FortiView from disk
FortiView from disk is available on all FortiGates with an SSD disk.
Restrictions
Model |
Supported view |
---|---|
Desktop models (100 series) with SSD | Five minutes and one hour |
Medium models with SSD | Up to 24 hours |
Large models (1500D and above) with SSD |
Up to seven days To enable seven days view: config log setting set fortiview-weekly-data enable end
|
Configuration
A firewall policy needs to be in place with traffic logging enabled. For optimal operation with FortiView, internal interface roles should be clearly defined as LAN. DMZ and internet facing or external interface roles should be defined as WAN.
To configure logging to disk in the GUI:
- Enable disk logging from the FortiGate GUI.
- Go to Log & Report > Log Settings > Local Traffic Log.
- Select the checkbox next to Disk.
- Enable historical FortiView from the FortiGate GUI.
- Go to Log & Report > Log Settings > Local Traffic Log.
- Select the checkbox next to Enable Historical FortiView.
- Click Apply.
To include sniffer traffic and local-deny traffic when FortiView from Disk:
This feature is only supported through the CLI.
config report setting
set report-source forward-traffic sniffer-traffic local-deny-traffic
end
To configure the data source in the GUI:
- Go to Dashboard > Top Sources.
- Select a time range other than now from the drop-down list to view historical data.
- In the top menu, click the dropdown, and select Settings. The Edit Dashboard Widget window opens.
- In the Data Source area, click Specify.
- From the dropdown, select Disk, and click OK.
For information see, FortiView interface.
Troubleshooting
Use execute report flush-cache
and execute report recreate-db
to clear up any irregularities that may be caused by upgrading or cache issues.