Network analyzer, Describ – Fortinet FortiAnalyzer 3.0 MR7 User Manual

Page 151

Advertising
background image

Network Analyzer

Connecting the FortiAnalyzer unit to analyze network traffic

FortiAnalyzer Version 3.0 MR7 Administration Guide
05-30007-0082-20080908

141

Network Analyzer

Network Analyzer can be used as an enhanced local network traffic sniffer to
diagnose areas of the network where firewall policies may require adjustment, or
where traffic anomalies occur.

Network Analyzer logs all traffic seen by the interface for which it is enabled. If
that network interface is connected to the span port of a switch, observed traffic
will include all traffic sent through the switch by other hosts. You can then locate
traffic which should be blocked, or which contains other anomalies.

All captured traffic information is saved to the FortiAnalyzer hard disk. You can
then display this traffic information directly, search it, or generate reports from it.

This section describes how to enable and view traffic captured by the Network
Analyzer. It also describes Network Analyzer log storage configuration options.

Network Analyzer is not visible in Tools > Network Analyzer until enabled in the
CLI. To enable Network Analyzer, access the CLI and enter the commands:

config log settings

set enable_analyzer yes

end

If you are currently logged in to the web-based manager when enabling or
disabling Network Analyzer, you must log out and then log in again for the menu
changes to take effect.

This section includes the following topics:

Connecting the FortiAnalyzer unit to analyze network traffic

Viewing Network Analyzer log messages

Browsing Network Analyzer log files

Customizing the Network Analyzer log view

Searching the Network Analyzer logs

Rolling and uploading Network Analyzer logs

Connecting the FortiAnalyzer unit to analyze network traffic

You usually first connect the FortiAnalyzer unit to the span (or mirroring) port of an
Ethernet switch to sniff traffic with the FortiAnalyzer unit,. Both the management
and sniffing ports can be connected to the same switch.

Note: Network Analyzer available all FortiAnalzyer units except the FortiAnalyzer-100.

Advertising
See also other documents in the category Fortinet Hardware: