Enabling FortiView from devices

You can enable FortiView from SSD disk, FortiAnalyzer and FortiGate Cloud.

FortiView from disk

FortiView from disk is available on all FortiGates with an SSD disk.

Restrictions

Model

Supported view

Desktop models (100 series) with SSD

Five minutes and one hour

Medium models with SSD

Up to 24 hours

Large models (1500D and above) with SSD

Up to seven days

To enable seven days view:

config log setting
    set fortiview-weekly-data enable
end

Configuration

A firewall policy needs to be in place with traffic logging enabled. For optimal operation with FortiView, internal interface roles should be clearly defined as LAN. DMZ and internet facing or external interface roles should be defined as WAN.

To configure logging to disk:

config log disk setting

set status enable

end

To include sniffer traffic and local-deny traffic when FortiView from Disk:

config report setting