FortiAnalyzer Instructor

Guide
for FortiAnalyzer 6.4
Fortinet Training
https://training.fortinet.com

Fortinet Document Library

https://docs.fortinet.com

Fortinet Knowledge Base

https://kb.fortinet.com

Fortinet Fuse User Community

https://fusecommunity.fortinet.com/home

Fortinet Forums
https://forum.fortinet.com

Fortinet Support
https://support.fortinet.com

FortiGuard Labs
https://www.fortiguard.com

Fortinet Network Security Expert Program (NSE)

https://training.fortinet.com/local/staticpage/view.php?page=certifications

Fortinet | Pearson VUE

https://home.pearsonvue.com/fortinet

Feedback
Email: courseware@fortinet.com

11/18/2020
TABLE OF CONTENTS

Product Version 4
What’s New from 6.2 to 6.4 5
Changes in Lessons 5
Lesson 4—Logging 5
Lesson 5—Reports 5
Materials and System Requirements 6
Class Size 7
Lab Setup 8
Prerequisite Configuration Objects 8
Purchasing and Certifications 10
Time to Complete 11
Product Version

FortiAnalyzer 6.4

4 FortiAnalyzer 6.4 Instructor Guide

Fortinet Technologies Inc.
What’s New from 6.2 to 6.4

This section highlights some of the key changes in this update of the FortiAnalyzer course.

Changes in Lessons

This section provides details about changes and new feature information added to specific lessons.

Lesson 2—Administration and Management

A high availability (HA) section was added with new slides.

Lesson 4—Logging
l A new topic, FortiSoC, was introduced. FortiSoC is a subscription service that enables SOAR and SIEM capabilities
on FortiAnalyzer.
l The Fabric View module allows you to create fabric connectors and view a list of endpoints

Lesson 5—Reports
A new feature allows you to attach reports to incidents to add historical data in addition to real-time events

FortiAnalyzer 6.4 Instructor Guide 5

Fortinet Technologies Inc.
Materials and System Requirements

Before teaching this lesson, gather the required materials.

This course has both on-location (classroom) and online versions.

When delivering the on-location version, you probably will be teaching most or all of the lessons. (Each lesson is a
subject-specific lesson.)

If you teach the online version of this class, you may be teaching one or all of the lessons. To access online
content, students must have a computer that has the following:

l A high-speed internet connection

l An up-to-date web browser
l A PDF viewer
l Speakers or headphones
l A Java Runtime Environment (JRE) (optional)
Wi-Fi is not recommended because of packet loss. Firewalls (including FortiClient and Windows Firewall)
must allow connections with the virtual lab.
Students must be able to reach both the virtual lab hosted by CloudShare (connectivity details are in the Lab
Guide) and the NSE Institute (https://training.fortinet.com). On the NSE Training Institute, students can
download a copy of the Lab Guide for labs and Study Guide for exam preparation. They may also be able to view
an alternative video of the presentation.

Item Amount

Instructor Guide 1 per class

(this document)

Presentation Slides for Instructor 1 per class

Study Guide* 1 per class

(presentation slides and slide notes)

Lab Guide*
1 per student
(lab instructions)

Virtual lab environment 1 per student

(VM licenses and FortiGuard services included)

Student name tent (optional) 1 per student

* The Lab Guide and Study Guide are ordered as a bundle (kit) from Gilmore.

6 FortiAnalyzer 6.4 Instructor Guide

Fortinet Technologies Inc.
 Materials and System Requirements Class Size

Class Size

The recommended class size for this course is 12 participants; however, smaller or larger class sizes are
permitted.

FortiAnalyzer 6.4 Instructor Guide 7

Fortinet Technologies Inc.
Lab Setup

VMs in the virtual lab are running FortiAnalyzer 6.4.

The topology is in the Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 6.4 and the Lab
Guide.

Prerequisite Configuration Objects

If a specific configuration is required on any of the VMs before starting a specific lab, the lab will include a
Prerequisites section. This section explains what configuration file to upload to which VM.
In addition, each lab includes a "solutions" configuration file. This file includes the completed configuration for
any given lab. This is useful in case the student does not have enough time to finish the lab or they are
experiencing difficultly.

The FortiAnalyzer initial configuration is available from the Local-Windows desktop under
Resources/Initial-Configuration.

All other available resources are available from the Local-Windows desktop under
Resources/FortiAnalyzer:

Lab Initial Configuration Solution Configuration

1: Introduction and Initial /LAB1/ N/A

Configuration
Local-FortiGate:
Local-FortiGate-
initial

Remote-FortiGate:
Remote-FortiGate-
initial

ISFW :
ISFW-initial

/LAB2/solution/
2: Administration and
N/A FortiAnalyzer:
Management
FAZ-Lab2-solution

8 FortiAnalyzer 6.4 Instructor Guide

Fortinet Technologies Inc.
Lab Setup Prerequisite Configuration Objects

Lab Initial Configuration Solution Configuration

3: Device Registration and /LAB3/ /LAB3/solution/

Communication
FortiAnalyzer:
Local-FortiGate:
FAZ-Lab3-solution
Local-Fortigate
Remote-FortiGate:
Remote-FortiGate
ISFW :
ISFW

/LAB4/solution/

4: Logging N/A FortiAnalyzer:

FAZ-Lab4-solution

5: Reports N/A /LAB5/solution/

FortiAnalyzer:
FAZ-Lab5-solution

FortiAnalyzer 6.4 Instructor Guide 9

Fortinet Technologies Inc.
Purchasing and Certifications

In the online version, courses are available for purchase as either:

l A bundle of all courses that prepare students for the certification exam, usually with instructor-led lab time
l One or more subject-specific individual modules that are sold à la carte with no accompanying lab time
For related certifications, see the Course Description.

If you are customizing this class for a private engagement, rather than teaching the
predefined class that is a preparation for a certification exam, students will not receive
transcript credit for the predefined courses. This is because you are customizing
content to fit the customer’s requests, and therefore subjects are not standardized.
The customer may still purchase an exam voucher, and attempt to pass the
certification exam. However, this may not meet all certification criteria. For details,
see the certification criteria on https://training.fortinet.com.

10 FortiAnalyzer 6.4 Instructor Guide

Fortinet Technologies Inc.
Time to Complete

Schedule and time required to complete each lesson may vary by region or expertise of the students. Whether the
course is described as one-day or two-day, for example, assume seven hours of classroom time per day, allowing
one hour for breaks.

Avoid lectures longer than 30 minutes. Break lessons into two segments if necessary. This accommodates
emergency phone calls, bathroom breaks, snacks for diabetics, and so on, and won’t tax the students’ attention
spans.

Lesson Estimated Lecture Time Estimated Lab Time

Introduction and Initial Configuration 25 minutes 30 minutes

Administration and Management 40 minutes 25 minutes

Device Registration and Communication 35 minutes 30 minutes

Logging 50 minutes 75 minutes

Reports 45 minutes 20 minutes

Total Time 195 minutes (3 hours, 15 min) 180 minutes (3 hours)

Total Course Time 375 minutes (6 hours and 15 minutes)

FortiAnalyzer 6.4 Instructor Guide 11

Fortinet Technologies Inc.
No part of this publication may be reproduced in any form or by any means or used to make any
derivative such as translation, transformation, or adaptation without permission from Fortinet Inc.,
as stipulated by the United States Copyright Act of 1976.
Copyright© 2020 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet,
Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and
actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein
represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified
performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any
commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking statements herein are not accurate.
Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.