Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ggntt
Contributor

Fortianalyzer - Multi tenants

Hi there Is it possible to setup the Fortianalyzer for multiple tenants ? Any information/advice on how to do this ? thanks ggntt
11 REPLIES 11
Christopher_McMullan

If you enable ADOM mode, then you can use the Standard User administrative profile template to only allow access to specific ADOMs. That would allow tenant access to the FAZ without granting access to global settings or other ADOMs.

Regards, Chris McMullan Fortinet Ottawa

ggntt
Contributor

Hi Chris Thanks for that. We enabled the ADOM mode, but its still not clear how to create multiple profiles to access devices specific to the users Any additional info would be great, ggntt
neonbit
Valued Contributor

As an example, if you wanted to create an ADOM for customer1 that would allow them to login to the FortiAnalyzer and create/run their own reports and have read access to FortiView you would do the following three steps: 1. Create customer1 ADOM, and put the customer1-firewall into the ADOM Goto System Settings > All ADOMS and click ' Create New' Enter customer1 for the name and move the customer1-fgt to the right hand side. Click ' Ok' to save
neonbit
Valued Contributor

2. Create customer1 administrator profile Goto System Settings > Admin > Profile and click " Create New' Enter customer1-profile for the name and select read-write/read access for this specific customer Click ' Ok' to save
neonbit
Valued Contributor

3. Create customer1-admin login Goto System Settings > Admin > Administrator and click ' Create New' Enter customer1-admin for the name, and select the login type (if local, enter their password) Change Administrative Domain to ' Specify' Select customer1 for the ADOM Click ' Ok' to save Now when customer1 logs in with their ' customer1-admin' credentials, they will only be able to see the reports and FortiView for their own firewall. p.s: Sorry for the three posts.. I couldn' t' figure out howto embed three pictures in the one post.
ggntt
Contributor

Thank you so much for your replies I appreciate the screen shots. I am currently on the trial version. Unfortunately there is no ADOM option like there is on yours. Very strange Please see attached
ggntt
Contributor

neonbit I figured that out, had to enable administrative domain from the system information widget on the dashboard. Now trying to get a remote FG to communicate with the analazyer. The FAZ is behind our own FG FW. But I saw where you can set a token, looks like they might create their own tunnel ?
jpborg
New Contributor

Hello,

Did you manage to get the FAZ behind your FortiGate firewall to communicate with a remote FortiGate? I am currently looking for a solution to this.

Mark_Oakton
Contributor

how do the adoms differentiate different client firewalls if the management ip is the same ?
Infosec Partners
Infosec Partners
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors