We use both FortiAnalyzer and FortiManager in our organization. Both are extremely valuable in managing our environment. I agree with Mike's assessment for both products.
Awesome Overview of super helpful tools, for me, once you have more than one FortiGates, anyone must definitely go for FMG and FAZ in. Keep those videos coming mate!!! :)
We find FAZ (FortiAnalyzer) a super useful tool from a firewall admin perspective as it's makes trouble shooting so much more efficient. We also have FortiManager but haven't rolled it out yet!
It is really nice to have fortimanager, I hope my company could get one. And waiting for more useful tips about fortiAnalyzer other than reports. Thanks for sharing
Hi Everyone, I'm considering doing the Fortinet FCP certification and noticed on their training/e-learning website that there are several courses, and I'm not sure where to start. Could you please advised on what is the best/recommended order to do them(FortiAnalyzer, FortiManager, FortiGate 7.4 Administrator, FortiAuthenticator 6.5, FortiGate Security 7.2? Should I start with FortiAnalyzer or FortiManager first? Thank you very much in advance. Cheers,
Great info! We are getting Fortigates and FortiAnalyzer this summer, currently Cisco ASA shop. Would be interested in knowing if there is anything we should do on the Fortigates to make the most of FortiAnalyzer. For example naming conventions for zones, objects, etc which would allow us to better take advantage of FortiAnalyzer reports/queries? So thanks for covering this info, very timely for us. Also, thanks for covering switching on a Fortigate in previous video. Having zero experience with Fortinet products, we asked repeatedly if a small Fortigate e.g., 60E could be both a NGFW and switch for a SOHO setting. The consultant/reseller company quoted both a FG and Fortiswitch, which we assumed meant no the FG cannot be a switch. But just to be sure, we Googled for an answer and didn't find anything definitive. Then we searched UA-cam and found a prior video you made on hardware-software switching which not only answered our question, it showed us that you could actually group the interfaces into more than one switch if desired. So THANK YOU!!!
Thanks for the video, Mike. Can you advise on alternate (open-source) options, like Syslog, that we can use instead of getting FortiAnalyser in an environment with 2 or 3 firewalls with a mix of other vendor network devices?
I csn't seem to find the answer anywhere, perhaps you'll know. When you have a fleet of switches that you want managed by a FortiGate, how do they appear in FortiManager? I would like to have them all managed to get the same policy-based L2 security. Will they show in FortiManager if they're anchored to the FortiGate? Do you need licensing for the switches and APs? Thanks!
I upgraded our fortiAnalyser from 5.6 to 6.0. I ran into a problem where the admin logins are not being accepted. Any idea how I can recover the login credentials?
I don't understand what event ID's mean what. For example I want a simple Event alert where if a Router's Heartbeat goes away - then an alert email will be sent. But, how do you set this up? I would like to see an example. Fortinet documentation is terrible..
Hi Mike, I just got my FAZ today and was wondering how to support my clients gates with it. Do I need to have a separate ADOM for each client, or do I just add each fortigate to the FAZ and then run reports?
When you are deploying a bunch of Fortigates (10+) and you want FortiManager to manage them, I assume you get the base WAN config configured then ship to site. My question, do you just enable FMG-Access (and maybe Ping) on WAN interface but nothing else is required for it to register with FortiManager, correct?
If you want alerting and monitoring that is catered to the FortiGate out of the box then sure. Depends on your organization and what their tolerance for lack of security visibility is really.
I've found the manager falls out of config sync with Fortigates very easily without any changes being made in the manager or gates. and it not displaying differences correctly. Has put me off it a bit
@@FortinetGuru No there are 0 changes required to be made after intial deployment. I've logged in a couple of times in read only mode to get some 'monitor' information but thats about it. I very much relate to your comment on hating the manager to begin with. perhaps I havent given it enough time to get to where you are.
I will be the first to tell you that the FortiManager can frustrate me to no end. The more accustomed you get to the nuances of it though, it is pretty powerful.
Is there any reason NOT to have FortiManager manage FortiAnalyzer if you have both? Seems like it makes management simpler by having one logon to manage both. Thank you for the videos by the way, great stuff!
"I don't really use SD-WAN, I like zones". Wait what? That comment made 0 sense to me. Zones are just a way of grouping interfaces and SD-WAN is essentially WAN QOS.
Before 6.4 the sdwan capability was limited and glitchy. The forcing of all member interfaces in a single sdwan interface was a nightmare as well. I used zones to enable failover (using health monitors) while reducing policy counts. (No more internal to wan1 and internal to wan2 etc). I also used them for ipsec concentrating and limiting of policy counts there where necessary. I have started actively using Sdwan in 6.4 because they solved majority of the things that drove me wild about it.
Shame you don't use SD-WAN. it's almost as perfect as the VPN-wizard on FortiManager. As for the whole SD-WAN-concept, it's just a simpler interface for functions you already had.
I don’t in the manger. I have deployments with it. It just isn’t my go to. Just recently moved the home fortigate to sdwan as 6.4 finally has the quality and features I want in sdwan. I won’t move clients to it until a few more bug fixes hit but for the house it will suffice.
@@FortinetGuru The main thing I hate about Fortinet SD-WAN, is that you cannot use "live" ports to create an SD-WAN "port". Most customers don't want, or can't switch ports for new functionality, so you end up with a whole conversion of the config. FortiManager helps with that problem, but, as with anything, not completely.
We use both FortiAnalyzer and FortiManager in our organization. Both are extremely valuable in managing our environment. I agree with Mike's assessment for both products.
Man!! This video is everything that is right in the world, Awesome video
I learned a few things today. Jack wagon was my favorite
As alaways Mike, awesome job. This helped me get a great understanding of how the two products work. No fluff.
Awesome Overview of super helpful tools, for me, once you have more than one FortiGates, anyone must definitely go for FMG and FAZ in. Keep those videos coming mate!!! :)
We find FAZ (FortiAnalyzer) a super useful tool from a firewall admin perspective as it's makes trouble shooting so much more efficient. We also have FortiManager but haven't rolled it out yet!
Both are very powerful.
Make haste! You have revisions, checks before applying, a central place for your licenses, etc...
Thanks you for all
It is really nice to have fortimanager, I hope my company could get one.
And waiting for more useful tips about fortiAnalyzer other than reports.
Thanks for sharing
Thanks for teaching me how to do my job!
Hi Everyone,
I'm considering doing the Fortinet FCP certification and noticed on their training/e-learning website that there are several courses, and I'm not sure where to start.
Could you please advised on what is the best/recommended order to do them(FortiAnalyzer, FortiManager, FortiGate 7.4 Administrator, FortiAuthenticator 6.5, FortiGate Security 7.2?
Should I start with FortiAnalyzer or FortiManager first?
Thank you very much in advance.
Cheers,
Great info! We are getting Fortigates and FortiAnalyzer this summer, currently Cisco ASA shop. Would be interested in knowing if there is anything we should do on the Fortigates to make the most of FortiAnalyzer. For example naming conventions for zones, objects, etc which would allow us to better take advantage of FortiAnalyzer reports/queries? So thanks for covering this info, very timely for us. Also, thanks for covering switching on a Fortigate in previous video. Having zero experience with Fortinet products, we asked repeatedly if a small Fortigate e.g., 60E could be both a NGFW and switch for a SOHO setting. The consultant/reseller company quoted both a FG and Fortiswitch, which we assumed meant no the FG cannot be a switch. But just to be sure, we Googled for an answer and didn't find anything definitive. Then we searched UA-cam and found a prior video you made on hardware-software switching which not only answered our question, it showed us that you could actually group the interfaces into more than one switch if desired. So THANK YOU!!!
It will be very fluid based on your environmental needs etc. I would log anything and everything at first and dial it back based on preference.
Excellent and very helpful video. 👍
Thanks for the video, Mike.
Can you advise on alternate (open-source) options, like Syslog, that we can use instead of getting FortiAnalyser in an environment with 2 or 3 firewalls with a mix of other vendor network devices?
Great Video as always! Can you do a video for Fortimanager CLI templates with variables? Thanks in advance!
Sure thing!
some jackwagon!!!! lol.. never been there before.. good stuff.. ty!!
How to check TLS version on fortianalyzer..is anyone know the command?
I csn't seem to find the answer anywhere, perhaps you'll know. When you have a fleet of switches that you want managed by a FortiGate, how do they appear in FortiManager? I would like to have them all managed to get the same policy-based L2 security. Will they show in FortiManager if they're anchored to the FortiGate? Do you need licensing for the switches and APs? Thanks!
hello how to know upgrade path for fortimanager from 4.0.0 to 6.2.3
TO know the upgrade path you can check the release notes of the version or the upgrade guide for each version.
how to use zero touch bulk provisioning
Thank you Bro, good video really.
Fantastic video, learnt a lot, you mentioned having a video for the event types on FortiAnalyzer, is the video now available?
Do you have video on Fortigate Cloud?
I upgraded our fortiAnalyser from 5.6 to 6.0. I ran into a problem where the admin logins are not being accepted. Any idea how I can recover the login credentials?
I don't understand what event ID's mean what. For example I want a simple Event alert where if a Router's Heartbeat goes away - then an alert email will be sent. But, how do you set this up? I would like to see an example. Fortinet documentation is terrible..
Fortinet documentation will make you want to bash your head in the ground.
@@FortinetGuru yeah I know right lol. Do you know of any good resources that cover setting up alerting in the Fortianalyzer in a concise way?
Can I add ha devices to fortimanager using discovery option ?
Yes you can ..
Hi Mike, I just got my FAZ today and was wondering how to support my clients gates with it. Do I need to have a separate ADOM for each client, or do I just add each fortigate to the FAZ and then run reports?
ADOMs if you want them to have access to it. Otherwise you can group them and schedule reports.
when we can view logs in frotigate what is the use of fortianlayser beside monitoring multiple devices
It is required for security fabric
Did you encounter after an firmware upgrade for Fortigate 50E ,the firewall not to be reachable and to work only after you reset to factory defaults?
Haven’t touched a 50E. Did you follow through proper upgrade steps?
@@FortinetGuru Yes i followed the procedure from Fortinet.
Guru, one of our customer who is using FortiManager and FortiAnalyzer wants detailed report with company logo in it. Can you give me the video.
Yes customizing the reports is possible.
I get Probe Failed on every device I try to add, I can ping both ways and everything is wide open????
make sure you have the FGFM protocol enabled on the interfaces that the FMG traffic comes in on
Another nice tutorial.
if fortimanger is removed from fortigate do we loose all config on fortigate done via fortimager?
No
When you are deploying a bunch of Fortigates (10+) and you want FortiManager to manage them, I assume you get the base WAN config configured then ship to site. My question, do you just enable FMG-Access (and maybe Ping) on WAN interface but nothing else is required for it to register with FortiManager, correct?
They have zero touch provisioning and more. I will do some videos about them.
@@FortinetGuru zero touch would only work with sites with DHCP WAN interfaces though right?
Would you recommend FortiAnalyzer if you only have a pair of fortigates?
If you want alerting and monitoring that is catered to the FortiGate out of the box then sure. Depends on your organization and what their tolerance for lack of security visibility is really.
Fortinets Cloud stuff still needs a lot of work. The on prem versions are much more powerful.
I prefer forti siem as it has everything you can do with analyzer plus much much more
I've jumped head first into Full splunk deployments for my larger clients.
Why not create udemy courses?
To do that, I would have to know what it is. Guess I will check it out
Thanks!
No problem!
I've found the manager falls out of config sync with Fortigates very easily without any changes being made in the manager or gates. and it not displaying differences correctly. Has put me off it a bit
Are the FortiGates synchronizing regularly? Anyone making changes on the devices locally?
@@FortinetGuru No there are 0 changes required to be made after intial deployment.
I've logged in a couple of times in read only mode to get some 'monitor' information but thats about it.
I very much relate to your comment on hating the manager to begin with. perhaps I havent given it enough time to get to where you are.
I will be the first to tell you that the FortiManager can frustrate me to no end. The more accustomed you get to the nuances of it though, it is pretty powerful.
Is there any reason NOT to have FortiManager manage FortiAnalyzer if you have both? Seems like it makes management simpler by having one logon to manage both. Thank you for the videos by the way, great stuff!
It is convenient. I have experienced some bugs in earlier versions of code that made the management wonky. It is better now though.
"I don't really use SD-WAN, I like zones". Wait what? That comment made 0 sense to me. Zones are just a way of grouping interfaces and SD-WAN is essentially WAN QOS.
Before 6.4 the sdwan capability was limited and glitchy. The forcing of all member interfaces in a single sdwan interface was a nightmare as well.
I used zones to enable failover (using health monitors) while reducing policy counts. (No more internal to wan1 and internal to wan2 etc).
I also used them for ipsec concentrating and limiting of policy counts there where necessary.
I have started actively using Sdwan in 6.4 because they solved majority of the things that drove me wild about it.
Shame you don't use SD-WAN. it's almost as perfect as the VPN-wizard on FortiManager. As for the whole SD-WAN-concept, it's just a simpler interface for functions you already had.
I don’t in the manger. I have deployments with it. It just isn’t my go to. Just recently moved the home fortigate to sdwan as 6.4 finally has the quality and features I want in sdwan. I won’t move clients to it until a few more bug fixes hit but for the house it will suffice.
@@FortinetGuru The main thing I hate about Fortinet SD-WAN, is that you cannot use "live" ports to create an SD-WAN "port". Most customers don't want, or can't switch ports for new functionality, so you end up with a whole conversion of the config. FortiManager helps with that problem, but, as with anything, not completely.