DATA SHEET

FortiAnalyzer™
Centralized logging, analytics
and reporting

FortiAnalyzer
FortiAnalyzer 200D, 300D, 1000D, 2000B, 3000E, 3500E, 3900E and FAZ-VM Fortinet’s Versatile
Management Solution
Centralized logging, analytics and reporting
Networks are constantly evolving
Comprehensive Visualization of Your Network due to threats, organizational
FortiAnalyzer platforms integrate network logging, analytics, and reporting into a single growth or new regulatory/business
system, delivering increased knowledge of security events throughout your network. The requirements. Traditional analysis
FortiAnalyzer family minimizes the effort required to monitor and maintain acceptable use
products focus on recording and
policies, as well as identify attack patterns to help you fine tune your policies. Organizations
identifying company-wide threats
of any size will benefit from centralized security event logging, forensic research, reporting,
through logging, analysis and
content archiving, data mining and malicious file quarantining.
reporting over time.
You can deploy FortiAnalyzer physical or virtual appliances to collect, correlate, and analyze
geographically and chronologically diverse security data. Aggregate alerts and log information FortiAnalyzer offers enterprise class
from Fortinet appliances and third-party devices in a single location, providing a simplified, features to identify these threats,
consolidated view of your security posture. In addition, FortiAnalyzer platforms provide but also provides flexibility to evolve
detailed data capture for forensic purposes to comply with policies regarding privacy and along with your ever-changing
disclosure of information security breaches. network. FortiAnalyzer can generate
highly customized reports for
Key Features & Benefits your business requirements while
Graphical Summary Reports Provides network-wide reporting of events, activities and trends aggregating logs in a hierarchical,
occurring on FortiGate® and third-party devices. tiered logging topology.
Network Event Correlation Allows IT administrators to quickly identify and react to network security
Key tenets of Fortinet’s management
threats across the network.
versatility:
Scalable Performance FortiAnalyzer family models support thousands of FortiGate and
and Capacity FortiClient™ agents, and can dynamically scale storage based on §§ Diversity of form factors
retention/compliance requirements.
Choice of Standalone, Collector Can be deployed as an individual unit or optimized for a specific §§ Architectural flexibility
or Analyzer mode operation (such as store & forward or analytics).
§§ Highly customizable
Seamless Integration with the Tight integration allows FortiAnalyzer resources to be managed from
Fortinet Product Portfolio FortiGate or FortiManager™ user interfaces. §§ Simple licensing

FortiCare Worldwide 24x7 Support FortiGuard Security Services

support.fortinet.com www.fortiguard.com
DATA SHEET: FortiAnalyzer™

HIGHLIGHTS
Reporting and Visualization Tools Log Viewer
§§ FortiView Summary §§ View logs in real-time or historical
Views Generation ad-hoc graphical, filterable views of top users, applications, §§ Select from traffic, event and full security logs
destinations, websites, threats, VPN usage and more. §§ Browse by device, ADOM or in aggregate
§§ Built-in Report Templates §§ Log filtering and search capabilities
Utilize or modify the PDF templates to display colorful, comphrehensive, graphical §§ Granular inspection with the log details pane
network security and usage reports. §§ Intuitive icons for countries, applications, etc.
§§ UTM & Traffic Summary Reports
Regularly analyze the security profile and traffic/bandwidth patterns with a new Event Management
consolidated UTM/Traffic report. §§ Comprehensive alert builder
§§ Event Management §§ Trigger off of severity levels, specific events,
Raise and monitor important events to present the IT administrator with actions and destinations
unprecedented insight into potentially anomalous behavior. §§ Set varying threshholds by number of events
§§ Import/Export Templates within a certain timeframe
After building a report, export and modify the configuration on another §§ View or search through historical alerts
FortiAnalyzer or different ADOM. §§ Notify via email/SNMP or raise a syslog event

JSON and XML (Web Services) APIs Better with FortiManager

§§ APIs are available on all FortiAnalyzer hardware models and virtual machines §§ Enterprise-class device management
§§ JSON API — Allows MSSPs/large enterprises to manipulate FortiAnalyzer reports, §§ Familiar GUI for full network control
charts/datasets and objects §§ Available as integrated solution with
§§ XML API — Enables IT administrators to quickly provision/configure FortiAnalyzer FortiAnalyzer
and generate reports
§§ Access tools, sample code, documentation and interact with the Fortinet DLP Archiving
developer community by subscribing to the Fortinet Developer Network (FNDN) §§ Investigate DLP content archives
§§ Supported archive types include: email, HTTP,
FTP, IM
§§ View archive text or download files

FortiAnalyzer Supported Devices

§§ FortiGate Multi-Threat Security Systems
§§ FortiMail Messaging Security Systems
§§ FortiClient Endpoint Security Suite
§§ FortiWeb Web Application Security
§§ FortiManager Centralized Management
§§ FortiSandbox Threat Protection
§§ FortiCache Web Caching
§§ Any Syslog-Compatible Device

2 www.fortinet.com
 DATA SHEET: FortiAnalyzer™

SPECIFICATIONS
FORTIANALYZER 200D FORTIANALYZER 300D FORTIANALYZER 1000D FORTIANALYZER 2000B
Capacity and Performance
GB/Day of Logs 5 15 75 200
Sustained Log Rate (Standalone Mode) 120 200 350 1,500
Peak Log Rate (Standalone Mode)* 350 625 1,000 5,000
Devices/VDOMs/ADOMs (Maximum) 150 175 2,000 2,000
Hardware Specifications
Form Factor 1 RU Rackmount 1 RU Rackmount 2 RU Rackmount 2 RU Rackmount
Total Interfaces 4x GE 4x GE 6x GE, 2x GE SFP 6x GE
Storage Capacity 1 TB (1x 1 TB) 4 TB (2x 2 TB) 8 TB (4x 2 TB) 4 TB (2x 2 TB – 12 TB maximum)
Removable Hard Drives No No Yes Yes
RAID Levels Supported None RAID 0/1 RAID 0/1/5/10 RAID 0/1/5/10/50
Default RAID Level – 1 10 10
Redundant Hot Swap Power Supplies No No Yes Yes
Dimensions
Height x Width x Length (inches) 1.8 x 17.1 x 13.9 1.7 x 17.1 x 14.3 3.5 x 17.2 x 14.5 3.4 x 17.4 x 26.8
Height x Width x Length (cm) 4.5 x 43.3 x 35.2 4.4 x 43.5 x 36.4 9 x 43.8 x 36.8 8.6 x 44.3 x 68.1
Weight 13.4 lbs (6.1 kg) 15.9 lbs (7.2 kg) 30.6 lbs (13.9 kg) 63 lbs (28.6 kg)
Environment
AC Power Supply 100–240V AC, 50–60 Hz, 6 Amp Max. 100–240V AC, 50–60 Hz, 4 Amp Max. 100–240V AC, 50–60 Hz, 5 Amp Max. 100–240V AC, 50–60 Hz, 9 Amp Max.
Power Consumption (Average) 60 W 162 W 133 W 200 W
Heat Dissipation 205 BTU/h 666 BTU/h 546 BTU/h 519 BTU/h
Operating Temperature 32–104°F (0–40°C) 50–95°F (10–35°C) 32–104°F (0–40°C) 50–95°F (10–35°C)
Storage Temperature -13–158°F (-35–70°C) -40–158°F (-40–70°C) -13–158°F (-25–70°C) -40–149°F (-40–65°C)
Humidity 5–95% non-condensing 8–90% non-condensing 5–95% non-condensing 5–95% non-condensing
Operating Altitude Up to 7,400 ft (2,250 m) Up to 7,400 ft (2,250 m) Up to 7,400 ft (2,250 m) Up to 7,400 ft (2,250 m)

Compliance
Safety Certifications FCC Part 15 Class A, C-Tick, VCCI, CE, FCC Part 15 Class A, C-Tick, VCCI, CE, FCC Part 15 Class A, C-Tick, VCCI, CE, FCC Part 15 Class A, C-Tick, VCCI, CE,
UL/cUL, CB UL/cUL, CB BSMI, UL/cUL, CB BSMI, KC, UL/cUL, CB, GOST

FORTIANALYZER 3000E FORTIANALYZER 3500E FORTIANALYZER 3900E

Capacity and Performance
GB/Day of Logs 800 3,000 4,000
Sustained Log Rate (Standalone Mode) 15,000 36,000 48,000
Peak Log Rate (Standalone Mode)* 50,000 60,000 75,000
Devices/VDOMs/ADOMs (Maximum) 4,000 4,000 4,000
Hardware Specifications
Form Factor 2 RU Rackmount 4 RU Rackmount 2 RU Rackmount
Total Interfaces 4x GE, 2x GE SFP 2x GE, 2x GE SFP 2x GE, 2x GE SFP+
Storage Capacity 16 TB (8x 2 TB) 24 TB (12x 2 TB – 48 TB maximum) 15 TB SSD (15x 1 TB SSD)
Removable Hard Drives Yes Yes Yes
RAID Storage Management RAID 0/1/5/6/10/50/60 RAID 0/1/5/6/10/50/60 RAID 0/1/5/6/10/50/60
Default RAID Level 10 10 10
Redundant Hot Swap Power Supplies Yes Yes Yes
Dimensions
Height x Width x Length (inches) 3.4 x 19 x 29.7 6.9 x 19.1 x 27.2 3.5 x 17.2 x 26.9
Height x Width x Length (cm) 8.7 x 48.2 x 75.5 17.5 x 48.5 x 69.0 8.9 x 43.7 x 68.4
Weight 71.5 lbs (32.5 kg) 77 lbs (34.9 kg) 52 lbs (23.6 kg)
Environment
AC Power Supply 100–240V AC, 50–60 Hz, 10 Amp Maximum 100–240V AC, 50–60 Hz, 11.5 Amp Maximum 100–240V AC, 50–60 Hz, 11.5 Amp Maximum
Power Consumption (Average) 375.8 W 465 W for 12 HDD 470 W for 15 HDD
Heat Dissipation 1947 BTU/h 1904 BTU/h 1637 BTU/h
Operating Temperature 50–95°F (10–35°C) 32–104°F (0–40°C) 50–95°F (10–35°C)
Storage Temperature -40–149°F (-40–65°C) -13–158°F (-25–70°C) -40–60°C (-40–140°F)
Humidity 20–90% non-condensing 10–90% non-condensing 5–95% (non-condensing)
Operating Altitude Up to 7,400 ft (2,250 m) Up to 7,400 ft (2,250 m) Up to 7,400 ft (2,250 m)
Compliance
Safety Certifications FCC Part 15 Class A, C-Tick, VCCI, CE, FCC Part 15 Class A, C-Tick, VCCI, CE, FCC Part 15 Class A, C-Tick, VCCI, CE,
BSMI, KC, UL/cUL, CB, GOST UL/cUL, CB UL/cUL, CB
* Peak log rate can hold for up to 2 hours

3
DATA SHEET: FortiAnalyzer™

SPECIFICATIONS
FAZ-VM-BASE FAZ-VM-GB1 FAZ-VM-GB5 FAZ-VM-GB25 FAZ-VM-GB100
Capacity and Performance
GB/Day of Logs 1 incl.** +1 +5 +25 +100
Storage Capacity 200 GB +200 GB +1 TB +8 TB +16 TB
Devices/ADOMs/VDOMs Supported (Maximum) 10,000 10,000 10,000 10,000 10,000
Hypervisor Support VMware ESX/ESXi 4.0/4.1/5.0/5.1/5.5, Microsoft Hyper-V 2008 R2 / 2012, Citrix XenServer 6.0+, Open Source Xen 4.1+, KVM, Amazon Web Services (AWS)
Network Interface Support (Minimum / Maximum) 1/4
vCPUs (Minimum / Maximum) 1 / Unlimited
Memory Support (Minimum / Maximum) 1 GB / Unlimited
** Unlimited GB/Day when deployed in collector mode

ORDER INFORMATION
Product SKU Description
FortiAnalyzer 200D FAZ-200D Centralized log and analysis appliance — 4x GE RJ45, 1 TB storage, up to 5 GB/Day of logs.
FortiAnalyzer 300D FAZ-300D Centralized log and analysis appliance — 4x GE RJ45, 4 TB storage, up to 15 GB/Day of logs.
FortiAnalyzer 1000D FAZ-1000D Centralized log and analysis appliance — 6x GE RJ45, 2x SFP slots, 8 TB storage, up to 75 GB/Day of Logs.
FortiAnalyzer 2000B FAZ-2000B-EO3S Centralized log and analysis appliance — 6x GE RJ45, 12 TB storage, dual power supplies, up to 200 GB/Day of Logs.
FortiAnalyzer 3000E FAZ-3000E Centralized log and analysis appliance — 4x GE RJ45, 2x GE SFP slots, 16 TB storage, dual power supplies, up to 800 GB/Day of Logs.
FortiAnalyzer 3500E FAZ-3500E-E02S Centralized log and analysis appliance — 2x GE RJ45, 2x GE SFP slots, 48 TB storage, dual power supplies, up to 3,000 GB/Day of Logs.
FortiAnalyzer 3900E FAZ-3900E Centralized log and analysis appliance — 2x GE RJ45, 2x 10 GE SFP+ slots, flash-based 15 TB SSD storage, dual power supplies, up to 4,000 GB/Day of Logs.
FortiAnalyzer VM Base FAZ-VM-Base Base license for stackable FortiAnalyzer-VM; 1 GB/Day of Logs and 200 GB storage capacity. Unlimited GB/Day when used in collector mode only.
Designed for AWS, VMware vSphere, Xen, KVM and Hyper-V platforms.
FortiAnalyzer VM GB1 FAZ-VM-GB1 Upgrade license for adding 1 GB/Day of Logs and 200 GB storage capacity.
FortiAnalyzer VM GB5 FAZ-VM-GB5 Upgrade license for adding 5 GB/Day of Logs and 1 TB storage capacity.
FortiAnalyzer VM GB25 FAZ-VM-GB25 Upgrade license for adding 25 GB/Day of Logs and 8 TB storage capacity.
FortiAnalyzer VM GB100 FAZ-VM-GB100 Upgrade license for adding 100 GB/Day of Logs and 16 TB storage capacity.

GLOBAL HEADQUARTERS EMEA SALES OFFICE APAC SALES OFFICE LATIN AMERICA SALES OFFICE
Fortinet Inc. 120 rue Albert Caquot 300 Beach Road 20-01 Prol. Paseo de la Reforma 115 Int. 702
899 Kifer Road 06560, Sophia Antipolis, The Concourse Col. Lomas de Santa Fe,
Sunnyvale, CA 94086 France Singapore 199555 C.P. 01219
United States Tel: +33.4.8987.0510 Tel: +65.6513.3730 Del. Alvaro Obregón
Tel: +1.408.235.7700 México D.F.
www.fortinet.com/sales Tel: 011-52-(55) 5524-8480

Copyright© 2015 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be
trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary and may be significantly less effective than the metrics stated herein. Network variables, different network environments
and other conditions may negatively affect performance results and other metrics stated herein. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General
Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet and any such commitment
shall be limited by the disclaimers in this paragraph and other limitations in the written contract. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests, and in no event will Fortinet be responsible for events or issues that are outside of its
reasonable control. Notwithstanding anything to the contrary, Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version
of the publication shall be applicable.
FST-PROD-DS-AZ FAZ-DAT-R20-201504