Fortinet black logo

Cookbook

Adding FortiAnalyzer to FortiManager

6.2.0
Copy Link
Copy Doc ID 2d0f1673-0a61-11ea-8977-00505692583a:289359
Download PDF

Adding FortiAnalyzer to FortiManager

You can add a FortiAnalyzer unit to FortiManager and use FortiManager to manage FortiAnalyzer, but you must add the FortiAnalyzer unit to an ADOM used for central management, which is similar to adding FortiGate units to FortiManager for central management.

You can use the following methods to add FortiAnalyzer units to FortiManager:

  • In FortiManager, use the Add FortiAnalyzer wizard in the Device Manager pane.
  • In FortiAnalyzer, enable central management, and then go to FortiManager to authorize the device for central management.

This topic includes the following sections:

Preparing to add FortiAnalyzer to FortiManager

When using FortiManager to manage FortiAnalyzer, it is recommended to use a FortiAnalyzer unit with factory settings or a FortiAnalyzer unit that has been reset to the factory settings (factory-reset). A FortiAnalyzer unit with factory settings helps avoid conflicts when FortiManager synchronizes the device database to FortiAnalyzer.

To prepare FortiAnalyzer for management by FortiManager:
  1. On the FortiAnalyzer unit, enable fgfm access on the interface used to connect to FortiManager.

    config system interface

    edit "port1"

    set ip 10.3.121.142 255.255.0.0

    set allowaccess fgfm

    next

    end

  2. Ensure that FortiManager Features are disabled.

    config system global

    set fmg-status disable

    end

  3. Create an ADOM with the same name as the ADOM in FortiManager, such as manage_remote_faz.

    FortiAnalyzer and FortiManager must have an ADOM of the same name. When you add FortiAnalyzer to FortiManager, add it to the ADOM of the same name.

  4. Set storage settings for the ADOM.

Using the wizard to add FortiAnalyzer to FortiManager

This section describes how to use the Add FortiAnalyzer wizard to add FortiAnalyzer to FortiManager.

To add FortiAnalyzer to FortiManager:
  1. On FortiManager, ensure that FortiAnalyzer Features are disabled.
    1. Go to System Settings > Dashboard.
    2. In the System Information widget, ensure that FortiAnalyzer Features are toggled Off.
  2. Ensure that the ADOM mode is set to normal by using the following CLI command:

    config system global

    set adom-mode normal

    end

  3. Go to Device Manager, and select a central management ADOM, such as manage_remote_faz.

    The FortiAnalyzer unit should contain an ADOM of the same name. In this example, both FortiAnalyzer and FortiManager have an ADOM named manage_remote_faz.

  4. On the Device & Groups tab, add the FortiAnalyzer unit.
    1. From the Add Device menu, select Add FortiAnalyzer.

      The Add FortiAnalyzer wizard is displayed.

    2. Type the FortiAnalyzer IP address, username, password, and click Next.

      After FortiManager discovers the device, device information is displayed.

    3. Click Next to continue.

      FortiManager automatically compares ADOMs and devices on both FortiAnalyzer and FortiManager and provides the comparison and verification results.

    4. Click Synchronize ADOM and Devices to continue.

      Devices are synchronized between FortiAnalyzer and FortiManager, and FortiAnalyzer is added to FortiManager.The synchronized devices are added to FortiAnalyzer as logging-mode FortiGates.

      FortiAnalyzer is added to FortiManager.

    5. Click Finish.
  5. Go to Device Manager > Device & Groups to view FortiAnalyzer in the Managed FortiAnalyzer group.

Additional information

This section describes some of the other scenarios you might encounter when adding FortiAnalyzer units to FortiManager.

Missing ADOM

If the current ADOM in FortiManager does not exist on FortiAnalyzer, FortiManager automatically creates an ADOM with same name and version on FortiAnalyzer before starting to synchronize the device list.

Unknown or mismatched FortiGate devices

If FortiAnalyzer is receiving logs from FortiGate devices that do not exist on FortiManager, FortiManager identifies the devices.

FortiManager automatically attempts to discover the FortiGates.

FortiManager can add the FortiGates and retrieve configurations for the FortiGates when adding the FortiAnalyzer unit.

If one device fails to add or retrieve, FortiManager fails to add FortiAnalyzer.

If the same FortiGate device exists on both FortiManager and FortiAnalyzer, but with differences, FortiManager considers the device to be Mismatched.

FortiManager tries to synchronize the device settings to FortiAnalyzer.

If any errors occur during the synchronization step, FortiManager fails to add FortiAnalyzer.

Adding FortiAnalyzer to FortiManager

You can add a FortiAnalyzer unit to FortiManager and use FortiManager to manage FortiAnalyzer, but you must add the FortiAnalyzer unit to an ADOM used for central management, which is similar to adding FortiGate units to FortiManager for central management.

You can use the following methods to add FortiAnalyzer units to FortiManager:

  • In FortiManager, use the Add FortiAnalyzer wizard in the Device Manager pane.
  • In FortiAnalyzer, enable central management, and then go to FortiManager to authorize the device for central management.

This topic includes the following sections:

Preparing to add FortiAnalyzer to FortiManager

When using FortiManager to manage FortiAnalyzer, it is recommended to use a FortiAnalyzer unit with factory settings or a FortiAnalyzer unit that has been reset to the factory settings (factory-reset). A FortiAnalyzer unit with factory settings helps avoid conflicts when FortiManager synchronizes the device database to FortiAnalyzer.

To prepare FortiAnalyzer for management by FortiManager:
  1. On the FortiAnalyzer unit, enable fgfm access on the interface used to connect to FortiManager.

    config system interface

    edit "port1"

    set ip 10.3.121.142 255.255.0.0

    set allowaccess fgfm

    next

    end

  2. Ensure that FortiManager Features are disabled.

    config system global

    set fmg-status disable

    end

  3. Create an ADOM with the same name as the ADOM in FortiManager, such as manage_remote_faz.

    FortiAnalyzer and FortiManager must have an ADOM of the same name. When you add FortiAnalyzer to FortiManager, add it to the ADOM of the same name.

  4. Set storage settings for the ADOM.

Using the wizard to add FortiAnalyzer to FortiManager

This section describes how to use the Add FortiAnalyzer wizard to add FortiAnalyzer to FortiManager.

To add FortiAnalyzer to FortiManager:
  1. On FortiManager, ensure that FortiAnalyzer Features are disabled.
    1. Go to System Settings > Dashboard.
    2. In the System Information widget, ensure that FortiAnalyzer Features are toggled Off.
  2. Ensure that the ADOM mode is set to normal by using the following CLI command:

    config system global

    set adom-mode normal

    end

  3. Go to Device Manager, and select a central management ADOM, such as manage_remote_faz.

    The FortiAnalyzer unit should contain an ADOM of the same name. In this example, both FortiAnalyzer and FortiManager have an ADOM named manage_remote_faz.

  4. On the Device & Groups tab, add the FortiAnalyzer unit.
    1. From the Add Device menu, select Add FortiAnalyzer.

      The Add FortiAnalyzer wizard is displayed.

    2. Type the FortiAnalyzer IP address, username, password, and click Next.

      After FortiManager discovers the device, device information is displayed.

    3. Click Next to continue.

      FortiManager automatically compares ADOMs and devices on both FortiAnalyzer and FortiManager and provides the comparison and verification results.

    4. Click Synchronize ADOM and Devices to continue.

      Devices are synchronized between FortiAnalyzer and FortiManager, and FortiAnalyzer is added to FortiManager.The synchronized devices are added to FortiAnalyzer as logging-mode FortiGates.

      FortiAnalyzer is added to FortiManager.

    5. Click Finish.
  5. Go to Device Manager > Device & Groups to view FortiAnalyzer in the Managed FortiAnalyzer group.

Additional information

This section describes some of the other scenarios you might encounter when adding FortiAnalyzer units to FortiManager.

Missing ADOM

If the current ADOM in FortiManager does not exist on FortiAnalyzer, FortiManager automatically creates an ADOM with same name and version on FortiAnalyzer before starting to synchronize the device list.

Unknown or mismatched FortiGate devices

If FortiAnalyzer is receiving logs from FortiGate devices that do not exist on FortiManager, FortiManager identifies the devices.

FortiManager automatically attempts to discover the FortiGates.

FortiManager can add the FortiGates and retrieve configurations for the FortiGates when adding the FortiAnalyzer unit.

If one device fails to add or retrieve, FortiManager fails to add FortiAnalyzer.

If the same FortiGate device exists on both FortiManager and FortiAnalyzer, but with differences, FortiManager considers the device to be Mismatched.

FortiManager tries to synchronize the device settings to FortiAnalyzer.

If any errors occur during the synchronization step, FortiManager fails to add FortiAnalyzer.