OFTP - Optimized Fabric Transfer Protocol
The Optimized Fabric Transfer Protocol (OFTP) is used when information is synchronized between FortiAnalyzer and FortiGate. Remote logging and archiving can be configured on the FortiGate to send logs to a FortiAnalyzer (and/or FortiManager) unit.
OFTP listens on ports TCP/514 and UDP/514.
You can connect to a FortiAnalyzer unit from a FortiGate unit using Automatic Discovery, so long as both units are on the same network. Connecting these devices in this way does not use OFTP. Instead, the Fortinet Discovery Protocol (FDP) is used to locate the FortiAnalyzer unit.
When you select Automatic Discovery, the FortiGate unit uses HELLO packets to locate any FortiAnalyzer units that are available on the network within the same subnet. When the FortiGate unit discovers the FortiAnalyzer unit, the FortiGate unit automatically enables logging to the FortiAnalyzer unit and begins sending log data.
CLI command - To connect to FortiAnalyzer using automatic discovery:
config log fortianalyzer setting
set status [enable | disable]
set server <ip_address>
set gui-display [enable | disable]
set address-mode auto-discovery
end
If your FortiGate unit is in Transparent mode, the interface using the automatic discovery feature will not carry traffic. |
To send logs from FortiGate to FortiAnalyzer:
- Go to Log & Report > Log Settings and enable Send logs to FortiAnalyzer/FortiManager (under Remote Logging and Archiving).
- Enter the FortiAnalyzer unit's IP address in the IP address field provided.
- For Upload option, select either Real Time to upload logs as they come across the FortiGate unit, or Every Minute, or Every 5 Minutes.
- Logs sent to FortiAnalyzer can be encrypted by enabling SSL encrypt log transmission.