Fighting off the insidious attacks of cybercriminals is full-time. Attacks are constantly evolving as bad actors attempt to catch enterprises off guard.
As threats evolve devices like the Fortinet Fortigate firewall that use threat intelligence and AI have become more important in detecting the latest attacks.
Here is our list of the ten best Fortinet analyzers:
- Paessler PRTG Network Monitor EDITOR’S CHOICE This on-premises package is able to gather live performance metrics from all network devices, including firewalls. The system can also watch activity on servers and trace application actions. This tool will provide Fortinet monitoring will simultaneously tracking the performance of all your other IT assets. Download the 30-day free trial.
- Site24x7 A cloud-based infrastructure monitoring system that covers servers, networks, and applications.
- ManageEngine Firewall Log Analyzer A SIEM tool that installs on Windows Server or Linux.
- Fastvue Reporter Monitors Fortinet FortiGate with graphical views on live data and produces a wide range of activity reports.
- LogicMonitor A cloud-based infrastructure monitor that can supervise Fortinet and FortiGate.
- Zenoss An online infrastructure monitoring system that can track events on any internet-connected network. Can be extended by a Fortigate plug-in.
- Zabbix A free open source infrastructure monitoring system that can be tailored by “templates” to monitor Fortigate. Runs on Linux.
- Nagios Core and Nagios XI Free and paid version of this popular infrastructure monitoring system. The user community produces free extensions, including nine for Fortigate monitoring.
- Splunk A world-famous SIEM tool with an extension for Fortigate monitoring. Available in free and paid versions.
- Cyfin A log analyzer with specialist modules for monitoring Fortinet. Good for demonstrating compliance with HIPAA and CIPA.
What is Fortinet?
Fortinet is a US company that produces cybersecurity systems. It started up in 2000 and is based in Sunnyvale, California. The company was founded by brothers Ken and Michael Xie and now, 21 years later, they are still in charge. By the end of 2019, the company had more than 6,000 employees and annual revenue of $2.16 billion.
The company’s main product is FortiGate, a firewall appliance. Recently, Fortinet has made a virtual appliance option available for FortiGate. Fortinet has been expanding the FortiGate family, creating FortiGate SD-WAN in 2018. More recently, the company has diversified out of the FortiGate product name with the release of FortiAI, a threat detection system that uses Artificial Intelligence in its detection processes.
What is Fortinet used for?
Fortinet’s products are all aimed at protecting networks and endpoints from cyberattack. The company markets its entire range as a “security fabric,” which is its proprietary term. It signifies a platform that offers a selection of modules that can all work together to improve security. This is a strategy that many other cybersecurity vendors now adopt.
What is a Fortinet Analyzer?
Fortinet produces an appliance, called FortiAnalyzer, that behaves like a SIEM system. It collects log data and feedback from other Fortinet appliances and systems. It then correlates this data in real-time, looking for threats.
SIEM systems are very common now – Fortinet isn’t the leader in the fields and it didn’t invent the strategy.
Many rival businesses produce systems that can analyze the log messages that Fortinet systems generate. Therefore, it is possible to buy an analyzer package that is able to receive logs from Fortinet devices along with the Event messages from Windows systems, Syslog messages from Linux hosts, and the log messages put out by a range of applications.
A log message server and consolidator that can retrieve, process, and analyze messages from Fortinet devices could be called a Fortinet analyzer.
The best Fortinet analyzers
What should you look for in a Fortinet analyzer?
We reviewed the market for Fortinet monitors and analyzed tools based on the following criteria:
- The ability to monitor network appliances
- Remote site and cloud platform monitoring capabilities
- Traffic tracking systems
- Activity pattern analysis
- Retrospective activity analysis for threat intelligence gathering
- A free trial or a money-back guarantee for a no-risk assessment opportunity
- Good features that enable full monitoring capabilities at a fair price that represents value for money
With these selection criteria in mind, we examined available packages for monitoring Fortinet and identified the best options currently available.
Paessler PRTG Network Monitor is a unified network monitoring solution that can monitor Fortinet devices. PRTG Network Monitor uses SNMP, SNMP Traps, and NetFlow collection to monitor the performance of connected devices. There is also an auto-discovery feature so that you can automatically discover connected devices.
- Device performance monitoring
- Network traffic monitoring
- WAN performance monitoring
- Cloud-hosted option
- Alerts for detected problems
Sensors like the SNMP Traffic Sensor and the SNMP System Uptime sensor collect performance data from devices. However, if you want to go more in-depth you can create custom sensors. Metrics you can track with custom sensors include Total CPU Usage, Session Count, Memory Usage, Total User (per CPU), User (time) Usage, State, Packets Sent/Received, Latency, and Jitter. The wide range of configurations allows you to identify a variety of attacks.
You don’t have to manually monitor these sensors to stay on top of security events. PRTG Network Monitor issues alerts as soon as a problem is identified. Alerts notify you whenever the status of a sensor changes, the value changes, or a predefined threshold has been breached.
- Offers dashboards and templates that compliment Fortinet use
- Uses a combination of packet sniffing, WMI, and SNMP to report network performance data
- Drag and drop editor makes it easy to build custom views and reports
- Each sensor is specifically designed to monitor each application, for example, there are pre-built sensors whose specific purpose is to capture and monitor VoIP activity
- Supports a freeware version
- Is a very comprehensive platform with many features and moving parts that require time to learn
There is a free version of Paessler PRTG Network Monitor you can download if you want to monitor 100 sensors or less. The software starts at a price of $1,600 (£1,298) for 500 sensors and one installation and goes up to $14,500 (£11,767) for unlimited sensors. There is also a version with five server installations and unlimited sensors that costs $60,000 (£48,695). You can download the 30-day free trial.
Paessler PRTG Network Monitor is our top pick for a Fortinet analyzer and monitor because it provides constant monitoring of Fortinet devices while still paying attention to the performance of all of your network equipment. The service is also able to watch events on cloud-based systems if you opt for a Fortinet SD-WAN or edge service. The ability to monitor Fortinet services as part of your system-wide monitoring responsibilities means that this package offers great value for money.
Official Site: https://www.paessler.com/download/prtg-download?download=1
OS: Windows Server or cloud-based
Site24x7 is a SaaS-based central monitoring tool that can monitor Fortinet’s infrastructure. Site24x7 has a range of metrics for Monitoring Fortigate devices. The tool monitors big buffer hits, big buffer misses, buffer failures, CPU usage, CPU utilization, input packet drops, interface collisions, disk utilization, packets received, active session count, and more. You can monitor all of these metrics through the dashboard.
- Cloud-based system
- Monitors multiple sites and cloud resources
- Live performance tracking
- Historical data analysis
The software has an alerts system to keep you updated about the latest security events. There are instant notifications through email, SMS, voice, instant messenger, push notifications, RSS, and more. Alerts are configurable so you can set thresholds to revise notifications wherever you are.
- Flexible cloud-based monitoring option
- Offers a host of out-of-box monitoring options and dashboard templates
- Allows administrators to view dependencies within the application stack, good for building SLAs and optimizing uptime
- Offers root cause analysis enhanced by AI to fix technical issues faster
- Site24x7 is a feature-rich platform with options that extended beyond server monitoring, may require time to learn all options and features
The Starter version of the Site24x7 Infrastructure package costs $9 (£7.30) per month. You can then purchase additional add-ons until you have what you need. The price is $15 (£12) a month for 10 additional servers, 50 servers for $50 (£40) a month, and 500 servers/websites $500 (£405). You can sign up for the 30-day free trial.
ManageEngine Firewall Log Analyzer is a log management tool that is compatible with Fortigate firewalls. ManageEngine Firewall Log Analyzer has a system log server that can take data from Fortinet devices in WELF or syslog format. Setting up the program to do this is simple but you do have to configure the firewall to send this information to the Syslog server first. Once you’ve done this you can take a closer look at the traffic entering the network.
- Monitors Fortinet devices
- Traffic and event reports
- Analysis both live and in retrospect
There is an extensive reports function included with the program with many options compatible with Fortinet devices. Live Reports, Traffic Reports, Protocol Usage Reports, Web Usage Reports, Mail Usage Reports, Event Summary Reports, Firewall Rules Reports, and Attack reports are just some of the report types offered by the program.
- Offers on-premise and cloud deployment options, giving companies more choices for install
- Can highlight inter-dependencies between applications to map out how performance issues can impact businesses operations
- Offers log monitoring to track metrics like memory usage, disk IO, and cache status, providing a holistic view into your network health
- Can automatically detect databases, server hardware, and devices for real-time asset management
- Can take time to fully explore all features and options available
There are three versions of ManageEngine Firewall Log Analyzer available to purchase: Standard Edition, Professional Edition, and Enterprise Edition. The price starts at $395 (£320) with a maximum device count of 60 for the Standard Edition with support for one device.
The Professional Edition costs $595 (£482) for one device with a maximum count of 60 and firewall rule analysis and configuration analysis. The Enterprise edition costs $8,395 (£6,813) for 20 devices with a maximum device count of 1200. You can download the free trial.
Fastvue Reporter is a usage reporting tool for Fortinet FortiGate. Fastvue Reporter has a live dashboard that shows you the real-time performance of bandwidth, productivity, and protection. There are intelligent alerts so the user is notified when there is a problematic activity like unusually large downloads or a cyber attack.
- Monitors Fortinet FortiGate
- Activity analysis reports
- Intelligent alerts
As the name suggests, Fastvue Reporter’s number one feature is its reports. You can create and schedule reports for FortiGate routers. To make sure that the reports are sent to the right people you can filter by Departments, Security Groups, Offices, or Subnets. Report filters are useful for responding to threats and keeping the necessary individuals updated on what’s going on.
Activity Reports are also extremely useful for threat remediation. The reports include timestamps, URLs and green bars to show where browsing sessions stopped. Having this information readily available makes it much easier to investigate performance problems without having to wade through mountains of logs.
- Offers simple yet intuitive Fortinet monitoring through a bespoke dashboard
- Leverages intelligent alerts to reduce false positives and highlight anomalous behavior
- Produces simple reports quickly
- Not the first option for enterprise-scale clients with robust reporting requirements
To view a price for Fastvue Reporter you will have to request a quote directly from the company. The price depends on the number of users, length of a subscription term, and the number of FortiGates you need to monitor. You can download a free trial.
LogicMonitor is an infrastructure monitoring tool that is compatible with Fortinet and FortiGate. The platform offers automatic discovery, dashboards, and reporting to monitor IT infrastructure. The software is agentless making it easy to deploy in almost any environment.
- Cloud-based system
- Monitors networks, devices, and applications
- Will track hardware and firmware performance on Fortinet systems
There are a number of custom LogicModules that can be used with Fortinet devices. These modules allow you to monitor Fortigate firewall for Disk Usage, High-Availability mode, Module memory usage, Module sessions, Security Associations per module, Sensor Value, Current Sessions, Resource Usage, Threats, Peer CPU, HTTP Requests Blocked, HTTP Sessions Blocked, and HTTP URLs blocked.
- Monitors application performance via the cloud
- Can monitor assets in hybrid cloud environments
- The dashboard can be customized and saved, great for different NOC teams or individual users
- The trial is only 14 days, would like to see a longer testing period
There are three versions of LogicMonitor available to purchase under the Standard Pricing Model: Starter, Pro, and Enterprise. The Starter version starts at 50 devices, the Pro version at 100 devices, and the Enterprise version at 200 devices. You have to contact the sales team directly for a quote. There is also a 14-day free trial.
Zenoss is an infrastructure monitoring tool that’s available as a SaaS platform. From the dashboard, you can monitor the performance of IT systems and devices in your local environment (including Fortinet and FortiGate devices). The program also uses machine learning to identify unusual patterns and malicious behavior to reduce the impact of cyberattacks.
- SaaS package
- Free version available
- Plug-in for Fortinet monitoring
Zenoss has a number of plugins called ZenPacks. There is a ZenPack dedicated to Fortigate called Fortigate SNMP Monitor. Fortigate SNMP Monitor divides classes up into Network, Router, Firewall, and Fortigate. The user can monitor Fortigate firewall metrics such as CPU Usage, Memory Utilization, and Number of Sessions.
- Offers Fortinet monitoring through a simple plugin
- Uses network discovery to automatically pull in new devices that enter the network
- Supports Cisco Layer 2-4 devices
- Support is only for paid tiers
If you’re looking for a detailed and versatile infrastructure monitoring experience then Zenoss is ideal, particularly if you want to monitor Fortinet devices as well. To view the price, you will have to request a quote from the company directly. You can request a demo here.
Zabbix is an open-source network monitoring, server monitoring, cloud-based service monitoring, application monitoring, and services monitoring platform. Zabbix is compatible with Fortinet devices and there are a number of Zabbix templates that are designed for Fortigate. One example is the Fortigate SNMP template.
- Free tool
- Fortinet monitoring template available
- Tracks networks, cloud resources, servers, and applications
The Fortigate SNMP template can monitor CPU%, RAM%, Disk (Total and Used), OS version, Serial Number, and Interface data (link and speed). These provide you with basic information to monitor SNMP data.
- Open-source transparent tool
- Includes Fortinet monitoring template
- Can detect new devices and configuration changes immediately
- Robust notification system supports SMS, email, custom script, and webhook
- Not available for Windows
The main advantage of Zabbix is that it is completely free. The tool is available for Red Hat Enterprise Linux, CentOs, Oracle Linux, Ubuntu, Debian, SUSE Linux Enterprise Server, and Raspbian. You can download Zabbix for free.
Nagios Core and Nagios XI are network monitoring platforms that can monitor Fortigate. Nagios Core is Nagios open-source product and Nagios XI is a proprietary product that you have to pay to use. However, both tools have access to the Nagios Exchange.
- Free and paid versions
- Plug-ins for Fortinet monitoring
- Covers servers and applications as well as network devices
The Nagios Exchange is a library of plugins that extend the basic features of the products. There are nine different plugins for Fortigate on Nagios exchange. These include Check Fortunate Active Sessions, Check Fortigate CPU l
Load, Check Fortigate CPU Usage, Check Fortigate Memory, Check Fortigate Status, and more.
Each plugin has different functions: the Check Fortunate CPU Load allows you to view the CPU load of your firewall and the Check Fortigate Hardware Health plugin lets you monitor the overall health of the device.
- Is open-source and completely free, with a paid option for enterprises
- Supports autodiscovery for easy device management
- Highly customizable and detailed dashboard (9 extensions for Fortinet)
- Offers many features that can take time to explore
Nagios Core and Nagios XI are good choices if you’re looking for cost-effective solutions for monitoring Fortinet devices. Paid versions of Nagios XI start at $1,995 (£1,618) for the Standard Edition and $3,495 (£2,836) for the Enterprise Edition. You can download the free trial version.
Splunk is one of the most famous network monitoring tools in the world. Splunk can take log and machine data from devices across your network and from Fortinet components. There is an extension built for Fortinet called Fortinet FortiGate App for Splunk. The app provides a real-time and historical analysis of traffic, threats, wireless ads, and more. Both Splunk and the add-on can be installed in a matter of minutes.
- An adaptable data analysis tool
- Analyzes log files
- Extension for Fortinet monitoring
The monitoring experience is led by the dashboard. From here you can monitor the performance and response times of your devices. The dashboard is customizable so you can choose which real-time and historic data you monitor.
- Can utilize behavior analysis to detect threats that aren’t discovered through logs
- An excellent user interface, highly visual with easy customization options
- Enterprise focused
- Available cross-platform for Linux and Windows
- Caters more to enterprise networks than small to medium-sized organizations
There is a free version of Splunk that supports one user and up to 500 MB of data per day. Splunk Cloud service-supports unlimited users and unlimited data. So if you require more data than the free version you will have to contact the sales team directly to view a quote. You can download the free trial.
Cyfin is a log analyzer and web monitoring platform designed for Fortinet, Palo Alto, SonicWall, Check Point, WatchGuard, Cisco, and other device vendors. You can connect your Fortigate router to the Cyfin Syslog server to start monitoring your network. The Syslog server can monitor UDP-based and TCP-based log messages. Once the log files have been ported into the server you can view them in the Log File Viewer.
- Log analyzer
- Special routines for examining network device activity
- AI-based analysis
For general monitoring, the Smart engine analytics feature helps you to analyze the data you’ve collected. After collecting the data you can then generate reports for further analysis. Reports are also compliant with CIPA and HIPAA making the software suitable for auditing purposes.
- Monitors both TCP and UDP traffic
- Leverages artificial intelligence for data analysis
- Offers compliance driven reporting (HIPAA, CIPA, etc)
- Better suited for smaller networks
If you’re looking for a log analyzer that’s easy to use and configure quickly, Cyfin is high quality, although you will have to contact the sales team to request a quote. There is also a free trial version.
Choosing a Fortinet Analyzer
Fortinet devices and Fortigate routers are no different from any other device in your network. They need to be monitored and maintained to minimize the risk of a cyber attack.
Purchasing a solution that gives you the ability to measure these platforms is invaluable for catching security threats and minimizing damage to your network. Catching malicious traffic entering through your router could be the difference between staying online and being put out of business.
Tools like Paessler PRTG Network Monitor, Site24x7, ManageEngine Firewall Log Analyzer, and Splunk have support specifically for Fortinet devices. By hooking up a network monitoring tool to your Fortigate router you’ll be able to benefit from immediate notifications once a security event begins.