Filter
Top Products
FortiAnalyzer Version 3.0 MR7 Administration Guide
78 05-30007-0082-20080908
Configuring unregistered device connection attempt handling Device
Configuring unregistered device connection attempt handling
You can configure the FortiAnalyzer unit to accept and handles connection
attempts automatically, or to allow connections only from devices that you have
manually added.
Allowing the connection and registering the device enables certain FortiAnalyzer
features. For example, registering known-type devices, either manually or
automatically, configures the FortiAnalyzer unit for features such as device-
specific reports and remote browsing of log messages. Manually adding unknown-
type devices allows you to browse their logs.
Device connection attempt handling and other FortiAnalyzer features vary by
device type. There are two types of devices:
• known device types (FortiGate, FortiManager, FortiClient, FortiMail)
• unknown device type (generic Syslog devices)
Connection attempt handling options for known and unknown device types are
separate.
Depending on your settings in Unregistered Device Options, and whether the
device type is known or unknown, the FortiAnalyzer unit handles connection
attempts in one of these ways:
• ignore the connection (only allow connections from manually added devices)
• allow the connection, add as an unregistered device, but do not keep the
device’s log data (add devices automatically, but do not keep data until you
manually register them)
• if the device is an unknown type, allow the connection, add as an unregistered
device, and keep a specified amount of the device’s log data
• if the device is a known type, allow the connection, add as a registered device,
and keep a specified amount of the device’s log data
If you have specified that connections from unregistered devices will not be
allowed until you manually add them, you must manually configure the connection
before the device will be allowed to connect to the FortiAnalyzer unit.
When devices attempt to connect to a FortiAnalyzer unit that has reached its
number of maximum number of allowed devices, the FortiAnalyzer unit will reject
connection attempts by excess devices, and automatically add those excess
devices to the list of blocked devices. For more information about on blocked
devices, see “Blocking device connection attempts” on page 86.
To view the current connection handling settings, go to Device > All > Device and
select Unregistered Device Options.
Note: Many FortiAnalyzer features are not available for unregistered devices of unknown
types. For more information about on the differences between unregistered and registered
devices, see “Unregistered vs. registered devices” on page 77.
Both registered and unregistered devices count towards the maximum number of devices
available for a FortiAnalyzer unit. Too many unregistered devices will prevent you from
adding a device. For more information, see “Maximum number of devices” on page 76.