Fortinet 1.2.0 Network Card User Manual
Contents
1. 10105 E 344 747 E AA events 12107 EEN 344 566 PK 7 ep 22 01 42 PM Sep 29 01 42 PM 13027 UN 344 240 FGT 999803031999 Sep 22 0 Other 1145463 Print 2 ee pone nee venio 5 ctus 20 critical I 3 information 5 The Dashboard widgets provide valuable information about what is happening on your network The information gathered is received from logs and SNMP requests You can customize the Dashboard page the default tab and any that you add to display a variety of these widgets You can also customize each widget to your requirements There are three widgets that receive their information from sources other than logs Resource Monitor Network Monitor and Trap Console The other widgets which include Report Browser are all report widgets and receive all of their information from logs Most widgets contain the following arrows and icons so that you can better customize each individual widget e Expand Arrow displays or hides widget details Edit configures widget settings e Refresh immediately updates the display e Print prints the information of that widget as hardcopy e Delete removes the widget from the page When you are ready to configure a widget you can select the sign beside the name of the page you want to configure widgets for The sign reveals the Dashboard s main menu options which also enable you to set the page as the default page The default page is the p2. a fF WOW N Using the arrows move the appropriate keywords from Available Fields to Display Fields 6 Select Submit To clear log filters Go to Analysis gt Log Viewer Select the log type that contains the column filter that you want to clear Go to the column Select the filter icon in that column s heading a Fk WO N Using the double arrows move the keywords from Display Fields to Available Fields Select Submit 7 Repeat steps 2 to 6 for each filter RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 O A Analysis Log File Browser Log File Browser You can download all log files stored on each device By downloading the log files you can view all log messages that were recorded in that log file outside of the portal web site When you download a log file it is saved as a plain text file You can view the downloaded file in any plain text editor such as Notepad To view and download log files go to Analysis gt Log File Browser Figure 31 Browsing log files in Analysis gt Log File Browser Device Dashboard Management Analysis _ Log Viewer 7 Log File Brpwser K CEES Repot e Discovery My demo 100 E Type Any Type E Period Recent Specified Log Files Log Type From To Size bytes Action tlog_20080922 1217 20080926 0705 log Traffic Log 2008 09 22 12 17 2008 09 26 07 05 10 194 076 Downl
3. ADMI NISTRATION GUIDE FortiGuard Analysis and Management Service Version 1 2 0 KR ned www fortinet com FortiGuard Analysis and Management Service Administration Guide Version 1 2 0 31 October 2008 13 12000 406 20081031 Copyright 2008 Fortinet Inc All rights reserved No part of this publication including text examples diagrams or illustrations may be reproduced transmitted or translated in any form or by any means electronic mechanical manual optical or otherwise for any purpose without prior written permission of Fortinet Inc Trademarks Dynamic Threat Prevention System DTPS APSecure FortiASIC FortiBlOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyzer FortiManager Fortinet FortiOS FortiPartner FortiProtect FortiReporter FortiResponse FortiShield FortiVoIP and FortiWiFi are trademarks of Fortinet Inc in the United States and or other countries The names of actual companies and products mentioned herein may be the trademarks of their respective owners Contents Contents Introduction Meee eaaelm sss Ware als lne e Weal sree ameHaer nr ire tana ns eae ee nee ae sen esaeesey 7 About this GOCUMOMt siiciccccvecciececsenccecceeesencecesereesteececenenereenersenetecdsuncdensereresseeies 7 Document conventions essre an a oinei nane E AREE AE AEEA EAEE 7
4. The service account ID entered here will be used to identify that the device is associated with that service account 4 Select Apply In the FortiGuard Subscription Services area of the FortiGuard page you should see a green checkmark in the Analysis amp Management Service row as in Figure 4 You should also see a green checkmark on the System dashboard of your device under License Information beside Analysis and Management Service If you see an orange X your device is not properly connected if you see a gray X your device is not connected For more information see Verifying the connectivity between the service and the device on page 17 After successfully configuring your device you also need to enable central management and if applicable configure remote logging For more information see Configuring remote logging and central management on page 17 Verifying the connectivity between the service and the device The device connects to the Fortinet Distribution Network FDN to validate connectivity with that Service Account ID After successful validation the options for configuring and using the service become available on the device s web based manager You should also see a green check mark beside Analysis and Management Services under License Information in the System dashboard of the device If you have not yet authorized the device to use the service the service license status may appear to be Expired o
5. 406 20081031 Dashboard Configuring widgets Event Report provides information about event activity that is based on event logs such as an administrator logging in to that device s web based manager e Virus Report provides specific information about each real or suspected virus that the device detects selecting the name of a virus redirects you to the FortiGuard Center Virus Encyclopedia for additional information e IPS Report provides information about IPS anomalies and signatures Web Report provides information about Internet activity and visited web sites e Spam Report provides information about spam activity e Report Browser displays all reports that are generated this widget displays the same information as in Analysis gt Report and does not need to be configured To configure a report widget select the report widget in Add Widgets follow the instructions in the table below and select OK If you want to edit an existing report widget select the Edit icon in the widget and then follow the instructions in the table below Select OK to save the changed settings Figure 15 Report configuration screen Traffic Report displayed Add Top Traffic Report Title Top reva Protocol Second Level Destination Device TPB Chart Type Bar Report Period Last 60 min Top 5 Color Navy vE L ok cane Title Enter the name of the report For example Headquarters_ Traffic indicat
6. Cc changing service account id 57 column view logs 62 comments documentation 8 comparing configuration revisions 41 configuration revisions comparing 41 restoring 43 searching 41 configuring alert profile 57 configuring remote logging 18 contracts renewing the service 20 creating scripts from configuration file 47 scripts from script menu 48 tasks in e Discovery 73 customizing dashboard 34 D daylight savings time DST 59 de authorizing the service 39 device configuring remote logging 18 devices adding 37 authorizing the service 38 de authorizing the service 39 editing 37 documentation commenting on 8 Fortinet 8 downloading log files 66 E e Discovery copying tasks 74 creating tasks 73 deleting tasks 74 e Discovery tasks 70 editing login profile 56 F filtering logs 63 firmware images changing from a device 46 changing from portal web site 45 FortiGate documentation commenting on 8 FortiGuard Analysis and Management Service 7 Fortinet documentation 8 Fortinet Knowledge Center 8 introduction Fortinet documentation 8 L login profile editing 56 logs browsing 65 column view 62 downloading 66 filtering 63 viewing historical 62 viewing recent 60 Management device 35 scripts 47 settings 52 FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 RTIMET RTIMET topology tool 49 O obtaining a trial contract 14 P port
7. Enter the answer for Security Question 2 FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 RTIMET a Configuring a device to use the service RTIMET Setup Select Submit You are automatically logged in to the portal web site You should immediately log out of the portal web site so that you can configure the devices to use FortiGuard Analysis and Management Service You will also receive an email from fams_admin fortinet com verifying your trial contract If you want to add a purchased contract you do not have to create a second service account Instead you can add contracts to your existing service account For more information see Expanding or renewing service on page 19 Configuring a device to use the service You need to configure devices to use the service after signing up for a trial contract or after purchasing a contract You need your Service Account ID to enable the service on your devices If you want multiple devices associated with the same Service Account ID you need to configure each device with that Service Account ID Note If you do not know your Service Account ID you can view it by logging in to the service portal and going to the Settings menu The Service Account ID is located in Account Information Alternatively log in to the Fortinet Technical Support web site and select the service To configure the Service Account ID and valid
8. Keyboard input In the Gateway Name field type a name for the remote VPN peer or client for example Central Office 1 Code examples config sys global set ips open enable end CLI command syntax config firewall policy edit id_integer set http_retry count lt retry integer gt set natip lt address_ ipv4mask gt end Document names FortiGate Administration Guide File content lt HTML gt lt HEAD gt lt TITLE gt Firewall Authentication lt TITLE gt lt HEAD gt lt BODY gt lt H4 gt You must authenticate to use this service lt H4 gt Menu commands Go to VPN gt IPSEC gt Phase 1 and select Create New Program output Welcome Variables lt address ipv4 gt Fortinet documentation The most up to date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site Fortinet Tools and Documentation CD All Fortinet documentation is available from the Fortinet Tools and Documentation CD shipped with your Fortinet product The documents on this CD are current at shipping time For up to date versions of Fortinet documentation visit the Fortinet Technical Documentation web site Fortinet Knowledge Center Additional Fortinet technical documentation is available from the Fortinet Knowledge Center The knowledge center contains troubleshooting and how to articles FAQs technical notes a glossary and more Visit the Forti
9. Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Reports RTIMET N Reports RTIMET Q Analysis Figure 33 Generated daily report for the period of September 22 2008 to September 23 2008 Daily Report Top Viruses by Name __Top IPS by AttackID nal n f tsal 16 000 Generated on Wed Sep 24 06 15 22 PDT 2008 j 1220 eal Perea _ fem22 sp 200800 00 00 To 23 Sep 2008 00 00 00 tea j Device FGT 999803031999 l e H pe Regart generated by ForsGuard Anaiyss amp Management Serce 7 a P Protocol Distribution MB Top Bandwidth Consumers by Source Fd A fy ia 1 f SPPESCELS l Top IPS by Source Top Spam Sources 600 EMO Fimo sna w 2o mL SP PL Leese 7 A A Top Servers jep O 251 s pe Bandwidth Consumers by Destination Top Viruses by Source al l g al Eaj al si ot Trassen pes ee Pee yi LORIO A To view a generated report Go to Analysis gt Report From the calendar select the date that the report was generated on A PDF of the report appears If you want to view this report outside the portal web site save the report to your computer Deleting reports Deleting reports provides more space on the FortiGuard Analysis server for current reports Fortinet recommends that you save the report before deleting it to ensure you have the report should you require it afterward You must specify
10. When you select a task from the Task List section and then select the Task Detail tab details about the task display in the Basic Information section such as who created the task the start and end times and who is allowed to view the task The Search Criteria section displays information about the search such as the email address for the receiver and sender device and time period To view the e Discovery tasks go to Analysis gt e Discovery RTINET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 ke e Discovery RTINET Analysis Figure 34 An e Discovery task in the e Discovery menu Dashboard _Management Amansis_ LogViewer LogFile Browser Report ESS Y amp Task List NewTask Task Name Description Creating Time Status Result Action user 1 user 4 emais from Headquarters ddy 2008 09 18 16 10 22 Done 2008 09 18 16 12 00 First 3626 emails found M D user 2 user_2emaisto Headquarters une 2008 09 18 18 12 37 Done 2008 09 18 18 15 12 1 799 emails found Sap User_3_BranchOffice IT emails to Branch Office 2008 09 18 18 22 13 Done 2008 09 18 18 24 48 _ 799 emails found Bao user_2 _user_2 frtnetcom emais 2008 09 18 18 22 43 Done 2008 09 18 18 24 55 3emalsfund SB user_12 I emails during June to BranchOffice2 2008 09 18 18 28 16 Done 2008 09 18 18 30 03 First 2307 emai
11. and editing devices e Authorizing the service on devices e De authorizing the service on devices e Sending manual or automatic configuration revisions e Viewing configuration revisions e Searching configuration revisions e Comparing configuration revisions e Restoring configuration revisions Running scripts Viewing device information The Device section in the Device tab displays detailed information about each registered device including the status of its connection with the service This section contains additional tabs at the bottom to allow you to view details tasks and revision history for a device RTIMET You can view this detailed information about each device by selecting the device s host name located in the Host Name column of the Device section Each tab and section provides information specific for the device you are currently viewing which is highlighted in the Device section FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 35 Device RTIMET Management The Device Detail tab displays the Basic Information section which shows information such as the internal IP address of the device and the current firmware version running on the device This tab also displays the Tasks section which shows information about scheduled tasks You can also upgrade firmware or run scripts from this section For more information see Changing firmware from
12. change the user s information These actions do not appear next to your own account If you want to edit this account see Editing your login profile on page 53 to view and configure alert profiles For more Configuring an alert profile on page 55 Add a new alert profile The name of the alert profile The number of occurrences and the time frame that they occur in The email address of the receiver of an alert profile Select Delete to remove an alert profile Select Edit to change an alert profile Note In high availability HA clusters daily quota that is assigned in HA clusters will be o added up for each member transparently on the FortiOS side however at the same time the current volume on each member is also counted together by the primary unit Adding editing and removing administrators If multiple users will be accessing the service portal you can add those users to the account from the User Information area User roles define access privileges and can be Non Admin read only permissions Admin full permissions or e Discovery read and write permissions for the e Discovery menu Email addresses should be kept current A user can retrieve a forgotten password by entering the email address configured for his or her account If the email address is no longer functional the user will not be able to retrieve the password and an Admin role user must instead delete and recreate the user a
13. located at the top to jump to the exact position of the next or previous change RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 41 Device RTIMET Management To compare configuration revisions from within the FortiGate web based manager In the FortiGate web based manager go to System gt Maintenance gt Revision Control In the Action column in the row corresponding to either one of the revisions that you want to compare select Diff In Revision Diff from Diff With select a second revision for comparison You can either Original Revision The revision number Compared With Select one of the following to compare the configurations Current Config Compares with the current configuration on your device Select Revision Compares with another revision number that you choose by selecting from the descriptive list that includes revision numbers times administrators and associated revision comments for each revision Specify Revision Compares with another revision number that you choose by typing it Revision Number The revision configuration that you are going to compare the original revision configuration with If you select Select Revision a list of the revision configurations appears with the revision number date and time user associated with that revision and a comment Select one of these revisions If you select Specify
14. logs Minimum log level Information v V Memory Minimum log level Error v gt O Syslog Select the Expand Arrow beside Remote Logging to reveal the available options Select FortiGuard Analysis Service If this check box is grayed out authorize the device from the portal web site and configure the Service Account ID before performing this step For more information see To configure the Service Account ID and validate connectivity on page 16 From When log disk is full select what the service should do when the device reaches its quota either Overwrite oldest logs or Do not log From Minimum log level select one of the following log severity levels 0 Emergency The system has become unstable 1 Alert Immediate action is required 2 Critical Functionality is affected 3 Error An error condition exists and functionality could be affected 4 Warning Functionality could be affected 5 Notification Information about normal events 6 Information General information about system operations Messages with an equal or lesser severity will be sent to the service Select Apply Note Daylight Savings Time DST may affect your location It is recommended to verify if your location observes this change since it affects the accuracy and schedule of logs For more information see the Fortinet Knowledge Center article New Daylight Saving Time support To configu
15. on your Service Account ID and users as well as service contract information that applies to that service account You can also configure alert profiles in Alert Profile You can move Account Information User Information and Alert Profile around to rearrange the default arrangement Use your mouse to arrange the order of these sections within Settings When you arrange these sections they are not saved in your specific arrangement even when you log out of the portal web site To view service account information go to Management gt Settings RTINET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 a Settings RTIMET 8 Management Figure 26 Settings menu _ Dashboard _Management Analysis _ Device Script Topology Tool Y E Account Infomation t Y 3 User Information My Profile Add User t Service Account ID BranchOffice1 Change User Name Email Role Action Time Zone GMT 12 00 admin_1 user_1 fortinet com Non Admin Edit Delete Expiration Date 2009 07 09 user_2 user_2 fortinet com Admin wo Y Alert Profile Create Profile 4 Max Devices 1 Enable 1 a Email Se Storage Quake ue Poad 106 User_alert 2 occurrences within 10 minutes user_1 fortinet com Daily Volume 25M Allocated 5M Delete Edit Account This section provides information specific to your account such as Information the service account ID the time zone and other details about
16. renewal contract 1 Go to the Fortinet Technical Support web site and log in Select FortiGuard Analysis amp Management Services from the menu on the left Select the Service Account ID to which you want to apply the contract number Figure 7 Locating the Service Account ID View FortiGuard Analysis amp Management Service Account ID Home Note View Products Please select a FortiGuard Analysis amp Management Service Account ID from the list to 1 View the FortiGuard Analysis amp Management Service Account ID details information FortiGuard Analysis 2 Update the Service Account ID description amp Management 3 Add another service contract Services To setup and use FortiGuard Analysis amp Management Service please go to https fams fortinet com to login the service You need also setup your FortiGate to enable the service For more details please view user guide at http kc forticare com default asp id 2070 Renew On line Add Registration a View Support Product List Tickets Download Service Account ID Description Creation Date Virus Attack Update Ex ample_Corp Example_Corp_Headquarters 7 9 2008 Firmware Images Product Registration FAQ Technical Forum Fortinet Knowledge Center My Profile CSS Reference Guide Registration Help Logout Near the bottom of the page a serial number list appears 4 Select the Serial Number of the contract that you want to renew 5 In the Product Contract M
17. the devices that are chosen for searching Devices archives If you want to remove a device multiple devices or all devices use the arrows H User Access The users that the super administrator wants to allow other lj Permissions administrators permission to view these tasks C All Users Displays all the users that have access to the portal web site b Viewers The administrators that will be allowed to view the tasks If you want to remove a user multiple users or K all users select the user or users and move them using the arrows FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 72 13 12000 406 20081031 Analysis kh ON kh OQ N s e Discovery Date Range The time period for the archived email messages that you want to search From Select the calendar icon and then select the start date To Select the calendar icon and then select the end date Email Search Enter the appropriate criteria for the search using the following Criteria From Enter the email address or addresses of the sender or senders Use a comma to separate multiple email addresses To Enter the address or addresses of the receiver or receivers Use a comma to separate multiple email addresses Subject Enter the subject line of the email message or messages If there is a common keyword in the subject line of the emails you are looking for enter the keyword Body Enter the keywords of the body of
18. the email message or messages Attachment Enter the names of any attachments that came with Name the email message or messages To create tasks for e Discovery Go to Analysis gt e Discovery In Tasks select New Task Enter the appropriate information in the available fields Select Submit To copy a task and apply it to a new task Go to Analysis gt e Discovery In Tasks select Copy Task in the Action column Change the appropriate information for the new task Select Submit To delete a task Go to Analysis gt e Discovery In Tasks select Delete Task in the Action column RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 e Discovery Analysis RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 74 13 12000 406 20081031 Index Index A adding purchased contracts 21 adding configuring or defining administrators 55 copying a search task in e Discovery 74 devices 37 devices to use the service 16 login profile 56 network diagram topology tool 52 pages 27 purchased contracts 21 remote logging 18 remote management 18 renew contracts 20 scripts 47 search tasks for e Discovery 73 administrators adding editing removing 55 alert profiles 57 Analysis customzing log view 62 e discovery 70 log file browser 65 log viewer 60 reports 67 authorizing the service devices 38 B browsing log files 65
19. v a None v Charting Options Look Monitor Name Device Polling Interval Monitor s Charting Options OK OFill below line graph cancei Enter the name of the resource monitor for example Resource_Monitor_Headquarters Select the device that the information is gathered from Select how often the server will poll the device to receive information in intervals of 60 seconds 2 minutes or 5 minutes Select the monitors to include in this widget with the following options to specify what each will contain Variable The name of the variable Color The color that will appear for that variable You can select a color from either the list or the color block When you select the color block the Color Palette appears select a color and then select OK to apply it to the variable Alert profile The alert profile to use for that variable For more information about alert profiles see Configuring an alert profile on page 55 Threshold Enter the threshold maximum number for the variable Select the check box if you want the line in the graph to fill in below the line Select to save the settings current session only Note You must select Customize gt Save Settings from the Dashboard if you want your settings to be saved permanently Configuring the Network Monitor The Network Monitor provides information about what is happening on the network for which the device is currently configur
20. 00 406 20081031 Device RTIMET 4 Management To edit a device Go to Management gt Device In the Device section select Edit Enter the appropriate information for the following New Quota G Enter the total amount of disk space that the device is allowed to use New Daily Enter the amount of disk space that the device is allowed to Volume M consume per day Comments Enter any comments or descriptions for that device if applicable Select Submit Authorizing the service on devices You can authorize current registered devices or when adding devices to the service contract from the Device menu Authorizing devices on the portal web site establishes the connection and communication between the device and the service To authorize service on a device Go to Management gt Device In the Device section beside the device that you want select Enable in the Action column Enter the appropriate information for the following New Quota G Enter the total amount of disk space that the device is allowed to use New Daily Enter the amount of disk space that the device is allowed to Volume M consume per day Comments Enter any comments or descriptions for that device if applicable Select Submit A green check mark appears in the Connected column if the authorization was successful If not an orange X appears in the Connected column If the orange X appears you must go to the device s web based manager to r
21. 1 About the portal web site Setup Figure 1 The portal web site Back to FortiGuard Center E HorRTGuRRoO Anas amp MANAGEMENT SERVICE The FortiGuard Analysis and Management Service requires no additional hardware software or facilities providing all of the required features of a centralized management solution at the lowest possible cost of entry for smaller organizations Login Email Key Features macmaed a Centralized Logging a Drill Down Graphical Reporting Login J Content Archived Device amp Firmware management Forgot your password Contact TechnicaVCustomer support Secured Communications Don t have an account Signing up is easy Sign Up Now hit New to FAMS Sign up for a free 30 day trial Setting up the Device Purchasing the Service Me Ul Copyright 2008 Fortinet Inc All Rights When you enter the email address and password for logging in the Service Account ID appears You can select which Service Account ID you want to view when logging in to the portal web site if you have multiple Service Account IDs for one contract Certain contracts allow for multiple Service Account IDs which provides more flexibility Contracts can allow both multiple devices and multiple service account IDs For more information see Obtaining a trial contract on page 14 After logging in to the web site the layout of the information provides the administrator quick and e
22. 12000 406 20081031 Dashboard Customizing the Dashboard page Figure 18 Web Report bar chart displaying the web category names v Web category PIX FGT 999803031999 Sep 16 07 07 AM Sep 23 07 07 AM Category Print J Business Es 277 Search Engines M 262 Finance and Banking M 224 Sports es 722 Web based Email M 77 Pay to Surf O 757 Advertising M 64 o 2 000 4 000 6 000 8 000 10 000 Figure 19 Web Report bar chart displaying second level information for the Sports category Y Gl web category PRX FGT 999803031999 Sep 16 07 07 AM Sep 23 07 07 AM Sports gt Client Print 106495152 TT 757 172 206 152 160 TT 727 19216815 TS 3 773 10 66 152 125 TT 7 2 12 2915 1S ET o 400 800 1 200 1 600 2 000 Customizing the Dashboard page ao a Aa ON You can customize the Dashboard page by adding rearranging or removing widgets The customized widgets and layout can then be saved for future logins The following procedure describes how to customize the Dashboard page rename it and delete it The Dashboard page always appears after you log in to the portal web site if you have not made another page the default page To customize the Dashboard page Go to Dashboard main menu If the Dashboard page is not the default page select Dashboard Select the sign beside the name to reveal the Dashboard s main menu options Edit the Dashboard page so that it is customized to your specif
23. 16 48 32 notice negotiate ce Initiator sent 192 168 1 51 aggressive mode message 2 DONE r logn admin event The ntp daemom changedtime o ai i negotiate i ipsec sent 192 168 1 51 aggressive mode message 2 DONE negotiate __ipsec even LA B 1 aggressive mode messag 2 DONE 8 26 emergency logn r 2008 09 17 16 48 25 emergency add vdom l 57 2008 09 17 16 48 24 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE 58 2008 09 17 16 48 23 notice __ Negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE 59 2008 09 17 16 48 23 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE Jl B23 notce negotiate ipsec event Intiator sent 192 168 1 5 agressive mode message 2 DONE W030 Current Page Device The device that you are currently viewing log messages from Type The type of log messages you are currently viewing For example if Event Log is selected all event log messages appear Level The log severity level You can use this to filter log messages For example selecting Information displays all log messages that contain only the log severity level Information For more information about log severity levels see Configuring remote logging and central management on page 17 Column Settings icon Select to add or
24. 4 55 3 Done 2008 09 18 2008 09 22 19 00 15 System Error Please Reschedule Or Delete It 2008 09 25 20 33 59 System Error Please Reschedule Or Delete It Done 2008 10 07 14 59 25 799 emails found col 3 emails found First 2307 emailsfound Si gt First 7463 emails found First 4687 emails found admin_user admin_user emails in october __2008 10 07 17 42 03 Done 2008 10 07 17 44 46 First 4687 emails found Task Detail Search Result FET subject Only first 7463 emails are found Please narrow down the search criteria and try again From Send Date Subject 1 6 0f7463 Next gt admin_user fortinet com S How are you today on 2008 10 06T16 49 59 974800 admin_user fortinet com admin_user fortinet com admin_user fortinet com admin_user fortinet com admin_user fortinet com 2008 09 25 16 26 32 2008 09 25 16 23 02 2008 09 25 16 22 32 2008 09 25 16 19 02 2008 09 25 16 18 32 2008 09 25T13 26 32 550186 2008 09 25T13 23 02 552458 2008 09 25T13 22 32 556118 2008 09 25T13 19 02 575387 2008 09 25T13 18 32 579096 Subject To adrrin_user fortinet com S How are you today on 2008 10 06T16 49 59 974800 how are you today Tam fine Thank you Hi now is 2008 10 06T16 49 59 974800 RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 e Discovery Anal
25. 53 To remove a user account Go to Management gt Settings In User Information select Delete in the Action column Select OK Note The Delete action does not appear in the row for the admin user account Admin user accounts cannot delete themselves Editing your login profile When logged in to the service portal you can edit your account profile to update your email address password security questions or name Each user has access to his or her own personal profile Users can modify only their own password and security questions even if their role is Admin To edit your profile Go to Management gt Settings In User Information select My Profile Enter the new information for the following FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Management 4 Service Account ID User Name Email Re type Email Password Re type Password Security Question 1 Your Answer Security Question 2 Your Answer Select Submit Settings The service account identification name for the account The service account ID cannot be edited in My Profile See Changing your service account ID on page 54 to change your service account ID Enter your name Do not include spaces or special characters Enter a new email address Re enter the email address to confirm its spelling Enter a new password Re enter the password to confirm its spelling Enter a chall
26. Management Service Account ID Home Note View Products Please select a FortiGuard Analysis amp Management Service Account ID from the list to 1 View the FortiGuard Analysis amp Management Service Account ID details information FortiGuard Analysis 2 Update the Service Account ID description amp Management 3 Add another service contract Services in Ronan Cee linseed To setup and use FortiGuard Analysis amp Management Service please go to https fams fortinet com to login the service You need also setup your FortiGate to enable the service For more details please view user guide at http ke forticare com default asp id 2070 Add Registration a View Support Product List Tickets Download Service AccountID Description Creation Date a vn Ata Example_Corp Example_Corp_Headquarters 7 9 2008 Firmware Images Product Registration FAQ Technical Forum Fortinet Knowledge Center My Profile CSS Reference Guide Registration Help Logout Near the bottom of the page a Product Contract Maintenance area appears 4 Enter the Contract Number and a Description in the appropriate fields Figure 10 Adding a purchased contract FortiGuard Analysis amp Management Service Account ID Details Home i Please select a serial number from the list to 1 View the serial number details information 2 Update the serial number description FortiGuard Analysis 3 Add service contract amp Management to creat
27. Revision enter a number for the revision configuration you want to compare with the original revision configuration Select OK A new window appears containing each configuration revision in a separate columns with changes highlighted e Green highlight added line e Yellow highlight changed line e Red highlight deleted line You can scroll down through the changes or select a double arrow lt lt or gt gt located at the top to jump to the exact position of the next or previous change Restoring configuration revisions You can restore a previous configuration to your device by using configuration revisions received by the service To restore a configuration revision or script In the FortiGate web based manager go to System gt Maintenance gt Backup amp Restore In Restore configuration from select FortiGuard to restore a configuration from the portal web site Select Browse to locate the configuration revision or script template to apply Select Restore A success message appears Settings successfully uploaded Please wait while the system restarts FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Management rye a Device Note Instead of restoring a previous configuration you can also apply a configuration script For more information see Scripts on page 46 Running scripts A 4 Caution Verify configuration script
28. Typographic conventionS ssseeeeeseeeriessterrssstttrsstttrrtstttrtrnsttennnnntee nnne 8 Fortinet GOCUMENTALION 0 c2cccccccscedcccecessectededenecesss eneacteceensdecuiete dened eees EANA RAN NANA A AS 8 Fortinet Tools and Documentation CD cciccceceeeeeeeeeeeeeetttieeeeeeenneeeeee 8 Fortinet Knowledge Center 0 0 0 cccccccceeeesenceeeeeeceeeeeeeeeeenseneeeaeeneeeseeeeeeseeees 8 Comments on Fortinet technical documentation eeeeeeeeeseeeeeeeeeneaes 8 Customer service and technical Support cccceceeeeeeseeeeeeeeeeeeeeeeeeeeeeeeeaees 9 RUUD assets cess E E A E T 11 About the portal web Site nnasssssnsunnnunnunerrrnnunnnnnnnnnnnnnnnnennnnnnnnnnnnnnnn ennen nanna 11 Obtaining a trial contract asssssneenennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn ne 14 Configuring a device to use the Service s sssussssununnrnnnnnnnnnnnnnnnnnnunnnnnnnnnnnne 16 Verifying the connectivity between the service and the device 17 Configuring remote logging and central management eeeeeeeeeeeeee 17 Expanding or renewing SerViCe ccccccceeseneeeeeeeeneeeeeeeeneeeeeseeeeeeeensseeeneneees 19 Renewing Contracts i ic 2scciesevecbes cc eeevesssedeceessreceeenelcccceeebessneceeuneeeees 20 Adding purchased Contract ccceccceeeeeeeeceeeeeeeneeeeeseeeeeeeeeeeenaeeeeeeenaeeees 21 REQUIFEC port NUMDETS iii iccisasssesectandatenececnnzenseadesadennacdoantei
29. ace delimited list remember to re type the entire list not just new list items Save the configuration file Go to Script Select Upload In the Upload Script dialog box enter a name for the script Enter comments that describe the script O O ON OOOO Select Browse to locate the script file 11 Select Submit The script file is uploaded to the script list Upload time will vary by connection speed and file size To create a script by entering CLI commands Go to Management gt Script Select Input In the Script Input dialog box enter a name for the script Enter comments that describe the script a fF Q N In Script type CLI commands exactly as you would type them at the command prompt For example if you want to deploy the script to multiple devices you might omit device specific settings such as host names and interface IP addresses For settings which are a comma or space delimited list remember to re type the entire list not just new list items RTINET 6 Before submitting the commands review the script for valid CLI syntax and correct settings FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 46 13 12000 406 20081031 Management oe gt Scripts Select Submit The script is added to the list of available scripts Note Verify configuration scripts before deployment Deploying a configuration script that alters host name IP address or the servi
30. age that appears when you access the Dashboard main menu FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Dashboard Adding and customizing pages Adding and customizing pages You can add up to nine pages within the Dashboard main menu and you can customize the widgets that you apply to those pages The following procedure explains how to do so To add and customize a page Go to the Dashboard main menu Select the New Page link Select the widget that you want and customize that widget s information See Configuring widgets on page 27 for detailed instructions The name of each widget should be clear and understandable for example Headquarters_TrafficReport You can enter up to 42 characters After configuring the widgets if applicable select Change Layout Select the layout you want from the available layout options If you want to make this page the default page select Set Default Page and then select the check box beside is default page Select Save Settings to save your page Configuring widgets You need to configure widgets when you are adding them to a page Widgets provide information that is quickly accessed and viewed by users You can also edit these widgets after configuring them The following information explains how to configure each individual widget Note When configuring widgets you must first reveal the Dashboard s main menu opti
31. aintenance area enter the Contract Number FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Setup Expanding or renewing service Figure 8 Contract Number FortiGuard Analysis amp Management Services serial number Support Details Home Product Info View Products Service Account FortiGuard Analysis 10 amp Management Service Account Services 1D Description Serial Number FHS0010000013418 Registration Date 7 9 2008 TechDocs FGAMS_techdocs Renew On line Add Registration Description Headquarters FAMS a View Support Fortinet Partner Tickets Download l Hear hes Current Support Coverages Firmware Images Note Contract starts in the future may not include in this list Product Registration FAQ Analysis And Management Service 10G5 25M5 7 9 2008 7 9 2009 Technical Forum Fortinet Knowledge Registered Support Contract s Info Center My Profile P 043773663069 FC 10 HO001 117 01 12 Analysis And Management Service 7 9 2008 ag oho 7 9 2008 7 9 2009 Registration Help Product Contract Maintenance Renew Contract Contract Number Logout 6 Select Renew The terms of the contract appear 7 If you agree select Agree A contract term confirmation appears If you do not agree to the terms of the service contract select Don t Agree 8 If your contract details appear to be correct select Complete Registration If you have renewed at an increased
32. al is selected in Revision Number Compared With Select either Select Revision or Specify Revision to have a specific comparison of the two revision configurations or just the selected revision Select Revision Compares with another Revision Number that you choose by selecting from the descriptive list that includes revision numbers times administrators and associated revision comments for each revision Specify Revision Compares with another Revision Number that you choose by typing it Revision Number The revision configuration that you are going to compare the original revision configuration with If you select Select Revision a list of the revision configurations appears with the revision number date and time user associated with that revision and a comment Select one of these revisions If you select Specify Revision enter a number for the revision configuration you want to compare with the original revision configuration 5 To show only configuration lines which differ select Show Different Parts Only If you select Show Different Parts Only configuration lines which differ will be highlighted with color 6 Select OK A new window appears containing each configuration revision in a separate column with changes highlighted e Green highlight added line e Yellow highlight changed line e Red highlight deleted line You can scroll down through the changes or select a double arrow lt lt or gt gt
33. and make it the basis for a new task Select Delete to delete the task Select Edit to edit the information in the task Select Reschedule Task to reschedule the task This section provides detailed information about the configured task such as who created the task and the criteria of the email message search The display name beside the Task Detail and Search Result tabs corresponds to the selected task s name Basic Information This section provides detailed information about the task Description The name of the task Created By The user who configured the task in the format user_name example com Analysis Viewers Create Time Start Time End Time lt Description gt e Discovery The users who have permission to view the task For example if the no admin role was selected the users who have the no admin role as access profile can view it The time the user configured the task in the format yyyy mm dd hh mm ss The time the search began The time the search ended The description of the task that the user entered when configuring the task Search Criteria This section provides detailed information about the search criteria including the attachment name Search Devices The devices that will be searched for the email message There can be multiple devices Date Range Email The time period of the search The information that is contained in the email message such as the su
34. ange Enter a search keyword in the Keywords field The search keyword can be any word in the configuration revision Select Search Configuration revisions containing the keyword appear When you are ready to clear the search results and display the unfiltered list empty the Keywords field and select Search FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Management Device Comparing configuration revisions As you accrue configuration revisions you may want to determine what changed between two revisions This can be useful for troubleshooting a configuration change or for creating scripts Both the FortiGate web based manager and the portal web site provides a diff tool which enables you to view changes either within the context of each whole file or as isolated change lines To compare configuration revisions from within the portal web site Go to Management gt Device gt Revision History Select the Host Name of the device that you want to compare revisions In the Action column in the row corresponding to either one of the revisions that you want to compare select Compare 4 From Compared With select the revision number selection method then select or type the Revision Number Original Revision Enter the number of the original revision configuration This will be the first revision the second revision the one that will be compared to the origin
35. ange the daily volume and quota amounts FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Management Device Basic Information section IP Time Zone Firmware Automatically Upload Config Tasks section Upgrade Firmware Run Script Show Available Firmware Scheduled Task Type Scheduled Time Status Action The internal IP address of the device The time zone associated with that device The current firmware image running on the device The firmware image is displayed in the format v lt firmware_version gt lt build_number gt lt maintenance release number gt The current action the device will take when a configuration is saved NO the device will not automatically upload the configuration YES the device will automatically upload the configuration Select Change to change whether the device will automatically upload a saved configuration or not Upgrade the firmware on the device For more information about upgrading a device s firmware see Changing firmware from the device on page 45 and Changing firmware from the portal web site on page 44 Run a script file For more information about scripts see Creating scripts on page 46 and Running scripts on page 43 Displays all available firmware for the devices For more information see Viewing available firmware images on page 44 The name of the scheduled tas
36. ard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Device Management Release The version numbers of firmware images currently available from the FDN for your authorized devices Releases towards the top of the list are more recent Select the Expand Arrows to expand or hide releases within the major or minor version number Platform The device s model type and number For example a FortiGate 100 device would have a platform code of FGT 100 Build Number The build number of the firmware version and the date and time that the Build Date firmware image was built Changing firmware from the portal web site reset the device to that firmware s default configuration resulting in configuration loss This includes the interface IP addresses as well as HTTP HTTPS SSH and Telnet administrative access For backup procedures see the FortiGate Administration Guide Caution Back up the configuration before downgrading Downgrading the firmware may The Device Detail tab displays each device s current firmware version and any scheduled firmware changes Authorized configured devices periodically poll the service If you have scheduled a firmware change the device will discover the schedule during this poll and apply the firmware at the appointed time Each device must have a valid firmware update license to download firmware For high availability HA clusters this includes all uni
37. asy access to various features There are three main menus Dashboard Management and Analysis These main menus contain tabs and sections to help you view and configure settings RTINET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 12 13 12000 406 20081031 Setup About the portal web site Figure 2 Portal web site layout Management view Expand Arrow v Device Add Device 4 gt Host Name SN Firmware Quota Daily Volume Storage Used RTM Connected Latest Revision Date Time Action FGT5063G06500085 FGT50B3G06500085 V3 0 b730 MR7 5G 2M oG 1 2008 10 17 14 20 Disable Edit SE Revision History FGT50B3G06500085 FGT50B3G06500085 Basic Infomation _ Tasks Upgrade Firmware Run Script Show Available Firmwares 1P 172 20 120 127 Scheduled Task Type Scheduled Time Status Action Tim GMT 04 00 Upgrade firmware to V3 0 b726 MR7 GA Firmware 2008 10 31 17 57 Notified V3 0 b730 MR7 YEs Change ections Refresh Dashboard main The Dashboard main menu provides all features that are related to it menu such as customizing and adding pages You can add widgets to the pages as well Dashboard The Dashboard tab allows you to configure the widgets and their layout You can also make the Dashboard tab the default page Customize The Customize link allows you to configure a new page New page The New page link allows you to add a new page to the Dashboard menu Management T
38. ate connectivity In the FortiGate web based manager go to System gt Maintenance gt FortiGuard Figure 4 The FortiGuard Analysis amp Management Service Options as displayed in the FortiGate web based manager FortiGuard Distribution Network Support Contract Availability Expired 2008 03 13 Renew FortiGuard Subscription Services AntiVirus Expired Renew Q AV Definitions 8 00631 Updated 2008 01 15 via Manual Update Update Extended set 0 00000 Updated 2003 01 01 via Manual Update Intrusion Protection Expired Renew Q IPS Definitions 2 00461 Updated 2008 01 18 via Manual Update Update Web Filtering Expired Renew Q AntiSpam Expired Renew Q Valid License Expires 2009 07 09 5 GB quota 2 MB daily Analysis amp Management Service quota Update 7 gt AntiVirus and IPS Options gt Web Filtering and AntiSpam Options wv Analysis amp Managment Service Options Account ID TechDocs To launch the service portal please click here To configure FortiGuard Analysis Service options please click here To purge logs older than 1 x month s now please click here Expand Arrow FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Setup Configuring a device to use the service 2 Select the Expand Arrow beside Analysis amp Management Service Options to reveal the available options 3 Enter the service account ID in the Account ID field
39. bject line words within the body of the email message and attachment name if applicable Matched Number From To Subject Body Attachment Name The number of matches found that contain some or all of the criteria The sender s email address The receiver s email address The subject line of the email message The words included in the body of the email message The attachment name if applicable Search Results This tab provides all the email messages that were found during the search The tab also shows whether or not the email message contains an attachment Figure 35 Search Results tab with email messages found during the search f __Bashboard_ Management Analysis Log Viewer Log File Browser Report EZ Y Task List New Task t Task Name Description Creating Time Status Result Action user_2 user _2 emails to Headquarters June 2008 09 18 16 user_3_BranchOffice user_2 user_12 Headquarters admin_user user_5 user_4 user_10 user _10 email messages in July and September 2008 10 07 17 36 22 Done 2008 09 18 16 12 00 First 3626 emails found amp fff D IT emails to Branch Office system Error Please Reschedule Or Delete It mi gt user_2 fortinet com emails emails during June to BranchOffice_2 emails from June to August admin_user emails during June user _5 email messages in October ___user_4 emails from June 2008 10 07 1
40. ccount From the Settings menu an Admin user can update the user s email address user name or role but not passwords or security questions The user must update his or her own password and security questions by selecting Edit RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 a Settings RTIMET cs e e Management To add or edit account users Go to Management gt Settings In User Information select either Add User to create a new user or select the Edit icon in the row of the user you want to change Enter the following information User Name Enter or change the name of the user Password Enter or change the password for the user Re type Password Re enter the password to confirm its spelling Email Enter the user s email address Users log in to the portal using their email address Re type Email Re enter the email address to confirm its spelling Role Select one of the following e Admin to provide full access to all features e Non Admin to provide read only access to everything except Edit Profile which is read write e eDiscovery to provide read and write access to only the e Discovery menu Select Submit Note The Edit action does not appear in the row listing the admin user s account User accounts cannot change their own role If you want to edit user profiles see Editing your login profile on page
41. ce settings can result in interrupted connectivity For more information about CLI commands see the FortiGate CLI Reference Viewing available configuration scripts The Script tab displays all configuration scripts that you have uploaded or input and any deployment schedules for each script After entering and uploading the script to the portal web site scripts can then be scheduled for deployment For information on creating scripts see Creating scripts on page 46 To view available configuration scripts go to Management gt Script Figure 23 Scripts Current Page Dashbord _Management Analysis Device TopologyTool Settings Coa of pond tng Name Checkin User Date Time Comments Action allow_report_zip user _1 fortinet com 2008 05 08 14 33 block all zip except report KA delete add user user _2 fortinet com 2008 04 29 14 04 delete then add a local user named script K A Download View Delet Current Page By default the first page of the list of items is displayed The total number of pages appears after the current page number For example if 3 54 appears you are currently viewing page 3 of 54 pages To view pages select the left and right arrows to display the first previous next or last page To view a specific page enter the page number in the field and then press Enter Upload Upload a script file to your computer from the server Input Create a script by typing CLI commands Name Th
42. ces you want associated with the service before you can use the service If you are connecting to the portal web site for the first time you must register your device or devices on the Fortinet Technical Support web site You must also create a trial contract which is available on the portal web site if you have not already purchased a contract from your sales representative After setting up the service you can configure additional devices to connect to the service You do not need to configure other Service Account IDs or additional contracts You only need to e add device serial numbers to the portal web site and authorize the device to use the service configure your devices within their own web based manager to use the Service Account ID This section includes the following topics About the portal web site e Obtaining a trial contract e Configuring a device to use the service e Expanding or renewing service e Required port numbers About the portal web site The service is provided to devices through the Internet and managed through a portal web site The portal web site displays not only customer login fields but also a link that enables you to configure a trial contract There is also a bulleted list of the key features and benefits of the service You can view the site from https fams fortinet com RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 1
43. control MAC address logout timeout Allow configuration Allow the device to receive configuration changes scheduled updates initiated by from the portal web site the management server Allow script updates Allow the device to receive script changes scheduled from the initiated by the portal web site management server Allow firmware Allow the device to be upgraded by the management server upgrades initiated by the management server 6 Select Apply A Note The options for the service in Central Management appear only after you have gt configured the Service Account ID Expanding or renewing service You can expand or renew the service after accessing the portal web site for the first time The Fortinet Technical Support web site allows you to expand or renew the service after a trial contract expires or after you have purchased a full contract RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 19 Expanding or renewing service Setup RTIMET Renewing contracts If you want to extend the service period you can add a renewal contract to the previous contract A Note Contract renewal requires an existing contract If you have not yet added your first A contract add the first contract then add the renewal contract For more information see Obtaining a trial contract on page 14 and Adding purchased contracts on page 21 To add a
44. e information see the Fortinet Knowledge Center article New Daylight Saving Time support In previous firmware releases of the service the feature IP alias was available In FortiGuard Analysis and Management Service 1 2 0 the IP alias is no longer available FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 RTIMET a Log Viewer RTINET Log Viewer Viewing logs Analysis From the Log Viewer tab you can view recent and specific logs on the registered devices There are two types of log viewing options e Recent displays current log messages as they are received by the service Specific provides a method of viewing historical log messages by focusing on specific log types and time frames FortiGate log messages present detailed accounts of an event or activity that occurred on your network These log messages provide valuable information about your network informing you about attacks misuse and abuse The FortiGate Logging in FortiOS 3 0 Technical Note provides detailed information about all log messages and is available from the Fortinet Knowledge Center web site You can search both recent and historical log messages when viewing them in either Recent or Specified by using Type Level or Column Settings From the Log Viewer you can view recent log messages as they are received by the service from a device Recent log messages provide curre
45. e interface IP addresses as well as HTTP HTTPS SSH and Telnet administrative access For back up procedures see the FortiGate Administration Guide In addition to immediately changing a device s firmware from within the portal you can also immediately change the device s firmware by logging in to the device s web based manager Use the portal web site to schedule when to upgrade the device s firmware image For more information see Changing firmware from the portal web site on page 44 Note The option Upgrade from FortiGuard network appears only after the device has validated the service license If you downgrade device firmware to FortiOS 3 0 MR6 or lower support for the service is removed To immediately change firmware In the FortiGate web based manager go to System gt Status In System Information in Firmware Version select Update Select FortiGuard Network in Upgrade From list If you want to downgrade the device s firmware enable Allow firmware downgrade Select the firmware version Select OK A status message appears Downloading firmware from FortiGuard server please wait If you are downgrading the firmware after the image is successfully downloaded another message appears This operation will downgrade the current firmware version Are you sure you want to continue Select OK Scripts allow you to deploy identical configuration items to many devices You can view con
46. e name of a script Checkin User The name ofthe user that created the script either by uploading it from the script list or submitting it from a FortiGate units web based manager Date Time The date and time that the script was created Comments Description or comment that the user may have entered when creating the script by selecting Input Action Select Download to download the script to your computer Select View to view the script You can also edit the script while viewing it Select Delete to remove the script You can also edit scripts while viewing it RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Topology Tool RTINET A Topology Tool Management The Topology Tool tab similar to the Topology tab found on most devices allows you to create and save a diagram of your specific network Multiple network diagrams can also be created and saved on the service s servers which can then be retrieved whenever needed The Topology Tool tab provides all the things you need to create a network diagram such as Fortinet device icons connector lines and text boxes There are also two modes to select from View mode displays the network diagram and Edit mode provides what you need to create a network diagram Note The View Mode Edit Mode button acts as a toggle so that when you are in one mode the text displayed indicates that selecting it w
47. e new FortiGuard Analysis amp Management Service Account ID click Add Registration Services View Products FortiGuard Analysis amp Management Service Account ID Info Renew On line Service Account _ Example_Corp ID oS IST a Creation Date 7 9 2008 a View Support Description Branch Office Tickets Download Virus Attack u t wills FortiGuard Analysis amp Management Services Serial Numbers List Firmware Images Product _ Serial Number Description Package Options Creation Date Registration FAQ FHS0010000013418 Branch Office 10GB 25MB 7 9 2008 Technical Forum Product Contract Maintenance a Fortinet Knowledge Add Contract new FortiGuard Analysis amp Management Center Services serial number will be generated My Profile Contract Number Add a CSS Reference Description Guide Registration Help Logout 5 Select Add The terms of the contract appear If you agree select Agree A contract term confirmation appears If you do not agree to the terms of the service contract select Don t Agree RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 22 13 12000 406 20081031 Setup Required port numbers If your contract details appear to be correct select Complete Registration If you have added a contract for a different service or added a contract with service levels greater than a trial contract you may want to authorize devices to
48. eating tasks for C DISCOVELY ccccceeeeeeceeeeeeeeeeeeeeeeeeeeeeeeeeaeeeeeteeaaeeees 72 FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Contents FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 RTIMET a RTINET e gt Contents FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Introduction About this document Introduction The FortiGuard Analysis and Management Service is a subscription based service that provides remote management and logging and reporting capabilities for all FortiGate units The FortiGuard Analysis and Management Service is available for FortiGate units running FortiOS 3 0 MR6 or higher The subscription based service is available from the FortiGuard Analysis and Management Service portal web site which provides a central location for configuring logging reporting and remote management From the FortiGuard Analysis and Management Service portal web site you can also view subscription contract information such as daily quota and the expiry date of the service This document refers to the FortiGuard Analysis and Management Service as the service a FortiGate unit as device and the FortiGuard Analysis and Management Service portal web site as the portal web site This section introduces you to FortiGuard Analy
49. econnect to the service For more information about connecting to the service see Configuring remote logging and central management on page 17 De authorizing the service on devices You can de authorize the service associated with a device from the Device menu to disable all connection and communication between the device and the service To de authorize a device from using the service Go to Management gt Device In the Device section beside the device that you want select Disable A message similar to the following appears Are you sure to disable device lt fortigate_name gt Select OK FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Management Device Sending manual or automatic configuration revisions The service can receive manual and automatic configuration backups when you change a licensed device s configuration After the service receives the revisions you can view or search them You can also use a configuration revision to restore a device s previous configuration or to create a script Use the procedures in Creating scripts on page 46 and Restoring configuration revisions on page 43 You can manually send a configuration revision to the portal web site in one of the following ways From the FortiGate web based manager select the Backup Configuration button in the upper right corner select to back up to FortiGuard and then selec
50. ed To configure a Network Monitor widget select Add Network Monitor in Add Widgets follow the instructions in the table below and select OK If you want to edit an existing Network Monitor widget select the Edit icon in the widget and then follow the instructions in the table below Select OK to save the changed settings FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Dashboard Configuring the Trap Console Configuring widgets Figure 13 Network Monitor Create Network Monitor Monitor Name Device TPB Polling Interval 60 seconds Monitor s Variable Additional Color Alert profile Threshold of Sessions N A Navy W None vj Charting Options JFill below line graph Monitor Name Enter the name of the network monitor for example Network_Monitor_Headquarters Device Select the device that the information is gathered from Polling Interval Select how often the server will poll the device to receive information in intervals of 60 seconds 2 minutes or 5 minutes Monitor s Select the monitors to include in this widget with the following options to specify what each will contain Variable The type of variable or monitor that is available in the list Additional Selection Depending on the monitor selected you can also select the type of interface for example external Color The color that will appear for that variable You can select a col
51. eeeeeeeaaees 53 Adding editing and removing administrators cc cceeeeeeeeeeteeeeeeeenaees 55 Editing your login profile eee ceeceeeeeecteeeeeeeeceeeeeeeeeaeeeeeeeeaeeeeseeeneeeeeeeeaas 56 Changing your service ACCOUNT ID o oo eeeeeeeeeeeeeceeeeeeeeeeeeeeteeeeeeeeeeeenaeeees 56 Configuring an alert profile eeeeee eee eenee teste tennessee taeeeeeetiaeeeeeread 57 7 Uc en ee a ee ere eee eee 59 L g VIG WOM c5 cos easeceed di asra deste tied feeteanedileven aiiiesveniiievedenideds 60 VIEWING JOQS mares cisczsces pond cadacettaccaudetehdineeete E sdadeddet cendesdeaeane 60 Customizing the log VIEW cccceessenceeeeseeeeeeeeeeeneeeeeeeseeneeeesneeeeeeeeesseeeeeeesees 62 Customizing the log column ViCWS ceeececeeeeeeeeeeeeeeeteeeeeeetteeeeeeetnieeeeeee 62 FilterinQloQs 1 iiieAediveas tet eetder aided aerate eben aetna 63 Log File BrOWS6N 3 icci ccsssccicecdeseccttvessncei teeesstecdieenecced ceedasecditecenecetieessaeertaeuiect ce 65 Deleting log files from the FortiGate web based managet esss110 66 FREDOMS coson ekietns eeieerd sfc heii ee teers De eee 67 Viewing generated report ee eceeeeceeeeeeneeeeeeeeeneeeeeeeenaeeeeeseetaeeeeeeenaaees 67 Deleting Fe PONS eree dieeesbuas heneckesteasedenvay arceuversaaacieue seaceeestay 68 O DISCOVELY wis sectececsssc E E cd siatidestieenniceets 69 Viewing e Discovery tasks cccceceeeeeeeeeeenneeeeeeeeaeeeeeeeeaeeeeseeenaeeeeeeenaees 69 Cr
52. enge that can be used to verify your identity in the event that you forget your password and need to retrieve it Enter an answer for Security Question 1 Enter a second challenge that can be used to verify your identity in the event that you forget your password and need to retrieve it Enter an answer for Security Question 2 Changing your service account ID kh ON 5 The Account Information area includes the Service Account ID and time zone and is displayed the same way for all users and devices connecting to the account The Service Account ID is required for configuring a device to connect to the service For more information see Obtaining a trial contract on page 14 Account Information also includes usage statistics for your service contracts such as the contract s expiration date number of authorized devices and disk quotas For more information see Viewing service account information on page 50 To change the Service Account ID Go to Management gt Settings In Account Information beside Service Account ID select Change Enter the new Service Account ID without special characters or spaces Select Submit A success message appears Select OK Configuring an alert profile You can configure an alert profile within the Settings page Alert profiles provide notification of when a specified threshold has been reached by sending an email message to the specified email address You can add mu
53. ent Report and Web Category Report RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Widgets RTIMET Widgets Dashboard Figure 11 Customized Dashboard page weBashboardas _Management _ analysis _ Dashboard Headquarters My New Page Customize New Page Y Report Browser gt x YE traffic 2 Y E virus Report SOK i FGT 999803031999 Sep 22 01 42 PM Sep 29 01 42 PM FGT 999803031999 Sep 28 01 42 PM Sep 29 01 42 PM Print Office 1_Reports J Delete Protocol Print J Name Suspicious W32 Sesinectrdidr NN 22 625 W32 0eravons ENE 22 399 August 2008 2 tee P 20 tep Mon Tue Wed Thu Fri Sat Sun Sel aaa ake 2s tep iremen M 22 25 1744 24 MB 19 7 iy iin ms E A ws2 Megenieastcws 22 132 eS 12 13 14 15 16 17 o 20 000 40 000 60 000 443 tcp Bs Nad an PRs 22s PB uP 1769 02 MB 20 0 a a 4 Web category ax 2s 26 27 28 29 30 31 FGT 999803031999 Sep 22 01 42 PM Sep 29 01 42 PM a 21 tep Catagory Print Y Gl Resource History S X 1794 78 MB 20 2 opts a Finance Banking FGT 999803031999 fu A 120 udp Advertising 1772 24 MB 20 0 Search Engines a Web based Email vy ires F x Sports FGT 999803031999 Sep 22 01 42 PM Sep 29 01 42 PM Pay to Surf Name fant Business 7347 ES 622 122 13368 344 970 40 000 80 000 120 000 160 000 200 000 240 000 CPU Usage Memory Usage
54. ents Firmware Action 6 2008 10 01 11 18 admin Automatic backup session expired V3 0 b726 MR7 CAE E 5 2008 10 01 10 48 admin Automatic backup session expired V3 0 b728 MR7 EAEk kel 4 2008 09 30 17 36 admin Automatic backup session expired V3 0 b726 MR7 Fao iE 3 2008 09 25 11 31 system Backup request from service portal V3 0 b726 MR7 je ma amp 2 2 2008 09 25 11 31 system Backup request from service portal V3 0 b726 MR7 mae i 2008 09 22 14 04 system Backup request from service portal V3 0 b726 MR7 S Fl l Download Compare elete K Schedule FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Device RTIMET A Start Date End Date Keywords Search Reset Current Page Revision Date Time Administrator Comments Firmware Action Management Select the start date of the time range of configuration files to display Select the end date of the time range of configuration files to display Enter search terms such as CLI keywords then select Search to display specific configuration files Enter search terms then select Search to display specific configuration files Select Reset to clear time range and search constraints on the configuration file view By default the first page of the list of items is displayed The total number of pages appears after the current page number For example if 3 54 appears you are curre
55. es the type of report and specific context Top Level Field Enter the level of information that appears first For example you would select Source from the Top Level list in a Traffic Report to have the source IP addresses display first Second Level Field Enter the level of information that gives details about the top level information You can access this information by selecting the top level information for example a bar in the bar chart Device Select the device from which to gather the information Chart Type Select the type of chart used for displaying the information either a bar chart default or a pie chart Report period Select the period of time when these activities or events happened For example select 24 hours to display the last 24 hours of network traffic If you want to specify a time range select Specify from the list The options From date and To date appear From date The start date and time of the time range Appears only when Specify is selected in Report period Select the calendar to configure a start date and time Select OK after configuring both the date and time FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 RTIMET Configuring widgets RTINET w N Top Color Bar chart only OK Dashboard To date The end date and time of the time range Appears only when Specify is selected in Report period Select the calenda
56. figured scripts from the Script menu For example if all of your devices use identical administrator access profiles you can create the access profile once as a script and then deploy the script to all devices which should use those same settings The Script tab allows you to upload and deploy configuration scripts RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 A a Scripts Management Creating scripts With a plain text editor you can create scripts from backed up configuration files and then upload them as a script Alternatively you can type CLI commands directly into a script in the portal web site The following procedure requires a plain text editor sA Note Configuration files contain CLI commands For descriptions of CLI commands see D the FortiGate CLI Reference To create a script from a configuration file 1 Go to Management gt Device gt Revision History 2 In the revision history list locate the configuration file that you want to use as the basis for your script 3 Select Download and save to your computer On your computer edit the downloaded configuration file within a plain text editor removing the settings that you do not want deployed For example if you want to deploy the script to multiple devices you might remove device specific settings such as host names and interface IP addresses For settings which are a comma or sp
57. g files such as content logs and traffic logs This server is a device that stores log files similar to a FortiAnalyzer unit or Syslog server Reports are automatically provided for each device and can be generated from the Report tab Generated reports are provided as PDF files Reports display the gathered log data in bar and pie graphs within the PDF file Reports help you to e view network usage and patterns to make informed decisions e discover and address vulnerabilities across dispersed device installations minimize the effort required to identify attack patterns when customizing policies to prevent attacks e monitor Internet surfing patterns for compliance with your company policy e identify your web site visitors for potential customers The e Discovery tab allows you to configure a detailed search for specific email messages The e Discovery tab also provides access for third party users who have the e Discovery role profile to view specific email messages and to search for specific email messages This section includes the following topics e Log Viewer e Customizing the log view e Deleting log files from the FortiGate web based manager e Reports e e Discovery Note DST is now extended by four weeks in the United States and Canada and may affect your location It is recommended to verify if your location observes this change since it affects the scope of the report Fortinet has released supporting firmware For mor
58. he Management main menu provides remote management features main menu such as settings and device information Device The Device tab provides information about the devices such as connection status to the service tasks and revision history You can also schedule upgrades for devices and run scripts Script The Script tab allows you to upload input and manage scripts Topology Tool The Topology Tool tab allows you to configure a network diagram of your network Settings The Settings tab provides account and user information and allows you to configure alert profiles Analysis main The Analysis main menu provides logging and reporting features menu Log Viewer The Log Viewer tab allows you to view recent logs that are received in real time as well as historical log files that are stored on the FortiGuard Analysis server Log File Browser The Log File Browser tab allows you to browse through historical log files Report The Report tab provides access to all reports RTIMET e Discovery The e Discovery tab allows you to perform advanced searches of email messages FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 13 Obtaining a trial contract RTIMET Obtaining a trial Setup Section Each tab contains sections which can display a combination of information and links to configure additional settings You can also expand or hide sections using the Expand A
59. ic requirements Select Save Settings to save the customized settings If you want to rename the Dashboard page select the name delete the existing name and then enter the new name To delete the page select the x beside the name FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 RTIMET amp ax Customizing the Dashboard page Dashboard RTINET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 34 13 12000 406 20081031 Management Device Management The Management menu provides remote management features allowing you to upload scripts schedule when to upgrade firmware on a device and view account information This section includes the following topics e Device Scripts e Topology Tool Settings Device The Device tab provides information about devices and allows you to schedule firmware upgrades or run scripts You can also de authorize the service for devices The service can receive and deploy configuration revisions between the service and licensed managed devices thus serving as both an off site backup and a management portal From the portal you can view and search configuration revisions that have been received from your managed devices create scripts from configuration revisions and restore configuration revisions to devices This topic includes the following e Viewing device information e Adding
60. ill switch the display to the other mode For example if you are in Edit mode the text displays View Mode indicating that selecting the button will switch you to the View mode Figure 24 Network diagram in View mode Topology Tool section menus dashboard i _anatvsis_ Device Scipt REISEN setings Y Topology Tool D Diagram NetworkDiagram_1_TechDcos vtx FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Management Topology Tool Figure 25 Network diagram in Edit mode Topology Tool section menus Drawing Tools Common ae oe 1 FGTSOB FGT60 FGTWIF508 da a FGTWFEOB FGTIOOA FGT200A FGT2248 FGT30A FGT400A mS mee FGT500A FGT800 FGT800F Z Show Grid Within the Topology Tool section additional menus allow you to access network diagrams and customize the view These additional menus differ between View mode and Edit mode but you can access them the same way For example to open a saved network diagram go to File gt Open View Mode menus File Contains the following menus e Open e Close View Contains the following menus e Zoom In e Zoom Out e Hide Grid e Edit Mode Help Contains the About menu This displays the firmware version of the Topology Tool Edi
61. k The type of task that will be performed There are three types Config configuration upload Script running a script and Firmware upgrading a firmware image The date and time of when the schedule task will begin The date and time are in the format yyyy mm dd hh mm ss The status of the scheduled task The action you can take to delete or edit a schedule The Delete and Edit icons appear after the schedule task starts Revision History section Adding and editing devices You can add devices to the contract or edit the daily volume and quota for a device Adding devices to a contract is available only if your contract allows it To add a device The Revision History section provides a list of backed up configurations You can also compare configurations to view what changed between revisions For more information see Viewing configuration revisions on page 39 Go to Management gt Device In the Device section select Add Device Enter the appropriate information for the following SN Quota G Daily Volume M Comments Select Submit Enter the serial number of the device Enter the total amount of disk space that the device is allowed to use Enter the amount of disk space that the device is allowed to consume per day RTIMET Enter any comments or descriptions for that device if applicable FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 120
62. ls found B ff Headquarters emails from June to August lt 2008 09 22 19 00 15 System Error Please Reschedule Or Delete It BAI sn ims enis gis 20080925 20 33 59 Sytem Enor Please Restle or Delete SAF Basic Infomation Search Criteria Description Search Devices FGT1002803026144 Created By user_1 fortinet com Date Range From user_1 fortinet com Viewers To CreateTime 2008 09 18 16 10 22 Email From Start Time 2008 09 18 16 11 17 To End Time 2008 09 18 16 12 00 Subject Matched Emails 3626 Body Attachment Name Copy Task Details of the Delete lt Task name gt lt Task Name gt Tack Edit Task Reschedule Tasks Task List This section displays the current tasks You can create tasks by selecting New Tasks Task Name The name of the configured task lt Task Name gt FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Description Creating Time Status Result Action The description given to the task The time the task was created in the format yyyy mm dd hh mm ss The status of the task and if completed the time it was completed The format of the time is yyyy mm dd hh mm ss The results of the search For example if you are searching for a group of specific email messages the Result column would indicate how many email messages contain the specific search criteria Select Copy Task to copy the information in that task
63. ltiple alert profiles from the Alert Profile section in the Settings page To configure an alert profile Go to Management gt Settings In Alert Profile select Create Profile RTIMET Enter the appropriate information for the following FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Q a Settings RTIMET a i Name When lt nn gt occurrences within lt nn_min_hr gt Send to Message Select OK Management Enter a name for the alert profile Select a number from the first list to specify the number of alerts that must occur before an email notification is sent to the specified email address Select a number from the second list to specify when alert notification email will be sent if that number of alerts is reached If you select Specify min you can enter the specific minutes in a third field Enter an email address that will receive the alert profile s notification message Enter a message for the body of the email FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Analysis Analysis In the Analysis menu you can view search and browse through log files of each registered device You can also view and generate reports The Analysis menu also includes the e Discovery tab which allows you to search for email messages The FortiGuard Analysis server can store all lo
64. ne amaaa aoaeiaa 23 Beeler e E A E een rene t rere 25 The Dashboard main MenU ssssssssssrnsnunnununnnnnnnnnnnnnnunnnnnnnnnnnnnnnnnnnnnnnnnnn nnen 25 Aee ee E E E E EA 26 Adding and customizing pageS ssesssessrrnnnnnrnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnna 27 Configuring WidGets ici cciicccdsecicdeeecseehcis cteceescdececuuubldaenueubicieecedvatcds cudecstive ste 27 Configuring the Resource Monitor cecsceeeeeeeseeeeeeeescneeeeeeesaeeeeeeenaees 28 Configuring the Network Monitor ccccceeseeeeeeeeeeeeeeeeeeneeeeeeenaeeeeeeeaaas 29 Configuring the Trap Console ccceeeceeeeeeeeeeeeeeeneeeeeeeenaeeeeeeeenaeeeeeeeeaas 30 Configuring the Report Widgets cccceceeeseeeeeeeneeeeeeeeeenaeeeeeeeenaeeeeeeeaas 31 Customizing the Dashboard Ppage cscccccesssneeeseeeeneeeeeseeneeeensseeeeensneceenenes 34 FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 RTIMET RTINET A Contents Management io ass oan caw dedcntdcextiehavettcccsecdecadeeatneee tteescecetecaceenteniccecece 35 DGVICG oi sii ccees ec ctetetits cece ice EER EEA cc ectesiedictseestee 35 Viewing device information cceecccceeeeseeeeeeeeeeeteeeeeeeenieeeeeeetiaeeeeesenaaees 35 Adding and editing devices 00 0 ec eceeceeeeeeenneeeeeeeeaaeeeeeeeaaeeeeeeenaeeeeeneaaas 37 Authorizing the service ON devices 00 0 ee eeeeeeeeeenteeeeeeeeneeeeeeeenaee
65. net Knowledge Center Comments on Fortinet technical documentation Please send information about any errors or omissions in this document or any Fortinet technical documentation to techdoc fortinet com RTINET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081002 Introduction Customer service and technical support Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly configure easily and operate reliably in your network Please visit the Fortinet Technical Support web site to learn about the technical support services that Fortinet provides RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081002 9 Customer service and technical support Introduction RTINET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 10 13 12000 406 20081002 Setup About the portal web site Setup This section explains how to log in to the portal web site e navigate within the portal web site properly set up the service connect a device to the service This section also explains how to register a purchased contract after a trial contract has expired or if you have purchased the contract from your sales representative without a trial You must configure both the portal web site and the devi
66. nt information about what is happening on your network in real time From the same page you can also view historical log messages by specifying when these log messages occurred For example you can view logs that occurred between July 2 2008 and September 15 2008 To view recent logs go to Analysis gt Log Viewer Recent log messages appear by default in the Log Viewer section To view the most current recent logs select the Refresh icon To view historical logs go to Analysis gt Log Viewer Select the calendar beside Period From and select a start date and time select the other calendar beside Period To and then select an end date and time FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Analysis Log Viewer Figure 27 Viewing recent event log messages Refresh to receive current log messages Column Device i Settings DashBoard Management _ Analysis _ 7 J Log Viewer v ICEA LogFile Browser Repot e Discovery FGT 999803031999 y Type Event Log y Level Information y HE Period Recent Specified Formatted Raw Time Level Action Y SubType Y Type Message 41 2008 09 17 16 48 35 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE admin 44 2008 09 17 16 48 33 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE 2008 09 17
67. ntly viewing page 3 of 54 pages To view pages select the left and right arrows to display the first previous next or last page To view a specific page enter the page number in the field and then press Enter The revision number of the configuration file The date and time that the configuration revision was created The user name of the administrator who created the configuration revision The comment that the administrator entered when creating the configuration revision If the revision was created automatically on a logout or timeout the comment will be Automatic backup session expired The firmware version that the configuration revision was created in Select Download to download a copy of that revision s configuration file Select Compare to examine differences between configuration revisions Select Delete to delete a revision Select Schedule to schedule a time period to upgrade the firmware on the device Searching configuration revisions You can search configuration revisions to find a configuration change that occurred on a device To search a revision Go to Management gt Device gt Revision History From the Device section select the SN of the device to search Select the calendar icon next to the Start Date field and then select the earliest date in your search s date range Select the calendar icon next to the End Date field and then select the latest date in your search s date r
68. numbers required for the service 23 portal web site URL 11 R recent logs viewing 60 remote logging 18 renewing contracts 20 reports deleting reports 69 viewing generated reports 68 required port numbers 23 restoring configuation revisions 43 running scripts 44 S script creating scripts 47 deploy 44 scripts run scripts from portal web site 44 viewing 48 viewing available configuration 48 searching configuration revisions 41 service verifying connectivity 17 service account id changing 57 service account information 53 settings alert profile 57 service account information 57 Index T time daylight savings 18 topology tool creating network diagram 52 viewing network diagram 52 trial contract 14 U user accounts adding 55 removing 55 using the service configuring a device 16 configuring remote logging central management 17 V verifying connectivity 17 vewing service account information 53 viewing configuration revisions 40 configuration scripts 48 device information 35 e Discovery tasks 70 firmware images on portal web site 44 generated reports 68 historical logs 62 recent logs 60 scripts 48 W widgets network monitor 29 reports 31 resource monitor 28 trap console 30 FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 RT MMe www fortinet com SRT MET www fortinet com
69. o change the position of the column in the list Repeat steps 2 and 3 until all columns are re arranged in the order you want Select Submit You can filter log messages by using the filter icon to find specific content when viewing them in the Log Viewer tab Log filters appear for certain columns only The filter setting is disabled by default and displays the filter icon in gray When enabled the filter icon appears green RTINET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Dp w amp Customizing the log view Analysis Figure 30 Filter icons for logs Y 2 Log Viewer v FGT 999803031999 Type Web FilterLog Level Information M Period Recent Specified Formatted Raw Time Level Source Port Source Y Destination Y Hostname Y URL Message Wii Filter icon Filter icon enabled disabled When filtering by source or destination IP you can use the following in the filtering criteria e asingle address 2 2 2 2 an address range using a wild card 1 2 2 e anaddress range 1 2 2 1 1 2 2 100 You can also use a Boolean operator or to indicate mutually exclusive choices e Dedel d Or 2423252 Dadleled Or 2 2526 e 1 1 1 1 or 2 2 2 1 2 2 2 10 To filter logs Go to Analysis gt Log Viewer Select a log type to view log messages from Go to a column in the log type Select the filter icon in that column s heading
70. oad elog_20080922 1217 20081001 1412 log Event Log 2008 09 22 12 17 N A 72 469 Download clog_20080922 1723 20081001 1412 log Content Log 2008 09 22 17 23 N A 2 557 911 Download wlog_20080922 1723 20081001 1412 log Web Filter Log 2008 09 22 17 23 N A 3 232 105 Download alog_20080922 1723 20081001 1412 log Attack Log 2008 09 22 17 23 N A 164 295 Download vlog_20080922 1724 20081001 1412 log AntiVirus Log 2008 09 22 17 24 N A 244 608 Download slog_20080923 1125 20081001 1412 log AntiSpam Log 2008 09 23 11 25 N A 11 340 Download tlog_20080926 0706 20080928 1353 log Traffic Log 2008 09 26 07 06 2008 09 28 13 53 10 194 356 Download tlog_20080928 1353 20080930 2147 log Traffic Log 2008 09 28 13 53 2008 09 30 21 47 10 193 989 Download tlog_20080930 2147 20081001 1412 log Traffic Log 2008 09 30 21 47 N A 2 970 973 Download Walt lofi Wi Current Page Device The device that you are currently viewing log messages from Type The type of log messages you are currently viewing For example if Event Log is selected all event log messages display Period By default Recent appears Recent displays all current log messages Recent Specified that are occurring in real time on the selected device Specified displays all historical log messages When you select Specified the fields From and To appear with calendars Select the calendar to specify the dates to view historical log messages on those dates Log Files The name of the log file you are cur
71. ons To reveal these options select the sign beside the name of the page that you want to configure widgets for Configuring the Resource Monitor The Resource Monitor provides information about how much or how little CPU HDD and Memory resources are being used on the device This widget displays each resource usage such as CPU as a gauge To configure a Resource Monitor widget select Add Resource Monitor in Add Widgets follow the instructions in the table below and select OK If you want to edit an existing Resource Monitor widget select the Edit icon in the widget and then follow the instructions in the table below Select OK to save the changed settings After configuring the Resource Monitor widget you can switch from Current to History Current allows you to view the line chart while History allows you to view the gauges that display the resources being monitored To switch to History select Current beside the Edit icon To switch to Current select History beside the Edit icon RTINET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Configuring widgets RTIMET N Dashboard Figure 12 Resource Monitor Monitor Name Device Polling Interval Create Resource Monitor v 60 seconds Monitor s Variable Color Alert profile J Threshold O _ CPU Usage Navy W None v oO HDD Usage Green v W None a CI Memory Usage Maroon
72. or decreased service level you may want to adjust quota and other settings from the portal web site For more information see Adding and editing devices on page 37 Adding purchased contracts You can continue service beyond the duration of a trial contract period by adding a purchased contract You can also expand the disk space available to your service account by purchasing a contract for a larger amount of space If you have previously obtained a trial contract or entered a purchased service contract you do not need to create separate Service Account IDs for each contract Instead you can add service contracts to your existing Service Account ID If you choose to create an additional Service Account ID its service contracts and portal logins will be separate Devices can use only one Service Account ID at a time sA Note If you have already added your first contract and want to renew it see Renewing Os contracts on page 20 To add a purchased contract to a Service Account ID Go to the Fortinet Technical Support web site and log in Select FortiGuard Analysis amp Management Services from the menu on the left RTIMET Select the Service Account ID to which you want to add the purchased contract FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 21 Expanding or renewing service Setup Figure 9 Locating the Service Account ID View FortiGuard Analysis amp
73. or from either the list or the color block When you select the color block the Color Palette appears select a color and then select OK to apply it to the variable Alert profile Select the alert profile to use for that variable For more information about alert profiles see Configuring an alert profile on page 55 Threshold Enter the threshold maximum number for the variable Add Another Select to add multiple monitors to the list Charting Options Select the check box if you want the line in the graph to fill in below the line OK Select to save the settings current session only Note You must select Customize gt Save Settings from the Dashboard if you want your settings to be saved permanently The Trap Console provides information about SNMP traps The Trap Console provides monitor or alert information helping you to determine what trap you need to monitor RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Configuring widgets RTIMET Dashboard To configure a Trap Console widget select Add Trap Console in Add Widgets follow the instructions in the table below and select OK If you want to edit an existing Trap Console widget select the Edit icon in the widget and then follow the instructions in the table below Select OK to save the changed settings Figure 14 Trap Console Create Trap Console Name w Device l4 Filte
74. ormation about log messages see the FortiGate Log Message Reference Deleting log files from the FortiGate web based manager Reports You may need to delete logs to remove them from a report or to provide additional space on the FortiGuard Analysis server You can delete log files from either the FortiGate web based manager in System gt Maintenance gt FortiGuard or from the portal web site Before deleting logs you should back up log files by downloading them directly from the FortiGuard Analysis server to ensure that the log files remain available if needed Deleting log files from the FortiGate web based manager does not permanently remove them from the FortiGuard Analysis server Log files that are deleted from the FortiGate web based manager will not be included in the report To delete any log files older than n months In the FortiGate web based manager go to System gt Maintenance gt FortiGuard Select the Expand Arrow beside Analysis amp Management Service Options to reveal the available options Select the number of months from the list Select the link To purge logs older than n month s now please click here Select OK Reports provide an easier way for you to understand what is happening on your network without having to search through numerous log messages Reports gather log information and put it into a graphical format providing a quick and easy way to understand what is happening on your network Re
75. ou will switch to Edit Mode To create a network diagram Go to Management gt Topology Tool Select Edit Mode to access the drawing tools Draw the diagram using the available drawing tools and shapes FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Management Settings 4 Select Save to save the network diagram to the service s server You can save the network diagram to either the Private or Shared folders If you save the network diagram to the Private folders it is accessible only to you The Shared folder can be accessed by anyone Viewing a network diagram You can view a network diagram when you are in either Edit mode or View mode When you are in View mode if you open a network diagram you can also edit the network diagram using the various icons and shapes To view a network diagram 1 Go to Management gt Topology Tool If the diagram you want to view is not already displayed select File gt Open In Browse File locate the file and select Open Settings The Settings tab allows you to configure service account information and to define alert profiles contract numbers and users associated with the service This topic includes e Viewing service account information e Adding and editing devices e Editing your login profile e Changing your service account ID e Configuring an alert profile Viewing service account information The Settings tab includes information
76. ports can help you in the following ways e minimize the effort required to identify attack patterns when customizing policies to prevent attacks e monitor Internet surfing patterns for compliance with company policy e identify your web site visitors for potential customers FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Analysis You can access reports on the portal web site either from the Dashboard menu or from Analysis gt Report The FortiGuard Analysis server provides reports for each device and can generate the reports whenever you need them You can save reports to your computer if you want to view them outside of the portal web site Figure 32 Reports __Dashboard_ _Management Anaiysis Log Viewer Log File Browser Report eDiscovery Y Report Browser cs My demo 100 E Delete Explains how to August 2008 2 semen identify the Mon Tue Wed Thu Fri Sat Sun ee generated reports 4 5 6 rA 8 9 10 BE 12 1314 15 16 17 and non 18 19 20 21 22 23 2t generated reports 25 36 27 28 29 30 31 Generated report Report ready to b generated by user No report available for this date Viewing generated reports After a report is automatically configured and generated by the FortiGuard Analysis server you can view that report from the Reports tab The FortiGuard Analysis server configures reports for each registered device FortiGuard Analysis and
77. r WJ Category FortiGate HA traps v fnTrapHaStateChange HA switch 3 Trap a W Filter E Name Enter the name of the trap console for example Device Filter Category Trap Filter OK Trap_Console_Headquarters Select the device or devices that the information is gathered from Use the arrows to move devices over to the right column Select the category of traps to include in the trap console Select the available traps within the selected category You can specify one multiple or all trap filters using the arrows to move the traps to the right column Add all Add all the available traps within the category to the right column Remove all Remove all the available traps within the category back to the left column Select to save the settings current session only Note You must select Customize gt Save Settings from the Dashboard if you want your settings to be saved permanently Configuring the Report widgets The Report widgets provide information that is gathered from logs on devices such as traffic activity viruses and web activity Each report can be displayed either as a bar or pie chart From anywhere in a chart you can drill down to view second level information for that report The seven available report widgets are Traffic Report provides information about network traffic based on traffic logs FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000
78. r Not Registered and the device will not be able to connect to the service To authorize the device see Authorizing the service on devices on page 38 If you have authorized the device from the portal web site but the device is still unable to connect verify that the device s system time and time zone are correct If these are incorrect the SSL connection will fail you must then enter the correct system time and zone on the FortiGate unit For more information see the FortiGate Administration Guide Configuring remote logging and central management After configuring the Service Account ID on the device s web based manager you need to also configure central management and if applicable logging The service provides both central management of the device as well as logging and reporting capabilities The following procedures describe how to enable and configure both remote logging and central management RTINET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 17 Configuring a device to use the service RTIMET Setup To configure remote logging to the service In the FortiGate web based manager go to Log amp Report gt Log Config gt Log Setting Figure 5 FortiGuard logging options in Log Setting Log Settings w Remote Logging None O FortiAnalyzer FortiGuard Analysis Service Account ID Change When log disk is full Overwrite oldest
79. r to configure the end date and time Select OK after configuring both the date and time Enter the top number of entries to be displayed For example select 10 from the list so that only the top 10 events display Select the color of the bars on the bar chart This is available only when bar chart is selected You can select a color from either the list or the color block When you select the color block the Color Palette appears select a color and then select OK to apply it to the variable Select to save the settings current session only Note You must select Customize gt Save Settings from the Dashboard if you want your settings to be saved permanently Figure 16 Traffic Report pie chart displaying the top traffic level by protocol Y G Traffic FGT 999803031999 Protocol 80 tcp 158 14 MB 19 7 443 tcp 160 45 MB 20 0 21 tcp 162 34 MB 20 2 PX Sep 15 06 23 AM Sep 22 06 23 AM Print 25 tep 157 25 MB 19 6 120 udp 162 82 MB 20 3 Figure 17 Traffic Report pie chart displaying second level information for 80 tcp Y Qi Traffic FGT 999803031999 80 tcp gt Destination 172 16 35 99 30 18 MB 19 0 192 168 15 24 31 83 MB 20 1 10 10 5 35 33 35 MB 21 0 PAX Sep 15 06 30 AM Sep 22 06 30 AM Print 172 22 165 5 28 62 MB 18 0 10 15 22 255 34 16 MB 21 6 FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13
80. re remote management by the service In the FortiGate web based manager go to System gt Admin gt Central Management FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Setup Expanding or renewing service Figure 6 Central Management options Central Management Enable Central Management Type FortiManager FortiGuard Management Service Account ID Change Firmware updates and configuration revision control through Management Station are available to subscribers More Info Vi Allow automatic backup of configuration on logout timeout M Allow configuration updates initiated by the management server Scheduled Restore None Allow script updates initiated by the management server Scheduled Restore None Allow firmware upgrades initiated by the management server Scheduled Update None Apply 2 Select the check box beside Enable Central Management 3 From Type select FortiGuard Management Service 4 Select Apply 5 Select any of the following options that you want enabled Allow automatic Automatically upload a new configuration revision to the service backup of when an administrator logs out or the session times out configuration on Most configuration changes cause an automatic backup Exceptions include VPN certificates topology FortiGuard license status host name high availability HA override and priority and network interface media access
81. remove columns This changes what log information appears within Log Viewer For more information see Customizing the log column views on page 61 Period Recent Specified By default Recent appears Recent displays all current log messages that are occurring in real time on the selected device Specified displays all historical log messages When you select Specified the fields From and To appear with calendars Select the calendar to specify the dates to view historical log messages on those dates Formatted Raw By default log messages are displayed in Formatted mode Select Raw mode to view logs as they would appear within the log file without columns Current Page By default the first page of the list of items is displayed The total number of pages displays after the current page number For example if 3 54 appears you are currently viewing page 3 of 54 pages To view pages select the left and right arrows to display the first previous next or last page To view a specific page enter the page number in the field and then press Enter RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Customizing the log view Analysis Figure 28 Viewing historical event log messages Column Settings _DashBoard_ _Management Amasis Log File Browser Repot e Discovery YQ Log Viewer k FGT 999803031999 w Type Event Log iy Le
82. rently viewing This name is in the format lt log_ name gt _yyyymmdd hhmm_yyyymmdd hhmm log For example elog_20080915 1455_20080915 1508 log means that this log file is an event log file and was created on September 15 2008 at 2 55 pm and stopped on the same day at 3 08 pm Log Type The type of log file you are currently viewing From The date that the log file started collecting log messages To The date that the log file stopped collecting log messages Size bytes The size of the log file in bytes Action Download the log type to your management computer You can only view log files if they are downloaded to a computer Current Page By default the first page of the list of items is displayed The total number of pages displays after the current page number For example if 3 54 appears you are currently viewing page 3 of 54 pages To view pages select the left and right arrows to display the first previous next or last page To view a specific page enter the page number in the field and then press Enter RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 kez a Deleting log files from the FortiGate web based manager Analysis RTINET To download a log file Go to Analysis gt Log File Browser In the row containing the file you want to download select Download After the log file downloads to your computer open the log file For more inf
83. rrow For example in the Device tab shown in Figure 2 on page 13 the Tasks section allows you to view the tasks that are occurring or have already occurred as well as to configure an upgrade run scripts or show the firmware available for upgrading the device Help Online help provides help on the various service features and configuration settings Log out Log out logs you out of the portal web site Refresh icon The Refresh icon displayed on many pages allows you to immediately update the page contents contract When you first access the portal web site you can immediately sign up for a trial contract With a trial contract you can familiarize yourself with the features the service provides before committing to a full contract The trial contract lasts 30 days after which you can purchase a full contract from your sales representative After purchasing a full contract use the procedure To add a purchased contract to a Service Account ID on page 21 After creating the service account and login you need to authorize and configure devices to use the service Follow the procedures in Configuring a device to use the service on page 16 Figure 3 Registering for a trial contact Back to Home Page i ForRmGurRRo AnAYss amp MANAGEMENT SERVICE Register New Account Your Account Please create a Service Account ID by entering a unique alphanumeric key below The Service Account ID will be entered into both
84. s and numbers and be up to 20 characters Use an underscore _ or hyphen to separate letters or numbers in the name Select the time zone that the device is in Time measurements such as log time stamps and schedules for changing firmware that may appear for your managed devices in the portal web site are relative to this time zone You will use the information that you enter here to log in to the portal web site Your Name Email Re type Email Password Re type Password Enter the email address for the main administrator which is similar to the default admin administrator on a device This default user for the portal web site is referred to as the admin user Enter the email address that will be used for sending reports to Enter the email address you gave in the Email field Enter a password for logging in to the portal web site Enter the password you gave in the Password field These questions will help to identify you when you need to recover your password You need to make sure the following information is easy to retrieve when you need to recover your password Security Question 1 Your Answer Security Question 2 Your Answer Enter a challenge that can be used to verify your identity in the event you need to retrieve your password Enter the answer for Security Question 1 Enter a second challenge that can be used to verify your identity in the event you need to retrieve your password
85. s before deployment Deploying a configuration script that alters host name IP address or the service settings can result in interrupted connectivity You can run scripts or schedule when a script runs from the Tasks section of the Device menu Scripts allow you to deploy identical configuration items to many devices Scripts are configured from configuration backup files which are then uploaded to the portal web site For more information about scripts and configuring them see Scripts on page 46 To run a script Go to Management gt Device gt Device Detail In the Tasks section select Run Script Enter the appropriate information for the following Scheduled Time Select one of the following GMT lt time_zone gt Time Enter the time period in the field or use the Calendar icon The script will run at the specified time you enter e ASAP Select to immediately run the script after you select Submit Script Select the name of the script you want to run from the list Select Submit Viewing available firmware images When you select the Show Applicable Firmware link in Tasks all available firmware images on the FDN appear This list includes FortiOS 2 80 firmware and patch releases Figure 22 Firmware images including FortiOS 2 80 Available Firmwares Release Platform Build Number Build Date gt MR7 GA gt MR6 P3 gt MR5 P5 b MR4 P4 gt MR3 2 gt MR12 RTIMET FortiGu
86. s name in the widget you are redirected to the FortiGuard Center s Virus Encyclopedia page for that virus which provides additional information about it The following topics are included in this section e The Dashboard main menu e Widgets e Adding and customizing pages e Configuring widgets e Customizing the Dashboard page The Dashboard main menu The Dashboard main menu provides users the flexibility they need to monitor the network and devices Within this menu users can add the widgets they want to view make a specific page the default page or edit existing widgets You can customize the Dashboard page located within the Dashboard tab by editing the existing default widgets or by adding or removing widgets You can also change the widget layout on this page The Dashboard page is the default page that appears when you first access the Dashboard main menu You can add nine pages and customize them with different combinations of widgets You can also delete these pages When customizing the Dashboard page or other pages you can choose from the following widgets e Resource Monitor e Virus Report e Network Monitor e IPS Report e Trap Console e Web Report e Traffic Report e Spam Report Event Report e Report Browser These widgets are similar to those available on the device s web based manager There are five default widgets that appear on the Dashboard page Report Browser Resource Monitor Traffic Report Ev
87. sis and Management Service and the following topics e About this document e Fortinet documentation e Customer service and technical support About this document This document explains how to configure and use the service This document contains the following sections e Setup Describes how to create a service account add a device and its contract to the service account and configure devices to use the service e Dashboard Describes how to add widgets and pages and customize the Dashboard and pages e Management Describes how to view service account information add users and devices and create and run scripts e Analysis Describes how to view and browse logs including viewing reports Document conventions re hes The following document conventions are used in this guide In the examples private IP addresses are used for both private and public IP addresses e Notes and Cautions are used to provide important information Note Highlights useful additional information FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081002 RTINET Fortinet documentation Introduction a Caution Warns you about commands or procedures that could have unexpected or undesirable results including loss of data or damage to equipment Typographic conventions Fortinet documentation uses the following typographical conventions Convention Example
88. st Name SN Firmware Quota Daily Volume Storage Used RTM Connected Last Revision Date Time Action Add a device to the contract The name you entered for your device This name can be unique or it can be the default host name Select the device s host name to view each device s information The serial number of the device The firmware image currently running on the device The firmware image is displayed in the format V lt version_ number gt b lt build_ number gt lt mainentance _ release number gt Example V3 0 b660 MR6 Displays the daily volume and quota that is assigned to the device in the format lt number gt G lt number gt M Example 8G 10M The amount of storage already used by the device The connection status of the device The orange X status indicates that the device has authorized use of the service but is not connected The green check mark indicates that the device is authorized to use the service and is connected to the service The latest revision that occurred The date and time format is lt number incremental gt yyyy mm dd hh mm For example 3 2008 05 13 12 16 means that the latest revision is the third in the list and that it occurred on May 13 2008 at 12 16 Revisions are given an incremental number starting at 1 and increasing as revisions are created Select Disable to de authorize the service to that device or Enable to authorize it Select Edit to ch
89. t Backup From the FortiGate web based manager select System gt Maintenance gt Backup amp Restore select to back up to FortiGuard and then select Backup If you want to automatically send configuration revisions on administrator logout or timeout enable the feature from System gt Admin gt Central Management in the FortiGate web based manager For more information see Configuring a device to use the service on page 16 Viewing configuration revisions Configuration revisions can be viewed from the portal web site or the FortiGate web based manager Configuration revisions will not appear on the portal web site until your devices are configured to send them For more information see Sending manual or automatic configuration revisions on page 39 If automatic backups are configured most configuration changes cause devices to make an automatic backup however there are exceptions which include VPN certificates topology FortiGuard license status host name high availability HA override and priority and network interface media access control MAC address To view configuration revisions on the portal web site go to Management gt Device gt Revision History Figure 21 List of configuration revisions for each device Current Page Device Detail Revision History MES My demo 100 FGT1002803026144 Start Date E End Date E Keywords search Reset Aa ofi Revision Date Time Administrator Comm
90. t Mode menus RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 A Topology Tool RTIMET Management File Contains the following menus e New e Open e Upload e Download e Export e Save e Save as e Close Edit Contains the following menus e Bring to Front e Send to Back e Group e Ungroup e Delete View Contains the following menus e Zoom In e Zoom Out e Hide Grid e Show Mode Help Contains the About menu This displays the firmware version of the Topology Tool In Edit mode many different icons or drawing tools and shapes help you create a network diagram These shapes are available in the Shapes section and are used to show the different Fortinet products that may be incorporated into your network The drawing tools are available below the Topology Tool menus To find out about each drawing tool use your mouse to view each one s tooltip Creating a network diagram You can create a network diagram easily in the Topology Tool tab using the Edit mode In Edit mode you can choose the shapes you want in your diagram such as Fortinet product icons or computers and connector lines as well as many other options Note The Edit Mode View Mode button allows you to switch between the two modes For example if the wording on the button is Edit Mode this indicates that you are using View Mode and that by selecting the control y
91. teeeeeaaes 38 De authorizing the Service ON devices 00 0 2 eeeeeeee scene eeeeeeetteeeeeeeentaeeeeeeenaas 39 Sending manual or automatic configuration revisions 0 ceeeeeeeeee 39 Viewing configuration reviSiONns ccccceeceeeeseeeeeeeeeeseeeeeeeeseeenaeeeeeeeeaeees 40 Searching configuration revisions eccceeeeeeeeeeeeeeeeetteeeeeetteeeeeeetiaeeeeeread 41 Comparing configuration reViSiONS cceceeceeeeeeeeetteeeeeestceeeeeeetttieeeeere 41 Restoring configuration revisions cccceeecseeeeeeeeeeeeeeeeeenaeeeeeeeeneeeeeeeenaes 43 RUNNING SCIPS es E E E ied aviv pasaceenins 44 Viewing available firmware iMaQeS ececeeceeeeenteeeeeenteeeseeentaeeeeeeenaees 44 Changing firmware from the portal web site cc eeeeeeeeeeeeeeeeeeteeeneeeees 45 Changing firmware from the device 00 0 0 eeeeeeeeeeeeeteeeeeeeeeeeeeeeeeeeeeeeeeeeaaeeees 46 MCU DUS ot aei cea rev anna ua cane E e e a EEEE 47 Creating Sepis corrr coe srecaddvavageetcayy E 47 Viewing available configuration scripts cceeeeeeeeeeeeeeeeeeeeeentaeeeeeeenaaes 48 TOPOlOGY ToOl kaanan nRT vadeucenssecdeece ye E A 49 Creating a network diagram e sssessessssessssrsnasrennneaerannaaaennnnaatnananaanenaneaananna 52 Viewing a network diagram sussies ei a 52 LaaLa e E ctcecteneetcdeceiecccecccieesetidecnaeystasseteesstesivenestonsdnneetedacieeests 52 Viewing service account information ccceeseeeeeeeeeeeeneeeeeeeeene
92. the Service Portal and the FortiGate device to link the service with the device Service Account ID Time Zone GMT 12 00 International Date Line West Your Login Your Name Email Re type Email Password Re type Password Your email is also your login ID Questions to Recover Password Security Question 1 Your Answer Security Question 2 Your Answer indicates required fields FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Setup A Note If you have previously logged in to the service portal and want to create another trial contract or enter a purchased contract number you may need to create a second Service Account ID Devices can use only one Service Account ID at a time per contract Instead Obtaining a trial contract add new contracts to your existing Service Account ID For more information see Expanding or renewing service on page 19 To obtain a trial contract Go to https fams fortinet com Select the Sign Up Now link Enter the appropriate information for the following fields Your account Your Login Questions to Recover Password The information you enter in this section will be used to identify the account you associate your devices with and to determine log and report time periods of the devices Service Account ID Time Zone Enter an identification name This name can contain both letter
93. the portal web site on page 44 and Creating scripts on page 46 The Revision History tab allows you to search configuration revisions to find a configuration change that occurred on a device To view device information go to Management gt Device Figure 20 Devices in the Device section of the Device tab _Dashboard_ Management masis erie Script TopologyTool Settings v amp Device Add Device 4 Host Name SN Firmware Quota Daily Volume Storage Used RTM Connected Latest Revision Date Time Action Headquarters FGT1002803026144 V3 0 b726 MR7 10G 25M 0G 6 2008 10 01 11 18 Disable Edit FoT_200 FGT2002803026182 1G 25M 0G Disable Edit Branch Office FGT 999803031999 11G 11M 4G iz Disable Edit Branch_Office2 FGT 602906514031 1G 1M 0G Q Disable Edit FGT_100 FGT1002803026179 Enable Delete FGT_300 FGT300901 0G 0M 0G Q Disable Edit FGT_SOB FGT50B3G06502846 V3 0 b660 MR6 Enable Delete Device Detail MET Revision History Basic Infomation IP 172 16 152 144 Time Zone GMT 07 00 Tasks Upgrade Firmware Run Script Show Available Firmwares Scheduled Task Type Scheduled Time Status Action Run config revision 0 Config 2008 04 28 10 14 Notified Firmware V3 0 b779 Interim 0779 Run script delete add user Script 2008 05 10 11 04 Notified Upgrade firmware to Firmware 2008 06 22 11 03 Notified Automatically YES Change Upload Config Device section Add Device Ho
94. ts in the cluster not just the primary unit You can view your firmware version and schedule a firmware change from the Tasks section of the Device menu You can also immediately change the firmware from the device For more information see Changing firmware from the device on page 45 sA Note Downgrading device firmware to FortiOS 3 0 MR6 or lower removes support for the es service To schedule a firmware change Go to Management gt Device In the Tasks section select Upgrade Firmware Select the Scheduled Time relative to the device s local time zone or select ASAP as soon as possible to change the firmware immediately when the device next polls the service From Firmware select which firmware version to install from the list Select Submit The firmware change scheduled for the device appears in the Device Firmware tab If you have scheduled an immediate change it will take effect as soon as possible when the device next polls the service Time varies by the speed of your connection and the size of the firmware image RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 44 13 12000 406 20081031 Management Scripts Changing firmware from the device Scripts A Caution Back up the configuration before downgrading Downgrading the firmware may reset the device to that firmware s default configuration resulting in data loss This includes th
95. ume currently consumable per day by devices using the service a total of their individual daily quotas User Information This section provides information concerning users and their administration roles You can also add administrators FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Management My Profile Add User User Name Email Role Action Alert Profile Use this section information see Create Profile Name Description Email Actions Settings Display the admin user s profile information such as email address and security questions The admin user is the default user of the service contract and has read and write privileges similar to the admin administrator on a device This user can only edit My Profile the admin user cannot delete his or her own profile Add a portal user login For more information see Adding editing and removing administrators on page 52 The name of the user that has access to the portal web site This is usually the person s first and last name Use the email address of the user to log in to the portal web site The email address used when logging in to the portal The specified role of the user The roles for users are Admin read and write privileges Non Admin read privileges only e Discovery access to only the e Discovery menu Select Delete to remove a user from the list Select Edit to
96. us field but the traffic log contains no AV Status just Status Customizing the display of log columns is available only in Formatted view The following procedures assume that you are currently viewing a log file list in Analysis gt Log Viewer and that you want to customize the view FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Analysis a Rk O N Filtering logs Customizing the log view Figure 29 Column Display Settings window for Event log Column Display Setting Available Fields Display Fields Device Name _ Time E Device ID l Level ID w User Interface Type Action Sub Type Message User a AV Status Reason a a To show or hide columns Select Column Settings A list of columns available for that log type appears Select columns that you want displayed or hidden by doing one of the following e Select a column name in the Available Fields area to add or remove a single column then select a single arrow to move the column to the Display Fields area Select the double arrow to add or remove all columns Select Default to return all columns to their default displayed hidden status Select Submit You can revert to the default column settings by selecting Default To change the order of the columns Select Column Settings A list of columns available for the log type appears Select a column name Select the up or down arrows t
97. use the new service or adjust settings such as quota and configure devices to allow remote logging or central management Continue setup with Management on page 35 Required port numbers The service is provided to authorized devices connecting to the Fortinet Distribution Network FDN through the Internet For successful access to the service all NAT devices and firewalls between the FDN and the devices must permit required protocols and port numbers For more information see the Fortinet Knowledge Center article Traffic Types and TCP UDP Ports used by Fortinet Products RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Required port numbers Setup RTIMET FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 24 13 12000 406 20081031 Dashboard The Dashboard main menu Dashboard The Dashboard main menu allows users to customize what system information they want to monitor such as virus activity and system resources which are displayed as widgets Within this menu users can also add tabs which are referred to as pages These pages contain widgets which you can customize The information provided by the widgets allows users to quickly assess what is occurring on their networks and on the devices For example your Virus Report widget may report that a specific virus has been detected several times When you select the viru
98. used System will overwrite old logs once passed all quota is used 15 2008 09 17 16 48 error add vdom admin event Administrator admin logged in successfully 16 2008 09 17 16 48 40 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE 18 2008 09 17 16 48 40 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE 19 2008 09 17 16 48 40 warning add vdom admin event FortiGuard Analysis Service disk quota is 510 used System will overwrite old logs once passed all quota is used 20 2008 09 17 16 48 39 error add vdom admin event Administrator admin logged in successfully 17 2008 09 17 16 48 40 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE l WO A Customizing the log view The service allows you to customize what columns and log information are displayed when viewing logs providing another way to find specific log information Customizing the log column views RTIMET You can customize log columns to display only the information you want to view You can add remove and change the position of each column from the Column Display Settings window This window appears after you select the Column Settings icon Each Column Display Settings window contains the fields associated with the log file you are currently viewing For example the event log contains the AV Stat
99. vel Information x ME Period Recent From 5 To E Formatted Raw Level Time Action Y SubType Y Type Message Administrator admin logged in successfully 2008 09 17 16 48 44 notice login admin event Administrator admin logged in successfully 2008 09 17 16 48 44 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE 2008 09 17 16 48 44 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE j negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE 2 2008 09 17 16 48 44 warning addvdom admin event 9 2008 09 17 16 48 44 emergency logn admin event FortiGuard Analysis Service disk quota is 510 used System wil overwrite old logs once passed all quota is used 10 2008 09 17 16 48 43 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE i 2008 09 17 16 48 43 notice login admin event FortiGuard Analysis Service disk quota is 510 used System will overwrite old logs once passed all quota is used 12 2008 09 17 16 48 43 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE 13 2008 09 17 16 48 43 notice negotiate ipsec event Initiator sent 192 168 1 51 aggressive mode message 2 DONE 14 2008 09 17 16 48 41 warning login admin event FortiGuard Analysis Service disk quota is 510
100. when the reports were generated before deleting them For example if you specify reports from August 31 to September 22 all reports within this time period are deleted as well If you want to delete one report repeat the time period for example September 22 to September 22 to delete the report that was generated on September 22 To delete a report Go to Analysis gt Report Select the device from the list Select Delete FortiGuard Analysis and Management Service Version 1 2 0 Administration Guide 13 12000 406 20081031 Analysis e Discovery e Discovery Select the dates using the calendars in Delete Reports When selecting dates remember that reports within the time period will be deleted as well For example if you select September 1 to September 5 the reports generated on September 2 3 and 4 will also be deleted Select Submit The e Discovery tab allows third party administrators to search through email messages view what searches are taking place or create new searches These searches are referred to as tasks Users with the e Discovery administrator role can also view these tasks or create new ones The following topics are included in this section e Viewing e Discovery tasks e Creating tasks for e Discovery Viewing e Discovery tasks You can view e Discovery tasks from the Tasks section of e Discovery If users have the e Discovery administrator role this is the only menu that is accessible to them
101. your contract Service The identifier you created during either a trial Account ID contract or when you purchased a contract and used when configuring a device to use the service Time Zone The time zone that you associated with your service account when creating your contract either through the portal web site or the Fortinet Technical Support web site Expiration The date the service contract expires Date Show Display the details of your service contract including Contract the contract serial number Details SN The serial number of the contract you purchased Expiration The date the service contract expires Date Quota The maximum amount of disk space that you can allocate to devices using the service Daily The maximum amount of disk space Volume that a device is using with the service Description The comment you included when registering Max Devices The maximum number of devices licensed to use the service simultaneously under this Service Account ID Enabled The number of devices currently authorized to use the service with the Service Account ID Storage Quota The maximum amount of disk space in gigabytes that you can allocate to devices using the service Allocated The total amount of the devices individual quotas in gigabytes Daily Volume The maximum amount of disk space that a device using the service can consume per day This must be less than or equal to the Quota Allocated The amount of daily vol
102. ysis Creating tasks for e Discovery You can create detailed tasks for both users and third party administrators to view You can also copy an existing task to form the basis of a new task The following procedures describe how to create a task copy a task to use as the basis for a new task and how to delete a task To view the task settings for e Discovery go to Analysis gt e Discovery Select the New Task link complete the tasks described below and select Submit Figure 36 e Discovery task configuration settings New eDiscovery Task Task Name Description Search Archives From All Devices Search Devices FGT50B3G06502846 A a FGT1002803026144 Dp FGT1002803026179 id ra lx User Access Permissions qj Users Viewers E 4 o 5 gW 5 Date Range From Ea To E Email Search Criteria From To Subject Body Attachment Name Note For multiple keywords use comma for AND condition and space for OR condition for example discount price sales indicates required fields Submit L cancel Task Enter a name for the task Description Enter a description for this task Search Archives Select a device or multiple devices The archived email you specify in From this task will be searched on only the selected devices All Devices Displays all the devices that can be searched for archives Select one multiple or all devices using the arrows Search Displays all
Download Pdf Manuals
Related Search