Skip to main content
ggntt
ggntt
New Member
September 30, 2014
Question

Fortianalyzer - Multi tenants

  • September 30, 2014
  • 9 replies
  • 14117 views
Hi there Is it possible to setup the Fortianalyzer for multiple tenants ? Any information/advice on how to do this ? thanks ggntt

    9 replies

    Christopher_McMullan
    Staff
    Christopher_McMullan
    Staff
    September 30, 2014
    If you enable ADOM mode, then you can use the Standard User administrative profile template to only allow access to specific ADOMs. That would allow tenant access to the FAZ without granting access to global settings or other ADOMs.
    ggntt
    ggnttAuthor
    New Member
    September 30, 2014
    Hi Chris Thanks for that. We enabled the ADOM mode, but its still not clear how to create multiple profiles to access devices specific to the users Any additional info would be great, ggntt
    neonbit
    neonbit
    New Member
    October 1, 2014
    As an example, if you wanted to create an ADOM for customer1 that would allow them to login to the FortiAnalyzer and create/run their own reports and have read access to FortiView you would do the following three steps: 1. Create customer1 ADOM, and put the customer1-firewall into the ADOM Goto System Settings > All ADOMS and click ' Create New' Enter customer1 for the name and move the customer1-fgt to the right hand side. Click ' Ok' to save
    neonbit
    neonbit
    New Member
    October 1, 2014
    2. Create customer1 administrator profile Goto System Settings > Admin > Profile and click " Create New' Enter customer1-profile for the name and select read-write/read access for this specific customer Click ' Ok' to save
    neonbit
    neonbit
    New Member
    October 1, 2014
    3. Create customer1-admin login Goto System Settings > Admin > Administrator and click ' Create New' Enter customer1-admin for the name, and select the login type (if local, enter their password) Change Administrative Domain to ' Specify' Select customer1 for the ADOM Click ' Ok' to save Now when customer1 logs in with their ' customer1-admin' credentials, they will only be able to see the reports and FortiView for their own firewall. p.s: Sorry for the three posts.. I couldn' t' figure out howto embed three pictures in the one post.
    ggntt
    ggnttAuthor
    New Member
    October 1, 2014
    Thank you so much for your replies I appreciate the screen shots. I am currently on the trial version. Unfortunately there is no ADOM option like there is on yours. Very strange Please see attached
    ggntt
    ggnttAuthor
    New Member
    October 1, 2014
    neonbit I figured that out, had to enable administrative domain from the system information widget on the dashboard. Now trying to get a remote FG to communicate with the analazyer. The FAZ is behind our own FG FW. But I saw where you can set a token, looks like they might create their own tunnel ?
    jpborg
    jpborg
    New Member
    October 14, 2024

    Hello,

    Did you manage to get the FAZ behind your FortiGate firewall to communicate with a remote FortiGate? I am currently looking for a solution to this.

    Mark_Oakton
    Mark_Oakton
    New Member
    October 15, 2014
    how do the adoms differentiate different client firewalls if the management ip is the same ?
    Christopher_McMullan
    Staff
    Christopher_McMullan
    Staff
    October 16, 2014
    You could always try changing the source IP: config log fortianalyzer setting set source-ip w.x.y.z end
    neonbit
    neonbit
    New Member
    October 17, 2014
    *edit* sorry misunderstood Mark' s initial post
    Terms & ConditionsAccessibility statement