How do I collect from Fortigate FortiOS ?
[Available since Nanitor 1.6.2 - ca. July 2018].
Nanitor supports benchmarking of Fortigate FortiOS devices through the Nanitor Collector.
- You need to have a Nanitor Collector up and running. A single collector can collect from multiple network devices, servers and databases.
- You need to have the IP address of the Fortigate device and the collector needs to have network access to connect to the device via SSH.
- You need to have a user with sufficient privileges
Example of creating a user account for collecting required data (with minimum privileges):
Here is an example how to create a "prof_nanitor" account profile with read-only access and a new audit account "nanitor" on the Fortigate device:
config system accprofile edit "prof_nanitor" set mntgrp read set admingrp read set updategrp read set authgrp read set sysgrp read set netgrp read set loggrp read set routegrp read set fwgrp read set vpngrp read set utmgrp read set wanoptgrp read set endpoint-control-grp read set wifi read next end config system admin edit "nanitor" set accprofile "prof_nanitor" set vdom "root" set password mypass next end<br>
This gives the required permissions to the nanitor user.
Adding the device to Nanitor
Run this command to avoid putting the passwords in .bash_history:
Now we add the credentials (the passwords are stored locally in an encrypted format).
The credentials are created as follows
$ sudo /usr/lib/nanitor-collector/bin/nanitor-collector-ctl credential_add --title fortigate-nanitor --access_method ssh --username nanitor --password mypass
Now we add the device and start collection from the Fortigate device (here with IP address 22.214.171.124):
$ sudo /usr/lib/nanitor-collector/bin/nanitor-collector-ctl device_add --title fortigate1 --device_type fortigate --address 126.96.36.199 --credential_title fortigate-nanitor
This can take a few seconds as it will complete authenticating and fully collecting the first results. Once completed, the results will be immediately available in the Nanitor UI. The collector will continue collecting results once every 24 hours.