FortiAnalyzer ADOMs Question

Forum|Forum|3 years ago
January 3, 2023
1 reply
909 views

Is it generally best practice to separate firewalls into ADOMs within FAZ?

I've been doing some research but have been getting mixed results. In FMG, it makes sense to separate firewalls by firmware version or by client; however, within FAZ, is there any downside of having a single ADOM for all firewalls? It would make global reporting possible (ie. quickly running a report to determine all firewall firmware versions). As far as I'm aware, reports could still be narrowed down to select firewalls.

I've also heard that licensing for FAZ may shift to include an ADOM-limit on top of the daily log rate. This has me a bit concerned because I have quite a few ADOMs per clients with only one or two firewalls each.

FortiAnalyzer

Jorosco

Staff

Yes, it is, please check the following link Best Practices | FortiAnalyzer 7.2.0 | Fortinet Documentation Library

ADOMs in FortiAnalyzer can be used to separate devices/administration and also to define how long the information will be stored and how much disk space will be asigned. In other words, the ADOM enables you to assign a "Disk Quota" to the devices registered in that ADOM.

If your devices have a mix of high-volume and low-volume log rates, put high-volume log rate devices in one ADOM and low-volume log rate devices in another ADOM. This helps prevent quota enforcement from adversely affecting the low-volume log devices.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded