Category Archives: FortiOS 6.2

Text strings – FortiOS 6.2

Text strings

The configuration of a FortiGate is stored in the FortiOS configuration database. To change the configuration, you can use the GUI or CLI to add, delete, or change configuration settings. These changes are stored in the database as you make them. Individual settings in the configuration database can be text strings, numeric values, selections from a list of allowed options, or on/off (enable/disable) settings.

Entering text strings (names)

Text strings are used to name entities in the configuration. For example, the name of a firewall address, the name of an administrative user, and so on. You can enter any character in a FortiGate configuration text string, except the following characters that present cross-site scripting (XSS) vulnerabilities: l (double quote) l & (ampersand) l (single quote) l < (less than) l > (greater than)

Most GUI text string fields make it easy to add an acceptable number of characters and prevent you from adding the XSS vulnerability characters.

You can also use the tree command in the CLI to view the number of characters allowed in a name field. For example, firewall address names can contain up to 64 characters. When you add a firewall address to the GUI, you are limited to entering 64 characters in the firewall address name field. From the CLI you can enter the following tree command to confirm that the firewall address name field allows 64 characters.

config firewall address tree

— [address] –*name (64)

|- uuid

|- subnet

|- type

|- start-ip

|- end-ip

|- fqdn (256)

|- country (3)

|- cache-ttl (0,86400)

|- wildcard

|- comment

|- visibility

|- associated-interface (36)

|- color (0,32)

|- [tags] –*name (65)

+- allow-routing

The tree command output also shows the number of characters allowed for other firewall address name settings. For example, the fully qualified domain name (fqdn) field can contain up to 256 characters.

Entering numeric values

Numeric values set various sizes, rates, addresses, and other numeric values (e.g. a static routing priority of 10, a port number of 8080, an IP address of 10.10.10.1). Numeric values can be entered as a series of digits without spaces or commas (for example, 10 or 64400), in dotted decimal format (for example the IP address 10.10.10.1) or, as in the case of MAC or IPv6 addresses, separated by colons (e.g. the MAC address 00:09:0F:B7:37:00). Most numeric values are standard base 10 numbers, but some fields, such as MAC addresses, require hexadecimal numbers.

Most GUI numeric value fields make it easy to add the acceptable number of digits within the allowed range. CLI help text includes information about allowed numeric value ranges. Both the GUI and the CLI prevent you from entering invalid numbers.

Tables – FortiOS 6.2

Tables

Many of the GUI pages contain tables of information that you can filter to display specific information. Administrators with read and write access can define the filters.

Navigation

Some tables contain information and lists that span multiple pages. Navigation controls appear at the bottom of the page.

Filters

Filters are used to locate a specific set of information or content within multiple pages. These are especially useful in locating specific log entries. The specific filtering options vary, depending on the type of information in the log.

To create a filter, select Add Filter at the top of the page. A list of the available fields for filtering will be shown.

Column settings

Column settings are used to select the types of information displayed on a certain page. Some pages have large amounts of information available and not all content can be displayed on a single screen. Some pages may even contain content that is irrelevant to you. Using column settings, you can choose to display only relevant content.

To view configure column settings, right-click the header of a column and select the columns you wish to view and deselect any you wish to hide. After you have finished making your selections, click Apply (you may need to scroll down the list to do so).

Any changes that you make to the column settings are stored in the unit’s configuration. To return columns to the default state for any given page, right-click any header and select Reset Table.

Copying objects

In tables containing configuration objects, such as the policy table found at Policy & Objects > IPv4 Policy, you have the option to copy an object. This allows you to create a copy of that object, which you can then configure as needed.

You can also reverse copy a policy to change the direction of the traffic impacted by that policy.

To copy an object:

  1. Select that object, then right-click to make a menu appear and select the Copy
  2. Right-click the row in the table that is either above or below where you want the copied object to be placed, select the Paste option and indicate Above or Below.

Reverse cloning works much the same way. Instead of selecting Copy, select Clone Reverse.

Once the policy is copied, you must give it a name, configure as needed, and enable it.

Editing objects

Some tables allow you to edit parts of the configuration directly on the table itself. For example, security features can be added to an existing firewall policy from the policy list by clicking on the plus sign in the Security Profiles column and selecting the desired profiles.

If this option is not immediately available, check to see that the column is not hidden (see Column settings). Otherwise, you must select the object and open the policy by selecting the Edit option found at the top of the page.

Feature Visibility – FortiOS 6.2

Feature Visibility

Feature Visibility is used to control which features are visible in the GUI. This allows you to hide features that are not being used. Some features are also disabled by default and must be enabled in order to configure them through the GUI.

Feature Visibility only alters the visibility of these features, rather than their functionality. For example, disabling web filtering on the Feature Visibility page does not remove web filtering from the FortiGate, but removes the option of configuring web filtering from the GUI. Configuration options will still be available using the CLI.

Enabling/disabling features

Feature Visibility can be found at System > Feature Visibility. Ensure that all features you wish to configure in the GUI are turned on, and that features you wish to hide are turned off. When you have finished, select Apply. Security feature presets

The main security features can be toggled individually, however six system presets (or Feature Sets) are available:

  • NGFW should be chosen for networks that require application control and protection from external attacks. l ATP should be chosen for networks that require protection from viruses and other external threats. l WF should be chosen for networks that require web filtering. l NGFW + ATP should be chosen for networks that require protection from external threats and attacks.
  • UTM should be chosen for networks that require protection from external threats and wish to use security features that control network usage. This is the default setting.
  • Custom should be chosen for networks that require customization of available features (including the ability to select all features).

Dashboard – FortiOS 6.2

Dashboard

The FortiOS Dashboard consists of a Network Operations Center (NOC) view with a focus on alerts. Widgets are interactive. By clicking or hovering over most widgets, the user can see additional information or follow links to other pages.

The dashboard and its widgets include:

  • Multiple dashboard support l VDOM and global dashboards l Widget resize control l Notifications on the top header bar

The following widgets are displayed by default:

Widget Description
System Information The System Information widget lists information relevant to the FortiGate system, including hostname, serial number, and firmware.
Security Fabric The Security Fabric widget displays a visual summary of many of the devices in the Fortinet Security Fabric.
CPU The real-time CPU usage is displayed for different time frames.
Widget Description
Licenses Hovering over the Licenses widget results in the display of status information (and, where applicable, database information) on the licenses for FortiCare Support, Firmware & General Updates, AntiVirus, Web Filtering, Security Rating,

FortiClient, and FortiToken. Note that Mobile Malware is not a separate service in FortiOS 6.0.0. The Mobile Malware subscription is included with the AntiVirus subscription. Clicking in the Licenses widget provides you with links to other pages, such as System > FortiGuard or contract renewal pages.

FortiCloud This widget displays FortiCloud status and provides a link to activate FortiCloud.
Administrators This widget allows you to view: l which administrators are logged in and how many sessions are active (a link directs you to a page displaying active administrator sessions) l all connected administrators and the protocols used by each
Memory Real-time memory usage is displayed for different time frames. Hovering over any point on the graph displays percentage of memory used along with a timestamp.
Sessions Hovering over the Sessions widget allows you to view memory usage data over time. Click on the down arrow to change the timeframe displayed.

Security processing unit, or SPU, percentage is displayed if your FortiGate includes an SPU. Likewise, nTurbo percentage is displayed if supported by your FortiGate.

Bandwidth Hover over the Bandwidth widget to display bandwidth usage data over time. Click on the down arrow to change the timeframe displayed. Bandwidth is displayed for both incoming and outgoing traffic.
Virtual Machine The VM widget (shown by default in the dashboard of a FortiOS VM device) includes:

l License status and type l CPU allocation usage l License RAM usage l VMX license information (if the VM supports VMX)

If the VM license specifies ‘unlimited’ the progress bar is blank. If the VM is in evaluation mode, it is yellow (warning style) and the dashboard shows the number of evaluation days used.

The following optional widgets are also available:

  • FortiView l Host Scan Summary
  • Vulnerabilities Summary l Botnet Activity l HA Status l Log Rate l Session Rate l Security Fabric Score l Advanced Threat Protection Statistics l Interface Bandwidth

Modifying dashboard widget titles

Dashboard widget titles can be modified so that widgets with different filters applied can be easily differentiated. The widget has a default title unless you set a new title.

Syntax

config system admin edit <name> config gui-dashboard config widget edit 9 set type fortiview …

set title “test source by bytes”

end

end

end

Menus – FortiOS 6.2

Menus

If you believe your FortiGate model supports a menu that does not appear in the GUI as expected, go to System > Feature Visibility and ensure the feature is enabled. For more information, see Feature Visibility on page 18.

The GUI contains the following main menus, which provide access to configuration options for most FortiOS features:

Dashboard The dashboard displays various widgets that display important system information and allow you to configure some system options.

For more information, see Dashboard on page 16.

Security Fabric Access the physical topology, logical topology, audit, and settings features of the Fortinet Security Fabric.

For more information, see Security Fabric on page 72.

FortiView A collection of dashboards and logs that give insight into network traffic, showing which users are creating the most traffic, what sort of traffic it is, when the traffic occurs, and what kind of threat the traffic may pose to the network.
Network Options for networking, including configuring system interfaces and routing options.

For more information, see Network Configurations on page 95.

System Configure system settings, such as administrators, FortiGuard, and certificates. For more information, see System Configurations on page 150.
Policy & Objects Configure firewall policies, protocol options, and supporting content for policies, including schedules, firewall addresses, and traffic shapers.

For more information, see Policies and Objects on page 224.

Security Profiles Configure your FortiGate’s security features, including AntiVirus, Web Filtering, and Application Control.

For more information, see Security Profiles on page 280.

VPN Configure options for IPsec and SSL virtual private networks (VPNs).

For more information, see IPsec VPNs on page 412 and SSL VPN on page 571.

User & Device Configure user accounts, groups, and authentication methods, including external authentication and single sign-on (SSO).
WiFi & Switch Controller Configure the unit to act as a wireless network controller, managing the wireless Access Point (AP) functionality of FortiWiFi and FortiAP units.

On certain FortiGate models, this menu has additional features allowing for FortiSwitch units to be managed by the FortiGate.

For more information, see WiFi on page 639.

Log & Report Configure logging and alert email as well as reports.

For more information, see Log and Report on page 718.

Monitor View a variety of monitors, including the Routing Monitor, VPN monitors for both IPsec and SSL, monitors relating to wireless networking, and more.

Differences between models FortiOS 6.2

Differences between models

Not all FortiGates have the same features, particularly entry-level models (models 30 to 90). A number of features on this models are only available in the CLI.

FortiGate models differ principally by the names used and the features available:

  • Naming conventions may vary between FortiGate models. For example, on some models the hardware switch interface used for the local area network is called lan, while on other units it is called internal.
  • Certain features are not available on all models. Additionally, a particular feature may be available only through the CLI on some models, while that same feature may be viewed in the GUI on other models.

If you believe your FortiGate model supports a feature that does not appear in the GUI, go to System > Feature Visibility and confirm that the feature is enabled.

FortiOS 6.2 Logging and Reporting Best Practices

Logging and reporting

The default log device settings must be modified so that system performance is not compromised. The FortiGate unit, by default, has all logging of FortiGate features enabled, except for traffic logging. The default logging location will be either the FortiGate unit’s system memory or hard disk, depending on the model. Units with a flash disk are not recommended for disk logging.

Log management

When the FortiGate unit records FortiGate activity, valuable information is collected that provides insight into how to better protect network traffic against attacks, including misuse and abuse. There is a lot to consider before enabling logging on a FortiGate unit, such as what FortiGate activities to enable and which log device is best suited for your network’s logging needs. A plan can help you in deciding the FortiGate activities to log, a log device, as well as a backup solution in the event the log device fails.

This plan should provide you with an outline, similar to the following:

  • What FortiGate activities you want and/or need logged (for example, security features). l The logging device best suited for your network structure.
  • If you want or require archiving of log files. l Ensuring logs are not lost in the event a failure occurs.

After the plan is implemented, you need to manage the logs and be prepared to expand on your log setup when the current logging requirements are outgrown. Good log management practices help you with these tasks.

Log management practices help you to improve and manage logging requirements. Logging is an ever-expanding tool that can seem to be a daunting task to manage. The following management practices will help you when issues arise, or your logging setup needs to be expanded.

  • Revisit your plan on a yearly basis to verify that your logging needs are being met by your current log setup. For example, your company or organization may require archival logging, but not at the beginning of your network’s lifespan. Archival logs are stored on a FortiGate unit’s local hard drive, a FortiAnalyzer unit, or a FortiCloud server, in increasing order of size.
  • Configure an alert message that will notify you of activities that are important to be aware about. For example: if a branch office does not have a FortiGate administrator, you will need to know at all times that the IPsec VPN tunnel is still up and running. An alert email notification message can be configured to send only if IPsec tunnel errors occur.
  • If your organization or company uses peer-to-peer programs such as Skype or other instant messaging software, use the IM usage dashboard widget or the Executive Summary’s report widget (Top 10 Application Bandwidth Usage Per Hour Summary) to help you monitor the usage of these types of instant messaging software. These widgets can help you in determining how these applications are being used, including if there is any misuse and abuse. Their information is taken from application log messages; however, application log messages should be viewed as well since they contain the most detailed information.
  • Ensure that your backup solution is up-to-date. If you have recently expanded your log setup, you should also review your backup solution. The backup solution provides a way to ensure that all logs are not lost in the event that the log device fails or issues arise with the log device itself.
  • When downloading log messages and viewing them on a computer, the log file will be downloaded like any other file. Log file names contain their log type and date in the name, so it is recommended to create a folder in which to archive your log messages, as they can be sorted easily.

System memory and hard disks

If the FortiGate unit has a hard disk, it is enabled by default to store logs. This also means that you do not have to enable this and configure the settings for logging to the hard disk, but modify these settings so that it is configured for your network logging requirements.

If the FortiGate unit has only flash memory, disk logging is disabled by default, as it is not recommended. Constant rewrites to flash drives can reduce the lifetime and efficiency of the memory. It must be enabled in the CLI under config log disk setting.

For some low-end models, disk logging is unavailable. Check a product’s Feature Matrix for more information. In either case, Fortinet recommends using either a FortiAnalyzer unit or the FortiCloud service.