| Description | This article describes how to troubleshoot FortiAnalyzer Threat Map. |
| Scope | |
| Solution |
Section 1.
Check firmware compatibility between FortiGate and FortiAnalyzer.
Section 2.
1) Check whether FortiAnalyzer DNS able to resolve below:
# execute ping mapserver.fortinet.com
2) Check whether FortiGate sending log to FortiAnalyzer.
3) Verify FortiGate Geographic Coordinate had been configured on FortiAnalyzer GUI. Device Manager, select FortiGate, select Edit.
After above, below screen should appear. Verify that coordinates had been configured.
Section 3.
1) In FortiAnalyzer FortiView, it will be possible to see Top Threats.
2) Next, to test the map, execute # diagnose log test on FortiGate CLI
3) Then, it will be possible to see some output on the Threat Map, as below. (As it is real time, you might generate logs from FortiGate CLI using <diag log test> command.)
Threat Map will be visible if:
- There is a device geo location configured, this will draw a device icon in map, also a switch for threat map enable/disable
- utm log with crscore > 0, and either srcip or dstip is public IP (this can locate to city in map), srcip is preferred)
- Threat map only show the new live log, not replay the history log. |
