FortiAnalyzer Ordering Guide: A Comprehensive Plan
This guide streamlines FortiAnalyzer procurement‚ covering licensing‚ sizing‚ and cloud options. It aids in aligning your security infrastructure with optimal log management and retention strategies.
FortiAnalyzer is a centralized log management and reporting solution designed to enhance the visibility and control of your Fortinet Security Fabric. It collects‚ analyzes‚ and presents log data from FortiGate firewalls‚ FortiWiFi wireless security appliances‚ and other Fortinet products‚ as well as third-party devices.
Effective deployment begins with understanding its core capabilities. FortiAnalyzer provides real-time monitoring‚ historical analysis‚ and compliance reporting. This guide focuses on navigating the ordering process‚ ensuring you select the appropriate licensing‚ hardware‚ or cloud options to meet your organization’s specific needs. Proper sizing‚ based on log volume and retention requirements‚ is crucial for optimal performance and cost-effectiveness.
Understanding FortiAnalyzer Licensing
FortiAnalyzer licensing operates on two primary models: perpetual and subscription. Perpetual licenses grant indefinite usage rights with optional FortiCare support for updates and assistance. Subscription licenses provide access to the latest features and FortiGuard security services for a defined term‚ typically one to five years.
Licensing is often tied to the number of FortiGates or Fabric members reporting to the FortiAnalyzer. Understanding these models is vital for accurate budgeting and long-term cost management. Additional licenses may be required for specific features‚ such as advanced reporting or integration with FortiSOAR. Careful consideration of your organization’s growth and security requirements is essential when selecting a licensing option.
FortiAnalyzer Perpetual Licenses
FortiAnalyzer perpetual licenses offer a one-time purchase granting indefinite use of the software. These licenses typically do not include ongoing FortiGuard security updates or FortiCare support‚ which are available as separate purchases. This model suits organizations preferring upfront capital expenditure and potentially utilizing third-party support options.
Perpetual licenses are often tiered based on the Logs Per Second (LPS) capacity they support. Selecting the appropriate tier is crucial to accommodate current and future log volume. While offering long-term ownership‚ remember that feature enhancements and security updates require separate purchases‚ potentially increasing the total cost of ownership over time.
FortiAnalyzer Subscription Licenses
FortiAnalyzer subscription licenses provide access to the software for a defined period – typically one‚ three‚ or five years. These licenses include ongoing FortiGuard security updates and FortiCare support‚ ensuring your system remains protected against the latest threats and benefits from continuous improvements. This OpEx model offers predictable budgeting and access to the latest features.
Subscription tiers‚ like perpetual licenses‚ are based on Logs Per Second (LPS) capacity. Subscriptions offer flexibility‚ allowing organizations to scale their capacity as needed. Choosing a subscription simplifies management and ensures consistent security posture‚ making it a popular choice for organizations prioritizing ongoing protection and support.
Key Ordering Considerations: Log Volume & Retention
Accurate FortiAnalyzer sizing hinges on understanding your organization’s log volume and retention requirements. Log volume‚ measured in Logs Per Second (LPS)‚ dictates the necessary processing power. Retention period – how long logs are stored – directly impacts storage capacity needs. These factors are intertwined; longer retention demands more storage and potentially higher LPS processing.
Consider all log sources: FortiGate firewalls‚ FortiWiFi appliances‚ and other security devices. Estimate peak LPS‚ not just average‚ to avoid performance bottlenecks. Regulatory compliance often dictates minimum retention periods. Carefully assess these needs to select the appropriate FortiAnalyzer model and licensing tier‚ optimizing both cost and functionality.
Determining Logs Per Second (LPS) Requirements
Calculating LPS is crucial for proper FortiAnalyzer sizing. Begin by identifying all log sources feeding into the system – firewalls‚ VPNs‚ applications‚ and more. Analyze current log data to establish a baseline LPS. Don’t rely solely on averages; account for peak traffic periods and potential future growth.
Fortinet recommends considering a buffer for unexpected spikes. Utilize FortiGate’s logging features to monitor LPS over time. Tools and scripts can automate this process. Remember that different log types (traffic‚ security events‚ system logs) have varying sizes‚ impacting storage. Accurate LPS estimation prevents performance issues and ensures sufficient capacity.
Retention Period and Storage Capacity
Retention dictates how long logs are stored‚ impacting storage needs. Regulatory compliance‚ internal policies‚ and security investigations drive retention requirements. Longer retention demands greater storage capacity. Consider tiered storage – fast storage for recent logs‚ slower for archives.
Storage capacity is directly linked to LPS and log size. FortiAnalyzer’s compression capabilities reduce storage footprint‚ but don’t solely rely on them. Estimate total log volume based on LPS‚ average log size‚ and retention period. Factor in growth projections. Regularly monitor storage utilization and adjust retention policies as needed to optimize costs and performance.
FortiAnalyzer Virtual Appliance (VA) Sizing
Proper VA sizing is crucial for optimal performance. Begin with a minimum of 4 vCPUs and 16GB of RAM as a starting point‚ but this depends heavily on your Logs Per Second (LPS). Disk I/O is paramount; monitor receive versus insert rates post-deployment.
Insufficient resources lead to performance bottlenecks. Consider future growth when allocating resources. Monitor CPU‚ memory‚ and disk utilization closely. Adjust resources dynamically based on observed performance. Prioritize fast storage for optimal log processing and indexing. Regularly review sizing to accommodate increasing log volumes and retention periods.
CPU and Memory Recommendations
CPU allocation directly impacts log processing and analysis speed. For initial deployments‚ 4 vCPUs are a reasonable starting point‚ but larger fabrics necessitate more cores. Memory is equally vital; 16GB RAM is a minimum‚ scaling upwards with log volume and retention;
Insufficient memory causes excessive disk I/O‚ slowing performance. Monitor resource utilization closely. If CPU consistently reaches high levels‚ increase core count. If memory is constrained‚ add more RAM. Consider the impact of features like threat hunting and custom reporting on resource demands. Regularly review and adjust based on observed performance.
Disk I/O and Storage Requirements
Disk I/O is a critical performance factor for FortiAnalyzer. High log ingestion rates demand fast storage. SSDs are strongly recommended over traditional HDDs to minimize latency and maximize throughput. Monitor the receive rate versus insert rate to identify potential bottlenecks.
Storage capacity depends on log volume‚ retention period‚ and data compression. Calculate storage needs carefully‚ accounting for growth. Consider tiered storage options for cost optimization. Regularly archive older logs to free up space. Ensure sufficient IOPS to handle peak loads. Proper disk configuration is essential for maintaining optimal performance and data integrity.
FortiAnalyzer Hardware Appliance Models
FortiAnalyzer offers both F-Series and C-Series hardware appliances‚ designed for varying deployment sizes and performance needs. F-Series appliances provide a balance of performance and cost-effectiveness‚ suitable for small to medium-sized fabrics. C-Series appliances deliver higher performance and scalability‚ ideal for large enterprises and demanding environments;
Each model features dedicated hardware optimized for log processing and storage. Consider factors like log ingestion rate‚ retention requirements‚ and future growth when selecting a model. Detailed specifications‚ including CPU‚ memory‚ and storage capacity‚ are available in the FortiAnalyzer datasheets. Choosing the right appliance ensures optimal performance and long-term reliability.
F-Series Appliances: Overview and Specifications
FortiAnalyzer F-Series appliances are designed for small to medium-sized deployments‚ offering a cost-effective solution for log management and security analysis. These models typically feature Intel Xeon processors‚ ranging from 8 to 16 cores‚ and 32GB to 128GB of RAM. Storage options vary‚ often utilizing a combination of SSDs for fast log ingestion and HDDs for bulk storage.
Specific models include the F-2000D‚ F-3000D‚ and F-4000D‚ each offering increasing performance and capacity. They support up to 500 FortiGates and can handle several thousand logs per second. Detailed specifications‚ including disk I/O performance and network interfaces‚ are available on the Fortinet website.
C-Series Appliances: Overview and Specifications
FortiAnalyzer C-Series appliances cater to large enterprises and service providers‚ demanding high performance and scalability for extensive log data. These models boast powerful Intel Xeon Scalable processors‚ often exceeding 24 cores‚ coupled with substantial RAM‚ typically ranging from 128GB to 512GB or more. Storage is a key feature‚ utilizing high-performance SSDs and large-capacity HDDs in RAID configurations.
The C-Series includes models like the C-3000C and C-4000C‚ capable of supporting thousands of FortiGates and processing tens of thousands of logs per second. They offer advanced features like clustering for high availability and scalability. Detailed specifications‚ including network throughput and expansion options‚ can be found in the official Fortinet documentation.
Ordering Based on Fabric Size
Selecting the appropriate FortiAnalyzer requires careful consideration of your security fabric’s scale. A ‘fabric’ represents the number of FortiGate firewalls and other Fortinet security devices reporting to the analyzer. Ordering is tiered based on these groupings – Small‚ Medium‚ and Large.
Small fabrics‚ supporting up to 200 FortiGates‚ often benefit from virtual appliances or entry-level hardware models. Medium fabrics (200-1000 FortiGates) typically require mid-range hardware appliances or clustered virtual deployments. Large fabrics (1000+ FortiGates) necessitate high-end C-Series appliances or a robust cloud-based solution to handle the immense log volume.
Small Fabric (Up to 200 FortiGates)
For organizations with up to 200 FortiGates‚ a cost-effective and scalable approach is crucial. The FortiAnalyzer Virtual Appliance (VA) is often ideal‚ offering flexibility and ease of deployment. Consider a VA with 4 vCPUs and 16GB of RAM as a starting point‚ adjusting based on anticipated log volume.
Alternatively‚ entry-level F-Series hardware appliances provide dedicated performance. Careful assessment of logs per second (LPS) and retention needs is vital. Prioritize sufficient disk I/O to prevent bottlenecks. Remember to factor in future growth when selecting your initial configuration.
Medium Fabric (200-1000 FortiGates)
Managing 200 to 1000 FortiGates demands robust FortiAnalyzer resources. While a scaled VA deployment is possible‚ dedicated hardware appliances – specifically C-Series models – are generally recommended for sustained performance. These appliances offer increased processing power and storage capacity.
Prioritize disk I/O monitoring to ensure efficient log ingestion and analysis. A minimum of 8 vCPUs and 32GB of RAM for a VA‚ or equivalent hardware specifications‚ should be considered. Accurate LPS estimation and retention period planning are paramount to avoid performance degradation and ensure adequate storage.
Large Fabric (1000+ FortiGates)
Supporting over 1000 FortiGates necessitates high-end FortiAnalyzer appliances. C-Series hardware is strongly advised‚ potentially requiring multiple units in a clustered configuration for redundancy and scalability. Virtual appliances are generally insufficient for this scale due to resource constraints.
Detailed log volume and retention analysis is critical. Expect substantial disk I/O demands; SSD storage is highly recommended. Consider at least 16 vCPUs and 64GB of RAM per VA (if attempting a virtual deployment)‚ but hardware is preferred. Proactive monitoring and capacity planning are essential for maintaining optimal performance.
FortiAnalyzer Cloud Ordering Options
FortiAnalyzer Cloud offers a flexible‚ subscription-based alternative to on-premises deployment. Ordering is typically tiered based on logs per second (LPS) ingestion and data retention periods. Packages range from basic log collection to advanced analytics and threat intelligence integration.
Consider your current and projected log volume when selecting a tier. FortiCare support and FortiGuard security services can be added as optional enhancements. Cloud ordering simplifies management and eliminates the need for hardware procurement and maintenance. Review the Fortinet website for current pricing and available packages.
Add-on Licenses and Services
Beyond the core FortiAnalyzer license‚ several add-ons enhance functionality. These include extended log retention‚ increasing storage capacity beyond the standard allocation. FortiGuard security services integration‚ such as web filtering and intrusion prevention updates‚ are crucial for comprehensive threat detection.
FortiCare support services provide technical assistance and software updates. Consider purchasing premium support for faster response times and dedicated account management. Additional services like professional services for deployment and configuration are also available. Carefully evaluate your needs to optimize your FortiAnalyzer investment.
FortiCare Support Services
FortiCare provides essential support for your FortiAnalyzer investment. Different tiers offer varying levels of assistance‚ ranging from basic technical support to 24/7 access with prioritized response times. Enhanced support packages include dedicated account managers and proactive health checks‚ ensuring optimal system performance.
Consider FortiCare’s service level agreements (SLAs) based on your business criticality. Faster response times minimize downtime and disruption. FortiCare also facilitates access to software updates and security patches‚ keeping your system protected against emerging threats. Investing in FortiCare ensures long-term reliability and peace of mind.
FortiGuard Security Services Integration
FortiGuard Security Services significantly enhance FortiAnalyzer’s capabilities. Integrating these services provides access to real-time threat intelligence‚ including updated signatures‚ botnet IP addresses‚ and web filtering databases. This proactive approach strengthens your security posture by identifying and mitigating threats before they impact your network.
Essential FortiGuard subscriptions include IPS‚ Antivirus‚ Web Filtering‚ and Application Control. These services work seamlessly with FortiAnalyzer to provide comprehensive threat detection and reporting. Bundling FortiGuard services with your FortiAnalyzer order offers cost savings and simplified management. Ensure your FortiAnalyzer is fully equipped to defend against evolving cyberattacks.
Ordering Process and Resources
FortiAnalyzer orders are typically processed through Fortinet’s partner network. Contact your authorized Fortinet partner to discuss your specific requirements and receive a customized quote. Fortinet’s online ordering portal provides access to detailed product information‚ pricing‚ and configuration options.
Key resources include the FortiAnalyzer Architecture Guide‚ sizing guides‚ and ordering documentation available on the Fortinet website. These resources assist in determining the appropriate model and licensing based on your environment. Fortinet also offers pre-sales support to help with design and configuration. Leverage these tools for a smooth and efficient ordering experience.