Security Rating notifications are shown on settings pages, which list configuration issues determined by the Security Rating report. You can open the recommendations to see which configuration items need to be fixed. This frees you from going back and forth between the Security Rating page and the specific settings page. Notifications appear either in the gutter, footer, or as a mutable.
There are overlay checks for the following test cases:
- Duplicate policy objects
- NTP is synchronized
- System uptime
- Local log disk space is full
- Certificate expiry date
Notifications can be dismissed in the GUI. Dismissed issues are unique for each administrator. Hashes for dismissed notifications are saved in local storage. If a user clears the local storage, all issues will show up again as not dismissed.
A Security Rating license is required for some of the overlays and associated pages to function. These Security Rating overlays are available on downstream and multi-VDOM FortiGates.
On the Security Fabric > Security Rating page, if there is a failed check on the scorecard, there is a link in the description that takes you to the page to resolve the problem. In this example, there is an issue with the administrator password policy that can be resolved on the System > Settings page.
On the System > Settings page, there is a Security Rating Issues section in the right-side gutter. To dismiss a notification, hover over the issue and click the X beside it. To view dismissed notifications, enable Show Dismissed.
On the Network > Interfaces page, there is a Security Rating Issues section in the table footer. Click Security Rating Issues to view the list of issues. To dismiss a notification, click the X beside it. To view dismissed notifications, click Show Dismissed.
When you click a Security Rating notification, a pop-up appears and the related setting is highlighted in the GUI. The pop-up contains a description of the problem and a timestamp of when the issue was found.
Once an issue is resolved, the notification disappears after the next Security Rating report runs.