Fighting off the insidious attacks of cybercriminals is full-time. Attacks are constantly evolving as bad actors attempt to catch enterprises off guard.
As threats evolve devices like the Fortinet Fortigate firewall that use threat intelligence and AI have become more important in detecting the latest attacks.
Here is our list of the 10 best Fortinet analyzers:
- Paessler PRTG Network Monitor (FREE TRIAL) Use the SNMP and traffic flow sensors in this bundle of infrastructure monitors. Runs on Windows Server.
- Site24x7 A cloud-based infrastructure monitoring system that covers servers, networks, and applications.
- ManageEngine Firewall Log Analyzer A SIEM tool that installs on Windows Server or Linux.
- Fastvue Reporter Monitors Fortinet FortiGate with graphical views on live data and produces a wide range of activity reports.
- LogicMonitor A cloud-based infrastructure monitor that can supervise Fortinet and FortiGate.
- Zenoss An online infrastructure monitoring system that can track events on any internet-connected network. Can be extended by a Fortigate plug-in.
- Zabbix A free open source infrastructure monitoring system that can be tailored by “templates” to monitor Fortigate. Runs on Linux.
- Nagios Core and Nagios XI Free and paid version of this popular infrastructure monitoring system. The user community produces free extensions, including nine for Fortigate monitoring.
- Splunk A world-famous SIEM tool with an extension for Fortigate monitoring. Available in free and paid versions.
- Cyfin A log analyzer with specialist modules for monitoring Fortinet. Good for demonstrating compliance with HIPAA and CIPA.
What is Fortinet?
Fortinet is a US company that produces cybersecurity systems. It started up in 2000 and is based in Sunnyvale, California. The company was founded by brothers Ken and Michael Xie and now, 21 years later, they are still in charge. By the end of 2019, the company had more than 6,000 employees and annual revenue of $2.16 billion.
The company’s main product is FortiGate, a firewall appliance. Recently, Fortinet has made a virtual appliance option available for FortiGate. Fortinet has been expanding the FortiGate family, creating FortiGate SD-WAN in 2018. More recently, the company has diversified out of the FortiGate product name with the release of FortiAI, a threat detection system that uses Artificial Intelligence in its detection processes.
What is Fortinet used for?
Fortinet’s products are all aimed at protecting networks and endpoints from cyberattack. The company markets its entire range as a “security fabric,” which is its proprietary term. It signifies a platform that offers a selection of modules that can all work together to improve security. This is a strategy that many other cybersecurity vendors now adopt.
What is a Fortinet Analyzer?
Fortinet produces an appliance, called FortiAnalyzer, that behaves like a SIEM system. It collects log data and feedback from other Fortinet appliances and systems. It then correlates this data in real-time, looking for threats.
SIEM systems are very common now – Fortinet isn’t the leader in the fields and it didn’t invent the strategy.
Many rival businesses produce systems that can analyze the log messages that Fortinet systems generate. Therefore, it is possible to buy an analyzer package that is able to receive logs from Fortinet devices along with the Event messages from Windows systems, Syslog messages from Linux hosts, and the log messages put out by a range of applications.
A log message server and consolidator that can retrieve, process, and analyze messages from Fortinet devices could be called a Fortinet analyzer.
The best Fortinet analyzers
Paessler PRTG Network Monitor is a unified network monitoring solution that can monitor Fortinet devices. PRTG Network Monitor uses SNMP, SNMP Traps, and NetFlow collection to monitor the performance of connected devices. There is also an auto-discovery feature so that you can automatically discover connected devices.
Sensors like the SNMP Traffic Sensor and the SNMP System Uptime sensor collect performance data from devices. However, if you want to go more in-depth you can create custom sensors. Metrics you can track with custom sensors include Total CPU Usage, Session Count, Memory Usage, Total User (per CPU), User (time) Usage, State, Packets Sent/Received, Latency, and Jitter. The wide range of configurations allows you to identify a variety of attacks.
You don’t have to manually monitor these sensors to stay on top of security events. PRTG Network Monitor issues alerts as soon as a problem is identified. Alerts notify you whenever the status of a sensor changes, the value changes, or a predefined threshold has been breached.
There is a free version of Paessler PRTG Network Monitor you can download if you want to monitor 100 sensors or less. The software starts at a price of $1,600 (£1,298) for 500 sensors and one installation and goes up to $14,500 (£11,767) for unlimited sensors. There is also a version with five server installations and unlimited sensors that costs $60,000 (£48,695). You can download the 30-day free trial.
Site24x7 is a SaaS-based central monitoring tool that can monitor Fortinet’s infrastructure. Site24x7 has a range of metrics for Monitoring Fortigate devices. The tool monitors big buffer hits, big buffer misses, buffer failures, CPU usage, CPU utilization, input packet drops, interface collisions, disk utilization, packets received, active session count, and more. You can monitor all of these metrics through the dashboard.
The software has an alerts system to keep you updated about the latest security events. There are instant notifications through email, SMS, voice, instant messenger, push notifications, RSS, and more. Alerts are configurable so you can set thresholds to revise notifications wherever you are.
The Starter version of the Site24x7 Infrastructure package costs $9 (£7.30) per month. You can then purchase additional add-ons until you have what you need. The price is $15 (£12) a month for 10 additional servers, 50 servers for $50 (£40) a month, and 500 servers/websites $500 (£405). You can sign up for the 30-day free trial.
ManageEngine Firewall Log Analyzer is a log management tool that is compatible with Fortigate firewalls. ManageEngine Firewall Log Analyzer has a system log server that can take data from Fortinet devices in WELF or syslog format. Setting up the program to do this is simple but you do have to configure the firewall to send this information to the Syslog server first. Once you’ve done this you can take a closer look at the traffic entering the network.
There is an extensive reports function included with the program with many options compatible with Fortinet devices. Live Reports, Traffic Reports, Protocol Usage Reports, Web Usage Reports, Mail Usage Reports, Event Summary Reports, Firewall Rules Reports, and Attack reports are just some of the report types offered by the program.
There are three versions of ManageEngine Firewall Log Analyzer available to purchase: Standard Edition, Professional Edition, and Enterprise Edition. The price starts at $395 (£320) with a maximum device count of 60 for the Standard Edition with support for one device.
The Professional Edition costs $595 (£482) for one device with a maximum count of 60 and firewall rule analysis and configuration analysis. The Enterprise edition costs $8,395 (£6,813) for 20 devices with a maximum device count of 1200. You can download the free trial.
Fastvue Reporter is a usage reporting tool for Fortinet FortiGate. Fastvue Reporter has a live dashboard that shows you the real-time performance of bandwidth, productivity, and protection. There are intelligent alerts so the user is notified when there is a problematic activity like unusually large downloads or a cyber attack.
As the name suggests, Fastvue Reporter’s number one feature is its reports. You can create and schedule reports for FortiGate routers. To make sure that the reports are sent to the right people you can filter by Departments, Security Groups, Offices, or Subnets. Report filters are useful for responding to threats and keeping the necessary individuals updated on what’s going on.
Activity Reports are also extremely useful for threat remediation. The reports include timestamps, URLs and green bars to show where browsing sessions stopped. Having this information readily available makes it much easier to investigate performance problems without having to wade through mountains of logs.
To view a price for Fastvue Reporter you will have to request a quote directly from the company. The price depends on the number of users, length of a subscription term, and the number of FortiGates you need to monitor. You can download a free trial.
LogicMonitor is an infrastructure monitoring tool that is compatible with Fortinet and FortiGate. The platform offers automatic discovery, dashboards, and reporting to monitor IT infrastructure. The software is agentless making it easy to deploy in almost any environment.
There are a number of custom LogicModules that can be used with Fortinet devices. These modules allow you to monitor Fortigate firewall for Disk Usage, High-Availability mode, Module memory usage, Module sessions, Security Associations per module, Sensor Value, Current Sessions, Resource Usage, Threats, Peer CPU, HTTP Requests Blocked, HTTP Sessions Blocked, and HTTP URLs blocked.
There are three versions of LogicMonitor available to purchase under the Standard Pricing Model: Starter, Pro, and Enterprise. The Starter version starts at 50 devices, the Pro version at 100 devices, and the Enterprise version at 200 devices. You have to contact the sales team directly for a quote. There is also a 14-day free trial.
Zenoss is an infrastructure monitoring tool that’s available as a SaaS platform. From the dashboard, you can monitor the performance of IT systems and devices in your local environment (including Fortinet and FortiGate devices). The program also uses machine learning to identify unusual patterns and malicious behavior to reduce the impact of cyberattacks.
Zenoss has a number of plugins called ZenPacks. There is a ZenPack dedicated to Fortigate called Fortigate SNMP Monitor. Fortigate SNMP Monitor divides classes up into Network, Router, Firewall, and Fortigate. The user can monitor Fortigate firewall metrics such as CPU Usage, Memory Utilization, and Number of Sessions.
If you’re looking for a detailed and versatile infrastructure monitoring experience then Zenoss is ideal, particularly if you want to monitor Fortinet devices as well. To view the price, you will have to request a quote from the company directly. You can request a demo here.
Zabbix is an open-source network monitoring, server monitoring, cloud-based service monitoring, application monitoring, and services monitoring platform. Zabbix is compatible with Fortinet devices and there are a number of Zabbix templates that are designed for Fortigate. One example is the Fortigate SNMP template.
The Fortigate SNMP template can monitor CPU%, RAM%, Disk (Total and Used), OS version, Serial Number, and Interface data (link and speed). These provide you with basic information to monitor SNMP data.
The main advantage of Zabbix is that it is completely free. The tool is available for Red Hat Enterprise Linux, CentOs, Oracle Linux, Ubuntu, Debian, SUSE Linux Enterprise Server, and Raspbian. You can download Zabbix for free.
Nagios Core and Nagios XI are network monitoring platforms that can monitor Fortigate. Nagios Core is Nagios open-source product and Nagios XI is a proprietary product that you have to pay to use. However, both tools have access to the Nagios Exchange.
The Nagios Exchange is a library of plugins that extend the basic features of the products. There are nine different plugins for Fortigate on Nagios exchange. These include Check Fortunate Active Sessions, Check Fortigate CPU l
Load, Check Fortigate CPU Usage, Check Fortigate Memory, Check Fortigate Status, and more.
Each plugin has different functions: the Check Fortunate CPU Load allows you to view the CPU load of your firewall and the Check Fortigate Hardware Health plugin lets you monitor the overall health of the device.
Nagios Core and Nagios XI are good choices if you’re looking for cost-effective solutions for monitoring Fortinet devices. Paid versions of Nagios XI start at $1,995 (£1,618) for the Standard Edition and $3,495 (£2,836) for the Enterprise Edition. You can download the free trial version.
Splunk is one of the most famous network monitoring tools in the world. Splunk can take log and machine data from devices across your network and from Fortinet components. There is an extension built for Fortinet called Fortinet FortiGate App for Splunk. The app provides a real-time and historical analysis of traffic, threats, wireless ads, and more. Both Splunk and the add-on can be installed in a matter of minutes.
The monitoring experience is led by the dashboard. From here you can monitor the performance and response times of your devices. The dashboard is customizable so you can choose which real-time and historic data you monitor.
There is a free version of Splunk that supports one user and up to 500 MB of data per day. Splunk Cloud servicesupports unlimited users and unlimited data. So if you require more data than the free version you will have to contact the sales team directly to view a quote. You can download the free trial.
Cyfin is a log analyzer and web monitoring platform designed for Fortinet, Palo Alto, SonicWall, Check Point, WatchGuard, Cisco, and other device vendors. You can connect your Fortigate router to the Cyfin Syslog server to start monitoring your network. The Syslog server can monitor UDP-based and TCP-based log messages. Once the log files have been ported into the server you can view them in the Log File Viewer.
For general monitoring, the Smart engine analytics feature helps you to analyze the data you’ve collected. After collecting the data you can then generate reports for further analysis. Reports are also compliant with CIPA and HIPAA making the software suitable for auditing purposes.
If you’re looking for a log analyzer that’s easy to use and configure quickly, Cyfin is high quality, although you will have to contact the sales team to request a quote. There is also a free trial version.
Choosing a Fortinet Analyzer
Fortinet devices and Fortigate routers are no different from any other device in your network. They need to be monitored and maintained to minimize the risk of a cyber attack.
Purchasing a solution that gives you the ability to measure these platforms is invaluable for catching security threats and minimizing damage to your network. Catching malicious traffic entering through your router could be the difference between staying online and being put out of business.
Tools like Paessler PRTG Network Monitor, Site24x7, ManageEngine Firewall Log Analyzer, and Splunk have support specifically for Fortinet devices. By hooking up a network monitoring tool to your Fortigate router you’ll be able to benefit from immediate notifications once a security event begins.