Which FortiGate in a Security I auric sends togs to FortiAnalyzer?

Which FortiGate in a Security I auric sends togs to FortiAnalyzer?
A . Only the root FortiGate.
B . Each FortiGate in the Security fabric.
C . The FortiGate devices performing network address translation (NAT) or unified threat management (UTM). if configured.
D . Only the last FortiGate that handled a session in the Security Fabric

View Answer

Answer: B

Explanation:

Option B is correct because each FortiGate in the Security Fabric can send logs to FortiAnalyzer for centralized logging and analysis12. This allows you to monitor and manage the entire Security Fabric from a single console and view aggregated reports and dashboards.

Option A is incorrect because the root FortiGate is not the only device that can send logs to FortiAnalyzer. The root FortiGate is the device that initiates the Security Fabric and acts as the central point of contact for other FortiGate devices3. However, it does not have to be the only log source for FortiAnalyzer.

Option C is incorrect because the FortiGate devices performing NAT or UTM are not the only devices that can send logs to FortiAnalyzer. These devices can perform additional security functions on the traffic that passes through them, such as firewall, antivirus, web filtering, etc4. However, they are not the only devices that generate logs in the Security Fabric.

Option D is incorrect because the last FortiGate that handled a session in the Security Fabric is not the only device that can send logs to FortiAnalyzer. The last FortiGate is the device that terminates the session and applies the final security policy5. However, it does not have to be the only device that reports the session information to FortiAnalyzer.

Reference: =

1: Security Fabric – Fortinet Documentation1

2: FortiAnalyzer Demo6

3: Security Fabric topology

4: Security Fabric UTM features

5: Security Fabric session handling