still be able to facilitate discovery traffi...

Страница 134: ...a lease execute dhcp clear lease New clients that were previously unable to get an IP address will obtain an IP address for the first time Returning clients s IP addresses may change as the built in...

Страница 135: ...fresh GUI item Description Protocol The protocol of the session according to the protocol ID number field or for IPv6 next header in the IP header of the packets icmp 1 Due to the speed of ICMP messag...

Страница 136: ...s you have accidentally configured a device with a static IP address that belongs to the DHCP pool 2 DHCP servers accidentally have pools in the same range of IP addresses and are each independently a...

Страница 137: ...tcp port 80 or enter none for no filters Filters use tcpdump syntax packets_int is the number of packets the sniffer reads before stopping Packet capture output is printed to your CLI display until yo...

Страница 138: ...0x0010 ac14 820f 08d8 a64e 0084 b75a 80e0 3dee N Z 0x0020 71b8 d617 38fa 3fd8 419b 5006 053c 99c1 q 8 A P 0x0030 e961 93bc 21c9 3197 a030 a709 76dc 0ed8 a 1 0 v 0x0040 98f8 ceef 6afb e7f2 7773 98e1 5e...

Страница 139: ...d8d2 0000 0000 a002 B f 0x0030 16d0 4f72 0000 0204 05b4 0402 080a 03ab Or 0x0040 86bb 0000 0000 0103 0303 Instead of reading packet capture output directly in your CLI display you usually should save...

Страница 140: ...ent computer start PuTTY 2 Use PuTTY to connect to the FortiRecorder appliance using either a local console SSH or Telnet connection 3 Type the packet capture command such as diag sniffer packet port1...

Страница 141: ...ereal using the fgt2eth pl Perl script To download fgt2eth pl see the Fortinet Knowledge Base article Using the FortiOS built in packet sniffer To use fgt2eth pl open a command prompt then enter a com...

Страница 142: ...ation Figure 11 Viewing sniffer output in Wireshark For additional information on packet capture see the Fortinet Knowledge Base article Using the FortiOS built in packet sniffer Resource issues If th...

Страница 143: ...e Mounted on none 180M 104M 77M 58 none 0 0 0 proc none 0 0 0 sys none 0 0 0 dev pts none 10M 32K 10M 1 dev shm dev sdb1 284M 54M 230M 19 data dev sda2 92G 333M 87G 1 var log dev sda3 824G 118G 665G 1...

Страница 144: ...ures that were current at the time that the firmware image file was created Also restoring firmware can only be done during a boot interrupt before network connectivity is available and therefore requ...

Страница 145: ...ver 8 Enter the following command to restart the FortiRecorder appliance execute reboot 9 As the FortiRecorder appliances starts a series of system startup messages appear Press any key to display con...

Страница 146: ...erver and displays a message similar to the following Save as Default firmware Backup firmware Run image without saving D B R 16 Type D The FortiRecorder appliance downloads the firmware image file fr...

Страница 147: ...d FortiCam equipment in a lab environment If you install the FortiRecorder NVR and FortiCam cameras in a dedicated network the topology of this scenario will also apply 1 Change your PC s IP address t...

Страница 148: ...ers Page 148 FortiRecorder 2 4 2 Administration Guide 4 On the FortiRecorder web UI go to System Network DHCP and click New to create a new DHCP server on port1 Make sure to enable Make sure to select...

Страница 149: ...mera to the PoE switch now Make sure to enable it If you connect the camera to the switch before you have configured and enabled the DHCP server on FortiRecorder the camera will use its default IP add...

Страница 150: ...n this scenario you already have a DHCP server running in your existing network and you are installing the FortiRecorder NVR and FortiCam cameras in your network Note that the NVR will be using a stat...

Страница 151: ...nfiguration Camera and click Discover After several seconds a list of discovered cameras should appear Newly discovered cameras will be highlighted in yellow and their Status column will contain Not C...

Страница 152: ...e marker and click Insert Marker the camera will start to record Red A motion detection based recording that was not initiated by schedule A white blank space means there is no recording at that perio...

Страница 153: ...SA 2048 bit signature to provide tamper protection This applies to files stored locally remotely and downloaded Quality of previously recorded video depends on the camera s video profile setting Click...

Страница 154: ...following picture Figure 14 Inserted marker How to use DIDO terminal connectors on FortiCam MB13 cameras FortiCam MB13 FCM MB13 cameras come with Digital input and output DIDO terminal connectors Acco...

Страница 155: ...er grounded or open when in the triggered state When not triggered it will be in the opposite state For example if opening a door causes a sensor switch to open then the switch could be wired between...

Страница 156: ...stration Guide 3 Go to Camera Schedule and enable Digital input when you create a recording schedule The schedules will be used in camera profiles which will eventually be used by the camera settings...

Страница 157: ...for backups restoration and firmware updates See commands such as execute backup or execute restore 80 HTTP Sending network settings and recording signals to cameras See Configuring video profiles 12...

Страница 158: ...HTTPS administrative web UI access Only occurs if the destination address is a network interface s IP address See NVR configuration Dynamic UDP Receiving video from cameras RTP See Configuring video p...

Страница 159: ...corder VM Cameras connected 16 64 Up to 1024 Controlled by licences See FortiRecorder VM Install Guide for details Routes 250 250 250 Administrator accounts 50 50 50 System interface 10 10 10 Routes 2...

Страница 160: ...Maximum values Page 160 FortiRecorder 2 4 2 Administration Guide SNMP user hosts 16 16 16 Remote log servers 3 3 3 Motion detection windows 3 3 3 Privacy mask windows 3 3 3 Table 16 Maximum configurat...

Страница 161: ...e middle 101 ping 19 attribute 31 66 ID 59 vendor specific 59 authentication 58 60 administrator 58 local 58 RADIUS 58 60 SNMP 90 authorization error 60 B backup 122 configuration 123 firmware 114 pas...

Страница 162: ...connecting CLI 15 web UI 14 connection state 137 contact information SNMP 87 contrast 79 154 CPU usage 37 87 142 143 D dashboard 86 default administrator account 14 15 17 112 114 certificate 100 conf...

Страница 163: ...overy of cameras 133 blocking FortiRecorder 130 157 firmware 111 alternate 114 downgrade 111 restore 144 update 111 flag IP 137 video 79 154 flip 47 48 forgotten password 127 format boot device 144 CI...

Страница 164: ...25 26 47 134 link layer 138 status 128 Linux 78 98 153 live video 74 78 152 buffering 74 delay 126 performance 121 load traffic 143 local certificate 100 logs 93 location 44 log 31 about 92 camera 12...

Страница 165: ...122 137 loss 130 132 partition 87 112 114 115 144 password 14 15 16 17 admin changing 127 administrator 55 backup 119 forgotten 127 LDAP bind 62 reset 127 SNMP 90 strength 55 strong 119 with certifica...

Страница 166: ...66 2665 91 3721 84 5905 27 792 19 risk 56 RJ 45 14 15 root CA 105 107 directory 114 route asymmetric 131 dynamic 131 static 129 table 22 132 router 30 blocking FortiRecorder 157 hop 132 next hop 21 1...

Страница 167: ...oute 19 22 129 130 157 tracert 22 130 132 transactions 137 transport layer 22 133 layer security TLS 107 trap 86 87 89 91 troubleshooting connectivity 22 DHCP 133 hardware 128 routing 132 video no lon...

Страница 168: ...Index Page 168 FortiRecorder 2 4 2 Administration Guide X X 509 100 105...

Страница 169: ......

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды