Logging and Reporting (5.6)

Logging and Reporting (5.6)

New logging and reporting features added to FortiOS 5.6.

Client and server certificates included in Application control log messages (406203)

When SSL/TLS traffic triggers an application control signature, the application control log messages now include information about the signatures used by the session. This includes the client certificate issuer, the name in the server certificate, and the server certificate issuer.

DNS Logging (401757)

FortiOS logging now includes the Detailed DNS log message type. DNS events were previously recorded as event logs. In FortiOS 5.6 DNS log messages are a new category that also includes more DNS log messages to provide additional detail about DNS activity through the FortiGate. You can enable DNS logging from the CLI using the following command (shown in this example for memory logging):

config log memory filter set dns enable end

Logging and Reporting (5.6)

DNS log messages include details of each DNS query and response. DNS log messages are recorded for all DNS traffic though the FortiGate and originated by the FortiGate.

The detailed DNS logs can be used for low-impact security investigation. Most network activity involves DNS activity of some kinds. Analyzing DNS logs can provide a lot of details about the activity on your network without using flow or proxy-based resource intensive techniques.

Added Policy Comment logging option (387865)

As an alternative to custom log fields, the functionality has been added to log a policy’s comment field in all traffic log files that use that policy, in order to sort/isolate logs effectively with larger deployments and VDOMs. The feature is disabled by default. config log setting set log policy comment [enable/disable]

FortiAnalyzer encryption option name change (399191)

For clarity, and because the default options for config log fortianalyzer setting have now changed, the option default has now been changed to high-medium in the following CLI commands:

config log fortianalyzer setting set enc-algorithm [high/high-medium/low]

config log fortinalyzer override-setting set enc-algorithm [high/high-medium/low]

config log fortiguard setting set enc-algorithm [high/high-medium/low]

config log fortiguard override-setting set enc-algorithm [high/high-medium/low]

Maximum values changes

Maximum values changes

Maximum values changes in FortiOS 5.6.1:

  • The maximum number of SSIDs (CLI command config wireless-controller vap) for FortiGate models 600C, 600D, 800C, 800D, and 900D increased from 356 to 512 (414202).
  • The maximum number DLP sensors (CLI command config dlp sensor / config filter) for models

1000C, 1000D, 1200D, 1500D, 1500DT, 3240C, and 3600C decreased from 10,000 to 3,000. (371270) l The maximum number DLP sensors (CLI command config dlp sensor / config filter) for models

3000D, 3100D, 3200D, 3700D, 3700DX, 3800D, 3810D, 3815D, 5001C, and 5001D decreased from 50,000 to 4,000. (371270)

Maximum values changes in FortiOS 5.6: l The maximum number of wireless controller QoS Profiles is per VDOM (388070).

This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.