Technical Tip: How to make multitenancy visible from FortiAnalyzer

By default, Multitenancy is disabled from EMS. However, when EMS has been integrated with FortiAnalyzer, the multitenancy is visible only for global and root.

To ensure the other multitenancy is visible from FortiAnalyzer, follow the steps below:

1. Enable from EMS:

Go to System setting -> Manage multiple sites -> Save.

2. The multitenancy will appear from the top of the EMS bar.
3. To create a multitenancy, go to Global -> Configure Sites -> Add.

4. After adding the multitenancy, enable the logging section ( the attachment showed multitenancy 'Nur1 ') by going to Endpoint Profile -> System Settings -> Log, upload the log to FortiAnalyzer/FortiManager -> Enable, add FortiAnalyzer/FortiManager IP, enable SSL and save.

5. Assign endpoint to the multitenancy

• The endpoint assignment to multitenancy needs to be performed from endpoint
• Go to FortiClient, disconnect from EMS Server, and add the EMS Server IP -> Site Name ( in this case 'Nur1 ').

From FortiClient:

From EMS:

When Multitenancy has been enabled and the endpoint been added to multitenancy, the FortiAnalyzer will appear as below:

From the log view, it is possible to see the traffic of the endpoint and the VDOM they located: