Technical Tip: Basic steps for configuration and recommendations about the FortiAnalyzer/FortiManager

Description

This article outlines the minimum requirements, configuration steps, and recommendations for setting up FortiAnalyzer. It also provides links to resources that will assist and guide you through the initial configuration process.

Scope

FortiAnalyzer, FortiManager with FortiAnalyzer features.

Solution

For the VM, consider having the minimum requirements based on the expected load. If it is a FortiManager + FortiAnalyzer feature, consider adding both system requirements when deploying the VM: Minimum system requirements.

Identifying VM type and cloud Scenario:

• Public cloud: In this scenario, the platform must be defined (OCI, IBM, Azure, AWS, GCP, AliCloud). The minimum systems will depend on the instance type supported, shape, generation, etc. See FortiAnalyzer Public Cloud.
• Private cloud: This scenario depends in the VM environment (KVM, Xen, Microsoft Hyper-V, VMware ESXi , Nutanix, etc.). See FortiAnalyzer Private Cloud.
• FortiAnalyzer Cloud: In this scenario, the FortiAnalyzer is integrated with an acquired license for a FortiGate in the support account. See FortiAnalyzer Cloud.
• For further supported virtualization environments, see the release notes of the target version and examine Product Integration and Support -> Virtualization.

Proper licenses to be acquired:

• Registering your FortiAnalyzer-VM 
• Technical Tip: How to configure FortiAnalyzer/FortiManager to use FortiManager as a FortiGuard server and import the contract information without a FortiGuard server (in an internal network without an Internet access: air-gapped network)
• Technical Tip: How to change the IP Address of the FortiManager/FortiAnalyzer VM License file 
• Technical Tip: How to troubleshoot the 'daily logs GB/day limit is exceeded' warning on FortiAnalyzer

Review the following articles concerning space:

• Technical Tip: Archive vs Analytic Logs
• Technical Tip: How to estimate disk space needed for Archive and Analytics logs
• Technical Tip: Extending disk space in FortiAnalyzer-VM/FortiManager-VM
• Technical Tip: Adding/extending additional disk under a KVM/QEMU environment to FortiManager and FortiAnalyzer
• Technical Tip: Log rolling and trimming process and HDD Space Optimization 

RAID on the HW appliances:

• Monitoring RAID status 
• Technical Tip: How to swap Hard Disk on FortiAnalyzer
• Technical Tip: How to restore a physical RAID storage with all logs on FortiAnalyzer

Expand the ADOM space to the new available space or based on the ADOM/s requirements:

• Configuring log storage policy 

About the networking, there are a few available options:

• Configuring network interfaces 

LACP - when more bandwidth is required. Useful for HW appliances:

• Technical Tip: How to setup an aggregated interface (LACP protocol) on FortiManager / FortiAnalyzer

The setting of specific VLAN:

• Technical Tip: Creating a VLAN interface on FortiManager and FortiAnalyzer  

Initial connection to the appliance:

• Connecting to the GUI 

Setup of the network should be based on the Internal rules and practices per environment. Always consider being behind a firewall by allowing only specific subnets/hosts to have access to.

It is possible to use the trusted hosts and local-in rules from the newest versions for better security. If the appliance has public IP be extremely careful:

• Technical Tip: How to create a FortiManager local-in policy via CLI
• Trusted hosts 

The initial setup can be made through the console port of a Hardware or a VM device.

OFTP can be set with a custom certificate:

• Technical Tip: How to setup a custom certificate regarding OFTP protocol  

LDAP, Radius, and SSO examples:

• Technical Tip: LDAP - Configuring Active Directory groups as remote administrators in FortiManager and FortiAnalyzer  
• Technical Tip: Configure RADIUS for authentication and authorization in FortiManager and FortiAnalyzer  
• Technical Tip: SAML SSO - Configuration with Keycloak  
• Technical Tip: SAML SSO – Configuration with Okta 

API calls:

• Technical Tip: API calls to search logs from analytics DB / LogView / in FortiAnalyzer
• Technical Tip: How to get FortiAnalyzer Top Applications/Top Sources data using JSON API 
• Technical Tip: Automating Device Authorization to the Correct ADOM in FortiAnalyzer using API
• Technical Tip: How to monitor FortiGate connectivity via FortiAnalyzer API 

For future upgrades, review the following:

• Technical Tip: Upgrading FortiManager/FortiAnalyzer 

Log forwarding is useful for keeping the logs in another system :

• Technical Tip: How to configure and troubleshoot Log Forwarding on FortiAnalyzer  

Local event logs can be sent to a syslog server also:

• Technical Tip: FortiManager/FortiAnalyzer local event logs setup for the external SYSLOG server  

Keep a scheduled backup of the system:

• Technical Tip: How to send automatic and scheduled system backup configuration

To create a manual one:

• Technical Tip: Backup and restore of FortiAnalyzer settings, logs and reports
• 
  Related article:
  Technical Tip: Admin login from 127.0.0.1