Question
FortiGate to FortiAnalyzer: OFTP protocol
As per my understanding FGT & FAZ uses TCP port 514 & UDP 514 in log communication.
TCP port 514 used in RSH protocol to execute remote shell commands in FGT to get information also it is not secured compared to SSH protocol. so to understand how Fortinet securing the communication over internet using this protocol ?
- What is the recommended setup to establish a communication between FGT & FAZ? Whether it is over internet or using only SD-WAN?
- If FAZ using both TCP/UDP 514 (OFTP & Log communication streams) to communicate with FGT then will it form TLS/DTLS connectivity between FortiGate & FortiAnalyzer?
- TCP 514 is for Remote Shell (RSH)protocol & it is not secure communication, so what is the difference in using this same TCP 514 port in Fortinet and how it is secure over internet?
- What is the difference in RSH & OFTP protocol in Fortinet? Since TCP 514 is used for RSH then why Fortinet mentioning this is OFTP?
- If we enable reliable option in FGT then both log and OFTP communication use TCP 514? Is this recommended to enable always?
- What information is sending through OFTP protocol? Since we have a log communication stream to send logs to FGT.
- As per my understanding, between FGT & FAZ it is using both RSH and SSH protocol to fetch information.
- When FGT & FAZ in same LAN/network it is using SSH
- When FGT & FAZ not in same LAN then using RSH
- How FAZ is deciding to use RSH & SSH to contact FGT