Tag Archives: fortiview handbook

FortiView interface

FortiView interface

FortiView lets you access information about the traffic activity on your FortiGate, visually and textually. FortiView is broken up into several consoles, each of which features a top menu bar and a graph window, as seen in the following image:

 

FortiView Application console sorted by Sessions (Blocked/Allowed)

The top menu bar features:

  • a Refresh button, which updates the data displayed,
  • a Filter button, for filtering the data by category,
  • a Settings button (containing additional viewing settings and a link to the Threat Weight menu).
  • a drop-down menu of different views:
  • Time Display (options: now, 5 minutes, 1 hour, or 24 hours),
  • Table View
  • Timeline View
  • Bubble Chart 1
  • Country Map 2

1 For information on the Bubble Chart, refer to Bubble Chart Visualization on page 1157.

2 For more information on the Country Map, refer to Countries on page 1162.

 

 

The FortiView graph

The graph window can be hidden using the X in the top right corner, and re-added by selecting Show Graph. To zoom in on a particular section of the graph, click and drag from one end of the desired section to the other. This will appear in the Time Display options as a Custom selection. The minimum selection size is 60 seconds.

Only FortiGate models 100D and above support the 24 hour historical data.

 

Bubble Chart Visualization

 

Notes about the Bubble Chart:

  • It is possible to sort on the Bubble Chart using the Sort By: dropdown menu.
  • The size of each bubble represents the related amount of data.
  • Place your cursor over a bubble to display a tool-tip with detailed info on that item.
  • You can click on a bubble to drilldown into greater (filtered) detail.

 

Links created between FortiView and View/Create Policy

The Policy column in FortiView consoles and the Log Viewer pages includes a link, which navigates to the IPv4 or IPv6 policy list and highlights the policy.

Right-clicking on a row in FortiView or the Log Viewer has menu items for Block Source, Block Destination and Quarantine Source where appropriate columns are available to determine these values. When multiple rows are selected, the user will be prompted to create a named Address Group to contain the new addresses.

When the user clicks Block Source or Block Destination they are taken to a policy creation page with enough information filled in to create a policy blocking the requested IP traffic.

The policy page will feature an informational message block at the top describing the actions that will be taken. Once the user submits the form, the requisite addresses, groups and policy will be created at once.

If the user clicks on Quarantine User then they will be prompted for a duration. They may also check a box for a Permanent Ban. The user can manage quarantined users under Monitor > User Quarantine Monitor.

 

Visualization support for the Admin Logins page

A useful chart is generated for Admin login events under FortiView > Admin Logins. You can view the information in either Table View or Timeline View (shown below). In Timeline View, each line represents on administrator, with individual sessions indicated per administrator line. When you hover over a particular timeline, detailed information appears in a tooltip.

Configuration Dependencies

Configuration Dependencies

Most FortiView consoles require the user to enable several features to produce data. The following table summarizes the dependencies:

Feature Dependencies (Realtime) Dependencies (Historical)

Sources
None, always supported
Traffic logging enabled in policy

Destinations
None, always supported
Traffic logging enabled in policy

Feature Dependencies (Realtime) Dependencies (Historical)

Interfaces None, always supported Disk logging enabled

Traffic logging enabled in policy

Policies None, always supported Disk logging enabled

Traffic logging enabled in policy

Countries None, always supported Disk logging enabled

Traffic logging enabled in policy

All Sessions None, always supported Traffic logging enabled in policy

Applications None, always supported Disk logging enabled

Traffic logging enabled in policy

Application control enabled in policy

WiFi Clients None, always supported Disk logging enabled

Traffic logging enabled in policy

Cloud Applications Not supported Disk logging enabled
Application control enabled in policy SSL “deep inspection” enabled in policy Deep application inspection enabled in
application sensor

Extended UTM log enabled in application sensor

Web Sites Disk logging enabled

Web Filter enabled in policy

“web-url-log” option enabled in Web Fil- ter profile

Disk logging enabled

Web Filter enabled in policy

“web-url-log” option enabled in Web Filter profile

Feature Dependencies (Realtime) Dependencies (Historical)

Threats
Not supported
Disk logging enabled

Traffic logging enabled in policy

Threat weight detection enabled

Threat Map
None, always supported
Disk logging enabled

Traffic logging enabled in policy

Threat weight detection enabled

FortiSandbox
Not supported
Disk logging enabled

Traffic logging enabled in policy

Failed Authentic- ation
Not supported
Disk logging enabled

System Events
Not supported
Disk logging enabled

Admin Logins
Not supported
Disk logging enabled

VPN
Not supported
Disk logging enabled

Traffic logging enabled in policy

FortiView Feature Support – Platform Matrix

FortiView Feature Support – Platform Matrix

Note that the following table identifies three separate aspects of FortiView in FortiOS 5.2.3:

  • Basic feature support
  • Historical Data
  • Disk Logging
 
Platform Basic Feature Support Disk Logging Historical Data *
 

FG/FWF20C Series

 

a

   
 

FG/FWF30D/40C Series

 

a

   
 

FG/FWF60C Series

 

a

   
 

FG/FWF60D Series

 

a

   
 

FGR60D

 

a

   
 

FG60D

 

a

   
 

FG/FWF80C Series

 

a

   

 

 

 

Platform Basic Feature Support Disk Logging Historical Data *
 

FG80D

 

a

 

a

 

1 hour

 

FG/FWF90D Series

 

a

 

a

 

1 hour

 

FG/FWF92D Series

 

a

   
 

FG110C

 

a

   
 

FG111C

 

a

 

CLI

 

1 hour

 

FG100D Series

 

a

 

a

 

24 hours

 

FG200B Series

 

a

 

#

 

# (24 hours)

 

FG200D Series

 

a

 

a

 

24 hours

 

FG310B

 

a

   

# (24 hours)

 

FG311B

 

a

   

# (24 hours)

 

FG300C

 

a

 

a

 

24 hours

 

FG300D

 

a

 

a

 

24 hours

 

FG500D

 

a

 

a

 

24 hours

 

FG620B

 

a

 

#

 

# (24 hours)

 

FG621B

 

a

 

#

 

# (24 hours)

 

FG600C

 

a

 

a

 

24 hours

 

FG800C

 

a

 

a

 

24 hours

 

FG1000D

 

a

 

a

 

7 hours, 24 hours

 

FG1500D

 

a

 

a

 

7 hours, 24 hours

 

FG1240B

 

a

 

a

 

24 hours

 

FG3016B

 

a

 

#

 

# (24 hours)

 

FG3040B

 

a

 

CLI

 

24 hours

 

FG3140B

 

a

 

CLI

 

24 hours

 

 

Platform Basic Feature Support Disk Logging Historical Data *
 

FG3240C

 

a

 

CLI

 

24 hours

 

FG3600C

 

a

 

CLI

 

24 hours

 

FG3700D/DX

 

a

 

CLI

 

7 hours, 24 hours

 

FG3810A

 

a

 

#

 

# (24 hours)

 

FG3950B

 

a

 

#, CLI

 

# (24 hours)

 

FG3951B

 

a

 

#, CLI

 

# (24 hours)

 

FG5001A

 

a

 

#, CLI

 

# (24 hours)

 

FG5001B

 

a

 

CLI

 

24 hours

 

FG5001C

 

a

 

CLI

 

24 hours

 

FG5001D

 

a

 

CLI

 

24 hours

 

FG5101C

 

a

 

CLI

 

24 hours

 

FS5203B

 

a

 

CLI

 

 

a = Default support.

# = Local storage required.

 

* Refer to section on Historical Data below.

Enabling FortiView

Enabling FortiView

By default, FortiView is enabled on FortiGates running FortiOS firmware version 5.2 and above. You will find the FortiView consoles in the main menu. However, certain options will not appear unless the FortiGate has Disk Logging enabled.

Only certain FortiGate models support Disk Logging. A complete list of FortiGate platforms that support Disk Logging is provided in the matrix below.

 

To enable Disk Logging

1. Go to Log & Report > Log Settings and select the checkbox next to Disk.

2. Apply the change.

 

To enable Disk Logging – CLI

config log disk setting set status enable

end