I have query on how licensing works when we configured Fortianalyzer in analyzer and collector mode.
If we have one layer of collector which collects logs and does Archive storage and another layer of Fortianalyzer in analyzer mode which receives logs from collector and then does indexing and stores Analytic logs. In this scenario, what is the perpetual license model to select. If my expected data ingestion is 25GB/day then should I need to buy 25GB/day perpetual license for both collector mode and analyzer mode FA or getting it in one either collector mode or analyzer mode is fine??
Can you please clarify. There is no public Fortinet documentation available on this..
So when a FAZ is in collector mode it's got unlimited GB/day of logs. This means you can purchase the smallest GB/day license (FAZ-VM-GB1) for the collectors.
For the FAZ in analyzer mode you need to license it based on the total GB/day for analytics+archiving, so in your scenario it would be FAZ-VM-GB25 for the analyzer in analyzer mode. In both instances you'll need to get support contract.
Thanks for the update, so the per day data ingestion license of 35GB/day is for analytics + Archiving or just for Analytics?. Because collector does archiving and FA in analyzer mode just does Analytics - Sql indexing etc.. Can you clarify whether total GB/day is for analytics alone??
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.