FortiCloud FAQ - Fortinet Document Library

Transcription

FortiCloud FAQ - Fortinet Document Library
FortiCloud v2.0
Frequently Asked Questions
FortiCloud v2.0 Frequently Asked Questions
June 09, 2015
32-20-185514-20150609
Copyright© 2015 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and
FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and
other jurisdictions, and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their
respective owners. Performance and other metrics contained herein were attained in internal
lab tests under ideal conditions, and actual performance and other results may vary. Network
variables, different network environments and other conditions may affect performance results.
Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all
warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that
the identified product will perform according to certain expressly-identified performance metrics
and, in such event, only the specific performance metrics expressly identified in such binding
written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be
limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event
does Fortinet make any commitment related to future deliverables, features, or development,
and circumstances may change such that any forward-looking statements herein are not
accurate. Fortinet disclaims in full any covenants, representations,and guarantees pursuant
hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or
otherwise revise this publication without notice, and the most current version of the publication
shall be applicable.
Technical Documentation
docs.fortinet.com
Knowledge Base
kb.fortinet.com
Customer Service & Support
support.fortinet.com
Training Services
training.fortinet.com
FortiGuard
fortiguard.com
Document Feedback
techdocs@fortinet.com
Table of Contents
General Questions .........................................................................................................
What is FortiCloud? .................................................................................................
What features does FortiCloud provide?.................................................................
How does FortiCloud work? ....................................................................................
How does FortiCloud compare with FortiAnalyzer? ................................................
What is the difference between FortiCloud and FortiManager?..............................
How do I confirm which version of FortiCloud is currently in use? .........................
Is FortiCloud a global service? ................................................................................
Which languages are supported by FortiCloud? .....................................................
Were there any functionality changes between the 1.15 and 2.0 versions of
FortiCloud?............................................................................................................
What happens if I lose my password?.....................................................................
5
5
5
5
6
6
6
7
7
Licensing and Registration ............................................................................................
Is there an easy way to test drive FortiCloud? .......................................................
What is the price of FortiCloud? ..............................................................................
How do you enable the FortiCloud service?............................................................
How do I subscribe to the 200 GB service? ............................................................
Do I need a support contract to enable the service? ..............................................
What are rolling logs? ..............................................................................................
What happens when the retention quota is reached?.............................................
How do you configure service once it is activated? ................................................
What if I want to unsubscribe from the service and stop uploading logs? .............
8
8
8
8
8
9
9
9
9
9
Technical Questions ....................................................................................................
What security and redundancy has been built into the service?...........................
Does my FortiGate unit require a hard drive to use FortiCloud?...........................
Does FortiCloud support devices from other vendors? ........................................
Which FortiGate and FortiWiFi models does FortiCloud support?........................
Which versions of FortiOS does FortiCloud support?...........................................
When are scheduled reports sent to administrators?............................................
How does Cloud Sandboxing and AV Submission work?.....................................
Why can I not see a function or tab for AV Submission/Sandboxing?..................
What is the turnaround time on Cloud Sandboxing and AV Submission? ............
Why can I not see any management functions?....................................................
Can I set up high availability (HA) logging with FortiCloud?..................................
Do I need to purchase a subscription for each FortiGate in an HA pair?..............
Page 3
7
7
10
10
10
10
10
10
10
10
11
11
11
11
11
AP Network.................................................................................................................. 12
What is the FortiCloud AP Network feature?......................................................... 12
How can I register a FortiAP to my FortiCloud account? ...................................... 12
What FortiAP models are supported by FortiCloud AP Networks?....................... 12
Does the FortiCloud AP Network feature support FortiWiFi?................................ 12
Is there a minimum firmware version that I need to run on a FortiAP for the FortiCloud
AP Network feature to work? .............................................................................. 12
I have an older FortiAP that does not include a FortiCloud key. Is there some way I
can add my device to a FortiCloud AP Network? ............................................... 12
Does my internal wireless/networking traffic get sent to FortiCloud? ................... 12
Do I need to use a FortiGate in conjunction with a FortiCloud AP Network? ....... 12
Is there different pricing/licensing for AP Network functionality?.......................... 12
Are there features in FortiCloud for AP Network that I would not normally get with
FortiGate?............................................................................................................ 13
Can FortiAP devices be managed by FortiCloud and work with FortiPresence
simultaneously?................................................................................................... 13
Is there a maximum number of FortiAPs that can be managed via FortiCloud?... 13
Threat Detection Service .............................................................................................
What is the FortiCloud Threat Detection Service feature? ....................................
What kind of threats can the Threat Detection Service detect?............................
How do I get access to the Threat Detection Service? .........................................
Does the Threat Detection Service require a subscription? ..................................
How do I register my subscription code once I’ve purchased one? .....................
Fortinet Technologies Inc.
Page 4
14
14
14
14
14
14
FortiOS™ Handbook - Carrier for FortiOS 5.0
General Questions
What is FortiCloud?
FortiCloud (formerly known as FAMS) is a hosted security management and log retention
service for FortiGate® and FortiWiFi® devices. It gives you centralized reporting, traffic analysis,
configuration management, and log retention without the need for additional hardware and
software.
It provides a subset of the FortiAnalyzer™ and FortiManager™ feature set:
• Traffic and application visibility
• Real-time monitoring and alerting
• Hosted log retention
• Reporting and analysis
• Configuration management
What features does FortiCloud provide?
• Dashboard — system and log widgets plus real-time monitors.
• Log Viewer — real-time log viewing with filters and download capability.
• Drilldown Analysis — user and network activity analysis.
• Report Generator — create reports in different formats including PDF to measure policy
compliance or illustrate network usage patterns.
• Device Management — configuration backup and history, script management, and alert
profiles for real-time monitors.
• AV Submission — shows the status of suspicious files undergoing cloud-based sandbox
analysis.
How does FortiCloud work?
One or multiple FortiGate units are registered with FortiCloud under a single account. This is
done via the licensing widget in the FortiGate/FortiWiFi dashboard. The logs from each device
are periodically sent to FortiCloud and stored.
Logs are sent automatically to FortiCloud for storage and processing. You configure what to log.
You can include just Traffic and Event logs or include security logs such as Antivirus, Application
Control, IPS, etc.
From the recorded logs, reports can be generated to indicate trends within network traffic,
individual user activity, and security threats across different applications. Drilldown capability
and real-time alerting are also available.
FortiCloud also takes copies of FortiGate/FortiWiFi configurations that can be used for backup
and restore or to provision new FortiGate/FortiWiFi devices. A VPN tunnel can be used to bring
up the console of a selected FortiGate/FortiWiFi sitting behind a firewall, allowing you to
perform configuration or policy changes remotely.
Fortinet Technologies Inc.
Page 5
FortiCloud Frequently Asked Questions
How does FortiCloud compare with FortiAnalyzer?
FortiCloud is an ideal solution for customers who do not want to implement a separate
hardware solution such as the FortiAnalyzer 200D series. However, it does not have all the
features of a FortiAnalyzer. A high-level comparison is shown below:
Feature
FortiCloud
FortiAnalyzer
Business size
SMB
Enterprise
Licensing
Per device, no minimum.
Maximum device limit set per model.
Unlimited for VM model.
Granular administration
Limited
Yes
Supports external
authentication for
administrative access
No
Yes
Disk quota
Initial activation: 1 GB per
device. Subscription: 200
GB per device.
Depends on model. Up to 48 TB for
the appliance, and 24 TB for the VM.
Centralized logging
Real-time and batch
uploads.
Real-time and batch uploads, with
log aggregation and forwarding.
Aggregated reports
No
Yes
Cloud-based sandboxing
Yes
No
What is the difference between FortiCloud and FortiManager?
FortiCloud is an ideal solution for customers who do not want to implement a separate
hardware solution such as the FortiManager 200D series. However, it does not have all the
features of a FortiManager. A high-level comparison is shown below:
Feature
FortiCloud
FortiManager
Business size
SMB
Enterprise
Licensing
Per device.
Maximum device limit set per model.
Granular administrative No
access profiles
Yes
Supports external
authentication for
administrative access
No
Yes
Alerts
Yes, but simplified.
Yes
Advanced configuration Limited to scripting, upgrades, Yes, full management capabilities.
management
backups and remote access.
How do I confirm which version of FortiCloud is currently in use?
Click on the FortiCloud name in the title bar to see the build/version number.
Fortinet Technologies Inc.
Page 6
FortiCloud Frequently Asked Questions
Is FortiCloud a global service?
Yes.
Which languages are supported by FortiCloud?
FortiCloud currently supports two languages: English and Spanish. These can be selected via
the web portal login page.
Were there any functionality changes between the 1.15 and 2.0 versions of
FortiCloud?
Yes, report scheduling and customization are now only available to subscription accounts. In
addition, the email discovery function, the SNMP trap console function, and the ability to
download logs have been discontinued in 2.0.
What happens if I lose my password?
You can reset your password on the FortiCloud portal at https://www.forticloud.com.
Fortinet Technologies Inc.
Page 7
FortiCloud Frequently Asked Questions
Licensing and Registration
Is there an easy way to test drive FortiCloud?
Yes, you can test drive FortiCloud by visiting the FortiCloud portal, and selecting the Live Demo
link at the bottom of the FortiCloud login screen. This will show a FortiCloud account with
populated devices and logs to simulate a live environment.
What is the price of FortiCloud?
A no-charge service option is available, with 1 GB of storage data. However, the free service is
limited to 100 MB logs per day, and only retains 30 days of traffic.
To activate FortiCloud, either for free or with a license, you must first register your device(s).
Once activated, the dashboard license widget will indicate your account status and provide a
link to your FortiCloud portal.
If you wish to upload more than 1 GB of log storage from a FortiGate/FortiWiFi, you need to
acquire a 200 GB subscription license (Contract Number) based on the following SKU:
Description
SKU
1-year FortiCloud service with up to 200 GB storage for a single
FortiGate device (activate with scratch-off card on device)
FCL-10-90801-131-02-12
1-year FortiCloud service with up to 200 GB storage for a single
FortiGate device (activate with reseller contract on portal)
FC-10-90801-131-02-12
How do you enable the FortiCloud service?
1. Register the FortiGate/FortiWiFi on the Service and Support Portal at
https://support.fortinet.com.
2. Create an account in the FortiGate/FortiWiFi dashboard licensing widget.
3. Activate the FortiGate/FortiWiFi within the dashboard licensing widget.
4. Create a firewall policy with logging enabled. Configure log uploading, if necessary.
5. Log into the portal at https://www.forticloud.com.
How do I subscribe to the 200 GB service?
To upgrade to a subscription (200 GB storage) you need to obtain a license (Contract Number)
from your Fortinet reseller. Then click on the Upgrade icon in the FortiGate/FortiWiFi dashboard
licensing widget. Follow the instructions presented.
If you are running FortiOS 5.0 and higher, you have the option of receiving a scratch-off
card/certificate from your Fortinet reseller. Scratch the card to reveal the hidden activation code.
Enter this directly into the FortiGate console in the Licensing widget.
It takes about 30 minutes for the backend systems to process the subscription. The account
type in your FortiGate/FortiWiFi will change from Free 1GB to Subscribed 200GB.
Do I get any other features when I subscribe to the 200GB subscription?
Yes. When you upgrade to a subscription, you will no longer have a daily limit on uploads and
will be able to create, schedule, and customize reports. More subscriber-only features will be
added in future releases of FortiCloud.
Fortinet Technologies Inc.
Page 8
FortiCloud Frequently Asked Questions
What if I want more than 200 GB log storage per FortiGate/FortiWiFi?
If you need more than 200 GB per FortiGate/FortiWiFi, please consider the FortiAnalyzer
product series which has up to 48 TB of storage per appliance, or 24 TB per virtual machine
version.
Are the 200 GB licenses “stackable” in any way?
No, 200 GB licenses cannot be combined. For instance, you cannot acquire and combine two
200 GB licenses to create 400 GB of storage for a single device.
If a 200 GB device subscription lapses, what happens to the year’s worth of logs?
Any logs that are associated with the licensed device and are older than 30 days will be
automatically purged. There is no grace period, so please ensure you are properly renewed so
that your logs are retained.
Do I need a support contract to enable the service?
No, but you do need to register each FortiGate/FortiWiFi on the Service and Support Portal at
https://support.fortinet.com.
It’s very important to register each device in your network or the service (free or subscribed)
cannot be enabled.
What are rolling logs?
FortiCloud will automatically delete older logs to make space for new log data. 1 GB free
accounts automatically delete logs that fall outside the 30-day rolling window. Paid devices can
define a number of days to use as their rolling window, or retain all logs indefinitely.
What happens when the retention quota is reached?
FortiCloud will automatically delete the oldest logs and continue to receive new logs. A daily
upload limit is enforced per device: 10% of your FortiCloud subscription volume. For example, a
trial device with a 1 GB account can upload 100 MB of logs daily.
No alert emails will be sent when the quota is reached.
How do you configure service once it is activated?
The configuration of the service is done via the web portal at https://www.forticloud.com. The
logs will automatically start appearing in the logs and archives section.
Select the gear icon on any page to edit that page’s settings.
Select the gear icon next to the administrator email in the top right to edit user settings.
What if I want to unsubscribe from the service and stop uploading logs?
You can disconnect your account from the dashboard in your FortiGate/FortiWiFi. In the
Licensing and Information widget in the FortiGate interface, click on the Log-out button. This
will detach the FortiGate/FortiWiFi from the account and stop the logs from uploading.
Fortinet Technologies Inc.
Page 9
FortiCloud Frequently Asked Questions
Technical Questions
What security and redundancy has been built into the service?
Logs are transferred between FortiGate and the FortiCloud cloud storage via an encrypted link.
All system elements are duplicated for redundancy.
Does my FortiGate unit require a hard drive to use FortiCloud?
The FortiGate does not require a hard drive if logs are being uploaded to FortiCloud in real-time,
which can be enabled in the Log Setting page in the FortiGate interface. FortiCloud is a
convenient alternative to a hard drive for devices too small to contain one, such as FortiWiFi
units.
Does FortiCloud support devices from other vendors?
FortiCloud only supports FortiGate and FortiWiFi products. It does not currently support other
company’s products for log retention.
Which FortiGate and FortiWiFi models does FortiCloud support?
FortiGate
All FortiGate models from the 300 series and below natively support FortiCloud with the console
Licensing widget. Models from 600 to 800 series and greater require the CLI to activate.
FortiWiFi
All FortiWiFi models 20 to 90 support FortiCloud natively through the dashboard Licensing
widget.
Which versions of FortiOS does FortiCloud support?
FortiCloud is available for all devices at FortiOS version 4.3 or later. Devices running FortiOS
version 4.2 or earlier may not be able to access FortiCloud. Consult your device’s
documentation for more information.
When are scheduled reports sent to administrators?
Scheduled reports are sent to administrator email addresses between 2 AM and 6 AM if
automatic report delivery (Daily/Weekly/Monthly) is enabled.
How does Cloud Sandboxing and AV Submission work?
In a proxy-based antivirus profile on a FortiGate, the administrator selects Inspect Suspicious
Files with FortiGuard Analytics to enable a FortiGate unit to upload suspicious files to
FortiGuard for analysis. Once uploaded, the file will be executed and the resulting behavior
analyzed for risk. If the file exhibits risky behavior or is found to contain a virus, a new virus
signature is created and added to the FortiGuard antivirus signature database. The next time
the FortiGate unit updates its antivirus database it will have the new signature.
FortiGuard Labs considers a file suspicious if it exhibits some unusual behavior, yet does not
contain a known virus (the behaviors that FortiCloud Analytics considers suspicious will change
depending on the current threat climate and other factors).
Fortinet Technologies Inc.
Page 10
FortiCloud Frequently Asked Questions
The FortiCloud console enables administrators to view the status of any suspicious files
uploaded: Pending, Clean, Malware, or Unknown. The console also provides data on time, user,
and location of the infected file for forensic analysis.
Sandboxing is available in both Free and Paid FortiCloud subscriptions.
Why can I not see a function or tab for AV Submission/Sandboxing?
You must first enable cloud sandboxing on the FortiGate device and then a file that is
suspicious must be sent in order for the AV Submission tab to appear.
What is the turnaround time on Cloud Sandboxing and AV Submission?
It could be anywhere from 10 minutes (for automated sandbox detection) to 10 hours (in which
case FortiGuard Labs will get involved).
Why can I not see any management functions?
You must first enable the management tunnel on the FortiGate/FortiWiFi device. On the device,
use the following commands in the CLI:
config system central-management
set mode backup
set type fortiguard
end
Can I set up high availability (HA) logging with FortiCloud?
FortiCloud accepts inbound logs from each device independently, and has no means of
detecting that connected devices are in an HA cluster. Though multiple HA clustered devices
will theoretically send identical logs to FortiCloud, if one device stops logging or is unable to
reach FortiCloud, the other devices will not send logs on its behalf.
Do I need to purchase a subscription for each FortiGate in an HA pair?
Yes. FortiCloud handles each device separately, regardless of configuration.
Fortinet Technologies Inc.
Page 11
FortiCloud Frequently Asked Questions
AP Network
What is the FortiCloud AP Network feature?
This feature allows administrators to remotely configure APs, modify wireless management
settings and visualize wireless-related events. Examples of configuration changes include AP
name and SSID configuration, power settings and rogue AP detection. Wireless management
settings include RADIUS details, standard users/groups/guests and SSIDs/security. There are a
robust set of visualizations including real-time and historical charting of traffic usage, AP client
counts and client usage. Think of it as a comprehensive way to manage your wireless
infrastructure via the cloud.
How can I register a FortiAP to my FortiCloud account?
Supported FortiAP models include a sticker with a unique FortiCloud key affixed. This key must
be entered into the FortiCloud interface to register the FortiAP to your FortiCloud account.
What FortiAP models are supported by FortiCloud AP Networks?
Currently, the AP Network functionality within FortiCloud is only supported by FortiAP 221C and
320C.
Does the FortiCloud AP Network feature support FortiWiFi?
FortiWiFi models are not currently supported.
Is there a minimum firmware version that I need to run on a FortiAP for the
FortiCloud AP Network feature to work?
The FortiAP must be running FortiAP OS 5.2 at a minimum.
I have an older FortiAP that does not include a FortiCloud key. Is there some way I
can add my device to a FortiCloud AP Network?
FortiCloud does not currently support FortiAPs that have been shipped without a FortiCloud
key, however we are currently looking into supporting this scenario. No estimated timeframe is
available.
Does my internal wireless/networking traffic get sent to FortiCloud?
No, only management-related information and event logs are sent to FortiCloud. None of your
wireless LAN traffic is sent externally.
Do I need to use a FortiGate in conjunction with a FortiCloud AP Network?
No, in fact you should register your FortiAP to be directly managed by FortiCloud. You do not
need to use FortiGate as a proxy to manage FortiAPs from FortiCloud.
Is there different pricing/licensing for AP Network functionality?
There are no additional fees or licensing required to manage FortiAPs from FortiCloud.
Fortinet Technologies Inc.
Page 12
FortiCloud Frequently Asked Questions
Are there features in FortiCloud for AP Network that I would not normally get with
FortiGate?
Yes, some of the visualizations vary from their FortiGate counterparts. Map visualizations (being
able to view the location of deployed APs) are not currently available within FortiGate, for
example.
Can FortiAP devices be managed by FortiCloud and work with FortiPresence
simultaneously?
At the moment, FortiPresence isn’t compatible with FortiCloud managed FortiAPs.
Is there a maximum number of FortiAPs that can be managed via FortiCloud?
There is no licensing limit for the number of FortiAPs that can be managed with FortiCloud.
Fortinet Technologies Inc.
Page 13
FortiCloud Frequently Asked Questions
Threat Detection Service
What is the FortiCloud Threat Detection Service feature?
FortiCloud Threat Detection Service (TDS) is a new service that alerts administrators about
newly-found infections and threats to devices in their network. By analyzing UTM logging and
activity, the service can provide a comprehensive overview of threats to the network.
What kind of threats can the Threat Detection Service detect?
TDS can detect three types of threats, based on our evolving FortiGuard database:
• Malware — Malicious programs residing on infected endpoints.
• PUP — Potentially unwanted programs, such as Spyware, Adware, and toolbars.
• Unknown — Threats detected by signature but not associated with any known malware.
How do I get access to the Threat Detection Service?
The TDS is currently being developed as a beta, and will be rolled out to existing FortiCloud
customers over time.
Does the Threat Detection Service require a subscription?
The basic form of the TDS is free, which will alert you to threats and automatically prepare a
comprehensive threat report.
You can purchase a subscription for the complete TDS by opening the Plan page in the
FortiCloud TDS site, selecting Buy Online, and completing the purchase process.
A subscription grants you access to IP Whitelisting, which allows you to narrow your malware
search by excluding safe IPs and domains, and Alert Emails, which notify you directly of
detected network threats. It will also allow you to view the IPs of infected devices, allowing you
to better control their access to your network.
How do I register my subscription code once I’ve purchased one?
You will receive your subscription code by email. Visit the Fortinet Support portal at
http://support.fortinet.com, and log into your customer account. On the Asset page, register the
subscription code as if it were a product serial number, and then enter the serial number of the
FortiCloud-connected device that you want the service to monitor.
Fortinet Technologies Inc.
Page 14
FortiCloud Frequently Asked Questions