We're running a FAZ 5.4.3 getting logs from a couple FortiGates (5.4.5). This seems to work well, but one thing I've never got to work is the Threat Map. It's always blank (except for showing the couple FortiGates). Before hooking the FGT's up to the FAZ the FortiView Threat Map on each FGT worked just fine.
Anybody got the FAZ 5.4.3 Threat Map working? Any suggestions on what to check?
The most common problem is that the coordinates (longtitude & latitude) are not set for the FortiGates. At the moment, this needs to manually be configured on either FortiGate (CLI) or FortiAnalyzer (in Device Manager). We are working on a way for that information to be learned and populated automatically in a future release.
But 184.108.40.206 is indeed in the city level database as well:
Result: GeoIP City Edition, Rev 1: BR, 27, Sao Paulo, Santa Barbara D'oeste, N/A, -22.755699, -47.414700, 0, 0
So the database is not the issue.
Something else to consider (assuming that you do have matching UTM logs & not just traffic logs) is that unlike the threat map in a FortiGate GUI which goes back 1 hour, the FAZ shows threats in relative realtime (not the last hour).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.