Chapter 10 – FortiView

Chapter 10 – FortiView

 

FortiView

  • Overview on page 1149 outlines the role FortiView plays in FortiOS and its overall layout. This section also identifies which FortiGate platforms support the full FortiView features.
  • FortiView consoles on page 1160 describes the various FortiView consoles available in FortiOS, including example scenarios, in most cases.
  • Reference on page 1172 explains reference information for the various consoles in FortiView, and describes the assortment of filtering options, drilldown options, and columns available.
  • Troubleshooting FortiView on page 1183 offers solutions to common technical issues experienced by FortiGate users regarding FortiView.

 

Whats new in FortiOS 5.4

 

New Consoles

In FortiOS 5.4, a variety of new consoles have been added to FortiView:

 

FortiView Policies console

The new Policies console works similarly to other FortiView consoles, yet allows administrators to monitor policy activity, and thereby decide which policies are most and least active. This helps the administer to discern which policies are unused and can be deleted.

In addition, you have the ability to click on any policy in the table to drill down to the Policies list and view or edit that policy. You can view this new console in either Table or Bubble Chart view.

 

FortiView Interfaces console

The new Interfaces console works similarly to other FortiView consoles and allows administrators to perform current and historical monitoring per interface, with the ability to monitor bandwidth in particular. You can view this new console in either Table or Bubble Chart view.

 

FortiView Countries console

A new Countries console has been introduced to allow administrators to filter traffic according to source and destination countries. This console includes the option to view the Country Map visualization (see below).

 

FortiView Device Topology console

The new Device Topology console provides an overview of your network structure in the form of a Network Segmentation Tree diagram (see below).

 

FortiView Traffic Shaping console

A new Traffic Shaping console has been introduced to improve monitoring of existing Traffic Shapers. Information displayed includes Shaper info, Sessions, Bandwidth, Dropped Bytes, and more.

 

FortiView Threat Map console

A new Threat Map console has been introduced to monitor risks coming from various international locations arriving at a specific location, depicted by the location of a FortiGate on the map (see below).

 

FortiView Failed Authentication console

A Failed Authentication console has been added under FortiView that allows you to drill down an entry to view the logs. This new console is particularly useful in determining whether or not the FortiGate is under a brute force attack. If an administrator sees multiple failed login attempts from the same IP, they could (for example) add a local-in policy to block that IP.

 

The console provides a list of unauthorized connection events in the log, including the following:

  • unauthorized access to an admin interface (telnet, ssh, http, https, etc.) l  failure to query for SNMP (v3) or outside of authorized range (v1, v2, v3) l  failed attempts to establish any of the following:
  • Dial-up IPsec VPN connections
  • Site-to-site IPsec VPN connections
  • SSL VPN connections
  • FGFM tunnel
This entry was posted in FortiOS 5.4 Handbook and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.