Basic feature support
FortiView’s consoles give insight into your user’s traffic, not merely showing which users are creating the most traffic, but what sort of traffic it is, when the traffic occurs, and what kind of threat the traffic may pose to the network.
FortiView basic feature support consists of the following consoles:
- Sources l Destinations l Interfaces l Policies l All Sessions l Applications
The complete array of features in FortiView requires disk logging enabled (see below). It includes those consoles listed above as well as the following:
- WiFi Clients l Cloud Applications l Web Sites l Threats
- VPN
FortiView Feature Support – Platform Matrix
Historical Data
Not all consoles have the same available historical data options, depending on whether or not your traffic is locally stored.
Below is a table showing which features are available for units using local storage, including the historical data options.
| Features | With Local Storage | Without Local Storage | ||||||
| Now | 5 min | 1 hr | 24 hr * | Now | 5 min | 1 hr | 24 hr | |
| Sources | a | a | a | a | a | |||
| Destinations | a | a | a | a | a | |||
| Interfaces | a | a | a | a | ||||
| Policies | a | a | a | a | ||||
| All Sessions | a | a | a | a | a | |||
| Applications | a | a | a | a | a | |||
| WiFi Clients | a | a | a | |||||
| Cloud Applications | a | a | a | a | a | |||
| Web Sites | a | a | a | a | ||||
| Threats | a | a | a | |||||
| Threat Map | a | a | ||||||
| FortiSandbox | a | a | a | |||||
| System Events | a | a | a | |||||
| VPN | a | a | a | |||||
* Not available for desktop models with SSD.
7-day time display
As mentioned previously, certain models support 7-day time display. These models are listed below:
Configuration Dependencies
l FortiGate 1000D l FortiGate 1500D l FortiGate 3700DX l FortiGate 3700D
The option for 7-day time display, however, can only be configured in the CLI using the following command:
config log setting set fortiview-weekly-data {enable|disable}
end
Hello Mike,
Useful and interesting Post !
I have some trouble with fortiview and i’d love to ask a questions,
I have two FortiGate devices in two different companies, FG VM64 and FG-200E.
Under fortiview / Traffic from LANDMZ / Sources, i want to see and filter logs by “user”.
FG-200E can filter by username and also has many other options to filter logs, but FGVM64 has only “Source” and “Source Device” filter applicable.
My question is: Doesn’t VM64 supports other filter options or do i have to turn something on to enable filter options ?
Note: FG200E is logging in memory, whether FGVM64 has Disk logging enabled. Both of them has traffic logging enabled (Under policy / Logging option / Log Allowed Traffic / All Sessions) and both of them are using DC Agent to poll user database from AD. I know DC Agent is configured well because everything else is working fine and i can see users under Monitor / Firewall user monitor and under Log&Report / Forward traffic.
I already tried using different Browsers.
Regards.
So both FortiGates are configured the same? The only difference is the platform it is on? (appliance vs VM)
Hello and thanks for a quick response !
No, configurations are different, but both are using DC agent to poll users from AD and then users are matched under different policies to give them different web access privileges.
Under fortiview/source, Physical version has way more options to filter traffic, than VM version.
But Yesterday i asked friend of mine, who has FG100E (no DC agent on it, used as transparent) and he also has no that additional filters available. So i dont think that its Physical/Virtual related.
Could it be because of software version ?
FG200E: v6.0.2
FG100E and VM: v6.0.4
Hello Mike,
I configured fortigate to serve as web proxy, i configured the rules under proxy tab, no rules in the IPv4 policy section. I am not seeing logs in fortiview, but when i go to the proxy policy and i right-click and click on ‘show matching logs’, i can see see logs.
What am i doing wrongly
What version of code are you running?