Category Archives: Administration Guides

FortiGate Cloud – IOC

IOC

FortiGate Cloud IOC alerts administrators about newly found infections and threats to devices in their network. By analyzing UTM logging and activity, IOC provides a comprehensive overview of threats to the network.

IOC detects three threat types, based on the evolving FortiGuard database:

Threat type Description
Malware Malicious programs residing on infected endpoints
Potentially unwanted programs Spyware, adware, and toolbars
Unknown Threats that the signature has detected but are not associated with any known malware

The free version of IOC is currently available on all accounts in the North America datacenter. The free version alerts you to threats and automatically prepares a comprehensive threat report. Threats listed only provide infected devices’ partial IP addresses: server and subnet.

A subscription grants access to IP address whitelisting, which allows you to narrow your malware search by excluding safe IP addresses and domains, and alert emails to notify you directly of detected network threats. You can also view infected devices’ full IP addresses, allowing you to better control their access to your network.

To purchase an IOC subscription:

  1. Open the Plan page in the FortiGate Cloud IOC site, and select Buy Online.
  2. Complete the purchase process, and wait for the key to arrive by email.
  3. Log into the Fortinet Support website.
  4. On the Asset page, register the code as if it were a new product’s serial number, and then enter the serial number of the FortiGate Cloud-connected device that you want the service to monitor. The service automatically takes effect.

To access IOC using a non-multitenancy account:

  1. In the FortiGate list, click the Threats/Suspicious label under System Status. This only appears if the FortiGate has detected any threats.

To access IOC using a multitenancy account:

  1. In the FortiGate list, look to the right. If your FortiGate has detected any threats, a bomb icon is visible. Click the bomb icon.

FortiGate Cloud – Multitenancy

Multitenancy

The multitenancy account is a FortiGate Cloud premium account designed for MSSPs. A multitenancy account is a oneor five-year service for an administrator to create and manage multiple subaccounts. It also allows you to move devices between these accounts. You can allocate administrators to each subaccount with full or read-only access, allowing more control over a managed service’s provisioning.

After you activate multitenancy, FortiGate Cloud replaces the default Analysis, Management, and SandBox homepages with the multitenancy Analysis, Management, and SandBox homepages.

You can access management actions from the multitenancy homepage. Some actions are not unique to multitenancy and are described elsewhere in this document. For descriptions of these functions, see Analysis on page 16, Management on page 29, and SandBox on page 35.

To activate multitenancy:

  1. Contact your Fortinet partner or reseller, requesting the following SKU: FCLE-10-FCLD0-161-02-DD. They email you a multitenancy activation code.
  2. In the FortiGate Cloud interface, select the My Account
  3. Under the admin/user list, select Activate multi-tenancy feature.
  4. Enter the activation code, and click Submit.

To configure basic multitenancy:

  1. On the Inventory page, select Import FortiCloud Key or Import Bulk Key to add multiple FortiGate Cloud licenses at once.
  2. On the FortiGate Inventory subpage, select one or multiple devices, and select Deploy to FortiGate Cloud. Select the subaccount for the selected devices and template, if any. You can also select a timezone for the devices.
  3. Click Deploy. The devices are moved to the FortiGate Cloud Deployed

To assign a device to a subaccount on the homepage:

Assigning a device to a new subaccount keeps the device data in FortiGate Cloud, including logs, reports, and configuration backup, and moves this data to the new subaccount. To delete this data, you must undeploy your device from FortiGate Cloud, then assign it to the desired subaccount.

 

You can assign a device to a different subaccount, including RMA devices.

  1. On the multitenancy homepage, click the Config icon beside the desired device, then click Assign To.
  2. In the Assign To dialog, select the desired subaccount, then click Submit.
  3. In the confirmation dialog, click YES.

To manage subaccounts:

  1. The multitenancy homepage lists subaccounts on the left panel. To manage a subaccount, click the desired subaccount. From the dropdown list, select the desired management action.
  2. On the multitenancy page, click the My Account You can view all accounts associated with this FortiGate Cloud. Use the dropdown list to view Global, SubAccount, or All Users. You can see in this dialog that users have different roles. For descriptions of the roles, see User roles on page 44.
  3. Click the Edit icon for the desired account.
  4. In the My Account > Edit User dialog, for Manage Sub Account, select Selected. Select the desired subaccounts for this user to manage.

User roles

The multitenancy account includes different user roles. You can view users and their roles by clicking the My Account icon.

User role Description
Admin (All) Administrator who can access devices under all subaccounts.
Admin (1) Administrator who can only access devices under the one subaccount that is assigned to them, including the assigned subaccount’s child subaccounts.
Regular (All) Regular user who has view-only access to all subaccounts.
Regular (1) Regular user who has view-only access to all subaccounts, including the assigned subaccount’s child subaccounts.

Admin (All)

The Admin (All) user can view and access all subgroups on the left pane, and use Management functions.

Admin (1)

The Admin (1) user can only access devices under the one subaccount assigned to them (and any child subaccounts), as shown in the left pane. They can access Management functions.

Regular (All)

The Regular (All) user has view-only access to all subgroups, but has no access to Management functions.

Regular (1)

The Regular (1) user has view-only access to devices under the subaccount assigned to them (and any child subaccounts), as shown in the left pane. In this example, the user is assigned access to the sub_2 subaccount, which means they can also view devices assigned to the sub_2_a and sub_2_b subaccounts, which are children of the sub_2 subaccount. The Regular (1) user cannot access Management functions.

Group management

Multitenancy also enables group management actions. You can apply actions to a group of FortiGate and FortiWifi devices, simplifying administrative tasks.

Some group management actions require that you enable management on the selected device. See Management on page 29.

You can access group management actions from the Analysis and Management homepages when multitenancy is enabled.

Some actions are not unique to group management and are described elsewhere in this document in the context of use on a single device; multitenancy simply offers the ability to apply the action to multiple devices. For descriptions of these functions, see the following topics:

Schedule Report To schedule a report: on page 25
Deploy Config To deploy cloud configuration to devices: on page 31
Upgrade Firmware To upgrade remote device firmware: on page 32
Run Script To execute a script on a remote device: on page 33
Set Auto Backup To enable auto backup: on page 31
Manage Report Configs Reports on page 24
Manage Scripts Script on page 33

The following describes actions exclusive to group management:

To view group task status:

You can view the current status of group management actions.

  1. On the Management homepage, click Group Management > Task Status. The Group Task Status displays the group management actions and their statuses. You can click # devices beside the task type to view the devices

that the group management action was applied to.

Templates

You can create device configuration templates and deploy different templates to applicable devices to simplify device management. FortiGate Cloud applies the template to the selected devices.

To create a template:

  1. On the Management homepage, click Group Management > Manage Templates.
  2. Click Create Template.
  3. In the Name field, enter the desired template name.
  4. In the Description field, enter the desired template description.
  5. For Create template based on, select one of the following:
Option Description
In-cloud config copy of sampling device Create a template based on a sample device that has already been added to FortiGate Cloud. Select the desired device from the dropdown list. Only devices from the subaccount selected in Sub Account are available.
Platform and version Create a template based on a specific FortiGate or FortiWifi platform and FortiOS version.
Config file Create a template based on a configuration file. You must upload a .conf file.
  1. For Feature set, select the desired features.
  2. For Sub Account, select the desired sub account for this template.
  3. Click Apply.

To apply a template to devices:

  1. On the Management homepage, select the desired devices
  2. Click Group Management > Use Templates.
  3. In the Use Templates dialog, select the desired template. The dialog only shows templates applicable for the current selected devices.
  4. Click Apply. FortiGate Cloud applies the template to the selected devices.

To revoke templates from devices:

  1. On the Management homepage, select the desired devices.
  2. Click Group Management > Un-use Templates.
  3. Click Apply. FortiGate Cloud revokes the templates from the selected devices.

To edit a template:

  1. On the Management homepage, go to Group Management > Manage Templates.
  2. Click the Edit icon for the desired template.
  3. For a template that has already been applied to devices, you can configure device-specific settings:
    1. Go to the desired configuration page, then expand Device Specific Settings.
    2. Click Create New.
    3. In the New Device Specific Settings dialog, select the desired device’s serial number from the SN dropdown list.
    4. To configure a device-specific setting, enable Override Template Setting, then configure the desired option. Otherwise, FortiGate Cloud applies the template setting to the device. Click OK.

The example configures a device-specific setting for the time zone using Cape Verde Island time, which differs from the template setting, which uses Jerusalem time.

 

FortiGate Cloud – Inventory

Inventory

Inventory displays a centralized inventory of all FortiGate and FortiWifi devices from all FortiGate Cloud instances in a domain group, regardless of datacenter. For example, if you are accessing Inventory from the European datacenter, you will see the inventory of a connected FortiGate Cloud instance from the global datacenter.

Inventory is divided into tabs: FortiGate Inventory, FortiCare Inventory, FortiGate Cloud Deployed, and FortiManager Deployed. You can filter each list by searching for the device serial number in the SN searchbar or selecting the desired bulk key from the Bulk Key dropdown list.

FortiGate Inventory

FortiGate Inventory displays the inventory of all FortiGate and FortiWifi devices imported by FortiCloud key or bulk key to FortiGate Cloud, including each device’s subscription status. The inventory provides a centralized view of all devices imported into the Europe and global services. From here, you can deploy devices to FortiGate Cloud or FortiManager, if configured. You can also delete an imported device from the inventory.

To deploy devices to FortiGate Cloud:

  1. On the homepage, go to Inventory.
  2. Select the desired devices.
  3. Click Deploy to FortiGate Cloud.
  4. In the Deploy to FortiGate Cloud dialog, if you have enabled multitenancy, configure the following options:
Option Description
Sub Account Select the desired subaccount to add the devices to.
Task Name Enter the desired task name.
Template From the dropdown list, select the desired template. This dialog only displays templates applicable for the selected devices. If you select a template, this enables configuration management for the devices. For details on creating and configuring a template, see Templates on page 47.
Auto Upgrade Firmware to Match Template Version Enable to automatically upgrade FortiOS on these devices to the template version, if the template FortiOS version is newer. Ensure that you review the FortiOS Upgrade Path to ensure that upgrade is supported before enabling this option.
  1. Configure the timezone for the selected devices.
  2. Click Deploy. These devices are deployed to FortiGate Cloud, and you can now access them on the FortiGate Cloud Deployed

To deploy a device to FortiManager:

  1. On the homepage, go to Inventory.
  2. From the Deploy to FortiManager dropdown list, select FortiManagerSetup .

Inventory

  1. In the FortiManagerSetup dialog, enter the desired FortiManager IP address/FQDN and serial number. Click Submit.
  2. Select the desired devices.
  3. Click Deploy to FortiManager.
  4. Click Deploy. These devices are deployed to FortiManager, and you can now view their serial numbers on the FortiManagerDeployed Once deployed to FortiManager, FortiGate Cloud has no control over the device. You cannot manage the device in FortiGate Cloud until you set central management back to FortiGate Cloud.

To delete a device from inventory:

  1. On the homepage, go to Inventory.
  2. Select the desired devices.
  3. Click Delete.
  4. In the confirmation dialog, click YES.

FortiCare Inventory

FortiCare Inventory displays the devices that are registered to FortiCare under the account’s primary administrator email address. Only the primary administrator can view and deploy these devices from the FortiCare Inventory to FortiGate Cloud. To deploy FortiCare devices to FortiGate Cloud, follow the instructions described in To deploy devices to FortiGate Cloud: on page 40, from the FortiCare Inventory tab.

FortiGate Cloud Deployed and FortiManager Deployed

The FortiGate Cloud Deployed and FortiManagerDeployed tabs displays all FortiGate and FortiWifi devices deployed to FortiGate Cloud and FortiManager, respectively. The tabs also display the devices’ subscription statuses and the date and time that they were deployed to FortiGate Cloud or FortiManager. Click a device serial number to access Analysis, Management, and SandBox functions for that device.

The FortiGate Inventory tab provides a centralized view of all devices imported into the Europe and global services. However, after you deploy a FortiGate to FortiGate Cloud, you can only view the FortiGates deployed to the service that you are currently logged in to on the FortiGate Cloud Deployed tab. For example, if you are currently logged in to the Europe service, the FortiGate Cloud Deployed tab only displays FortiGates deployed to the FortiGate Cloud Europe service.

FortiGate Cloud – SandBox

SandBox

FortiSandbox Cloud is a service that uploads and analyzes files that FortiGate AV marks as suspicious.

In a proxy-based AV profile on a FortiGate, the administrator selects Inspect Suspicious Files with FortiGuard Analytics to enable a FortiGate to upload suspicious files to FortiGuard for analysis. Once uploaded, the file is executed and the resulting behavior analyzed for risk. If the file exhibits risky behavior or is found to contain a virus, a new virus signature is created and added to the FortiGuard AV signature database. The next time the FortiGate updates its AV database it will have the new signature. The turnaround time on Cloud SandBoxing and AV submission ranges from ten minutes (automated SandBox detection) to ten hours (if FortiGuard Labs is involved).

FortiGuard Labs considers a file suspicious if it exhibits some unusual behavior, yet does not contain a known virus (the behaviors that FortiGate Cloud Analytics considers suspicious change depending on the current threat climate and other factors).

The FortiGate Cloud console enables administrators to view the status of any suspicious files uploaded: Pending, Clean, Malware, or Unknown. The console also provides data on time, user, and location of the infected file for forensic analysis. SandBoxing is available in both free and paid FortiGate Cloud subscriptions.

You can view the FortiSandbox Cloud Service Description for details.

The SandBox tab collects information that the FortiSandbox Cloud service compiles. FortiSandbox Cloud submits files to FortiGuard for threat analysis. You can configure your use of the service and view analyzed files’ results.

You must enable Cloud SandBoxing on the FortiGate and submit a suspicious file for the SandBox tab to become visible.

The SandBox homepage provides the following information about devices. You can select a device’s serial number or name to access SandBox tools for that device:

  • Model/serial number l Fortinet product type l Firmware version
  • Status (If the device is connected through a management tunnel) l Service the device is currently active in l Last compiled report and last log uploaded l Subscription expiry date

You can use the gear icon to access additional functions:

To undeploy the FortiGate:

  1. Click the Config icon for the desired device.
  2. Click Undeploy.
  3. In the confirmation dialog, click YES.
  4. You have the option to place a unit where the FortiGate was deployed. The unit contains historical data and a serial number that starts with U.

To rename the FortiGate:

  1. Click the Config icon for the desired device, then click Rename.
  2. In the Device Name field, enter the desired name. Click Submit.

To set up FortiSandbox:

  1. Go to Security Fabric > Settings and enable SandBox Inspection. Set SandBox type to FortiSandbox Cloud. The associated FortiGate Cloud account appears.
  2. In Security Profiles > AntiVirus, create a profile that has Send Files To FortiSandbox Cloud ForInspection
  3. Create a firewall policy with logging enabled that uses the FortiSandbox-enabled AV profile.
  4. Once devices have uploaded some files to FortiSandbox Cloud, log in to the FortiGate Cloud portal to see the results.

To go to the device list:

You can return to the device list from the Analysis, Management, or Sandbox page for an individual device.

  1. In the upper left corner, click Show Device List.

Dashboard

You can see an overview of the FortiSandbox results on the Dashboard.

The Dashboard contains the following widgets:

Widget Description
System Status Quick view of the current state of the AV databases and load.
Top 5 Targeted Hosts (Last 24 Hours) Displays which hosts received the most threats during the last 24 hours.
Scan Result (Today and Past 7 Days) Shows the last eight days of results and their risk levels. You can toggle the display of clean files in the chart by selecting the checkmark in the lower right of the widget.
Top 20 File Types (Last 24 Hours) Displays the most commonly analyzed file types in the last 24 hours of scanning.

Records and On-Demand

Records displays files that your connected device’s AV has flagged as suspicious, which have been uploaded to FortiGate Cloud for FortiGuard analysis. In On-Demand, you can manually upload files for FortiGuard analysis, and view the analysis results. These pages may not appear if you do not have the FortiSandbox Cloud service enabled on the connected device.

You can select an analysis level and click the file names for more information. On-Demand also has an Export option, which allows you to export a CSV or PDF of on-demand results, and Upload File, where you can manually upload a file for analysis.

The maximum file size is 10 MB. The processing time may vary based on the file size.

Setting

In Setting, you can configure FortiSandbox Cloud settings:

  • Enable Alert Setting: to enable alert emails, enter multiple emails (one per line) to receive alerts, and set which severity level triggers sending alert emails.
  • Log Retention: set number of days to retain log data.
  • Malware Package Options and URL Package Options: select the risk level of data that will be automatically submitted to FortiGuard to further antithreat research.

To configure FortiSandbox alert emails:

  1. Go to SandBox > Setting.
  2. Select Enable Alert Setting.
  3. Enter emails into the list to contact in the event of a FortiSandbox alert.
  4. Select the severity levels to trigger an alert.

 

FortiGate Cloud – Management

Management

On the Management tab, you can remotely manage FortiGate and FortiWiFi devices that are connected to the FortiGate Cloud service.

The Management homepage provides the following information about devices. You can select a device’s serial number or name to access management tools for that device:

  • Model/serial number l Fortinet product type l Firmware version
  • Status (If the device is connected through a management tunnel) l Service the device is currently active in l Applied template

You can use the gear icon to access additional functions:

To undeploy the FortiGate:

  1. Click the Config icon for the desired device.
  2. Click Undeploy.
  3. In the confirmation dialog, click YES.
  4. You have the option to place a unit where the FortiGate was deployed. The unit contains historical data and a serial number that starts with U.

To authorize a new account to access the FortiGate’s historical data:

  1. Click the Config icon for the desired device.
  2. Click Authorize New Account.
  3. In the Account ID field, enter the desired account ID.
  4. Click Submit.

To rename the FortiGate:

  1. Click the Config icon for the desired device, then click Rename.
  2. In the Device Name field, enter the desired name. Click Submit.

To go to the device list:

You can return to the device list from the Analysis, Management, or Sandbox page for an individual device.

  1. In the upper left corner, click Show Device List.

You must first enable the management tunnel on your device before you can see any management functions. On the device, run the following CLI commands:

config system central-management set mode backup set type fortiguard

end

Config

In Config, you can access a pared-down version of the remote device’s management interface to configure major features as if you were accessing the device itself. For descriptions of the configuration options, see the FortiOS documentation.

The configuration you see in FortiGate Cloud does not autorefresh. FortiGate Cloud displays a notification if the current local FortiGate configuration differs from the latest configuration uploaded to FortiGate Cloud. You can overwrite the FortiGate Cloud configuration with the current local FortiGate configuration by clicking Import, or merge the two configurations by clicking Merge. If you are merging the configurations and there is a conflict between them (for example, an option is enabled locally on the FortiGate but disabled in FortiGate Cloud), FortiGate Cloud keeps the local FortiGate Cloud configuration for that option. You can then make any changes you want to reflect on the device, and select Deploy to push the configuration to the device.

In the case that your device configuration version does not match the firmware version, FortiGate Cloud may display a Device config version does not match device firmware version message. You can click the Import button to synchronize the configurations.

To deploy cloud configuration to devices:

  1. Go to Management > Config.
  2. Before you edit any settings, click the Import button to retrieve the most up-to-date configuration from the FortiGate Cloud-connected device.
  3. On this page, you have limited access to a pared-down version of the FortiGate interface, allowing you to edit interfaces, routes, policies, etc. Edit the FortiGate configuration as needed.
  4. When you are ready to push your updated configuration back to the device, select Deploy in the upper right.
  5. Wait for the configuration to download to the device. When it completes, a deployment log appears, showing you the changes as they appear in the CLI.

Backup

In Backup, you can back up, Edit, View, Compare (to other revisions), Download, Restore (to device), and Delete revisions. You can filter the revision list by firmware version or created time. You can also search for a specific backup.

To back up the device configuration to the cloud:

  1. Go to Management > Backup.
  2. Select Backup Config in the upper right, and enter the backup revision name. FortiGate Cloud adds the new configuration to the list. By selecting the icons on the right side, you can rename, view, compare, download, restore, and delete configuration files. The compare icon only appears once you have multiple revisions available.

To enable auto backup:

  1. Go to Management > Backup > Auto Backup Setting.
  2. Click Enable Auto Backup. Only setting changes on the FortiGate (locally from the FortiGate or from FortiGate

Cloud) trigger auto backup. You can select one of the following auto back up settings:

Option   Description
Per Session   By default, the session duration is 600 seconds. For example, if you modify

FortiGate settings at 10:00 AM, FortiGate Cloud schedules an auto backup in

600 seconds. If no other setting changes occur within the 600 seconds, FortiGate Cloud performs an auto backup at 10:10 AM. However, if you further modify settings, for example, at 10:05 AM, this resets the timer and FortiGate Cloud schedules an auto backup for 600 seconds after 10:05 AM.

FortiGate Cloud keeps every backup revision for all sessions in one day.

You can only configure an alert email for this option. The alert email does not contain a copy of the backup revision.

Per Day   This option operates the same as PerSession, except that FortiGate Cloud only keeps one latest backup revision per day.
  1. Click Apply.

Upgrade

In Upgrade, you can see the current firmware version installed on the device, and update to newer stable versions if they are available. The upgrade path that FortiGate Cloud displays may differ from the upgrade path that FortiGuard displays.

To upgrade remote device firmware:

  1. Go to Management > Upgrade.
  2. Verify your device’s current firmware version in the upper left before continuing.
  3. If you are concerned about the effects of upgrading or have not upgraded recently, use the Upgrade Path Tool to ensure you are following the recommended upgrade path.
  4. It is recommended to back up your device’s configuration before upgrading, in Management > Backup or in the device’s management interface.
  5. Select an available firmware from the list, and select Upgrade. You can schedule a time and date to perform the remote upgrade. For example, you can schedule it during downtime to minimize disruption. A caution icon may also display to indicate that the upgrade path may not be supported.
  6. Wait for the upgrade to take effect.

Script

In Script, you can create and run script files on connected remote devices to check device status or get bulk configuration information quickly.

To execute a script on a remote device:

  1. Go to Management > Script.
  2. In the upper right, select Add Script.
  3. Enter a name and a description, and the CLI script content that you want to run. Each script is a series of CLI commands, one command per line. Click Submit.
  4. Click the Deploy icon, and select a time to automatically deploy the script to the device.
  5. To cancel the scheduled run, click the Cancel icon next to the scheduled time.
  6. FortiGate Cloud records that script’s output. You can read it by clicking View Result.

 

FortiDeceptor – Introduction

Introduction

FortiDeceptor creates a network of decoy VMs to lure attackers and monitor their activities on the network. When attackers attack decoy VMs, their actions are analyzed to protect the network.

Key features of FortiDeceptor include:

  • Deception OS: Windows, Linux, or SCADA OS images are available to create Decoy VMs. l Decoy VMs: Decoy VMs that behave like real endpoints can be deployed through FortiDeceptor. l Lures: Lures are services, applications, or users added to a Decoy VM to simulate a real user environment.
  • FortiDeceptor Token Package: Install a FortiDeceptor Token Package to add breadcrumbs on real endpoints and lure an attacker to a Decoy VM. Tokens are normally distributed within the real endpoints and other IT assets on the network to maximize the deception surface. Use tokens to influence attackers’ lateral movements and activities. Examples of what you can use in a token include: cached credentials, database connections, network share, data files, and configuration files. l Monitor the hacker’s actions: Monitor Incidents, Events, and Campaign.
  • An Event represents a single action, for example, a login-logout event on a victim host.
  • An Incident represents all actions on a single victim host, for example, a login-logout, file system change, a registry modification, and a website visit on a single victim host.
  • A Campaign represents the hacker’s lateral movement. All related Incidents are a Campaign. For example, an attacker logs on to a system using the credentials found on another system.
  • Log Events: Log all FortiDeceptor system events.

FortiGate Cloud – Event Management

Event Management

In Event Management, you can set up email alerts for specific network structure emergencies, such as FortiGate Cloud losing connection to the device, or the device’s power supply failing. The page defaults to All Events in the left menu, which lists all past emergency events. Select Event Handlers to configure the alert settings.

You can enable events to track by selecting their checkboxes. If you want to receive an alert email when they occur, select the checkbox under Send Alert Email and enter the email address to send the alert email to.

Select the gear icon to configure each Event Handler directly and set the logged severity level and notification frequency.

 

FortiGate Cloud – Reports

Reports

Reports generates custom reports of specific traffic data, and can email them to specified addresses. Select a report to see a list of collected reports of that type. By default, there is a preconfigured Summary Report and a Web Activity Report.

You can Add new reports or Edit existing ones. Both open an editing interface, which allows you to edit the report content and add or remove sections.

To create a custom report:

  1. Go to Analysis > Reports.
  2. Click Add in the upper right, and choose to create a blank report, default Summary or Web Activity Report, copy an existing report, or import an external template. Click Submit.
  3. To add a chart, click the gear icon and select Add Chart.
  4. In the Predefined Chart List dialog, select the desired chart. You can further customize the chart by clicking Customize. Click Save.
  5. Click the gear icon to add Descriptions, and Titles to the current section, or new 1- or 2-column sections.
  6. Click Settings. You can upload a report logo and set the report language.
  7. Click Save.
  8. Select Run, and view the finished report.

To schedule a report:

  1. Go to Analysis > Reports.
  2. Click the desired report from the left pane.
  3. Click Schedule to determine the range of time for which to generate reports: Daily, Weekly or Monthly, and which email to send the reports to. For example, if you want to generate a report for a month of data, you can select

Monthly and FortiGate Cloud will run and send the report once a month. You can also run a report immediately.

To configure report settings:

If you have enabled multitenancy, you can access these options in Group Management > Manage Report Configs.

  1. Go to Analysis > Reports.
  2. Click the desired report from the left pane.
  3. Click Settings. You can upload a report logo and set the report language. Click Submit.

Reports reference

The following provides descriptions of preconfigured reports:

Report Description
DNS The default version of this report displays the following charts:

l Queried Botnet C&C domains and IP addresses l High risk sources l Top queried domains l Top domain lookup block l Top domain lookup timeout

FSBP The default version of this report displays results based on the device’s security rating result:

l Fabric components audited l Score history (industry average and industry range) l Maturity milestones l Achievements and to-do list

The FSBP Dashboard is only available for devices that support the Security Rating feature. If the device does not have any Security Rating results, all charts show no data.

High Bandwidth Application Usage Shows you applications that may affect network performance by using high bandwidth, allowing you to quickly pinpoint high bandwidth usage and violation of corporate policies.

 

Report Description
  This report focuses on peer-to-peer applications (such as BitTorrent, Xunlei,

Gnutella, Filetopia), file sharing and storage applications (such as Onebox, Google Drive, Dropbox, Apple Cloud), and voice/video applications (such as YouTube, Skype, Spotify, Vimeo, Netflix).

You cannot edit this report.

Summary The default version of this report displays the following sections:

l Threat Analysis l Traffic Analysis l Web Activities l VPN Analysis l System Activity

Web Activity The default version of this report displays the following charts:

l Most Visited Web Categories l Most Visited Websites l Most Visited Web Categories and Web Sites l Most Active Web Users l Most Visited Web Sites by Most Active Users l Most Active Users of Most Visited Web Sites

360 Degree Activities Displays the following sections:

l Application Visibility l Web Traffic Analysis l User Behavior Analysis

You cannot edit this report.

Cyber Threat Assessment An enhanced version of the Summary Report. Displays the following sections: l User Productivity l Application Usage l Web Usage

l  Security and Threat Prevention l Application Vulnerability Exploits l Virus Prevention l At-Risk Devices and Hosts l High Risk Application

l  Network Utilization l Bandwidth

You cannot edit this report.