Skip to main content
tanr
tanr
New Member
September 29, 2017
Question

FortiAnalyzer Threat Map Always Blank

  • September 29, 2017
  • 1 reply
  • 31895 views

Hi All,

 

We're running a FAZ 5.4.3 getting logs from a couple FortiGates (5.4.5).  This seems to work well, but one thing I've never got to work is the Threat Map.  It's always blank (except for showing the couple FortiGates).  Before hooking the FGT's up to the FAZ the FortiView Threat Map on each FGT worked just fine.

 

Anybody got the FAZ 5.4.3 Threat Map working?  Any suggestions on what to check?

1 reply

chall_FTNT
Staff
chall_FTNT
Staff
September 29, 2017

The most common problem is that the coordinates (longtitude & latitude) are not set for the FortiGates.  At the moment, this needs to manually be configured on either FortiGate (CLI) or FortiAnalyzer (in Device Manager).   We are working on a way for that information to be learned and populated automatically in a future release.

tanr
tanrAuthor
New Member
September 29, 2017

Thanks, but I had already set the coordinates on the FAZ. 

Just in case, I set the FGT's longitude and latitude to match with:

 

config sys global

  set gui-latitude

  set gui-longitude

 

I still get a Thread Map without any activity on it, even though the the threats log shows multiple entries.

 

Any other thoughts?  I would hope the FAZ doesn't need the FGT's admin username and password for this.

 

chall_FTNT
Staff
chall_FTNT
Staff
September 29, 2017

You need utm logs with a crscore entry.  And both srcip & dstip cannot both be private IP addresses.

If those conditions are being met, then it is possible that the public IPs in question don't have a match in the geo-ip database loaded on the FAZ.

Terms & ConditionsCookie settingsAccessibility statement