Fortinet, Inc.

1090 Kifer Road | Sunnyvale, CA 94086 | USA

Training Services: 1-866-868-3678 Fax: (613) 225-2951
training@fortinet.com

FortiAnalyzer Administration

Course 211 (for FortiAnalyzer v4.3)



Course Overview

The FortiAnalyzer Administration course provides one day of instructor-led training
(in a public or private on-site class setting) where participants will gain an understanding
of the tasks involved in the administration of a FortiAnalyzer appliance.
Hands-on labs allow students to perform some of the basic tasks associated with the
configuration and troubleshooting of the FortiAnalyzer device, as well as the creation of
reports based on logging information collected on the device.

Course Objectives
Upon completion of this course, students will be able to:
Describe the features of the FortiAnalyzer device.
Register known and unknown devices with the FortiAnalyzer device.
Describe the communication between the FortiAnalyzer and FortiGate devices in
the infrastructure.
View real-time and historical logging information from devices in the
infrastructure.
Create alerts to notify administrators of events occurring on registered devices.
Create reports using the SQL reporting engine.
Enable archiving and file quarantining.
Configure the FortiAnalyzer device logging settings.
Understand and configure different log backup mechanisms.
Define administrative privileges.
Perform a vulnerability assessment on host computers in the infrastructure.
Configure the FortiAnalyzer appliance to analyze network traffic.
Perform diagnostic commands to diagnose and debug system problems.



Fortinet, Inc. 1090 Kifer Road | Sunnyvale, CA 94086 | USA
Training Services: 1-866-868-3678 Fax: (613) 225-2951
training@fortinet.com


Products Used in This Course
FortiAnalyzer, FortiGate and FortiClient


Prerequisites
Completion of the 301 - Secure Network Deployment and IPSec VPN course.
Solid knowledge of the Web Config administrative interface and the Command
Line Interface.
Experience with Fortinet network appliances.


Who Should Attend
This course is intended for administrators responsible for managing FortiAnalyzer
devices and is geared to professionals with a solid knowledge of the concepts involved in
the operation of a FortiGate device.




Fortinet, Inc. 1090 Kifer Road | Sunnyvale, CA 94086 | USA
Training Services: 1-866-868-3678 Fax: (613) 225-2951
training@fortinet.com



Course Topics

Lesson 1 FortiAnalyzer Overview
FortiAnalyzer Features
FortiAnalyzer Appliance Family
Logging and Reporting Workflow

Lesson 2 Configuration and Administration
ForitAnalyzer Setup
Administration Interfaces
FortiAnalyzer Administration
RAID
Backup and Restore
Administration Domains

Lesson 3 Device Registration
Adding a Device
Disk Quota Usage
Adding FortiClient Installations
Adding Generic Syslog Devices
Blocking Devices
Securing Communications




Fortinet, Inc. 1090 Kifer Road | Sunnyvale, CA 94086 | USA
Training Services: 1-866-868-3678 Fax: (613) 225-2951
training@fortinet.com


Lesson 4 Logs and Alerts
Log Messages
Logging Requirements
Log Data Management
Indexed Logs
SQL Logs
Processing Logs
Viewing Logs
Searching Logs
Advanced Search Queries
IPS Packet Logging
Browsing Logs
Backing Up and Restoring Logs
Log Aggregation
Alerts

Lesson 5 Archived and File Quarantine
Enabling Archives
File Quarantine


Lesson 6 Reports
Design Considerations
Generating Reports
Charts
FortiAnalyzer Data Sets
Designing SQL Queries
Report Calendar
Browsing Reports




Fortinet, Inc. 1090 Kifer Road | Sunnyvale, CA 94086 | USA
Training Services: 1-866-868-3678 Fax: (613) 225-2951
training@fortinet.com


Lesson 7 Tools
Vulnerability Assessments
Network Analyzer
File Explorer
Network Sharing



Lesson 8 Diagnostics
Normal Operation
Diagnostic Commands
Disk Health and Usage
Index Failures
Crashlogs
Packet Sniffer
Debugging Applications
Other Diagnostic Commands