Author Archives: Mike

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Configuring the operation mode – FortiAnalyzer 6.2.3

Configuring the operation mode

The FortiAnalyzer unit has two operation modes: Analyzer and Collector. For more information, see Two operation modes on page 19.

When FortiAnalyzer is operating in Collector mode, the SQL database is disabled by default so logs that require the SQL database are not available in Collector mode unless the SQL database is enabled.

To change the operation mode:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, select Analyzer or Collector in the Operation Mode field
  3. Click OK in the confirmation dialog box to change the operation mode.

Migrating the configuration – FortiAnalyzer 6.2.3

Migrating the configuration

You can back up the system of one FortiAnalyzer model, and then use the CLI and the FTP, SCP, or SFTP protocol to migrate the settings to another FortiAnalyzer model.

If you encrypted the FortiAnalyzer configuration file when you created it, you need the password to decrypt the configuration file when you migrate the file to another FortiAnalyzer model.

To migrate the FortiAnalyzer configuration:

  1. In one FortiAnalyzer model, go to System Settings > Dashboard.
  2. Back up the system. See Backing up the system on page 160.
  3. In the other FortiAnalyzer model, go to System Settings > Dashboard.
  4. In the CLI Console widget, type the following command:

execute migrate all-settings <ftp | scp | sftp> <server> <filepath> <user> <password> [cryptpasswd]

Restoring the Configuration – FortiAnalyzer 6.2.3

Restoring the configuration

You can use the following procedure to restore your FortiAnalyzer configuration from a backup file on your management computer.

To restore the FortiAnalyzer configuration:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, click the restore button next to System Configuration. The Restore System dialog box opens.
  3. Configure the following settings then select OK.
Choose Backup File Select Browse to find the configuration backup file you want to restore, or drag and drop the file onto the dialog box.
Password Type the encryption password, if applicable.
Overwrite current IP and routing settings Select the checkbox to overwrite the current IP and routing settings.

Backing Up The System – FortiAnalyzer 6.2.3

Backing up the system

Fortinet recommends that you back up your FortiAnalyzer configuration to your management computer on a regular basis to ensure that, should the system fail, you can quickly get the system back to its original state with minimal affect to the network. You should also perform a back up after making any changes to the FortiAnalyzer configuration or settings that affect the connected devices.

Fortinet recommends backing up all configuration settings from your FortiAnalyzer unit before upgrading the FortiAnalyzer firmware.

To back up the FortiAnalyzer configuration:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens
  3. If you want to encrypt the backup file, select the Encryption box, then type and confirm the password you want to use. The password can be a maximum of 63 characters.
  4. Select OK and save the backup file on your management computer.

Updating the system firmware – FortiAnalyzer 6.2.3

Updating the system firmware

To take advantage of the latest features and fixes, the FortiAnalyzer firmware can be updated. For information about upgrading your FortiAnalyzer device, see the FortiAnalyzerUpgrade Guide or contact Fortinet Customer Service & Support.

Backup the configuration and database before changing the firmware of your FortiAnalyzer unit. Changing the firmware to an older or incompatible version may reset the configuration and database to the default values for that firmware version, resulting in data loss. For information on backing up the configuration, see Backing up the system on page 160.

Before you can download firmware updates for your FortiAnalyzer unit, you must first register your FortiAnalyzer unit with Customer Service & Support. For details, go to https://support.fortinet.com/ or contact Customer Service & Support.

To update the FortiAnalyzer firmware:

  1. Download the firmware (the .out file) from the Customer Service & Support website, https://support.fortinet.com/.
  2. Go to System Settings > Dashboard.
  3. In the System Information widget, in the Firmware Version field, click Upgrade Firmware. The Firmware Upload dialog box opens.
  4. Drag and drop the file onto the dialog box, or click Browse to locate the firmware package (.out file) that you downloaded from the Customer Service & Support portal and then click Open.
  5. Click OK. Your device will upload the firmware image and you will receive a confirmation message noting that the upgrade was successful.

Optionally, you can upgrade firmware stored on an FTP or TFTP server using the following CLI command:

execute restore image {ftp | tftp} <file path to server> <IP of server> <username on server> <password>

For more information, see the FortiAnalyzerCLI Reference.

  1. Refresh the browser and log back into the device.
  2. Launch the Device Manager module and make sure that all formerly added devices are still listed.
  3. Launch other functional modules and make sure they work properly.

Configuring the System Time – FortiAnalyzer 6.2.3

Configuring the system time

You can either manually set the FortiAnalyzer system time or configure the FortiAnalyzer unit to automatically keep its system time correct by synchronizing with a Network Time Protocol (NTP) server.

To configure the date and time:

  1. Go to System Settings > Dashboard.
  2. In the System Information widget, click the edit system time button next to the System Time
  3. Configure the following settings to either manually configure the system time, or to automatically synchronize the FortiAnalyzer unit’s clock with an NTP server:
  System Time   The date and time according to the FortiAnalyzer unit’s clock at the time that this pane was loaded or when you last clicked the Refresh button.
  Time Zone   Select the time zone in which the FortiAnalyzer unit is located and whether or not the system automatically adjusts for daylight savings time.
  Update Time By   Select Set time to manually set the time, or Synchronize with NTP Server to automatically synchronize the time.
  Set Time   Manually set the data and time.
Select Date Set the date from the calendar or by manually entering it in the format: YYYY/MM/DD.  
Select Time Select the time.  
Synchronize with NTP Server Automatically synchronize the date and time.  
Sync Interval Enter how often, in minutes, the device should synchronize its time with the NTP server. For example, entering 1440 causes the Fortinet unit to synchronize its time once a day.  
Server Enter the IP address or domain name of an NTP server. Click the plus icon to add more servers. To find an NTP server that you can use, go to http://www.ntp.org.  
  1. Click the checkmark to apply your changes.