Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
vraev
Staff
Staff

Created on ‎02-03-2025 03:29 AM Edited on ‎03-02-2025 06:09 AM By Community Manager

Article Id 374285

Technical Tip: Basic steps for configuration and recommendations about the FortiAnalyzer/FortiManager

Description

 

This article outlines the minimum requirements, configuration steps, and recommendations for setting up FortiAnalyzer. It also provides links to resources that will assist and guide you through the initial configuration process.

 

Scope

 

FortiAnalyzer, FortiManager with FortiAnalyzer features.

 

Solution

 

For the VM, consider having the minimum requirements based on the expected load. If it is a FortiManager + FortiAnalyzer feature, consider adding both system requirements when deploying the VM: Minimum system requirements.

 

Identifying VM type and cloud Scenario:

  • Public cloud: In this scenario, the platform must be defined (OCI, IBM, Azure, AWS, GCP, AliCloud). The minimum systems will depend on the instance type supported, shape, generation, etc. See FortiAnalyzer Public Cloud.
  • Private cloud: This scenario depends in the VM environment (KVM, Xen, Microsoft Hyper-V, VMware ESXi , Nutanix, etc.). See FortiAnalyzer Private Cloud.
  • FortiAnalyzer Cloud: In this scenario, the FortiAnalyzer is integrated with an acquired license for a FortiGate in the support account. See FortiAnalyzer Cloud.
  • For further supported virtualization environments, see the release notes of the target version and examine Product Integration and Support -> Virtualization.

 

Proper licenses to be acquired:

 

Review the following articles concerning space:

 

RAID on the HW appliances:

 

Expand the ADOM space to the new available space or based on the ADOM/s requirements:

 

About the networking, there are a few available options:

 

LACP - when more bandwidth is required. Useful for HW appliances:

 

The setting of specific VLAN:

 

Initial connection to the appliance:

 

Setup of the network should be based on the Internal rules and practices per environment. Always consider being behind a firewall by allowing only specific subnets/hosts to have access to.


It is possible to use the trusted hosts and local-in rules from the newest versions for better security. If the appliance has public IP be extremely careful:

 

The initial setup can be made through the console port of a Hardware or a VM device.

 

OFTP can be set with a custom certificate:

 

LDAP, Radius, and SSO examples:

 

API calls:

 

For future upgrades, review the following:

 

Log forwarding is useful for keeping the logs in another system :

 

Local event logs can be sent to a syslog server also:

 

Keep a scheduled backup of the system:

 

To create a manual one:

3719
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.