FortiCloud - Frequently Asked Questions - Fortinet Document Library

Jun 9, 2015 ... FortiCloud (formerly known as FAMS) is a hosted security management and log retention service for FortiGate® and FortiWiFi® devices. I...

11 downloads 467 Views 560KB Size
FortiCloud v2.0 Frequently Asked Questions

FortiCloud v2.0 Frequently Asked Questions June 09, 2015 32-20-185514-20150609 Copyright© 2015 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation

docs.fortinet.com

Knowledge Base

kb.fortinet.com

Customer Service & Support

support.fortinet.com

Training Services

training.fortinet.com

FortiGuard

fortiguard.com

Document Feedback

[email protected]

Table of Contents General Questions ......................................................................................................... What is FortiCloud? ................................................................................................. What features does FortiCloud provide?................................................................. How does FortiCloud work? .................................................................................... How does FortiCloud compare with FortiAnalyzer? ................................................ What is the difference between FortiCloud and FortiManager?.............................. How do I confirm which version of FortiCloud is currently in use? ......................... Is FortiCloud a global service? ................................................................................ Which languages are supported by FortiCloud? ..................................................... Were there any functionality changes between the 1.15 and 2.0 versions of FortiCloud?............................................................................................................ What happens if I lose my password?.....................................................................

5 5 5 5 6 6 6 7 7

Licensing and Registration ............................................................................................ Is there an easy way to test drive FortiCloud? ....................................................... What is the price of FortiCloud? .............................................................................. How do you enable the FortiCloud service?............................................................ How do I subscribe to the 200 GB service? ............................................................ Do I need a support contract to enable the service? .............................................. What are rolling logs? .............................................................................................. What happens when the retention quota is reached?............................................. How do you configure service once it is activated? ................................................ What if I want to unsubscribe from the service and stop uploading logs? .............

8 8 8 8 8 9 9 9 9 9

Technical Questions .................................................................................................... What security and redundancy has been built into the service?........................... Does my FortiGate unit require a hard drive to use FortiCloud?........................... Does FortiCloud support devices from other vendors? ........................................ Which FortiGate and FortiWiFi models does FortiCloud support?........................ Which versions of FortiOS does FortiCloud support?........................................... When are scheduled reports sent to administrators?............................................ How does Cloud Sandboxing and AV Submission work?..................................... Why can I not see a function or tab for AV Submission/Sandboxing?.................. What is the turnaround time on Cloud Sandboxing and AV Submission? ............ Why can I not see any management functions?.................................................... Can I set up high availability (HA) logging with FortiCloud?.................................. Do I need to purchase a subscription for each FortiGate in an HA pair?..............

Page 3

7 7

10 10 10 10 10 10 10 10 11 11 11 11 11

AP Network.................................................................................................................. 12 What is the FortiCloud AP Network feature?......................................................... 12 How can I register a FortiAP to my FortiCloud account? ...................................... 12 What FortiAP models are supported by FortiCloud AP Networks?....................... 12 Does the FortiCloud AP Network feature support FortiWiFi?................................ 12 Is there a minimum firmware version that I need to run on a FortiAP for the FortiCloud AP Network feature to work? .............................................................................. 12 I have an older FortiAP that does not include a FortiCloud key. Is there some way I can add my device to a FortiCloud AP Network? ............................................... 12 Does my internal wireless/networking traffic get sent to FortiCloud? ................... 12 Do I need to use a FortiGate in conjunction with a FortiCloud AP Network? ....... 12 Is there different pricing/licensing for AP Network functionality?.......................... 12 Are there features in FortiCloud for AP Network that I would not normally get with FortiGate?............................................................................................................ 13 Can FortiAP devices be managed by FortiCloud and work with FortiPresence simultaneously?................................................................................................... 13 Is there a maximum number of FortiAPs that can be managed via FortiCloud?... 13 Threat Detection Service ............................................................................................. What is the FortiCloud Threat Detection Service feature? .................................... What kind of threats can the Threat Detection Service detect?............................ How do I get access to the Threat Detection Service? ......................................... Does the Threat Detection Service require a subscription? .................................. How do I register my subscription code once I’ve purchased one? .....................

Fortinet Technologies Inc.

Page 4

14 14 14 14 14 14

FortiOS™ Handbook - Carrier for FortiOS 5.0

General Questions What is FortiCloud? FortiCloud (formerly known as FAMS) is a hosted security management and log retention service for FortiGate® and FortiWiFi® devices. It gives you centralized reporting, traffic analysis, configuration management, and log retention without the need for additional hardware and software. It provides a subset of the FortiAnalyzer™ and FortiManager™ feature set: • Traffic and application visibility • Real-time monitoring and alerting • Hosted log retention • Reporting and analysis • Configuration management

What features does FortiCloud provide? • Dashboard — system and log widgets plus real-time monitors. • Log Viewer — real-time log viewing with filters and download capability. • Drilldown Analysis — user and network activity analysis. • Report Generator — create reports in different formats including PDF to measure policy compliance or illustrate network usage patterns. • Device Management — configuration backup and history, script management, and alert profiles for real-time monitors. • AV Submission — shows the status of suspicious files undergoing cloud-based sandbox analysis.

How does FortiCloud work? One or multiple FortiGate units are registered with FortiCloud under a single account. This is done via the licensing widget in the FortiGate/FortiWiFi dashboard. The logs from each device are periodically sent to FortiCloud and stored. Logs are sent automatically to FortiCloud for storage and processing. You configure what to log. You can include just Traffic and Event logs or include security logs such as Antivirus, Application Control, IPS, etc. From the recorded logs, reports can be generated to indicate trends within network traffic, individual user activity, and security threats across different applications. Drilldown capability and real-time alerting are also available. FortiCloud also takes copies of FortiGate/FortiWiFi configurations that can be used for backup and restore or to provision new FortiGate/FortiWiFi devices. A VPN tunnel can be used to bring up the console of a selected FortiGate/FortiWiFi sitting behind a firewall, allowing you to perform configuration or policy changes remotely.

Fortinet Technologies Inc.

Page 5

FortiCloud Frequently Asked Questions

How does FortiCloud compare with FortiAnalyzer? FortiCloud is an ideal solution for customers who do not want to implement a separate hardware solution such as the FortiAnalyzer 200D series. However, it does not have all the features of a FortiAnalyzer. A high-level comparison is shown below: Feature

FortiCloud

FortiAnalyzer

Business size

SMB

Enterprise

Licensing

Per device, no minimum.

Maximum device limit set per model. Unlimited for VM model.

Granular administration

Limited

Yes

Supports external authentication for administrative access

No

Yes

Disk quota

Initial activation: 1 GB per device. Subscription: 200 GB per device.

Depends on model. Up to 48 TB for the appliance, and 24 TB for the VM.

Centralized logging

Real-time and batch uploads.

Real-time and batch uploads, with log aggregation and forwarding.

Aggregated reports

No

Yes

Cloud-based sandboxing

Yes

No

What is the difference between FortiCloud and FortiManager? FortiCloud is an ideal solution for customers who do not want to implement a separate hardware solution such as the FortiManager 200D series. However, it does not have all the features of a FortiManager. A high-level comparison is shown below: Feature

FortiCloud

FortiManager

Business size

SMB

Enterprise

Licensing

Per device.

Maximum device limit set per model.

Granular administrative No access profiles

Yes

Supports external authentication for administrative access

No

Yes

Alerts

Yes, but simplified.

Yes

Advanced configuration Limited to scripting, upgrades, Yes, full management capabilities. management backups and remote access.

How do I confirm which version of FortiCloud is currently in use? Click on the FortiCloud name in the title bar to see the build/version number. Fortinet Technologies Inc.

Page 6

FortiCloud Frequently Asked Questions

Is FortiCloud a global service? Yes.

Which languages are supported by FortiCloud? FortiCloud currently supports two languages: English and Spanish. These can be selected via the web portal login page.

Were there any functionality changes between the 1.15 and 2.0 versions of FortiCloud? Yes, report scheduling and customization are now only available to subscription accounts. In addition, the email discovery function, the SNMP trap console function, and the ability to download logs have been discontinued in 2.0.

What happens if I lose my password? You can reset your password on the FortiCloud portal at https://www.forticloud.com.

Fortinet Technologies Inc.

Page 7

FortiCloud Frequently Asked Questions

Licensing and Registration Is there an easy way to test drive FortiCloud? Yes, you can test drive FortiCloud by visiting the FortiCloud portal, and selecting the Live Demo link at the bottom of the FortiCloud login screen. This will show a FortiCloud account with populated devices and logs to simulate a live environment.

What is the price of FortiCloud? A no-charge service option is available, with 1 GB of storage data. However, the free service is limited to 100 MB logs per day, and only retains 30 days of traffic. To activate FortiCloud, either for free or with a license, you must first register your device(s). Once activated, the dashboard license widget will indicate your account status and provide a link to your FortiCloud portal. If you wish to upload more than 1 GB of log storage from a FortiGate/FortiWiFi, you need to acquire a 200 GB subscription license (Contract Number) based on the following SKU: Description

SKU

1-year FortiCloud service with up to 200 GB storage for a single FortiGate device (activate with scratch-off card on device)

FCL-10-90801-131-02-12

1-year FortiCloud service with up to 200 GB storage for a single FortiGate device (activate with reseller contract on portal)

FC-10-90801-131-02-12

How do you enable the FortiCloud service? 1. Register the FortiGate/FortiWiFi on the Service and Support Portal at https://support.fortinet.com. 2. Create an account in the FortiGate/FortiWiFi dashboard licensing widget. 3. Activate the FortiGate/FortiWiFi within the dashboard licensing widget. 4. Create a firewall policy with logging enabled. Configure log uploading, if necessary. 5. Log into the portal at https://www.forticloud.com.

How do I subscribe to the 200 GB service? To upgrade to a subscription (200 GB storage) you need to obtain a license (Contract Number) from your Fortinet reseller. Then click on the Upgrade icon in the FortiGate/FortiWiFi dashboard licensing widget. Follow the instructions presented. If you are running FortiOS 5.0 and higher, you have the option of receiving a scratch-off card/certificate from your Fortinet reseller. Scratch the card to reveal the hidden activation code. Enter this directly into the FortiGate console in the Licensing widget. It takes about 30 minutes for the backend systems to process the subscription. The account type in your FortiGate/FortiWiFi will change from Free 1GB to Subscribed 200GB.

Do I get any other features when I subscribe to the 200GB subscription? Yes. When you upgrade to a subscription, you will no longer have a daily limit on uploads and will be able to create, schedule, and customize reports. More subscriber-only features will be added in future releases of FortiCloud. Fortinet Technologies Inc.

Page 8

FortiCloud Frequently Asked Questions

What if I want more than 200 GB log storage per FortiGate/FortiWiFi? If you need more than 200 GB per FortiGate/FortiWiFi, please consider the FortiAnalyzer product series which has up to 48 TB of storage per appliance, or 24 TB per virtual machine version.

Are the 200 GB licenses “stackable” in any way? No, 200 GB licenses cannot be combined. For instance, you cannot acquire and combine two 200 GB licenses to create 400 GB of storage for a single device.

If a 200 GB device subscription lapses, what happens to the year’s worth of logs? Any logs that are associated with the licensed device and are older than 30 days will be automatically purged. There is no grace period, so please ensure you are properly renewed so that your logs are retained.

Do I need a support contract to enable the service? No, but you do need to register each FortiGate/FortiWiFi on the Service and Support Portal at https://support.fortinet.com. It’s very important to register each device in your network or the service (free or subscribed) cannot be enabled.

What are rolling logs? FortiCloud will automatically delete older logs to make space for new log data. 1 GB free accounts automatically delete logs that fall outside the 30-day rolling window. Paid devices can define a number of days to use as their rolling window, or retain all logs indefinitely.

What happens when the retention quota is reached? FortiCloud will automatically delete the oldest logs and continue to receive new logs. A daily upload limit is enforced per device: 10% of your FortiCloud subscription volume. For example, a trial device with a 1 GB account can upload 100 MB of logs daily. No alert emails will be sent when the quota is reached.

How do you configure service once it is activated? The configuration of the service is done via the web portal at https://www.forticloud.com. The logs will automatically start appearing in the logs and archives section. Select the gear icon on any page to edit that page’s settings. Select the gear icon next to the administrator email in the top right to edit user settings.

What if I want to unsubscribe from the service and stop uploading logs? You can disconnect your account from the dashboard in your FortiGate/FortiWiFi. In the Licensing and Information widget in the FortiGate interface, click on the Log-out button. This will detach the FortiGate/FortiWiFi from the account and stop the logs from uploading.

Fortinet Technologies Inc.

Page 9

FortiCloud Frequently Asked Questions

Technical Questions What security and redundancy has been built into the service? Logs are transferred between FortiGate and the FortiCloud cloud storage via an encrypted link. All system elements are duplicated for redundancy.

Does my FortiGate unit require a hard drive to use FortiCloud? The FortiGate does not require a hard drive if logs are being uploaded to FortiCloud in real-time, which can be enabled in the Log Setting page in the FortiGate interface. FortiCloud is a convenient alternative to a hard drive for devices too small to contain one, such as FortiWiFi units.

Does FortiCloud support devices from other vendors? FortiCloud only supports FortiGate and FortiWiFi products. It does not currently support other company’s products for log retention.

Which FortiGate and FortiWiFi models does FortiCloud support? FortiGate All FortiGate models from the 300 series and below natively support FortiCloud with the console Licensing widget. Models from 600 to 800 series and greater require the CLI to activate.

FortiWiFi All FortiWiFi models 20 to 90 support FortiCloud natively through the dashboard Licensing widget.

Which versions of FortiOS does FortiCloud support? FortiCloud is available for all devices at FortiOS version 4.3 or later. Devices running FortiOS version 4.2 or earlier may not be able to access FortiCloud. Consult your device’s documentation for more information.

When are scheduled reports sent to administrators? Scheduled reports are sent to administrator email addresses between 2 AM and 6 AM if automatic report delivery (Daily/Weekly/Monthly) is enabled.

How does Cloud Sandboxing and AV Submission work? In a proxy-based antivirus profile on a FortiGate, the administrator selects Inspect Suspicious Files with FortiGuard Analytics to enable a FortiGate unit to upload suspicious files to FortiGuard for analysis. Once uploaded, the file will be executed and the resulting behavior analyzed for risk. If the file exhibits risky behavior or is found to contain a virus, a new virus signature is created and added to the FortiGuard antivirus signature database. The next time the FortiGate unit updates its antivirus database it will have the new signature. FortiGuard Labs considers a file suspicious if it exhibits some unusual behavior, yet does not contain a known virus (the behaviors that FortiCloud Analytics considers suspicious will change depending on the current threat climate and other factors).

Fortinet Technologies Inc.

Page 10

FortiCloud Frequently Asked Questions

The FortiCloud console enables administrators to view the status of any suspicious files uploaded: Pending, Clean, Malware, or Unknown. The console also provides data on time, user, and location of the infected file for forensic analysis. Sandboxing is available in both Free and Paid FortiCloud subscriptions.

Why can I not see a function or tab for AV Submission/Sandboxing? You must first enable cloud sandboxing on the FortiGate device and then a file that is suspicious must be sent in order for the AV Submission tab to appear.

What is the turnaround time on Cloud Sandboxing and AV Submission? It could be anywhere from 10 minutes (for automated sandbox detection) to 10 hours (in which case FortiGuard Labs will get involved).

Why can I not see any management functions? You must first enable the management tunnel on the FortiGate/FortiWiFi device. On the device, use the following commands in the CLI: config system central-management set mode backup set type fortiguard end

Can I set up high availability (HA) logging with FortiCloud? FortiCloud accepts inbound logs from each device independently, and has no means of detecting that connected devices are in an HA cluster. Though multiple HA clustered devices will theoretically send identical logs to FortiCloud, if one device stops logging or is unable to reach FortiCloud, the other devices will not send logs on its behalf.

Do I need to purchase a subscription for each FortiGate in an HA pair? Yes. FortiCloud handles each device separately, regardless of configuration.

Fortinet Technologies Inc.

Page 11

FortiCloud Frequently Asked Questions

AP Network What is the FortiCloud AP Network feature? This feature allows administrators to remotely configure APs, modify wireless management settings and visualize wireless-related events. Examples of configuration changes include AP name and SSID configuration, power settings and rogue AP detection. Wireless management settings include RADIUS details, standard users/groups/guests and SSIDs/security. There are a robust set of visualizations including real-time and historical charting of traffic usage, AP client counts and client usage. Think of it as a comprehensive way to manage your wireless infrastructure via the cloud.

How can I register a FortiAP to my FortiCloud account? Supported FortiAP models include a sticker with a unique FortiCloud key affixed. This key must be entered into the FortiCloud interface to register the FortiAP to your FortiCloud account.

What FortiAP models are supported by FortiCloud AP Networks? Currently, the AP Network functionality within FortiCloud is only supported by FortiAP 221C and 320C.

Does the FortiCloud AP Network feature support FortiWiFi? FortiWiFi models are not currently supported.

Is there a minimum firmware version that I need to run on a FortiAP for the FortiCloud AP Network feature to work? The FortiAP must be running FortiAP OS 5.2 at a minimum.

I have an older FortiAP that does not include a FortiCloud key. Is there some way I can add my device to a FortiCloud AP Network? FortiCloud does not currently support FortiAPs that have been shipped without a FortiCloud key, however we are currently looking into supporting this scenario. No estimated timeframe is available.

Does my internal wireless/networking traffic get sent to FortiCloud? No, only management-related information and event logs are sent to FortiCloud. None of your wireless LAN traffic is sent externally.

Do I need to use a FortiGate in conjunction with a FortiCloud AP Network? No, in fact you should register your FortiAP to be directly managed by FortiCloud. You do not need to use FortiGate as a proxy to manage FortiAPs from FortiCloud.

Is there different pricing/licensing for AP Network functionality? There are no additional fees or licensing required to manage FortiAPs from FortiCloud.

Fortinet Technologies Inc.

Page 12

FortiCloud Frequently Asked Questions

Are there features in FortiCloud for AP Network that I would not normally get with FortiGate? Yes, some of the visualizations vary from their FortiGate counterparts. Map visualizations (being able to view the location of deployed APs) are not currently available within FortiGate, for example.

Can FortiAP devices be managed by FortiCloud and work with FortiPresence simultaneously? At the moment, FortiPresence isn’t compatible with FortiCloud managed FortiAPs.

Is there a maximum number of FortiAPs that can be managed via FortiCloud? There is no licensing limit for the number of FortiAPs that can be managed with FortiCloud.

Fortinet Technologies Inc.

Page 13

FortiCloud Frequently Asked Questions

Threat Detection Service What is the FortiCloud Threat Detection Service feature? FortiCloud Threat Detection Service (TDS) is a new service that alerts administrators about newly-found infections and threats to devices in their network. By analyzing UTM logging and activity, the service can provide a comprehensive overview of threats to the network.

What kind of threats can the Threat Detection Service detect? TDS can detect three types of threats, based on our evolving FortiGuard database: • Malware — Malicious programs residing on infected endpoints. • PUP — Potentially unwanted programs, such as Spyware, Adware, and toolbars. • Unknown — Threats detected by signature but not associated with any known malware.

How do I get access to the Threat Detection Service? The TDS is currently being developed as a beta, and will be rolled out to existing FortiCloud customers over time.

Does the Threat Detection Service require a subscription? The basic form of the TDS is free, which will alert you to threats and automatically prepare a comprehensive threat report. You can purchase a subscription for the complete TDS by opening the Plan page in the FortiCloud TDS site, selecting Buy Online, and completing the purchase process. A subscription grants you access to IP Whitelisting, which allows you to narrow your malware search by excluding safe IPs and domains, and Alert Emails, which notify you directly of detected network threats. It will also allow you to view the IPs of infected devices, allowing you to better control their access to your network.

How do I register my subscription code once I’ve purchased one? You will receive your subscription code by email. Visit the Fortinet Support portal at http://support.fortinet.com, and log into your customer account. On the Asset page, register the subscription code as if it were a product serial number, and then enter the serial number of the FortiCloud-connected device that you want the service to monitor.

Fortinet Technologies Inc.

Page 14

FortiCloud Frequently Asked Questions