Fortinet black logo

New Features

Home FortiGate / FortiOS 7.0.0 New Features

ZTNA FortiView and log enhancements 7.0.4

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:441091
Download PDF

ZTNA FortiView and log enhancements 7.0.4

The following ZTNA enhancements have been made to FortiView and the log view.

  • Add FortiView ZTNA Servers monitor, which includes options to drill down by Sources, Rules, Real Servers, and Sessions.
  • Add context menu shortcuts on the ZTNA Rules and ZTNA Servers tabs to redirect to the FortiView and log view pages.
  • Replace Log & Report > ZTNA page with Log & Report > ZTNA Traffic page. ZTNA logs now have a traffic type and ZTNA subtype.
  • Add fields to ZTNA traffic logs (accessproxy, vip, gatewayid, clientdevicetags, clientdeviceid, and clientdeviceowner).
To add the ZTNA server monitor:
  1. Go to Dashboard > Status and click Add Monitor (+).
  2. In the FortiView section, click the + beside FortiView ZTNA Servers.
  3. Click Add Monitor. The monitor is added to the tree menu.
To access the ZTNA related monitors and logs using shortcuts:
  1. Go to Policy & Objects > ZTNA and select the ZTNA Rules or ZTNA Servers tab.
  2. Select an entry in the table.
  3. Right-click and select Show in FortiView or Show Matching Logs.

    Redirect from ZTNA Rules tab to FortiView monitor (drilled down to Rules view):

    Redirect to matched logs:

    Redirect from ZTNA Servers tab to FortiView monitor (drilled down to Sources view):

    Redirect to matched logs:

Sample log
3: date=2022-01-17 time=09:38:20 eventtime=1642441100579101836 tz="-0800" logid="0005000024" type="traffic" subtype="ztna" level="notice" vd="root" srcip=192.168.4.119 srcname="DESKTOP-TDD7MND" srcport=55894 srcintf="port4" srcintfrole="undefined" dstcountry="Reserved" srccountry="Reserved" dstip=172.18.62.32 dstport=443 dstintf="root" dstintfrole="undefined" sessionid=580548 service="HTTPS" proto=6 action="deny" policyid=0 policytype="proxy-policy" duration=26 gatewayid=2 vip="ZTNA_S1" accessproxy="ZTNA_S1" clientdeviceid="C7F3ACD19E174AADBB96B2DCF3B75D52" clientdeviceowner="Release_QA" clientdevicetags="FCTEMS8821000000_all_registered_clients/MAC_FCTEMS8821000000_all_registered_clients/MAC_FCTEMS8821000000_ems140_management_tag" msg="Denied: failed to match a proxy-policy" wanin=0 rcvdbyte=0 wanout=0 lanin=3120 sentbyte=3120 lanout=7196 fctuid="C7F3ACD19E174AADBB96B2DCF3B75D52" unauthuser="fosqa" unauthusersource="forticlient" appcat="unscanned" crscore=30 craction=131072 crlevel="high"
Previous
Next

ZTNA FortiView and log enhancements 7.0.4

The following ZTNA enhancements have been made to FortiView and the log view.

  • Add FortiView ZTNA Servers monitor, which includes options to drill down by Sources, Rules, Real Servers, and Sessions.
  • Add context menu shortcuts on the ZTNA Rules and ZTNA Servers tabs to redirect to the FortiView and log view pages.
  • Replace Log & Report > ZTNA page with Log & Report > ZTNA Traffic page. ZTNA logs now have a traffic type and ZTNA subtype.
  • Add fields to ZTNA traffic logs (accessproxy, vip, gatewayid, clientdevicetags, clientdeviceid, and clientdeviceowner).
To add the ZTNA server monitor:
  1. Go to Dashboard > Status and click Add Monitor (+).
  2. In the FortiView section, click the + beside FortiView ZTNA Servers.
  3. Click Add Monitor. The monitor is added to the tree menu.
To access the ZTNA related monitors and logs using shortcuts:
  1. Go to Policy & Objects > ZTNA and select the ZTNA Rules or ZTNA Servers tab.
  2. Select an entry in the table.
  3. Right-click and select Show in FortiView or Show Matching Logs.

    Redirect from ZTNA Rules tab to FortiView monitor (drilled down to Rules view):

    Redirect to matched logs:

    Redirect from ZTNA Servers tab to FortiView monitor (drilled down to Sources view):

    Redirect to matched logs:

Sample log
3: date=2022-01-17 time=09:38:20 eventtime=1642441100579101836 tz="-0800" logid="0005000024" type="traffic" subtype="ztna" level="notice" vd="root" srcip=192.168.4.119 srcname="DESKTOP-TDD7MND" srcport=55894 srcintf="port4" srcintfrole="undefined" dstcountry="Reserved" srccountry="Reserved" dstip=172.18.62.32 dstport=443 dstintf="root" dstintfrole="undefined" sessionid=580548 service="HTTPS" proto=6 action="deny" policyid=0 policytype="proxy-policy" duration=26 gatewayid=2 vip="ZTNA_S1" accessproxy="ZTNA_S1" clientdeviceid="C7F3ACD19E174AADBB96B2DCF3B75D52" clientdeviceowner="Release_QA" clientdevicetags="FCTEMS8821000000_all_registered_clients/MAC_FCTEMS8821000000_all_registered_clients/MAC_FCTEMS8821000000_ems140_management_tag" msg="Denied: failed to match a proxy-policy" wanin=0 rcvdbyte=0 wanout=0 lanin=3120 sentbyte=3120 lanout=7196 fctuid="C7F3ACD19E174AADBB96B2DCF3B75D52" unauthuser="fosqa" unauthusersource="forticlient" appcat="unscanned" crscore=30 craction=131072 crlevel="high"
Previous
Next