Enabling FortiView
By default, FortiView is enabled on FortiGates running FortiOS firmware version 5.2 and above. You will find the FortiView consoles in the main menu. However, certain options will not appear unless the FortiGate has Disk Logging enabled.
Only certain FortiGate models support Disk Logging. A complete list of FortiGate platforms that support Disk Logging is provided in the matrix below.
To enable Disk Logging
- Go to Log & Report > Log Settings and select the checkbox next to Disk.
- Apply the change.
To enable Disk Logging - CLI
config log disk setting
set status enable
end
FortiView feature support - platform matrix
Note that the following table identifies three separate aspects of FortiView in FortiOS, which are explained in greater detail below:
Platform |
Basic Feature Support |
Disk Logging |
Historical Data * |
---|---|---|---|
FG/FWF-30D/E Series |
X |
|
|
FG/FWF-50E |
X |
|
|
FG/FWF-51E |
X |
X |
1 hour |
FG-52E |
X |
X |
1 hour |
FG/FWF-60D/E |
X |
|
|
FG-61E |
X |
X |
1 hour |
FG/FWF-70D Series |
X |
|
|
FG-80D |
X |
X |
1 hour |
FG-80E |
X |
|
|
FG-81E |
X |
X |
1 hour |
FG/FWF-90D |
X |
X |
1 hour |
FG-90E |
X |
|
|
FG-91E |
X |
X |
1 hour |
FG/FWF-92D Series |
X |
X |
1 hour |
FG-100D |
X |
X |
24 hours |
FG-100E |
X |
|
|
FG-101E |
X |
X |
24 hours |
FG-200D |
X |
X |
24 hours |
FG-200E |
X |
|
|
FG-201E |
X |
X |
24 hours |
FG-300D |
X |
X |
24 hours |
FG-300E |
X |
|
|
FG-301E |
X |
X |
24 hours |
FG-400E |
X |
|
|
FG-500D |
X |
X |
24 hours |
FG-500E |
X |
|
|
FG-501E |
X |
X |
24 hours |
FG-600D |
X |
X |
24 hours |
FG-600E |
X |
|
|
FG-601E |
X |
X |
24 hours |
FG-800D |
X |
X |
24 hours |
FG-900D |
X |
X |
24 hours |
FG-1000D |
X |
X |
24 hours |
FG-1200D |
X |
X |
24 hours |
FG-1500D |
X |
X |
7 days |
FG-2000E |
X |
X |
7 days |
FG-2500E |
X |
X |
7 days |
FG-3000D |
X |
X |
7 days |
FG-3100D |
X |
X |
7 days |
FG-3200D |
X |
X |
7 days |
FG-3700D/DX |
X |
X |
7 days |
FG-3800D |
X |
X |
7 days |
FG-3810D |
X |
X |
7 days |
FG-3815D |
X |
X |
7 days |
FG-3960E |
X |
X |
7 days |
FG-3980E |
X |
X |
7 days |
FG-5001D |
X |
X |
7 days |
* Refer to section on Historical Data below.
Basic feature support
FortiView's consoles give insight into your user's traffic, not merely showing which users are creating the most traffic, but what sort of traffic it is, when the traffic occurs, and what kind of threat the traffic may pose to the network.
FortiView basic feature support consists of the following consoles:
The complete array of features in FortiView requires disk logging enabled (see below). It includes those consoles listed above as well as the following:
Historical data
Not all consoles have the same available historical data options, depending on whether or not your traffic is locally stored.
Below is a table showing which features are available for units using local storage, including the historical data options.
|
Only FortiGate models 100D and above support the 24 hour historical data. |
Features |
With Local Storage |
Without Local Storage |
||||||
---|---|---|---|---|---|---|---|---|
|
Now |
5 min |
1 hr |
24 hr * |
Now |
5 min |
1 hr |
24 hr |
Sources |
X |
X |
X |
X |
X |
|
|
|
Destinations |
X |
X |
X |
X |
X |
|
|
|
Interfaces |
X |
X |
X |
X |
|
|
|
|
Policies |
X |
X |
X |
X |
|
|
|
|
All Sessions |
X |
X |
X |
X |
X |
|
|
|
Applications |
X |
X |
X |
X |
X |
|
|
|
WiFi Clients |
|
X |
X |
X |
|
|
|
|
Cloud Applications |
X |
X |
X |
X |
X |
|
|
|
Web Sites |
X |
X |
X |
X |
|
|
|
|
Threats |
|
X |
X |
X |
|
|
|
|
Threat Map |
X |
|
|
|
|
|
|
|
FortiSandbox |
|
X |
X |
X |
|
|
|
|
System Events |
|
X |
X |
X |
|
|
|
|
VPN |
|
X |
X |
X |
|
|
|
|
* Not available for desktop models with SSD.
7-day time display
As mentioned previously, certain models support 7-day time display. These models are listed below:
- FortiGate 1000D
- FortiGate 1500D
- FortiGate 3700DX
- FortiGate 3700D
The option for 7-day time display, however, can only be configured in the CLI using the following command:
config log setting
set fortiview-weekly-data {enable|disable}
end
Disk logging
Only certain FortiGate models support Disk Logging (see above).
To enable Disk Logging, go to Log & Report > Log Settings, and select the checkbox next to Disk and apply the change. Some devices will require disk logging to be enabled in the CLI, using the following command:
config log disk setting
set status enable
end
Configuration dependencies
Most FortiView consoles require the user to enable several features to produce data. The following table summarizes the dependencies:
Feature |
Dependencies (Realtime) |
Dependencies (Historical) |
---|---|---|
Sources |
None, always supported |
Traffic logging enabled in policy |
Destinations |
None, always supported |
Traffic logging enabled in policy |
Interfaces |
None, always supported |
Disk logging enabled Traffic logging enabled in policy |
Policies |
None, always supported |
Disk logging enabled Traffic logging enabled in policy |
All Sessions |
None, always supported |
Traffic logging enabled in policy |
Applications |
None, always supported |
Disk logging enabled Traffic logging enabled in policy Application control enabled in policy |
WiFi Clients |
SSID must be in Tunnel mode |
Disk logging enabled Traffic logging enabled in policy SSID must be in Tunnel mode |
Cloud Applications |
Not supported |
Disk logging enabled Application control enabled in policy SSL "deep inspection" enabled in policy Deep application inspection enabled in application sensor Extended UTM log enabled in application sensor |
Web Sites |
Disk logging enabled Web Filter enabled in policy "web-url-log" option enabled in Web Filter profile |
Disk logging enabled Web Filter enabled in policy "web-url-log" option enabled in Web Filter profile |
Threats |
Not supported |
Disk logging enabled Traffic logging enabled in policy Threat weight detection enabled |
Threat Map |
Disk logging enabled Traffic logging enabled in policy Threat weight detection enabled |
Disk logging enabled Traffic logging enabled in policy Threat weight detection enabled |
FortiSandbox |
Not supported |
Disk logging enabled Traffic logging enabled in policy |
System Events |
Not supported |
Disk logging enabled |
VPN |
Not supported |
Disk logging enabled Traffic logging enabled in policy |