Fortinet FortiRecorder 100D Administration Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. DVR
  5. FortiRecorder 100D
  6. Administration manual

Fortinet FortiRecorder 100D Administration Manual

Nvr up to 64 channels
Hide thumbs
Table of Contents

Advertisement

Quick Links

FortiRecorder
2.4.2
Administration Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FortiRecorder 100D and is the answer not in the manual?

Questions and answers

Related Manuals for Fortinet FortiRecorder 100D

Summary of Contents for Fortinet FortiRecorder 100D

  • Page 1 FortiRecorder ™ 2.4.2 Administration Guide...
  • Page 2 Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied.
  • Page 3 Table of contents Key concepts ....................7 FortiRecorder NVR....................7 Camera support ....................... 7 Deployment scenarios and camera discovery............8 Local camera deployments................8 Same network deployments ................ 8 Routed network deployments..............8 Private network vs office network ..............8 Remote camera deployments................
  • Page 4 Camera settings ..................... 36 Camera configuration workflow................36 Configuring video profiles ..................36 Configuring camera profiles................... 37 Camera groups ...................... 39 Camera connection ..................40 Camera discovery and DHCP service ..............40 Connecting FortiRecorder to the cameras ............41 Configuring cameras....................44 User management ..................
  • Page 5 Logging ......................... 92 About logs......................92 Log types ....................92 Log severity levels..................93 Viewing log messages ..................93 Displaying & sorting log columns & rows............95 Downloading log messages................96 Deleting log files....................96 Searching logs ....................97 Event Monitor......................98 Secure connections and certificates............
  • Page 6 Login issues ....................127 When an administrator account cannot log in from a specific IP .... 127 Remote authentication query failures ............127 Resetting passwords ................127 Connectivity issues ..................127 Checking hardware connections ............. 128 Bringing up network interfaces ..............128 Examining the ARP table .................

  • Page 7: Key Concepts

    Therefore, you may want to configure those features through its built-in camera web interface. By default, every FortiRecorder or FortiRecorder-VM appliance supports one third-party camera. If you want to connect more than one, you must purchase licenses from Fortinet. For more information, please contact Fortinet or the resellers. Page 7...

  • Page 8: Deployment Scenarios And Camera Discovery

    Deployment scenarios and camera discovery Cameras are deployed in two basic scenarios: local to the NVR and remote to the NVR. FortiCamera deployments can combine both scenarios. Local camera deployments Local cameras deployments have two specific scenarios: • Cameras are installed on the same network as the NVR. •...

  • Page 9: Remote Camera Deployments

    NVR. Although this involves installing a new network and thus increasing the costs, there are some advantages of using a private network: • the video streams are protected. • the cameras are protected because they cannot be reached from outside the network. •...

  • Page 10: General Performance Factors

    General performance factors The following factors affect the input side of performance: • Total number of video streams from the cameras (i.e. not just the number of cameras) • The video recording types (motion only or continuous) per camera • The video stream parameters per camera – i.e. video compression (constant or variable bit rate mode), image quality level, complexity of the scene, video resolution and frame rate per second.

  • Page 11: Storage Capacity

    FortiRecorder 100D has a built in 1 TB hard drive and it can connect up to 16 cameras. We configure 16 cameras with 1280 x 720 resolution using 30 FPS with high quality image in continuous recording.

  • Page 12: Client Performance

    For more information about bandwidth consumption calculation, see the FortiCamera Bandwidth Calculator User Guide on http://docs.fortinet.com/d/fortirecorder-forticamera-bandwidth-calculator-user-guide. In practice Fortinet suggests to use the numbers provided in the bandwidth calculator as a starting point and then adjust them after installation to achieve the desired balance between quality and bandwidth.
  • Page 13 To optimize client performance, use the video and camera profiles to define and assign a second video stream for each camera. To increase the number of live views the client computer can display, or to reduce the CPU requirement for a given number of live views, reduce the resolution, quality and/or frames per second of the second video streams.

  • Page 14: Nvr Configuration

    NVR configuration To be able to configure the FortiRecorder NVR appliance, you must connect to its management web UI or CLI console. This document mainly describes the web UI usage. Connecting to FortiRecorder web UI You can connect to the web UI using its default settings. (By default, HTTPS access to the web UI is enabled.) Table 4: Default settings for connecting to the web UI Network Interface...

  • Page 15: Connecting To Fortirecorder Cli

    4. In the Name field of the login page, type admin, then click Login. (In its default state, there is no password for this account.) Login credentials entered are encrypted before they are sent to the FortiRecorder appliance. If your login is successful, the web UI appears. See also •...
  • Page 16 To connect to the CLI using a local serial console connection The following procedure uses Microsoft HyperTerminal. Steps may vary with other terminal emulators. 1. Using the RJ-45-to-DB-9 or null modem cable, connect your computer’s serial communications (COM) port to the FortiRecorder unit’s console port. 2.

  • Page 17: Basic Nvr Configuration

    previously connected to the FortiRecorder unit but it used a different IP address or SSH key. If your management computer is directly connected to the FortiRecorder unit with no network hosts between them, this is normal. 9. Click Yes to verify the fingerprint and accept the FortiRecorder unit’s SSH key. You will not be able to log in until you have accepted the key.

  • Page 18: Configuring The Network Settings

    Configuring the network settings When shipped, each of the FortiRecorder appliance’s physical network adapter ports has a default IP address and netmask. If these IP addresses and netmasks are not compatible with the design of your unique network, you must configure them. Table 6: Default IP addresses and netmasks Network Interface* IP Address...
  • Page 19 Retrieve default gateway and DNS from server will overwrite the existing DNS and default route, if any. 5. Configure these settings: Setting name Description Discover cameras Enable to send multicast camera discovery traffic from this network on this port interface. For more information, see “Connecting FortiRecorder to the cameras”...
  • Page 20 Setting name Description SNMP Enable to allow SNMP queries to this network interface, if queries have been configured and the sender is a configured SNMP manager. To configure the listening port number and configure queries and traps, “SNMP traps & queries”.
  • Page 21 To add a static route If you used DHCP and Retrieve default gateway and DNS from server when configuring your network interfaces, skip this step — the default route was configured automatically. 1. Log in to the admin administrator account. Other accounts may not have permissions necessary to change this setting.
  • Page 22 6. To verify connectivity, from a computer on the route’s network destination, attempt to ping one of FortiRecorder’s network interfaces that should be reachable from that location. If the connectivity test fails, you can use the CLI commands: execute ping <destination_ipv4> to determine if a complete route exists from the FortiRecorder to the host, and execute traceroute <destination_ipv4>...

  • Page 23: Configuring The Dhcp Server

    If the DNS query for the domain name succeeds, you should see results that indicate that the host name resolved into an IP address, and the route from FortiRecorder to that IP address: traceroute to www.fortinet.com (192.0.43.10), 30 hops max, 60 byte packets 172.20.130.2 (172.20.130.2) 0.426 ms...
  • Page 24 4. Configure these settings: Setting name Description Interface Select the name of the network interface where this DHCP server will listen for requests from DHCP clients. Gateway Type the IP address that DHCP clients will use as their next-hop router. On smaller networks, this is usually the same router that FortiRecorder uses.
  • Page 25 5. If you want to fine-tune the behavior, configure these settings: Setting name Description Conflicted IP Type the maximum amount of time that the DHCP server will wait for timeout (Seconds) an ICMP ECHO (ping) response from an IP before it determines that it is not used, and therefore safe to allocate to a DHCP client that is requesting an IP address.

  • Page 26: Setting The System Time

    Setting name Description DHCP Excluded To configure IPs that should be omitted from the DHCP pool and Range never given to DHCP clients (such if there are printers with manually assigned static IP addresses in the middle of your DHCP range), click New.
  • Page 27 you may need to wait a couple of seconds, then click Refresh to update the display in System time.) If the NTP query fails, the system clock will continue without adjustment. NTP on FortiRecorder complies with 5905. If the current system time differs greatly from the actual time, NTP will adjust the clock slowly to avoid incongruous jumps in log message timestamps and other time-dependent features.

  • Page 28: Configuring Schedules

    Configuring schedules Schedules are used in several places: • When configuring a user under System > Administrator > User Profile, schedules are used to specify when the users can access the camera. For details, see “Configuring user accounts” on page Note: For user access, schedule gaps are allowed.

  • Page 29: Setting The Sunrise And Sunset Time

    Setting name Description Days and Time Select the days you want the camera to begin recording if you have selected the Recurring schedule type. All day Select this option if you want to record all day long. Start time/End Select the start and end time for the recurring recording or the start time and end date for the one-time recording.

  • Page 30: About Fortirecorder Logical Interfaces

    First, on your office’s firewall or Internet router, configure port forwarding and/or a virtual IP (VIP) to forward remote access connections from the Internet to your FortiRecorder NVR’s private network IP. (See “Appendix A: Port numbers”.) Remote access opens ports and can weaken the strength of your network security. To prevent attackers on the Internet from gaining access to your surveillance system, configure your firewall or router to require authentication, restrict which IP addresses can use your port forward/virtual IP, and scan requests for viruses and hacking attempts.

  • Page 31: Redundant Interfaces

    One example of an application of VLANs is a company’s accounting department. Accounting computers may be located at both main and branch offices. However, accounting computers need to communicate with each other frequently and require increased security. VLANs allow the accounting network traffic to be sent only to accounting computers and to connect accounting computers in different locations as if they were on the same physical subnet.
  • Page 32 To view log messages, go to Monitor > Log Viewer > Event for the NVR log messages or go to Monitor > Log Viewer > Event for the camera log messages. To configure logging 1. Go to either Logs and Alerts > Log Setting > Local Log Settings or Log > Log Setting > Remote Log Settings (depending on whether you want logs to be stored on FortiRecorder’s hard drive, or remotely, on a Syslog server or FortiAnalyzer).
  • Page 33 Setting name Description Type the IP address of a Syslog server or FortiAnalyzer. Port Type the UDP port number on which the Syslog server listens for log messages. The default is 514. Level Select the severity level that a log message must equal or exceed in order to be recorded to this storage location.

  • Page 34: Alert Email

    ICMP ECHO_REQUEST (ping), go to Monitor > System Status > Console and enter the command: execute traceroute <syslog_ipv4> where <syslog_ipv4> is the IPv4 address of your FortiAnalyzer or Syslog server. See also • Connectivity issues • Data storage issues Alert email As the FortiRecorder system administrator, you can receive alert email whenever an important system event occurs, such as the hard disk being full and so on.
  • Page 35 NVR configuration Page 35 FortiRecorder 2.4.2 Administration Guide...

  • Page 36: Camera Settings

    Camera settings Before connecting to your cameras, you must configure the settings that will be used by them. To reduce overhead, you don’t need to create settings for each camera. Instead, configure items such as schedules and video quality once, then re-use those same settings for all cameras that should be similarly configured.

  • Page 37: Configuring Camera Profiles

    3. Configure the following, then click Create. Setting name Description Name Type a name (such as live-stream1) that can be referenced by other parts of the configuration. Do not use spaces or special characters. The maximum length is 35 characters. Resolution Select the amount of detail (the number of pixels) in the image.
  • Page 38 3. Configure the following, then click Create. Setting name Description Name Type a name (such as camera-settings1) that can be referenced by other parts of the configuration. Do not use spaces or special characters. The maximum length is 35 characters. Video Select the Recording stream profile used to determine the video quality of the recorded video.

  • Page 39: Camera Groups

    Setting name Description Storage Options You can select the storage options of both continuous recordings and detection recordings. • Keep — Retain video until all available disk space is consumed • Delete — Remove video when it exceeds a maximum age. •...

  • Page 40: Camera Connection

    Camera connection After you have configured the NVR and camera settings, you can install and connect cameras to the FortiRecorder NVR. For information about how to physically install a camera, see the camera’s QuickStart Guide. Camera discovery and DHCP service In order for the FortiRecorder NVR to be able to discover cameras and receive video, cameras Two first get their IP addresses and other network settings from either the FortiRecorder built-in DHCP server or any other third-party DHCP server on your network.

  • Page 41: Connecting Fortirecorder To The Cameras

    configuring the cameras with a static IP address, yet will provide the advantage that IP addresses remain centrally managed. If you continue to let your cameras use DHCP, you should configure Reserved IP Address (or, on a third-party DHCP server, the equivalent setting). Failure to do this may appear to work initially, but eventually could periodically, temporarily interrupt connectivity with the NVR, resulting in lost video.
  • Page 42 To connect FortiRecorder to your cameras 1. If this is the first time you connect to FortiRecorder, change your PC’s IP address to be on the same subnet as the FortiRecorder port1’s default IP address 192.168.1.99. For example, set your PC’s IP to 192.168.1.98. 2.
  • Page 43 6. Go to System > Network > Interface. Select port1 and click Edit. Make sure to enable it 7. Make sure Discover cameras on this port is enabled. 8. Connect the camera to the PoE switch now. If you connect the camera to the switch before you have configured and enabled the DHCP server on FortiRecorder, the camera will use its default IP address, which might not be working on your network.

  • Page 44: Configuring Cameras

    9. Go to Camera > Configuration > Camera, and click Discover. After several seconds, a list of discovered cameras should appear. Newly discovered cameras will be highlighted in yellow, and their Status column will contain Not Configured. Discover button Configured cameras Yellow: discovered but not configured cameras 10.Double click on the discovered camera to configure the camera settings.
  • Page 45 If you are adding a remote camera, or adding a new camera before it is connected, you must specify all the settings. For the Fortinet FortiCam cameras, you must specify the models; for the non-Fortinet cameras, you must specify the camera’s login credentials (user name and password) for FortiRecorder to access it.
  • Page 46 Setting name Description (RTSP) Port Type the port number of video streaming commands (RTSP) from the FortiRecorder that the firewall or router will forward to the camera, such as when beginning a continuous recording schedule. If using only a WAN/virtual IP without port forwarding/translation, leave this setting at its default value, 554.
  • Page 47 4. If the address mode is wired or wireless, under the network tab, configure the following: Setting name Description Wired settings Select DHCP if you want the camera to continue using DHCP to dynamically determine its IP address. The FortiRecorder NVR will attempt to keep track of any DHCP-related IP address changes automatically using periodic mDNS probes.
  • Page 48 Setting name Description Disable threshold Enter the light level when infra red mode should turn off. Threshold time Enter the time interval (in seconds) when the camera should wait to turn on or off the infra red mode after the threshold is reached. Current light level Display the current light level that the camera detects.
  • Page 49 down the Shift key while you click and drag it. To add another motion detection area, click the plus sign again. For audio detection and DIDO, configure the following settings: Setting name Description Audio Sensitivity If the camera supports audio surveillance, specify the sensitivity level that the camera recording will be triggered.
  • Page 50 Setting name Description PIR Sensitivity Digital Some cameras come with DIDO terminals and support digital input and input/output output. For example, on the FortiCam MB13 camera, according to your configuration, power signal from the digital input can trigger the camera to record a video clip. You can also optionally connect other devices to the digital output, such as a relay to turn on/off another device.
  • Page 51 10.On the Miscellaneous tab, configure the following settings: Setting name Description Privacy button FortiCam MB13 has a privacy button on it. If enabled, you can press the privacy button on the camera to stop and resume video and audio monitoring. To enable the functionality of the privacy button on the camera, select the Privacy button checkbox.
  • Page 52 13.If desired, you can specify different camera settings, such as brightness and contrast, for the camera to use as different times. For details, see “Configuring schedules” on page See also • Watching live video feeds • Connectivity issues Camera connection Page 52 FortiRecorder 2.4.2 Administration Guide...

  • Page 53: User Management

    User management In its factory default configuration, FortiRecorder has one administrator account named admin. This administrator has permissions that grant full access to FortiRecorder’s settings and features. To prevent accidental changes to the configuration, it’s best if only network administrators — and if possible, only a single person —...

  • Page 54: Configuring Access Profiles

    3. Go to System > Administrator > Administrator to configure all other user settings. For details, “Configuring user accounts” on page Configuring access profiles Access profiles control which FortiRecorder funtions the users are allowed to access. Before you configure user accounts, you must configure the access profiles, which will be used in the user account settings.
  • Page 55 3. Configure these settings: Setting name Description Username Type the name of the account, such as IT, that can be referenced in other parts of the configuration. Do not use spaces or special characters. The maximum length is 35 characters. Note: This is the entire user name that the person must provide when logging in to the CLI or web UI.
  • Page 56 Setting name Description Trusted hosts Type the IP address and netmask from which the account is allowed to log in to the FortiRecorder appliance. You can specify up to 10 trusted network areas. Each area can be a single computer, a whole subnet, or a mixture.
  • Page 57 Setting name Description User profile With a user profile, you can specify which group of camera video feeds and recordings the account will be able to access. You can also use schedules to control when the user is allowed to access the video. For details, see “Configuring schedules”...
  • Page 58 Setting name Description Authentication Select one of: • Local — Authenticate using an account whose name, password, and other settings are stored locally, in the FortiRecorder NVR’s configuration. • RADIUS — Authenticate by querying the remote RADIUS server that stores the account’s name and password. Also configure RADIUS profile Check permission attribute on RADIUS server.
  • Page 59 Authentication is RADIUS or RADIUS+Local. Vendor ID Type the vendor ID for Fortinet, as it is defined on your RADIUS server, in decimal. On many RADIUS servers, Fortinet’s default vendor ID is 12356. The vendor ID is an ID for the Fortinet client types. It should be present in Access-Request packets from FortiRecorder, telling your RADIUS server which settings are supported by accounts on FortiRecorder.

  • Page 60: Configuring Ldap Authentication

    Subtype Type the subtype ID for account permissions as it is defined on your RADIUS server. On many RADIUS servers, Fortinet’s default subtype ID for access profiles is 6. The subtype ID is an ID for the user type (permissions) attribute. It should be, but is not required to be, present in Access-Accept reply packets from your RADIUS server to FortiRecorder.
  • Page 61 3. Configure these settings: Setting name Description Profile name Type a name (such as LDAP-query) that can be referenced by other parts of the configuration. Do not use spaces or special characters. The maximum length is 35 characters. Server name/IP Type the fully qualified domain name (FQDN) or IP address of the LDAP or Active Directory server that will be queried when an account referencing this profile attempts to authenticate.
  • Page 62 (the bind DN), click the arrows to expand User Query Options, User Authentication Options, and Advanced Options, then configure: Setting name Description Schema If your LDAP directory’s user objects uses one of these common schema style: • InetOrgPerson • InetLocalMailRecipient •...
  • Page 63 Setting name Description LDAP user query Enter an LDAP query filter that selects a set of user objects from the LDAP directory. The query string filters the result set, and should be based upon any attributes that are common to all user objects but also exclude non-user objects.
  • Page 64 Setting name Description User Type Select this option to define the user’s type. Attribute Valid entries for this field are: admin, operator, and viewer. User Profile Select this option to define the user’s profile. Attribute The entry for this field must match the profile name configured in FortiRecorder.
  • Page 65 Setting name Description Enable to cache LDAP query results. Enable cache Caching LDAP queries can introduce a delay between when you update LDAP directory information and when the FortiRecorder appliance begins using that new information, but also has the benefit of reducing the amount of LDAP network traffic associated with frequent queries for information that does not change frequently.

  • Page 66: Configuring Radius Authentication

    Configuring RADIUS authentication Except for local users, FortiRecorder also support RADIUS user authentication. You will use the RADIUS authentication profiles when you add user accounts. To configure a RADIUS query 1. Go to System > Authentication > RADIUS. 2. Click New. A dialog appears.
  • Page 67 See also • NVR configuration • Connectivity issues • Login issues User management Page 67 FortiRecorder 2.4.2 Administration Guide...

  • Page 68: Notifications

    Notifications When a significant event happens, such as motion-triggered video recording or the hard disk being full, your FortiRecorder NVR can notify you, either by email or SMS messages. Notification configuration workflow To configure the notifications, follow these steps: 1. Configure the SMTP mail server settings so that FortiRecorder can send out notification email.
  • Page 69 2. Configure these settings: Setting name Description Host name Type the host name for the appliance. By default, it uses its serial number. The host name can be up to 35 characters in length. It can include US-ASCII letters, numbers, hyphens, and underscores, but ne spaces and special characters.

  • Page 70: Configuring Fortirecorder To Send Sms Messages

    3. If the email server requires SMTP authentication (i.e. it uses the SMTP AUTH command), also enable Authentication Required, then configure these settings: Setting name Description User name Type the name of the account, such as jdoe or fortirecorder@example.com, that FortiRecorder will use to log in to the SMTP server.

  • Page 71: Configuring Cameras To Send Notifications

    Setting name Description Description Enter a short description of the provider. Type Select an SMS type: either SMTP or HTTP. For SMTP, enter the Email to, Email subject, and Email body information. You can use the following tags when filing the fields: •...
  • Page 72 2. Click New. 3. Configure the following setting and then click Create. Setting name Description Name Enter a name for the notification entry. Description Optionally enter a descriptive comment. Enable Select to enable this notification entry. Trigger number Specify how many times the motion event should happen before the notification is sent out.

  • Page 73: Video Monitoring

    Video monitoring To get the most value out of your FortiRecorder system, use it to monitor your property — not just to analyze after-the-fact. Your FortiRecorder NVR has a variety of monitoring tools for the appliance itself, but administrators can also view the live video feeds from cameras. You can use the tools in this section to monitor your FortiRecorder NVR and surveillance cameras.

  • Page 74: Video And Image Sharing

    To view live video from your cameras as an administrator 1. Go to Monitor > Video Monitor Buffering (a blue “Q” appears, with an oscillating dotted line underneath) may take a few seconds, depending on the network, the Resolution of the camera, and your computer. When buffering is done, the current live video feed should appear.
  • Page 75 To allow users to access video sharing, you must first insert the video in your web page. For example, if your FortiRecorder runs v2.3 and older firmware, you can insert the following code in your web page: <iframe frameborder="10" scrolling="no" width="640" height="480" src="https://172.20.110.94/api?request=FRC_LiveView&id=FD20&width= 640&height=480&view_mode=3&hostName=172.20.110.94&username=videoSe rvice&password=1234">...

  • Page 76: Watching Recorded Video Clips

    To configure image sharing on FortiRecorder 1. Go to Service > Video > Image. 2. Select the Status checkbox. 3. Enter the number of seconds in the Interval section that will dictate how often the cameras capture a picture. 4. Enter the necessary FTP information. 5.
  • Page 77 Time periods in the time line panel are color-coded: • Yellow — A system event such as a software update, system reboot, or camera reboot. Recordings cannot be stored while FortiRecorder is unavailable. • Light blue — The lightest blue denotes previously recorded clips, the darker blue denotes temporary recording (see descriptions below), the darkest blue denotes manually initiated recording.
  • Page 78 Figure 1: Time line zoomed out Figure 2: Time line zoomed in Preview frames After zooming in, double-click the enlarged segment to view the clip 3. After you select the segment (if it is a motion-detection clip, a few key frames will appear for preview purpose), you can do the following: •...

  • Page 79: Reviewing Motion Detection Notifications

    administrators can use these controls, to prevent operators from accidentally or maliciously blacking-out the view. Set these settings with care. After video is recorded, it won’t be possible to adjust the image quality again unless you download the file and use video editing software. Video editing software may not be able to successfully correct for excessively bad image quality 8.
  • Page 80 4. To view a video clip from the notification, click its key frame image. The notification window will be replaced with a video clip player. Video monitoring Page 80 FortiRecorder 2.4.2 Administration Guide...

  • Page 81: Video Management

    Video management If you need to store video for longer periods of time, you can extended your FortiRecorder appliance’s built-in storage. Local storage Initially, your FortiRecorder appliance will store video data on its internal hard disk drive. By default, it will continue to do so, regardless of the video clip’s age, until all available space is consumed.

  • Page 82: Adding A Raid Disk

    If you are using old disks from another system (RAID or LVM), make sure to erase all the metadata on the drives. Adding a RAID disk If desired, you can add one or two more hard disk drives to the FortiRecorder 400D unit. Figure 4: Hard disk bays on FortiRecorder 400D unit To add a disk to the RAID array 1.

  • Page 83: Replacing All Raid Disks

    the RAID has 400 GB disks, and you replace one with a 500 GB disk, to be consistent with the other disks, only 400 GB of the new disk will be used. FortiRecorder units support hot swap; shutting down the unit during hard disk replacement is not required.

  • Page 84: External Storage

    External storage To extend your local storage, you can use an external USB storage device if your FortiRecorder model has USB ports. To safeguard your surveillance video in the event that your FortiRecorder appliance is destroyed by fire, flood, intrusion, or other event that it is recording, configure your FortiRecorder appliance to store its video at a remote location such as a branch office or cloud storage provider.
  • Page 85 Setting name Description Directory Enter the path of the folder on the server, relative to the mount point or user’s login directory, where the FortiRecorder appliance will store the data. This setting appears only if Protocol is NFS. Note: Do not use special characters such as a tilde ( ~ ). This will cause the storage to fail.

  • Page 86: System Monitoring

    On the SNMP manager, you must also verify that the SNMP manager is a member of the community to which the FortiRecorder appliance belongs, and compile the necessary Fortinet-proprietary management information blocks (MIBs) and Fortinet-supported standard MIBs. For information on MIBs, see “MIB...
  • Page 87 3. Configure the following: Setting name Description SNMP agent enable Enable to activate the SNMP agent, so that the FortiRecorder appliance can send traps for the communities in which you enabled queries and traps. To receive queries, also SNMP on a network interface.

  • Page 88: Configuring An Snmp Community

    SNMP manager may not accept the trap if its community name does not match. Caution: Fortinet strongly recommends that you do ne add FortiRecorder to the community named public. This popular default name is well-known, and attackers that gain access to your network will often try this name first.
  • Page 89 Setting name Description Community Hosts IP Address Type the IP address of the SNMP manager that, if traps or queries are enabled in this community: • will receive traps from the FortiRecorder appliance • will be permitted to query the FortiRecorder appliance SNMP managers have read-only access.

  • Page 90: Configuring Snmp V3 Users

    6. To verify your SNMP configuration and network connectivity between your SNMP manager and your FortiRecorder appliance, be sure to test both traps and queries (assuming you have enabled both). Traps and queries typically occur on different port numbers, and therefore verifying one does not necessarily verify that the other is also functional.

  • Page 91: Mib Support

    The FortiRecorder SNMP agent supports Ethernet-like MIB information, (Ethernet-like MIB) except the dot3Tests and dot3Errors groups. You can obtain these MIB files from the Fortinet Technical Support web site, https://support.fortinet.com/. To communicate with your FortiRecorder appliance’s SNMP agent, you must first compile these MIBs into your SNMP manager.

  • Page 92: Logging

    Logging Log messages, if you configured them (see “Configuring logging”), record important events on your FortiRecorder system. About logs FortiRecorder appliances can log many different activities including: • camera recording events • administrator-triggered events including logouts and configuration changes • system-triggered events including system failures For more information about log types, see “Log types”.

  • Page 93: Log Severity Levels

    Log severity levels Each log message contains a Severity (pri) field that indicates the severity of the event that caused the log message, such as pri=warning. Table 10:Log severity levels Level Name Description (0 is greatest) Emergency The system has become unusable. Alert Immediate action is required.
  • Page 94 Table 11: Monitor > Video Monitor > Event (viewing the contents of a log file) Setting name Description Level Select a severity level to hide log messages that are below this threshold (see “Log severity levels”). Subtype Select a subcategory (corresponding to the Subtype column) to hide log messages whose subtype field does not match.

  • Page 95: Displaying & Sorting Log Columns & Rows

    Setting name Description Subtype The category of the log message, such as admin for events such as authentication or configuration changes, or system for events such as disk consumption or connection failures. When in raw format, this is the log’s subtype field. Log ID A dynamic log identifier within the system, not predictable, indicative of the cause nor necessarily a unique identifier.

  • Page 96: Downloading Log Messages

    5. To display a column such as Time, mark the check box next to its name. To disable the display of a column, clear its check box. The page refreshes immediately, displaying the columns that you selected. 6. Column settings will not usually persist when changing pages, nor from session to session. If you want to keep the settings, you must click Save View.

  • Page 97: Searching Logs

    To delete a log file 1. Go to one of the log types, such as Monitor > Log Viewer > Event. 2. Either: • To delete all log files, mark the check box in the column heading. All rows’ check boxes will become marked.

  • Page 98: Event Monitor

    Setting name Description Time Select the date and time range that contains the attack log that you are searching for. This setting is optional. Note: The date fields default to the current date. Ensure the date fields are set to the actual date range that you want to search. Match condition Select whether your match criteria are specified exactly (Contain) or you have indicated multiple possible matches using an asterisk in...

  • Page 99: Secure Connections And Certificates

    Secure connections and certificates When a FortiRecorder appliance initiates or receives an SSL or TLS connection, it will use certificates. Certificates can be used in secure connections for: • encryption • authentication of servers FortiRecorder may require you to upload certificates and CRLs even if you do not use HTTPS. For example, when sending alert email via SMTPS, or querying an authentication server via LDAPS, FortiRecorder will validate the server’s certificate by comparing the server certificate’s CA signature with the certificates of CAs that are known and trusted by the FortiRecorder...

  • Page 100: Replacing The Default Certificate For The Web Ui

    FortiRecorder supports: • SSL 2.0 • RC4-MD5 — 40-bit & 128-bit • SSL 3.0 • AES-SHA — 256-bit & 128-bit • CAMELLIA-SHA — 128-bit & 256-bit • DES-CBC3-SHA — 168-bit • DES-CBC-SHA — 40-bit & 56-bit • DHE-RSA-AES-SHA — 256-bit & 128-bit •...
  • Page 101 trusted by your web browser. This will cause your web browser to display a security alert, indicating that the connection may have been intercepted. To prevent this false alarm, you can go to System > Certificate > Local Certificate to replace the certificate with one that is signed by your own CA so that it will be trusted.
  • Page 102 Table 12:System > Certificate > Local Certificate Setting name Description View Click to view the selected certificate’s issuer, subject, and range of dates within which the certificate is valid. Generate Click to generate a certificate signing request. For details, see “Generating a certificate signing request”.

  • Page 103: Generating A Certificate Signing Request

    Generating a certificate signing request Many commercial certificate authorities (CAs) will provide a web site where you can generate your own certificate signing request (CSR). A CSR is an unsigned certificate file that the CA will sign. When the CSR is generated, the associated private key that the appliance will use to sign and/or encrypt connections with clients is also generated.
  • Page 104 Setting name Description Type the static IP address of the FortiRecorder appliance, such as 10.0.0.1. The IP address should be the one that is visible to clients. Usually, this should be its public IP address on the Internet, or a virtual IP that you use NAT to map to the appliance’s IP address on your private network.

  • Page 105: Uploading & Selecting To Use A Certificate

    5. Click OK. The FortiRecorder appliance creates a private and public key pair. The generated request includes the public key of the FortiRecorder appliance and information such as the FortiRecorder appliance’s IP address, domain name, or email address. The FortiRecorder appliance’s private key remains confidential on the FortiRecorder appliance.
  • Page 106 2. Append the certificate of each intermediary CA in order from the intermediary CA who signed the local certificate to the intermediary CA whose certificate was signed directly by a trusted root CA. For example, an appliance’s certificate that includes a signing chain might use the following structure: -----BEGIN CERTIFICATE----- <server certificate>...

  • Page 107: Uploading Trusted Cas' Certificates

    4. Click OK. 5. To use a certificate, click its row to select it, then click Set status to put it in force. 6. If your web browser does not yet have your CA’s certificate installed, download it and add it to your web browser’s trust store so that it will be able to validate the appliance’s certificate (see “Uploading trusted CAs’...

  • Page 108: Example: Downloading The Ca's Certificate From Microsoft Windows 2003 Server

    5. Next to Certificate file, click the Browse button and select your CA’s certificate file. 6. Click OK. Time required to upload the file varies by the size of the file and the speed of your network connection. 7. To test your configuration, cause your appliance to initiate a secure connection to an LDAPS server (see “To configure an LDAP query”...

  • Page 109: Revoking Certificates

    4. Click the Download CA certificate, certificate chain, or CRL link. The Download a CA Certificate, Certificate Chain, or CRL page appears. 5. From Encoding Method, select Base64. 6. Click Download CA certificate. 7. If your browser prompts you, select a location to save the CA’s certificate file. See also •...
  • Page 110 CRL files can be a considerable burden in large organizations, and because delay between the release and install of the CRL represents a vulnerability window, this can often be preferable. To use OCSP queries, you must first install the certificates of trusted OCSP/CRL servers. To view or upload a remote certificate 1.

  • Page 111: Updating The Firmware

    For late-breaking information specific to the firmware release version, see the Release Notes available with that release. In addition to major releases that contain new features, Fortinet releases patch releases that resolve specific issues without containing new features and/or changes to existing features. It is recommended to download and install patch releases as soon as they are available.
  • Page 112 “Restoring firmware (“clean install”)”. To install firmware via the web UI 1. Download the firmware file from the Fortinet Technical Support web site: https://support.fortinet.com/ 2. Log in to the web UI of the FortiRecorder appliance as the admin administrator. 3. Go to Monitor > System Status > Status.
  • Page 113 “Setting the “admin” account password”. To install firmware via the CLI 1. Download the firmware file from the Fortinet Technical Support web site: https://support.fortinet.com/ 2. Copy the new firmware image file to the root directory of the TFTP server. 3. Connect your management computer to the FortiRecorder console port using a RJ-45-to-DB-9 serial cable or a null-modem cable.

  • Page 114: Installing Alternate Firmware

    This can be accomplished via the CLI. To install alternate firmware via the CLI 1. Download the firmware file from the Fortinet Technical Support web site: https://support.fortinet.com/ 2. Copy the new firmware image file to the root directory of the TFTP server.

  • Page 115: Booting From The Alternate Partition

    8. Enter the following command to restart the FortiRecorder appliance: execute reboot 9. As the FortiRecorder appliances starts, a series of system startup messages appear. Press any key to display configuration menu..10.Immediately press a key to interrupt the system startup. You have only 3 seconds to press a key.

  • Page 116: Upgrading/Downgrading The Camera Firmware

    Once the FortiRecorder NVR is connected to your cameras, you can upgrade/downgrade the camera firmware through the FortiRecorder web UI. Fortinet does not recommend downgrading firmware. Downgrading firemware could result in a loss of configuration information. To upgrade/downgrade your cameras’ firmware 1.
  • Page 117 Support, that means the firmware is available to download from the Fortinet Technical Support web site. 2. Download the firmware file from the Fortinet Technical Support web site and save the file on your PC: https://support.fortinet.com/ 3. Go to Camera > Configuration > Firmware.

  • Page 118: Fine-Tuning & Best Practices

    Fine-tuning & best practices This topic is a collection of fine-tuning and best practice tips and guidelines to help you configure your FortiRecorder appliances for the most secure and reliable operation. While many features are optional or flexible such that they can be used in many ways, some practices are generally a good idea because they reduce complication, risk, or potential issues.

  • Page 119: Administrator Access

    • By default, an administrator login that is idle for more than five minutes times out. You can change this to a longer period in the idle timeout settings. But Fortinet does not recommend it. Left unattended, a web UI or CLI session could allow anyone with physical access to your computer to change FortiRecorder settings.

  • Page 120: Operator Access

    Figure 7: Restricting accepted administrative protocols in the dialog in Edit Interface System > Network > Interface Use only the most secure protocols. Disable PING, except during troubleshooting. Disable HTTP, SNMP, and TELNET unless the network interface only connects to a trusted, private administrative network.

  • Page 121: Improving Performance

    Improving performance When configuring your FortiRecorder appliance and its features, there are many settings and practices that can yield better performance. Video performance Video performance is a combination of the video input (from the cameras) and the video output (to the browser for live views and playback). Input performance factors •...

  • Page 122: Logging & Alert Performance

    Logging & alert performance • If you have a FortiAnalyzer, store FortiRecorder’s logs on the FortiAnalyzer to avoid resource usage associated with writing logs to FortiRecorder’s own hard disks. See “Configuring logging”. • If you do not need a log or alert, disable it to reduce the use of system resources. See “Configuring logging”.
  • Page 123 To mitigate impact in the event of a network compromise, always password-encrypt your backups. If your operating system does not support this feature, you can encrypt the file using third-party software. Once you have tested your basic installation and verified that it functions correctly, create a backup.

  • Page 124: Restoring A Previous Configuration

    Restoring a previous configuration If you have downloaded configuration backups, you can upload one to revert the appliance’s configuration to that point. Uploading a configuration file can also be used to configure many features of the FortiRecorder appliance in a single batch: download a configuration file backup, edit the file in a plain text editor, then upload the finalized configuration.

  • Page 125: Troubleshooting

    This topic provides guidelines to help you resolve issues if your FortiRecorder appliance is not behaving as you expect. Keep in mind that if you cannot resolve the issue on your own, you can contact Fortinet Technical Support. Solutions by issue type Recommended solutions vary by the type of issue.

  • Page 126: Live Feed Delay

    from many sources, and if you have installed multiple codecs for the same format, display problems can arise. Live feed delay Before QuickTime will begin playing a video stream, it must buffer a few seconds’ worth of data. The time that QuickTime requires to do this may result in a few seconds’ difference between what you see happening in the live video feed, and what is happening in reality now.

  • Page 127: Login Issues

    Login issues If the person cannot access the login page at all, it is usually actually a connectivity issue (see “Connectivity issues”) unless all accounts are configured to accept login only from specific IP addresses (see “Trusted hosts”) or authentication has been externalized to an LDAP or RADIUS server.

  • Page 128: Checking Hardware Connections

    If the hardware connections are functional and the appliance is powered on, but you cannot connect — even using a local console connection to the CLI rather then a network connection — you may be experiencing bootup problems. Contact Fortinet Technical Support. Bringing up network interfaces If the network interface was disabled, all connections will fail even though the cable has connectivity physically.

  • Page 129: Examining The Arp Table

    Examining the ARP table When connectivity cannot be established or is periodically interrupted, but hardware and link status is not an issue, the first place to look is at a slightly higher layer in network connections: the address resolution protocol (ARP) table. While most devices’ MAC address is bound to the hardware at the manufacturer and not easily changed, some devices have configurable or virtual MACs.
  • Page 130 destination, ping tells you the amount of packet loss (if any), how long it takes the packet to make the round trip (latency), and the variation in that time from packet to packet (jitter). Similarly, traceroute sends ICMP packets to test each hop along the route. It sends three packets to the destination, and then increases the time to live (TTL) setting by one, and sends another three packets to the destination.
  • Page 131 movement along the path in both directions: from the location of the camera (temporarily, the computer) to the FortiRecorder, and the FortiRecorder to the camera. In networks using features such as asymmetric routing, routing success in one direction does not guarantee success in the other. If the routing test succeeds, continue with step 4.
  • Page 132 For example, you might use ping to determine that 172.16.1.10 is reachable: FortiRecorder-200D# execute ping 172.16.1.10 PING 172.16.1.10 (172.16.1.10): 56 data bytes 64 bytes from 172.16.1.10: icmp_seq=0 ttl=64 time=2.4 ms 64 bytes from 172.16.1.10: icmp_seq=1 ttl=64 time=1.4 ms 64 bytes from 172.16.1.10: icmp_seq=2 ttl=64 time=1.4 ms 64 bytes from 172.16.1.10: icmp_seq=3 ttl=64 time=0.8 ms 64 bytes from 172.16.1.10: icmp_seq=4 ttl=64 time=1.4 ms --- 172.20.120.167 ping statistics ---...

  • Page 133: Facilitating Discovery

    You may need to verify that there are no misconfigured DNS records, and otherwise rule out problems at the physical, network, and transport layer. If these tests succeed, a route exists, but you cannot receive video feeds or use FortiRecorder to update the camera’s network settings, an application-layer problem is preventing connectivity.

  • Page 134: Unauthorized Dhcp Clients Or Dhcp Pool Exhaustion

    Unauthorized DHCP clients or DHCP pool exhaustion Typically returning DHCP clients will receive the same IP address lease. However if computers or other devices are accidentally using IP addresses that the FortiRecorder NVR’s built-in DHCP server should be allocating to cameras, and the pool of available DHCP IP addresses becomes exhausted, cameras may be unable to get or retain an IP address.
  • Page 135 Table 13:IP session table Refresh GUI item Description Protocol The protocol of the session according to the “protocol” ID number field (or, for IPv6, “next header”) in the IP header of the packets. • icmp — 1 (Due to the speed of ICMP messages, this will almost never be seen in the session list.) •...

  • Page 136: Resolving Ip Address Conflicts

    be finished or times out, and therefore TCP connections will persist in the session table for a much longer time. If you still do not see the sessions that you expect, verify that your firewall or router allows traffic to or from those IP addresses, on all expected source and destination port numbers (see “Appendix A: Port numbers”).

  • Page 137: Packet Capture

    Packet capture Packet capture, also known as sniffing, packet trace, or packet analysis, records some or all of the packets seen by a network interface (that is, the network interface is used in promiscuous mode). By recording packets, you can trace TCP connection states and HTTP request transactions to the exact point at which they fail, which may help you to diagnose some types of problems that are otherwise difficult to detect, such as malformed packets, differentiated services misconfiguration, or non-RFC protocol incompatibilities.
  • Page 138 • fragment offset • options bits e.g.: interfaces=[port2] filters=[none] 0.655224 172.20.130.16.2264 -> 172.20.130.15.42574: udp 113 • 2 — All of the output from 1, plus the packet payload in both hexadecimal and ASCII. e.g.: interfaces=[port2] filters=[none] 0.915616 172.20.130.16.2264 -> 172.20.130.15.42574: udp 124 0x0000 4500 0098 d27d 4000 4011 0b8f ac14 8210 E..}@.@..
  • Page 139 • 5 — All of the output from 2, plus the network interface name. e.g.: interfaces=[port2] filters=[none] 0.508965 port2 -- 172.20.130.16.2265 -> 172.20.130.15.42575: udp 44 0x0000 4500 0048 03ab 4000 4011 dab1 ac14 8210 E..H..@.@..0x0010 ac14 820f 08d9 a64f 0034 df2e 80c8 0006 ..O.4..
  • Page 140 often, but not always, preferable to analyze the output by loading it into in a network protocol analyzer application such as Wireshark (http://www.wireshark.org/). For example, you could use PuTTY or Microsoft HyperTerminal to save the sniffer output to a file. Methods may vary. See the documentation for your CLI client. Requirements •...
  • Page 141 14.Convert the plain text file to a format recognizable by your network protocol analyzer application. You can convert the plain text file to a format (.pcap) recognizable by Wireshark (formerly called Ethereal) using the fgt2eth.pl Perl script. To download fgt2eth.pl, see the Fortinet Knowledge Base article Using the FortiOS built-in packet sniffer.

  • Page 142: Resource Issues

    15.Open the converted file in your network protocol analyzer application. For further instructions, see the documentation for that application. Figure 11:Viewing sniffer output in Wireshark For additional information on packet capture, see the Fortinet Knowledge Base article Using the FortiOS built-in packet sniffer.

  • Page 143: Data Storage Issues

    If the issue recurs, and corresponds with a hardware or configuration change, you may need to change the configuration (especially frequent logging and high resolution video streams), reduce traffic load or contact Fortinet Technical Support to prevent the issue from recurring. Data storage issues...

  • Page 144: Restoring Firmware ("Clean Install")

    erase data. (If you have not updated the firmware, this is the same as resetting to the factory default settings.) Back up your configuration before beginning this procedure, if possible. Resetting the configuration could include the IP addresses of network interfaces. For information on backups, “Regular backups”.
  • Page 145 FortiRecorder appliance whose network interface configuration was reset, see “Connecting to FortiRecorder web UI”. 1. Download the firmware file from the Fortinet Technical Support web site: https://support.fortinet.com/ 2. Connect your management computer to the FortiRecorder console port using a RJ-45-to-DB-9 serial cable or a null-modem cable.
  • Page 146 Enter G,F,B,Q,or H: Please connect TFTP server to Ethernet port "1". 11.If the firmware version requires that you first format the boot device before installing firmware, type F. Format the boot disk before continuing. 12.Type G to get the firmware image from the TFTP server. The following message appears: Enter TFTP server address [192.168.1.168]: 13.Type the IP address of the TFTP server and press Enter.

  • Page 147: Questions And Answers

    Questions and answers • How to connect cameras to FortiRecorder for the first time • How to use recorded video clips • How to use DIDO terminal connectors on FortiCam MB13 cameras How to connect cameras to FortiRecorder for the first time •...
  • Page 148 4. On the FortiRecorder web UI, go to System > Network > DHCP, and click New to create a new DHCP server on port1. Make sure to enable DHCP server Make sure to select port1 Questions and answers Page 148 FortiRecorder 2.4.2 Administration Guide...
  • Page 149 5. Go to System > Network > Interface. Select port1 and click Edit. Make sure to enable it 6. Make sure Discover cameras on this port is enabled. 7. Connect the camera to the PoE switch now. If you connect the camera to the switch before you have configured and enabled the DHCP server on FortiRecorder, the camera will use its default IP address, which might not be working on your network.

  • Page 150: Scenario 2: Connection With A Third Party Dhcp Server

    8. Go to Camera > Configuration > Camera, and click Discover. After several seconds, a list of discovered cameras should appear. Newly discovered cameras will be highlighted in yellow, and their Status column will contain Not Configured. Discover button Configured cameras Yellow: discovered but not configured cameras 9.

  • Page 151: How To Use Recorded Video Clips

    4. On the FortiRecorder web UI, go to System > Network > Interface and double click on port1 interface. Change the IP address to one that is accessible to the DHCP server and your network. And make sure Discover cameras on this port is enabled. 5.
  • Page 152 Time periods in the time line panel are color-coded: • Yellow — A system event such as a software update, system reboot, or camera reboot. Recordings cannot be stored while FortiRecorder is unavailable. • Light blue — The lightest blue denotes previously recorded clips, the darker blue denotes temporary recording (see descriptions below), the darkest blue denotes manually initiated recording.
  • Page 153 Figure 12:Time line zoomed out Figure 13:Time line zoomed in Preview frames After zooming in, double-click the enlarged segment to view the clip 3. After you select the segment (if it is a motion-detection clip, a few key frames will appear for preview purpose), you can do the following: •...

  • Page 154: How To Use Dido Terminal Connectors On Forticam Mb13 Cameras

    7. To adjust the image quality, in the pane on the right side, click the Control bar to expand it, then click the + or - buttons to adjust Brightness, Contrast, Saturation, and Sharpness. Only administrators can use these controls, to prevent operators from accidentally or maliciously blacking-out the view.
  • Page 155 2. Configure the digital input and output settings.Note that this setting is only available on FortiCam MB13 cameras. More cameras will support this feature in the future. The digital input can be configured to trigger when the signal is: • LOW (ground) •...
  • Page 156 3. Go to Camera > Schedule and enable Digital input when you create a recording schedule. The schedules will be used in camera profiles, which will eventually be used by the camera settings. For details, see “Camera configuration workflow” on page Questions and answers Page 156 FortiRecorder 2.4.2 Administration Guide...

  • Page 157: Appendix A: Port Numbers

    Appendix A: Port numbers Communications between the FortiRecorder appliance, cameras, and your computer require that any routers and firewalls between them permit specific protocols and port numbers. The following tables list the default port assignments used by FortiRecorder. Many are configurable.
  • Page 158 Table 15: Default ports used by FortiRecorder for incoming traffic (listening) Port number Protocol Purpose Telnet administrative CLI access. See “NVR configuration”. HTTP administrative web UI access. See “NVR configuration”. HTTPS administrative web UI access. Only occurs if the destination address is a network interface’s IP address. See “NVR configuration”.

  • Page 159: Appendix B: Maximum Values

    This table shows the maximum number of configuration objects or limits that vary by them, and are not a guarantee of performance. For values such as hardware specifications that do not vary by software version or configuration, see your model’s QuickStart Guide. Table 16:Maximum configuration objects FortiRecorder 100D FortiRecorder FortiRecorder VM 200D/400D Cameras connected...
  • Page 160 Table 16:Maximum configuration objects SNMP user hosts Remote log servers Motion detection windows Privacy mask windows 3 Appendix B: Maximum values Page 160 FortiRecorder 2.4.2 Administration Guide...

  • Page 161: Index

    Index Symbols authorization error 60 .mp4 78, 98, 125, 153 backup 122 access profile 119 configuration 123 Active Directory 61 firmware 114 domain 55 password 119 administrative access video 84 interface settings 19 bandwidth 37, 126 protocols 19 Base64 109 restricting 19, 56 baseline 123 administrator...
  • Page 162 certificate 99 authority (CA) 103, 105, 107, 109 usage 37, 87, 142, 143 default 100 factory 100 revocation list (CRL) 109 dashboard 86 upload 109 default revoke 109 administrator account 14, 15, 17, 112, 114 signing chain 105 certificate 100 signing request (CSR) 102 configuration 53 generating 103...
  • Page 163 CIDR 18 log 133 CSV 33 pool 25, 134 file 78, 98, 153 server 47, 136 FortiAnalyzer 33, 93 interface 24 Fortinet Technical Support 91 FortiSwitch 41 ECHO_REQUEST 19, 129, 130 forwarding ECHO_RESPONSE 19, 129, 130 port 45 ECMP 131...
  • Page 164 image live video 74, 78, 152 detail 37 buffering 74 quality 79, 121, 154 delay 126 performance 121 import certificate 105 load CRL 109 traffic 143 InetLocalMailRecipient 62 local certificate 100 InetOrgPerson 62 logs 93 interface location 44 administrative access 19 log 31 Internet service provider (ISP) 21, 22 about 92...
  • Page 165 monitor PEM 106 live video 74, 78, 152 performance 121, 130 using SNMP 86 DHCP 25 Mozilla DNS 22, 24 Thunderbird 70 factors in configuration 159 LDAP query 61, 65 multicast 47, 157 network interface 128 forwarding 133 on dashboard 86 packet capture 137 tuning 121 name...
  • Page 166 query route Active Directory 60 asymmetric 131 cache 65 dynamic 131 DNS 157 static 129 filter 63 table 22, 132 LDAP 60, 63 router 30 cache 61 blocking FortiRecorder 157 mDNS 157 hop 132 NTP 26 next hop 21, 129 OCSP 109 used by DHCP clients 24 RADIUS 58, 61, 66...
  • Page 167 source NAT 135 trap 86, 87, 89, 91 spam 72 troubleshooting connectivity 22 special characters 69 DHCP 133 split horizon 131 hardware 128 sshd 22 routing 132 SSL 26, 69, 107 video no longer being received 47, 136 static video plug-ins 125 IP address 41 trust store 105 route 129...
  • Page 168 X.509 100, 105 Index Page 168 FortiRecorder 2.4.2 Administration Guide...

This manual is also suitable for:

Fortirecorder 200dFortirecorder 400d

Table of Contents