What is our primary use case?
It receives logs from the FortiGate 5000 Series (about 12 FortiGate blades), and it was configured for keep logs for about 1,050 days. The logs are divided by archive (raw logs) and analytics (logs indexed in a database).
The use case is primarily for getting graphical data to make quick decisions.
How has it helped my organization?
FAZ has improved the organization because it stores events in the past so we can correlate incidents using another monitor tools; the problem is that it can´t recognize logs from FortiController blades, not even specifying it as a syslog device so this is a big lack. Devices from another brand are compatible only as syslog devices if they support.
What is most valuable?
It supports SQL for logging and reporting. Log data is inserted into the SQL database for log view and report generation.
Another feature is the custom reports, where you can obtain a chart builder from a log view: traffic, event, or security log.
What needs improvement?
It is very important that FAZ can support FortiController as the architecture designed for the network. FortiController should be registered in FAZ at least for event logs.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
No issues at all. It is a reliable product.
The problems come when you are using different OS versions between FortiGate and FortiAnalyzer.
What do I think about the scalability of the solution?
No scalability issues. You should know how many logs per second or minute are generated in your network to avoid issues with scalability.
How is customer service and technical support?
The technical support with Fortinet has risen considerably. Now, they respond in three to four hours instead of two days.
Which solutions did we use previously?
We did not use a previous solution.
How was the initial setup?
The FAZ includes a wizard, which is very simple to follow during the initial setup.
What about the implementation team?
We implemented it in-house. We have had some experience implementing FAZ.
What was our ROI?
I do not have this value yet.
What's my experience with pricing, setup cost, and licensing?
The cost and pricing should be in accordance with the calculation of log storage capacity for a time period required for historical analysis.
Which other solutions did I evaluate?
We did not look at any other options, because Fortinet was elected for use by the end user.
What other advice do I have?
My only experience is with a very important customer, the most recognized in Latin America.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are Grupo CEPRA, a channel for Fortinet sales.
Jun 20 2018