Welcome to the second lesson of the FortiAnalyzer Getting Started course . Today we will talk about the mechanism of administrative domains on FortiAnalyzer , we will also discuss the process of processing logs - understanding the principles of operation of these mechanisms is necessary for the initial settings of FortiAnalyzer . And after that, we will discuss the layout that we will use during the course, as well as the initial configuration of FortiAnalyzer . The theoretical part, as well as the complete recording of the video lesson, are under the cut.
To begin with, let's talk about administrative domains again. There are several things you need to know about them before you start using them:
- The ability to create administrative domains is enabled and disabled centrally.
- , FortiGate, . , FortiMail, . , FortiGate .
- FortiAnalyzer.
- β Normal Advanced. Normal ( VDOM) FortiGate FortiAnalyzer. Advanced . Advanced . , , Fortinet Getting Started, .
We will consider the creation of administrative domains and the allocation of memory between them a little later as part of the practical part of the lesson.
Now let's talk about the mechanism for recording and processing logs received by FortiAnalyzer.
Logs sent to FortiAnalyzer are compressed and saved to a log file. When this file reaches a certain size, it is overwritten and archived. Such logs are called archived. They are considered offline logs because they cannot be analyzed in real time. They are available for viewing only in raw format. The data storage policy in the administrative domain determines how much such logs will be stored in the device's memory.
At the same time, the logs are indexed in the SQL database. These logs are used to analyze data using the Log View, FortiView and Reports mechanisms. The data storage policy in the administrative domain determines how much such logs will be stored in the device's memory. After these logs are deleted from the device memory, they may remain in the form of archived logs, but this depends on the data storage policy in the administrative domain.
To understand the initial settings, this knowledge is enough for us. Now let's discuss our layout:
On it you can see 6 devices - FortiGate, FortiMail, FortiAnalyzer, domain controller, external user's computer and internal user's computer. FortiGate and FortiMail are needed to generate logs for various Fortinet devices, in order to consider the aspects of working with various administrative domains by example. Internal and external users as well as a domain controller are required to generate different traffic. On the internal user's computer, Windows is installed, and on the external user's computer, Kali Linux.
In this example, FortiMail operates in Server mode, which means it is a separate mail server through which internal and external users can exchange e-mail. The necessary settings, such as MX records, are configured on the domain controller. For an external user, the DNS server is an internal domain controller - this is done using port forwarding (or another Virtual IP technology) on FortiGate.
These settings are not covered in this lesson as they are not relevant to the course topic. The deployment and initial configuration of the FortiAnalyzer appliance will be covered. The rest of the components of the current layout were prepared in advance.
The system requirements for various devices are presented below. This layout works for me on a pre-prepared machine in the VMWare Workstation virtual environment. The characteristics of this machine are also shown below.
| Device | RAM, GB | vCPU | HDD, GB |
| Domain controller | 6 | 3 | 40 |
| Internal user | 4 | 2 | 32 |
| External user | 2 | 2 | 8 |
| FortiGate | 2 | 2 | thirty |
| FortiAnalyzer | 8 | 4 | 80 |
| FortiMail | 2 | 4 | 50 |
| Layout machine | 28 | 19 | 280 |
The video tutorial presents the theoretical material discussed above, as well as the practical part - with the initial configuration of the FortiAnalyzer device. Happy viewing!
In the next lesson, we will take a closer look at the aspects of working with logs. In order not to miss it, subscribe to our Youtube channel .
You can also follow the updates on the following resources:
Vkontakte group
Yandex Zen
Our website
Telegram channel