Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tanr
Valued Contributor II

FortiAnalyzer Threat Map Always Blank

Hi All,

 

We're running a FAZ 5.4.3 getting logs from a couple FortiGates (5.4.5).  This seems to work well, but one thing I've never got to work is the Threat Map.  It's always blank (except for showing the couple FortiGates).  Before hooking the FGT's up to the FAZ the FortiView Threat Map on each FGT worked just fine.

 

Anybody got the FAZ 5.4.3 Threat Map working?  Any suggestions on what to check?

14 REPLIES 14
tanr
Valued Contributor II

Ah, good point.  I'll leave the FAZ threat map and logs up to verify if log entries that match appropriate threats show on the threat map before I dig deeper.

chall_FTNT

I guess you could setup an Event Handler to match the types of logs you'd expect to show up in the threat map. 

 

Not sure whether the alerts would arrive in time or not -- syslog or SNMP trap would be better than e-mail OR just displaying the event listing page on the FAZ.

Chris Hall
Fortinet Technical Support
tanr
Valued Contributor II

I just downloaded some of the EICAR test files, and, voila, they showed up on the threat map!  So I've just been missing them due to the threat map being realtime. 

 

BTW, part of why I didn't figure this out earlier is that the list of threats shown at the bottom of the map doesn't show *any* threats that have happened previous to opening the map page.  I would think it would contain the list of previously logged threats.  You can test this by having the map up, downloading an EICAR test file, then switching to the FAZ to Top Threats and back to the Threat Map.  The list will be empty.

 

Thanks for your help with this.

SamuelRed

chall wrote:

The most common problem is that the coordinates (longtitude & latitude) are not set for the FortiGates.  At the moment, this needs to manually be configured on either FortiGate (CLI) or FortiAnalyzer (in Device Manager).   We are working on a way for that information to be learned and populated automatically in a future release.

 Hi All, sorry I jumping in to this thread...

 

My silly question is: Is Fortigate with fortios 5.2 supported in threat map?

 

really thanks in advanced for your response

best regards

Samuel Red

chall_FTNT

I don't think threat map functionality has any dependencies on FortiOS version -- i.e., it should be supported. 

 

However, I don't think FortiOS 5.2 lets you set the coordinates on the FortiGate end, so you would have to configure this on the FortiAnalyzer end.

 

To set coordinates on the FortiGate end (FortiOS 5.4 & 5.6) config system global set gui-device-latitude {string}   Add the latitude of the location of this FortiGate to position it on the Threat Map. size[19] set gui-device-longitude {string}   Add the longitude of the location of this FortiGate to position it on the Threat Map. size[19]

Chris Hall
Fortinet Technical Support
Top Kudoed Authors