Fortinet FortiAnalyzer 300G Appliance
Security-Driven Analytics & Log Management
Click here to jump to more pricing!
Overview:
FortiAnalyzer provides deep insights into advanced threats through Single-Pane Orchestration, Automation, and Response for your entire attack surface to reduce risks and improve your organization’s overall security.
Integrated with Fortinet’s Security Fabric, FortiAnalyzer simplifies the complexity of analyzing and monitoring new and emerging technologies that have expanded the attack surface, and delivers end-to-end visibility, helping you identify and eliminate threats.
Advanced Threat Detection and Correlation:
Allows security and network teams to immediately identify and respond to network security threats across the infrastructure.
Automated Workflows and Compliance Reporting:
Provides customizable dashboards, reports, and advanced workflow handlers for both security and network teams to accelerate workflows and assist with regulation and compliance audits.
Scalable Log Management:
Collects logs from FortiGate, FortiClient, FortiManager, FortiSandbox, FortiMail, FortiWeb, FortiAuthenticator, Generic syslog, and others. Deploy as an individual unit or optimize for a specific operation, and scale storage based on retention requirements.
Key Features:
Security Fabric Analytics
- Event correlation across all logs and real-time anomaly detection, with Indicator of Compromise (IOC) service and threat detection, reducing time-to-detect
Fortinet Security Fabric integration
- Correlates with logs from FortiClient, FortiSandbox, FortiWeb, and FortiMail for deeper visibility and critical network insights
Enterprise-grade High Availability
- Automatically back-up FortiAnalyzer databases (up to four node cluster) that can be geographically dispersed for disaster recovery
Security Automation
- Reduce complexity and leverage automation via REST API, scripts, connectors, and automation stitches to expedite security response
Multi-Tenancy and Administrative Domains (ADOMs)
- Separate customer data and manage domains leveraging ADOMs to be compliant and operationally effective
Flexible Deployment Options and Archival Storage
- Supports deployment of appliance, VM, hosted, or cloud. Use AWS, Azure, or Google to archive logs as a secondary storage
Highlights:
Security Operations Center
FortiAnalyzer’s Security Operations Center (SOC) helps security teams protect networks with real-time log and threat data in the form of actionable views, notifications, and reports. Analysts can protect network, web sites, applications, databases, data centers, and other technologies through centralized monitoring, awareness of threats, events, and network activity. The predefined and custom dashboards provide a single-pane-of-glass for easy integration into your Security Fabric. The new FortiSOC service subscription provides built-in incident management workflows with playbooks and connectors to simplify the security analysts’ role with enhanced security automation and orchestration.
Incident Detection and Response
FortiAnalyzer’s automated incident response capability enables security teams to manage incident life cycle from a single view. Analysts can focus on event management and identification of compromised endpoints through default and customized event handlers with quick detection, automated correlation, and connected remediation of Fortinet devices and syslog servers with incident management and playbooks for quick assignment of incidents for analysis. Track timelines and artifacts with audit history and incident reports, as well as streamline integration with ITSM platforms that help bridge gaps in your Security Operations Center and reinforces your security posture.
FortiAnalyzer Playbooks
FortiAnalyzer Playbooks boost security team abilities to simplify efforts and focus on critical tasks. Out-of-the-box playbook templates enable SOC analysts to quickly customize and automate their investigation use cases to respond to compromised hosts, critical intrusions, blocking C&C IPs, and more. Flexible playbook editor for hosts under investigation. FortiAnalyzer also allows analysts to drill down to a playbook and review task execution details and edit playbooks to define custom processes and tasks. FortiAnalyzer includes built-in connectors for playbooks to interact with other Security Fabric devices like FortiOS and EMS.
Indicators of Compromise
The Indicators of Compromise (IOC) service identifies suspicious usage and artifacts observed on a network or in an operations system that are determined with high confidence to be a computer intrusion. FortiGuard’s IOC subscription provides intelligence information to help security analysts identify risky devices and users based on these artifacts. The IOC package consists of around 500K IOCs daily and delivers it via our Fortinet Developers Network (FNDN) to our FortiSIEM, FortiAnalyzer, and FortiCloud products. Analysts can also re-scan historical logs for threat hunting and identify threats based on new intelligence, as well as review users’ aggregated threat scores by IP addresses, hostname, group, OS, overall threat rating, a location Map View, and a number of threats.
Asset and Identity
Security Fabric assets and identity monitoring and vulnerability tracking provides full SOC visibility and analytics of the attack surface. Assets and identity visibility and assets classification based on telemetry from NAC. Built-in SIEM module for automated log collection, normalization, and correlation. Integrated with FortiSOAR for further incident investigation and threat eradication. Support export of incident data to FortiSOAR through the FortiAnalyzer Connector and API Admin.
Reports
FortiAnalyzer provides 39+ built-in templates that are ready to use with sample reports to help identify the right report for you. You can generate custom data reports from logs by using the Reports feature. Run reports on-demand or on a schedule with automated email notifications, uploads, and an easy to manage calendar view. Create custom reports with the 700+ built-in charts and datasets that are ready with flexible formats including PDF, HTML, CSV, and XML.
SD-WAN Monitoring
SD-WAN dashboards enable customers to instantly see the benefit of applying SD-WAN across multiple WAN interfaces with event handlers to detect SD-WAN alerts for real-time notification and action. History graphs for WAN link health monitoring: Jitter, Latency, Packet Loss, Critical- and High- severity SD-WAN alerts. New Secure SD-WAN report provides an executive summary of important SD-WAN metrics, detailed charts and history graphs for SD-WAN link utilization by applications, latency, Packet Loss, Jitter changes, and SD-WAN performance statistics.
Log Forwarding for Third-Party Integration
You can forward logs from a FortiAnalyzer unit to another FortiAnalyzer unit, a syslog server, or (CEF) server. The client FortiAnalyzer forwards logs to the server FortiAnalyzer unit, syslog server, or CEF server. In addition to forwarding logs to another unit or server, the client retains a local copy of the logs that are subject to the data policy settings for archived logs. Logs are forwarded in real-time or near real-time as they are received.
Multi-Tenancy with Flexible Quota Management
Time-based archive / analytic log data policy per Administrative Domain (ADOM), automated quota management based on the defined policy, and trending graphs to guide policy configuration and usage monitoring.
Analyzer Collector Mode
You can deploy in Analyzer mode and Collector mode on different FortiAnalyzer units and make the units work together to improve the overall performance of log receiving, analyses, and reporting. When FortiAnalyzer is in Collector mode, its primary task is forwarding logs of the connected devices to an Analyzer and archiving the logs. The Analyzer off-loads the log-receiving task to the Collector so that the Analyzer can focus on data analysis and report generation. This feature maximizes the Collector’s log receiving performance.
Specifications:
| Fortianalyzer 200F | Fortianalyzer 300G | Fortianalyzer 400E | Fortianalyzer 800F | Fortianalyzer 1000E | Fortianalyzer 2000E | |
|---|---|---|---|---|---|---|
| Capacity and Performance | ||||||
| GB/Day of Logs | 100 | 100 | 200 | 300 | 600 | 1,000 |
| Analytic Sustained Rate (logs/sec) | 3,000 | 2,000 | 6,000 | 8,250 | 18,000 | 30,000 |
| Collector Sustained Rate (logs/sec) | 4,500 | 3,000 | 9,000 | 12,000 | 27,000 | 45,000 |
| Devices/VDOMs (Maximum) | 150 | 180 | 200 | 800 | 2,000 | 2,000 |
| Max Number of Days Analytics | 40 | 28 | 30 | 30 | 30 | 30 |
| Options Supports | ||||||
| FortiGuard Indicator of Compromise (IOC) | ||||||
| FortiManager Capabilities (up to 20 devices) | No | No | No | No | ||
| Hardware Specifications | ||||||
| Form Factor | 1 RU Rackmount | 1 RU Rackmount | 1 RU Rackmount | 1 RU Rackmount | 2 RU Rackmount | 2 RU Rackmount |
| Total Interfaces | 2xRJ45 GE | 4 x RJ45 GE | 4x GE | 4 x GE, 2x SFP | 2x GE | 4x GE, 2 x SFP+ |
| Storage Capacity | 4 TB (1 x 4 TB) | 8 TB (2 x 4TB) | 12 TB (4x 3 TB) | 16 TB (4x 4 TB) | 24 TB (8x 3 TB) | 36 TB (12x 3TB) |
| Usable Storage (After RAID) | 4 TB | 4 TB | 6 TB | 8 TB | 18 TB | 30 TB |
| Removable Hard Drives | No | No | ||||
| RAID Levels Supported | N/A | RAID 0/1 | RAID 0/1/5/10 | RAID 0/1/5/10 | RAID 0/1/5/6/10/50/60 | RAID 0/1/5/6/10/50/60 |
| RAID Type | N/A | Software | Software | Software | Hardware / Hot Swappable | Hardware / Hot Swappable |
| Default RAID Level | N/A | 1 | 10 | 10 | 50 | 50 |
| Redundant Hot Swap Power Supplies | No | No | No | No | ||
| Dimensions | ||||||
| Height x Width x Length (inches) | 1.75 x 17.0 x 15.0 | 1.73 x 17.24 x 16.38 | 1.7 x 17.2 x 19.8 | 1.75 x 17.44 x 22.16 | 3.5 x 17.2 x 25.2 | 3.5 x 17.2 x 25.6 |
| Height x Width x Length (cm) | 4.4 x 43.2 x 38.1 | 4.4 x 43.8 x 41.6 | 4.3 x 43.7 x 50.3 | 4.4 x 44.3 x 56.3 | 8.9 x 43.7 x 68.4 | 8.9 x 43.7 x 64.8 |
| Weight | 17.1 lbs (7.8 kg) | 22.5 lbs (10.2 kg) | 31 lbs (14.1 kg) | 28.6 lbs (13.0 kg) | 52 lbs (23.6 kg) | 58 lbs (26.3 kg) |
| Environment | ||||||
| AC Power Supply | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz |
| Power Consumption (Average) | 49W / 114W | 90.1W / 99 W | 49W / 114W | 108W / 186W | 192.5W / 275W | 293.8W / 354W |
| Heat Dissipation | 390 BTU/h | 337.8 BTU/h | 390 BTU/h | 634 BTU/h | 920 BTU/h | 1840 BTU/h |
| Operating Temperature | 32 - 104° F (0 - 40° C) |
32 - 104° F (0 - 40° C) |
41 - 95° F (5 - 35° C) |
32 - 104° F (0 - 40° C) |
41 - 95° F (5 - 35° C) |
50 - 95° F (10 - 35° C) |
| Storage Temperature | 95 - 158° F (-35 - 70° C) |
-13–167° F (-25–75° C) |
-40 - 140° F (-40 - 60° C) |
95 - 158° F (-35 - 70° C) |
-40 - 140° F (-40 - 60° C) |
-40 - 158° F (-40 - 70° C) |
| Humidity | 20 to 90% non-condensing | 20 to 90% non-condensing | 8 to 90% non-condensing | 20 to 90% non-condensing | 8 to 90% non-condensing | 8 to 90% non-condensing |
| Operating Altitude | Up to 7,400 ft (2,250 m) |
Up to 7,400 ft (2,250 m) |
Up to 9,842 ft (3,000 m) |
Up to 7,400 ft (2,250 m) |
Up to 7,400 ft (2,250 m) |
Up to 7,400 ft (2,250 m) |
| Compliance | ||||||
| Safety Certifications | FCC Part 15 Class A, C-Tick, VCCI, CE, UL/ cUL, CB | |||||
** Unlimited GB/Day when deployed in collector mode
Documentation:
Download the Fortinet FortiAnalyzer Series Datasheet (PDF).
Pricing Notes:
- All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
- Hardware plus 24x7 FortiCare and FortiAnalyzer Enterprise Protection
Hardware Unit, 24x7 Comprehensive Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades, Enterprise Services Bundle (Indicators of Compromise Service and SOC Subscription license) plus term of contract - Enterprise Protection (24x7 FortiCare plus Indicators of Compromise Service and SOC Subscription license)
24x7 Comprehensive Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades, Enterprise Services Bundle (Indicators of Compromise Service and SOC Subscription license) - 24x7 FortiCare Contract
24x7 Comprehensive Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades/li> - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.