FortiView Guide

5 Replies

 

Overview

This section provides an overview of FortiView, its interface, and options, including the following:

Enabling FortiView

FortiView Feature Support – Platform Matrix

Configuration Dependencies

FortiView interface

Enabling FortiView

Enabling FortiView

By default, FortiView is enabled on FortiGates running FortiOS firmware version 5.2 and above. You will find the FortiView consoles in the main menu. However, certain options will not appear unless the FortiGate has Disk Logging enabled.

Only certain FortiGate models support Disk Logging. A complete list of FortiGate platforms that support Disk Logging is provided in the matrix below.

To enable Disk Logging

  1. Go to Log & Report > Log Settings and select the checkbox next to Disk.
  2. Apply the change.

To enable Disk Logging – CLI

config log disk setting set status enable

end

FortiView Feature Support – Platform Matrix

Note that the following table identifies three separate aspects of FortiView in FortiOS 5.2.3:

l Basic feature support l Historical Data l Disk Logging

Platform Basic Feature Support Disk Logging Historical Data *
FG/FWF-20C Series a    
FG/FWF-30D/40C Series a    
FG/FWF-60C Series a    
FG/FWF-60D Series a    
FGR-60D a    
FG-60D a    
FG/FWF-80C Series a    
FG-80D a a 1 hour

FortiView Feature Support – Platform Matrix

Platform Basic Feature Support Disk Logging Historical Data *
FG/FWF-90D Series a a 1 hour
FG/FWF-92D Series a    
FG-110C a    
FG-111C a CLI 1 hour
FG-100D Series a a 24 hours
FG-200B Series a # # (24 hours)
FG-200D Series a a 24 hours
FG-310B a   # (24 hours)
FG-311B a   # (24 hours)
FG-300C a a 24 hours
FG-300D a a 24 hours
FG-500D a a 24 hours
FG-620B a # # (24 hours)
FG-621B a # # (24 hours)
FG-600C a a 24 hours
FG-800C a a 24 hours
FG-1000D a a 7 hours, 24 hours
FG-1500D a a 7 hours, 24 hours
FG-1240B a a 24 hours
FG-3016B a # # (24 hours)
FG-3040B a CLI 24 hours
FG-3140B a CLI 24 hours
FG-3240C a CLI 24 hours
FG-3600C a CLI 24 hours

FortiView Feature Support – Platform Matrix

Platform Basic Feature Support Disk Logging Historical Data *
FG-3700D/DX a CLI 7 hours, 24 hours
FG-3810A a # # (24 hours)
FG-3950B a #, CLI # (24 hours)
FG-3951B a #, CLI # (24 hours)
FG-5001A a #, CLI # (24 hours)
FG-5001B a CLI 24 hours
FG-5001C a CLI 24 hours
FG-5001D a CLI 24 hours
FG-5101C a CLI 24 hours
FS-5203B a CLI  

a = Default support.

# = Local storage required.

* Refer to section on Historical Data below.

Pages: 1 2 3 4 5 6 7 8 9 10
This entry was posted in FortiView on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

5 thoughts on “FortiView Guide

  1. TOGE

    Hello Mike,

    Useful and interesting Post !

    I have some trouble with fortiview and i’d love to ask a questions,

    I have two FortiGate devices in two different companies, FG VM64 and FG-200E.
    Under fortiview / Traffic from LANDMZ / Sources, i want to see and filter logs by “user”.
    FG-200E can filter by username and also has many other options to filter logs, but FGVM64 has only “Source” and “Source Device” filter applicable.

    My question is: Doesn’t VM64 supports other filter options or do i have to turn something on to enable filter options ?

    Note: FG200E is logging in memory, whether FGVM64 has Disk logging enabled. Both of them has traffic logging enabled (Under policy / Logging option / Log Allowed Traffic / All Sessions) and both of them are using DC Agent to poll user database from AD. I know DC Agent is configured well because everything else is working fine and i can see users under Monitor / Firewall user monitor and under Log&Report / Forward traffic.

    I already tried using different Browsers.

    Regards.

    Reply
    1. Mike Post author

      So both FortiGates are configured the same? The only difference is the platform it is on? (appliance vs VM)

      Reply
      1. TOGE

        Hello and thanks for a quick response !

        No, configurations are different, but both are using DC agent to poll users from AD and then users are matched under different policies to give them different web access privileges.

        Under fortiview/source, Physical version has way more options to filter traffic, than VM version.

        But Yesterday i asked friend of mine, who has FG100E (no DC agent on it, used as transparent) and he also has no that additional filters available. So i dont think that its Physical/Virtual related.

        Could it be because of software version ?
        FG200E: v6.0.2
        FG100E and VM: v6.0.4

        Reply
  2. irabor

    Hello Mike,
    I configured fortigate to serve as web proxy, i configured the rules under proxy tab, no rules in the IPv4 policy section. I am not seeing logs in fortiview, but when i go to the proxy policy and i right-click and click on ‘show matching logs’, i can see see logs.
    What am i doing wrongly

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.