Fortinet black logo

Cookbook

Home FortiGate / FortiOS 6.0.0 Cookbook

Allowing Branch to access the FortiAnalyzer

6.0.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:41287
Download PDF

Allowing Branch to access the FortiAnalyzer

  1. To create an address for the FortiAnalyzer, connect to Branch, go to Policy & Objects > Addresses, and create a new address. Enable Static Route Configuration.

  2. To allow VPN traffic between the FortiAnalyzer and the Branch tunnel interface, go to VPN > IPsec Tunnels, and create a new Phase 2.

  3. To route traffic to the FortiAnalyzer, go to Network > Static Routes, and create a new route.

  4. On Edge, repeat this step to create an address for FortiAnalyzer and a new Phase 2 that allows traffic between the FortiAnalyzer and the Branch tunnel interface. Edge doesn’t require a new static route.
  5. To allow traffic between Branch and the FortiAnalyzer, go to Policy & Objects > IPv4 Policy, and create a new policy.
  6. Set Incoming Interface to the VPN interface, and set Outgoing Interface to the interface that connects to the FortiAnalyzer (in the example, port16). Set Source to the Branch tunnel interface, and set Destination to the FortiAnalyzer.
  7. Enable NAT for this policy.

  8. To authorize the Branch FortiGate on the FortiAnalyzer, connect to the FortiAnalyzer, and go to Device Manager > Unregistered.
  9. Select Branch, then select +Add to register Branch.

  10. Branch now appears as Registered.

Previous
Next

Allowing Branch to access the FortiAnalyzer

  1. To create an address for the FortiAnalyzer, connect to Branch, go to Policy & Objects > Addresses, and create a new address. Enable Static Route Configuration.

  2. To allow VPN traffic between the FortiAnalyzer and the Branch tunnel interface, go to VPN > IPsec Tunnels, and create a new Phase 2.

  3. To route traffic to the FortiAnalyzer, go to Network > Static Routes, and create a new route.

  4. On Edge, repeat this step to create an address for FortiAnalyzer and a new Phase 2 that allows traffic between the FortiAnalyzer and the Branch tunnel interface. Edge doesn’t require a new static route.
  5. To allow traffic between Branch and the FortiAnalyzer, go to Policy & Objects > IPv4 Policy, and create a new policy.
  6. Set Incoming Interface to the VPN interface, and set Outgoing Interface to the interface that connects to the FortiAnalyzer (in the example, port16). Set Source to the Branch tunnel interface, and set Destination to the FortiAnalyzer.
  7. Enable NAT for this policy.

  8. To authorize the Branch FortiGate on the FortiAnalyzer, connect to the FortiAnalyzer, and go to Device Manager > Unregistered.
  9. Select Branch, then select +Add to register Branch.

  10. Branch now appears as Registered.

Previous
Next