Shulou(Shulou.com)06/01 Report--

About FortiAnalyzer-VM

FortiAnalyzerTM uses dedicated hardware equipment to achieve real-time network logging, analysis and reporting functions for FortiGate and third-party products. A variety of log content such as traffic, events, viruses, * *, Web content, and mail are recorded, archived, filtered, and extracted. It has built-in many types of reports, and users can customize them flexibly. FortiAnalyzer also provides security management functions, such as quarantining files, event correlation analysis, vulnerability assessment, traffic analysis, and auditing of mail, Web, instant messaging, and other transferred file contents.

Use FortiAnalyzer in conjunction with Feita series firewalls to provide more comprehensive log analysis and policy carding functions.

FortiAnalyzer-VM is the virtual machine version provided by Feta, covering server virtualization platforms such as vmware,hyper-v.

Installation and deployment of FortiAnalyzer-VM

Select the appropriate version, this time the FortiAnalyzer-VM for Vmware 5.2.2 version.

Deploy OVF templates

Log in to the vsphere platform using vcenter client, and use the import ovf function, as shown in the following figure

Follow the prompts to configure the deployment of the OVF templates one by one to complete the installation.

Adjust virtual machine hardware

Remove the unnecessary Nic and configure the hard disk and memory appropriately, as shown in the following figure:

(figure: configuring virtual machine hardware)

Description:

1. The virtual machine has 4 network cards by default. In practice, only one network card can be used.

2. The second hard disk is recommended to be configured with more than 500GB to keep logs for a long time.

After editing the virtual machine, it is shown in the following figure:

(figure: virtual machine summary information)

Configure management address

Use the console to enter the virtual machine, enter the account password, the default account admin, the password is empty, as shown below:

(figure: console enters the virtual machine)

In the console, enter:

Config system interface

Edit port1

Set ip 172.31.204.200 255.255.255.0

Complete the configuration of the management address, as shown in the following figure

Web login

Log in to https://172.31.204.200 using the browser, and log in to web to configure the next step. The default account is admin. The password is empty.

(figure: web login interface)

(figure: log in to the main interface)

Configure the network

Configure the network in the system setup, configure the gateways 172.31.204.1 and DNS, as shown in the following figure

(figure: configuring the network)

Change the administrator password

System settings, password modification in administrator

(figure: change the administrator password)

Use with firewall

Add Firewall

Add a firewall to device management

(figure: adding a firewall)

Configure firewall information, etc., as shown in the following figure after successful addition:

(figure: firewall correctly identified)

View firewall status

Log in to the firewall and check the firewall status, which is displayed as FortiAnalyzer on the connection. The details are as follows

(figure: firewall recognizes FortiAnalyzer)

Configure Firewall Lo

Configure firewall log options, configure log and other options, as shown in the following figure

Description:

1) upload logs to the firewall at 00: 59 every day to reduce the pressure on log traffic

2) record all events

3) do not enable syslog to reduce log traffic collection

Record policy traffic

Enable the traffic logging feature of firewall policy, and the recorded traffic log information will be collected into FortiAnalyzer-VM, as shown in the following figure:

(firewall policy enables recording traffic)

Note: policy recording must be enabled to allow traffic to be collected.

FortiAnalyzer-VM uses to view traffic and policy status

View traffic in foritView and analyze policies and traffic. The details are as follows

(figure: view traffic details)

Flow statistics

View traffic statistics in traffic, as shown in the following figure

(figure: query traffic statistics)

View destination address statistics

View vulnerability scan

. View * * Protection

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.