OFTP – Optimized Fabric Transfer Protocol

OFTP – Optimized Fabric Transfer Protocol

The Optimized Fabric Transfer Protocol (OFTP) is used when information is synchronized between FortiAnalyzer and FortiGate. Remote logging and archiving can be configured on the FortiGate to send logs to a FortiAnalyzer (and/or FortiManager) unit.

OFTP listens on ports TCP/514 and UDP/514.

You can connect to a FortiAnalyzer unit from a FortiGate unit using Automatic Discovery, so long as both units are on the same network. Connecting these devices in this way does not use OFTP. Instead, the Fortinet Discovery Protocol (FDP) is used to locate the FortiAnalyzer unit.

When you select Automatic Discovery, the FortiGate unit uses HELLO packets to locate any FortiAnalyzer units that are available on the network within the same subnet. When the FortiGate unit discovers the FortiAnalyzer unit, the FortiGate unit automatically enables logging to the FortiAnalyzer unit and begins sending log data.

CLI command – To connect to FortiAnalyzer using Automatic Discovery:

config log fortianalyzer setting set status [enable | disable] set server <ip_address> set gui-display [enable | disable] set address-mode auto-discovery

end

To send logs from FortiGate to FortiAnalyzer:

  1. Go to Log & Report > Log Settings and enable Send Logs to FortiAnalyzer/FortiManager (under Remote Logging and Archiving).
  2. Enter the FortiAnalyzer unit’s IP address in the IP Address field provided.
  3. For Upload Option, select Store & Upload Logs to set when the uploads occur (either Daily, Weekly, or Monthly), and the time when the unit uploads the logs. Select Realtime to upload logs as they come across the FortiGate unit.
  4. Logs sent to FortiAnalyzer can be encrypted by enabling Encrypt Log Transmission.

 

This entry was posted in FortiAnalyzer, FortiGate on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.