Top 10 Fortinet Analyzers you must know

The 10 tools mentioned in this article can help you and your organization make the most of your FortiGate investment, by empowering administrators to proactively address issues, minimize downtime, and deliver an exceptional end-user experience.

FAQ’s

• What are Fortinet Analyzers?
• Why should you invest in Fortinet Analyzers?
• What to look for , when choosing this tool?
• How to do Fortinet alayzing

Developed by Fortinet, FortiGate is a popular line of next-generation firewall (NGFW) appliances that for more than two decades has been helping organizations protect their networks from an ever-growing range of threats and increase productivity.

To maximize the potential of these devices, and even ensure business continuity, monitoring their performance is imperative. During operation, they produce large amounts of data, and proper monitoring involves the continuous observation, analysis, and correlation of various key metrics, such as resource utilization and session information, to find out not only what is happening, but also what may happen, when, why and what impact it will have.

When properly analyzed, this data can give organizations insights into their security posture, help detect and respond to threats, and ensure compliance with crucial market regulations. However, to reap those benefits, specialized tools, commonly known as “Fortinet Analyzers”, are needed.

In this article, we will talk about the importance of Fortinet monitoring tools, the benefits they may bring, what to look for before selecting a tool, and present some of the best options available, with the hope of helping you choose the one that better suits your needs.

Frequently Asked Questions About Fortinet Analyzers

What are Fortinet Analyzers?

Fortinet Analyzers are tools designed to monitor the behavior and analyze data produced by Fortinet appliances like the popular FortiGate series of next-generation firewalls.

These tools can range from simple hardware status monitors, measuring CPU and memory usage of a device, to more sophisticated ones that can deliver deep insights into the usage of your network infrastructure, like the browsing habits of your employees or potential security and compliance risks.

In this article, we will cover both categories. However, it is up to you to determine which kind of analysis you need and select a tool that meets your specific requirements. We suggest you take advantage of the free trials offered by most tools to check for suitability before making a commitment.

Keep in mind that “Fortinet Analyzers”, as a category, should not be confused with FortiAnalyzer, an appliance produced by Fortinet that ingests log data from other Fortinet appliances and correlates this data to look for threats. This appliance will not be covered in this article.

Why Should You Invest in Fortinet Analyzers?

There are many reasons to invest in Fortinet Analyzers. Here are five of them, in no particular order.

1. Performance optimization: continuous monitoring can help you pinpoint issues and identify opportunities for optimization that will improve the performance of your Fortinet devices, sometimes without the need for hardware upgrades.

2. Security: monitoring allows you to spot early signs of uncommon behavior or usage patterns indicative of an intrusion attempt or ongoing attack. This will give you time to react and deploy countermeasures before a data breach occurs.

3. Resource allocation: find out where resources are being underutilized or overutilized, allowing you to redistribute them according to real needs to ensure the most effective usage of your systems.

4. Proactive maintenance: monitoring allows you to detect and fix potential issues before they become critical and result in outages that may affect the performance of your applications or even the profitability of your business.

5. Regulatory compliance: businesses that handle sensitive information, like financial or healthcare data, need to meet strict regulatory standards that specify how this information is stored and handled. Monitoring will allow you to prove compliance with these standards and secure approvals that may be crucial to keep your business running.

What to Look for When Choosing Fortinet Analyzers?

Broadly speaking, there are 5 main features you need to look out for when choosing Fortinet analyzers. Keep in mind that this may vary according to your specific needs.

• The capability to monitor many aspects of your Fortinet devices at once.
• A centralized display of information from many sensors for better observability.
• Customizable alerts and automated notifications when alerts are triggered.
• Native and automated reporting features, so you can keep co-workers and management “in the loop”.
• A free trial period, so you can verify how the tool works with your network infrastructure.

How to do Fortinet Analysis?

There are many Fortinet analyzers, from as many different vendors, which may focus solely on a single aspect of the task or offer this capability as a subset of a broader range of features. We present a few of them below, in no particular order.

The Best Fortinet Analyzers

PRTG

Paessler PRTG is often called the Swiss army knife of the monitoring world. It is based on basic monitoring elements called “sensors”. One sensor usually monitors one measured value in your network, e.g. the traffic of a switch port, the CPU load of a server, the free space of a disk drive, and so on.

With more than 250 built-in sensors for various tasks, device types, and use cases, you would be hard-pressed to find something you can’t monitor with PRTG. Plus, you can mix and match sensors, and even deploy custom ones, to create monitoring solutions specific to your needs.

Many of those sensors can be used to monitor your Fortinet infrastructure. Sensors like the FortiGate System Statistics can check the health of a device and report back metrics like CPU and memory usage, downtime, or number of active sessions. Meanwhile, the FortiGate VPN Overview Sensor monitors VPN connections, reporting the number of IPsec tunnels “down” or “up” and the number of connected clients.

PRTG also supports monitoring SNMP Traps (which allow devices to notify receivers about events like a port being activated, loss of power, or case intrusion) and has sensors to do traffic analysis using NetFlow or similar protocols, like jFlow, sFlow, and IPFIX.

The information gathered by PRTG is shown on a centralized dashboard with all the relevant metrics. You can set alerts based on threshold values, with notifications delivered by text (SMS) or email if those values are exceeded. There is also an automatic reporting feature, so you can keep management and co-workers informed.

PRTG Network Monitor is available on a perpetual license basis, or on monthly subscription plans with PRTG Hosted Monitor. On the former, you acquire a license and there are no recurring subscription costs. On the latter, you can choose a variety of plans according to your needs, with monthly or annual billing. There is a 30-day free trial of PRTG, with all features available during this period, no credit card is needed.

LogicMonitor

LogicMonitor’s network monitoring platform offers comprehensive visibility into the health and performance of your IT infrastructure and networking equipment, including firewalls, routers, switches, wireless devices, load balancers, SD-WAN, and cloud-based networks, including out-of-the-box monitoring for the Fortinet FortiGate firewall platform

LogicMonitor uses SNMP to query the FortiGate appliance for a wide variety of system health and network performance metrics and, like PRTG, can also perform traffic analysis using NetFlow, jFlow, sFlow, and IPFIX.

The platform allows users to explore relationships between infrastructure resources and network devices through auto-generated topology maps and includes a suite of troubleshooting tools, including dashboards, log-based anomaly detection, and forecasting, which help resolve network issues quickly.

LogicMonitor is cloud-based SaaS (Software as a Service), but pricing is not clearly communicated on the developer’s website. There is, however, an offer for a 14-day free trial of the platform.

ManageEngine Firewall Analyzer

ManageEngine Firewall Analyzer offers comprehensive monitoring and management capabilities for FortiGate firewalls, including proactive optimization of firewall rules, in-depth analysis of firewall logs, and compliance monitoring.

This tool can help you identify unused rules that are potentially vulnerable and should be removed, and analyze anomalies amongst the ruleset, offering recommendations on how to effectively reorder rules, so those anomalies can be eliminated.

It can also generate security reports, including insights into virus attacks and spam, and traffic reports covering live traffic, protocol-wise traffic, user-wise traffic, and VPN usage. Compliance with regulatory standards like PCI DSS, ISO-27001, NIST, NERC-CIP, and SANS can also be monitored and reported.

ManageEngine Firewall Analyzer runs on Windows or Linux and is available in three editions (Standard, Professional, and Enterprise) with varied pricing and levels of features. For example, firewall policy analysis and regulatory compliance reports are only available in the Professional edition. There is a 30-day free trial available.

Zabbix

Zabbix is a free and Open Source monitoring package that can do a lot, including server, cloud, application, services, and network monitoring into one tool. This includes integrations for many Fortinet products and devices.

This tool can be run “on-premises” or in the cloud, and can collect data from “any” source, using push or pull methods for data retrieval and a polling interval that can go as low as one second. With auto-discovery, your infrastructure components will be discovered in a matter of minutes, and discovery results can be filtered by their attributes.

When problems occur, Zabbix can do root-cause analysis, anomaly detection, and trend prediction. The alerting system is very flexible, supporting not only SMS and email, but also modern communication platforms like Slack, Microsoft Teams, Telegram, and more. Messages can even be customized according to the type and role of the recipient.

Zabbix may be Open Source and free to use, but you pay for the technical support. There are five support tiers (Silver, Gold, Platinum, Enterprise, and Global I), each one with different levels of availability, response times, and amount of incidents and support contacts.

ManageEngine Site24x7

ManageEngine Site 24×7 is the second tool by ManageEngine on our list. While the first tool, Firewall Analyzer, is more focused on firewall policy and compliance management, this one is geared towards monitoring more traditional performance and network metrics.

With more than 10,000 built-in monitoring templates, this tool is able to automatically discover devices and is capable of generating layer 2 and topology maps of your entire network, allowing you to start monitoring “in minutes”.

It can collect bandwidth, CPU, interface, memory, and other metrics from many FortiGate firewalls, routers, and switches, process SNMP traps, and do traffic analysis using Netflow. Key metrics are collected at the interface level, and up to 100 performance counters of your choice can be monitored, with data being fed into predefined or customizable reports.

Site24x7 is SaaS and part of ManageEngine’s Infrastructure Monitoring solution, offered on a single “Starter” plan with monthly billing. The basic set can be customized to your needs with add-ons such as more monitors, extra network interfaces, or more log processing capacity. A 30-day free trial is available.

Nagios XI

Nagios XI is a complete IT Infrastructure Monitoring Tool that can monitor your Fortinet infrastructure and much more, including applications, services, operating systems, network protocols, and network infrastructure. Its web-based interface is configurable and easy to use, providing at-a-glance access to monitoring information.

One of the highlights of Nagios XI is a robust ecosystem with “thousands of community-developed add-ons that extend monitoring and native alerting functionality”, alongside multiple APIs that facilitate integration with in-house or third-party applications. Many of those add-ons can be used for monitoring FortiGate devices, gathering metrics like CPU and memory usage, hardware health, the number of active sessions, and more. 

IMAGE: fortinet_monitor_nagios.png

CAPTION: Monitoring traffic on a switch on Nagios.

The powerful and customizable web interface, combined with multi-user access, allows you to create user-specific views to ensure clients only see the infrastructure components they’re authorized for, enhancing observability and collaboration without risking exposure to sensitive information.

Nagios XI is available in two editions, “Standard” and “Enterprise”, and there is a fully functional 30-day free trial, as well as an Open Source edition called Nagios Core (without the Web UI). Nagios only runs natively under Linux, more specifically distributions like CentOS, Red Hat Enterprise Linux (RHEL), Ubuntu, or Debian. However, it can be run on Windows servers using virtualization solutions like VMWare, Virtual Box, or Hyper-V.

Fastvue Reporter

As the name suggests, Fastvue Reporter is a tool geared towards internet and network usage reporting, which can deliver “unprecedented visibility into internet usage and network security by simplifying and enriching data logged by Fortinet FortiGate firewalls”.

It can generate “simple internet usage reports, IT network and security reports, user overview reports, or activity timeline reports”, which can be “filtered, scheduled, shared, and exported”. An alerting system can “detect users searching for self-harm, inappropriate, or extremist topics; large downloads or uploads, network threats, and more, and notify the people that need to know”.

It can also differentiate “productive” from “unproductive” browsing, scan YouTube video titles for inappropriate content, and includes an “extensive, customizable, and continuously updated keyword database” used to flag suspicious activity. All this data can be filtered by departments, security groups, offices, subnets, and more, and automatically sent to the right persons in your organization.

Pricing for Fastvue Reporter is not immediately clear on the developer’s website, and interested customers are asked to fill out a form to get a quote. A free trial is available but, again, the website doesn’t make it clear how long it lasts.

Cyfin

Like Fastvue Reporter, Cyfin is another tool designed to parse logs produced by FortiGate and generate employee web-use monitoring and analytics, providing ready-to-use reports for managers to understand actual user web browsing activity.

It promises to reduce the volume of information by showing managers only relevant data, like friendly site names (ex: Facebook) instead of cryptic domain names (ex: tfbnw.net), and accurately identifying actual user clicks. This information can be compiled into custom reports (with many prebuilt models available) and shared by e-mail, printed or exported into formats such as HTML, PDF, and CSV.

Data can also be visualized through highly configurable charts and tables, and multiple custom dashboards, each with a unique view and name, can be created. Information can be viewed on-the-fly with a simple change of time frame or a click to refresh, and charts can be focused as needed by adding or removing panel filters.

Cyfin can be deployed in a virtualized environment (VMware, Microsoft Hyper-V, and Container environments are supported) or in the cloud. Interested users need to fill out a form on the website to get a price quote. There is a free trial available, but no information about how long it lasts or the features included.

Zenoss

Zenoss is an AI-driven, full-stack monitoring platform, designed to “optimize application performance in diverse environments, from simple infrastructures to complex multi-cloud deployments”. It claims to be able to reduce cloud costs by up to 30%, downtime by up to 50%, and your MTTR (Mean Time to Repair) by up to 85%.

This is done using AIOps (Artificial Intelligence for IT Operations) tools, like predictive analysis to indicate potential service health and performance issues, or real-time modeling to gain awareness of end-to-end infrastructure-related risks.

Zenoss’s functionality can be extended with the use of ZenPacks, “plug-ins that use standard APIs and protocols […] and allow you to collect configuration information and monitor specific elements, devices or systems”. There is a ZenPack for FortiGate integration, which can monitor an extensive set of hardware and network metrics. However, keep in mind that this ZenPack is offered on a subscription basis, which must be renewed every 12 months.

Zenoss is SaaS, offered in two editions: Professional (“for smaller, simpler environments”) and Enterprise (“for larger, dynamic environments”), with different levels of features and support. There is no free trial, but interested customers can request a demo of the platform.

Splunk

Splunk is an AI-powered observability and security platform that can help you prevent major issues, recover from incidents faster and accelerate transformation, with tools to help you stay secure, compliant, and reliable.

Like other tools in this article, Splunk’s functionality can be expanded with “apps” that integrate with the main platform. Developed by Fortinet themselves, the Fortinet FortiGate App for Splunk “provides real-time and historical dashboard and analytical reports on traffic, threats, wireless APs, systems, authentications, and VPNs for all products across the FortiGate physical and virtual appliances”.

This app is “certified with pre-defined threat monitoring and performance indicators that guide network security practices a lot easier in the data center”. It can also be tailored to your needs, as “IT administrators can also modify the regular expression query to custom fit for advanced security reporting and compliance mandates”.

Splunk is SaaS, with a pricing scheme that varies by business plan. You can choose between pricing by workload, amount of data ingested, and number of entities or activities being monitored. A 14-day free trial of the cloud platform is available.

Conclusion

Among all these tools, our favorite Fortinet analyzer is Paessler PRTG, as it “ticks all the boxes” in our list of desired characteristics, and has a flexible pricing structure that can fit any kind of budget: companies that are averse to subscriptions can opt for a perpetual license, while ones that have embraced the SaaS concept can enjoy lower upfront costs.

The built-in sensors cover many of the main use cases, without the need to purchase extras, so it can monitor your Fortinet appliances, but also your network, services, servers, IoT devices, cloud infrastructure, and much more. And it is extensible, which means you can deploy third-party sensors, or even develop your own, to cover specific needs.

That means you can do away with having to rely on a variety of individualized solutions, which can carry potential risks such as conflict with your current workflow and even network security issues.