Configuring the operation mode

The FortiAnalyzer unit has two operation modes: Analyzer and Collector. For more information, see Two operation modes on page 19.

When FortiAnalyzer is operating in Collector mode, the SQL database is disabled by default so logs that require the SQL database are not available in Collector mode unless the SQL database is enabled.

To change the operation mode:

1. Go to System Settings > Dashboard.
2. In the System Information widget, select Analyzer or Collector in the Operation Mode field
3. Click OK in the confirmation dialog box to change the operation mode.

Migrating the configuration

You can back up the system of one FortiAnalyzer model, and then use the CLI and the FTP, SCP, or SFTP protocol to migrate the settings to another FortiAnalyzer model.

If you encrypted the FortiAnalyzer configuration file when you created it, you need the password to decrypt the configuration file when you migrate the file to another FortiAnalyzer model.

To migrate the FortiAnalyzer configuration:

1. In one FortiAnalyzer model, go to System Settings > Dashboard.
2. Back up the system. See Backing up the system on page 160.
3. In the other FortiAnalyzer model, go to System Settings > Dashboard.
4. In the CLI Console widget, type the following command:

execute migrate all-settings <ftp | scp | sftp> <server> <filepath> <user> <password> [cryptpasswd]

Restoring the configuration

You can use the following procedure to restore your FortiAnalyzer configuration from a backup file on your management computer.

To restore the FortiAnalyzer configuration:

1. Go to System Settings > Dashboard.
2. In the System Information widget, click the restore button next to System Configuration. The Restore System dialog box opens.
3. Configure the following settings then select OK.

Backing up the system

Fortinet recommends that you back up your FortiAnalyzer configuration to your management computer on a regular basis to ensure that, should the system fail, you can quickly get the system back to its original state with minimal affect to the network. You should also perform a back up after making any changes to the FortiAnalyzer configuration or settings that affect the connected devices.

Fortinet recommends backing up all configuration settings from your FortiAnalyzer unit before upgrading the FortiAnalyzer firmware.

To back up the FortiAnalyzer configuration:

1. Go to System Settings > Dashboard.
2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens
3. If you want to encrypt the backup file, select the Encryption box, then type and confirm the password you want to use. The password can be a maximum of 63 characters.
4. Select OK and save the backup file on your management computer.

Updating the system firmware

To take advantage of the latest features and fixes, the FortiAnalyzer firmware can be updated. For information about upgrading your FortiAnalyzer device, see the FortiAnalyzerUpgrade Guide or contact Fortinet Customer Service & Support.

Backup the configuration and database before changing the firmware of your FortiAnalyzer unit. Changing the firmware to an older or incompatible version may reset the configuration and database to the default values for that firmware version, resulting in data loss. For information on backing up the configuration, see Backing up the system on page 160.

Before you can download firmware updates for your FortiAnalyzer unit, you must first register your FortiAnalyzer unit with Customer Service & Support. For details, go to https://support.fortinet.com/ or contact Customer Service & Support.

To update the FortiAnalyzer firmware:

1. Download the firmware (the .out file) from the Customer Service & Support website, https://support.fortinet.com/.
2. Go to System Settings > Dashboard.
3. In the System Information widget, in the Firmware Version field, click Upgrade Firmware. The Firmware Upload dialog box opens.
4. Drag and drop the file onto the dialog box, or click Browse to locate the firmware package (.out file) that you downloaded from the Customer Service & Support portal and then click Open.
5. Click OK. Your device will upload the firmware image and you will receive a confirmation message noting that the upgrade was successful.

Optionally, you can upgrade firmware stored on an FTP or TFTP server using the following CLI command:

execute restore image {ftp | tftp} <file path to server> <IP of server> <username on server> <password>

For more information, see the FortiAnalyzerCLI Reference.

6. Refresh the browser and log back into the device.
7. Launch the Device Manager module and make sure that all formerly added devices are still listed.
8. Launch other functional modules and make sure they work properly.

Configuring the system time

You can either manually set the FortiAnalyzer system time or configure the FortiAnalyzer unit to automatically keep its system time correct by synchronizing with a Network Time Protocol (NTP) server.

To configure the date and time:

1. Go to System Settings > Dashboard.
2. In the System Information widget, click the edit system time button next to the System Time
3. Configure the following settings to either manually configure the system time, or to automatically synchronize the FortiAnalyzer unit’s clock with an NTP server:

4. Click the checkmark to apply your changes.