We connected a FortiAnalyzer to perform traffic analysis.
Scenario:
FA port 1 is the management port, connected to the HP ProCurve in VLAN 1.
FA port 2 is the traffic collection port, connected to the same ProCurve on port 26.
ProCurve ports 21 and 22 are configured as VLAN 2.
The inside port of the router is connected to port 21.
The WAN1 port of the FG is connected to port 22.
configure the ProCurve:
conf t
no ip routing
mirror-port 26
vlan 2
name "external"
untagged 21-22
ip address
exit
int 21
monitor
exit
int 22
monitor
exit
write mem
Then enable Network Analyzer on the FortiAnalyzer and set Port2 as the mirror port:
config log settings
set analyzer enable
set analyzer-gui enable
set analyzer-quota 10240
set analyzer-interface "port2"
end
(Logoff the GUI and logon to see Network Analyzer under the 'Tools' menu.)
Configure the Fortigate to log to the FortiAnalyzer
config log fortianalyzer setting
set status enable
set server 192.168.1.99
end
Start the monitor from the FortiAnalyzer
Tools -> Network Analyzer -> Real-Time -> Start
The easy part is done. Now *you* have to figure out what to make out of the logs ;o)
No comments:
Post a Comment