Fortinet white logo
Fortinet white logo

Administration Guide

Enabling FortiView from devices

Enabling FortiView from devices

You can enable FortiView from SSD disk, FortiAnalyzer and FortiGate Cloud.

FortiView from disk

FortiView from disk is available on all FortiGates with an SSD disk.

Restrictions

Model

Supported view

Desktop models (100 series) with SSD

Five minutes and one hour

Medium models with SSD

Up to 24 hours

Large models (1500D and above) with SSD

Up to seven days

To enable seven days view:

config log setting
    set fortiview-weekly-data enable
end

Configuration

A firewall policy needs to be in place with traffic logging enabled. For optimal operation with FortiView, internal interface roles should be clearly defined as LAN. DMZ and internet facing or external interface roles should be defined as WAN.

To configure logging to disk:

config log disk setting

set status enable

end

To include sniffer traffic and local-deny traffic when FortiView from Disk:

config report setting

set report-source forward-traffic sniffer-traffic local-deny-traffic

end

This feature is only supported through the CLI.

Troubleshooting

Use execute report flush-cache and execute report recreate-db to clear up any irregularities that may be caused by upgrading or cache issues.

Traffic logs

To view traffic logs from disk:
  1. Go to Log & Report, and select either the Forward Traffic, Local Traffic, or Sniffer Traffic views.
  2. In the top menu bar, click Log location and select Disk.

FortiView from FortiAnalyzer

Connect FortiGate to a FortiAnalyzer to increase the functionality of FortiView. Adding a FortiAnalyzer is useful when adding monitors such as the Compromised Hosts. FortiAnalyzer also allows you to view historical information for up to seven days.

Requirements

To configure logging to the FortiAnalyzer, see Configuring FortiAnalyzer

To enable FortiView from FortiAnalyzer:
  1. Go to Dashboard > FortiView Sources.
  2. Select a time range other than Now from the dropdown list to view historical data.
  3. In top menu, click the dropdown, and select Settings. The Edit Dashboard Widget dialog is displayed.
    1. In the Data Source area, click Specify.
    2. From the dropdown, select FortiAnalyzer, and click OK.
    3. All the historical information now comes from the FortiAnalyzer.

      Note

      When Data Source is set to Best Available Device, FortiAnalyzer is selected when available, then FortiGate Cloud, and then FortiGate Disk.

FortiView from FortiGate Cloud

This function requires a FortiGate that is registered and logged into a compatible FortiGate Cloud. When using FortiGate Cloud, the Time Period can be set to up to 24 hours.

To configure logging to FortiGate Cloud, see FortiGate Cloud.

To enable FortiView with log source as FortiGate Cloud:
  1. Go to Dashboard > FortiView Sources.
  2. In the top menu, click the dropdown, and select Settings. The Edit Dashboard Widget window opens.
    1. In the Data Source area, click Specify.
    2. From the dropdown, select FortiGate Cloud, then click OK.

Tooltip

You can select FortiGate Cloud as the data source for all available FortiView pages and widgets.

Enabling FortiView from devices

Enabling FortiView from devices

You can enable FortiView from SSD disk, FortiAnalyzer and FortiGate Cloud.

FortiView from disk

FortiView from disk is available on all FortiGates with an SSD disk.

Restrictions

Model

Supported view

Desktop models (100 series) with SSD

Five minutes and one hour

Medium models with SSD

Up to 24 hours

Large models (1500D and above) with SSD

Up to seven days

To enable seven days view:

config log setting
    set fortiview-weekly-data enable
end

Configuration

A firewall policy needs to be in place with traffic logging enabled. For optimal operation with FortiView, internal interface roles should be clearly defined as LAN. DMZ and internet facing or external interface roles should be defined as WAN.

To configure logging to disk:

config log disk setting

set status enable

end

To include sniffer traffic and local-deny traffic when FortiView from Disk:

config report setting

set report-source forward-traffic sniffer-traffic local-deny-traffic

end

This feature is only supported through the CLI.

Troubleshooting

Use execute report flush-cache and execute report recreate-db to clear up any irregularities that may be caused by upgrading or cache issues.

Traffic logs

To view traffic logs from disk:
  1. Go to Log & Report, and select either the Forward Traffic, Local Traffic, or Sniffer Traffic views.
  2. In the top menu bar, click Log location and select Disk.

FortiView from FortiAnalyzer

Connect FortiGate to a FortiAnalyzer to increase the functionality of FortiView. Adding a FortiAnalyzer is useful when adding monitors such as the Compromised Hosts. FortiAnalyzer also allows you to view historical information for up to seven days.

Requirements

To configure logging to the FortiAnalyzer, see Configuring FortiAnalyzer

To enable FortiView from FortiAnalyzer:
  1. Go to Dashboard > FortiView Sources.
  2. Select a time range other than Now from the dropdown list to view historical data.
  3. In top menu, click the dropdown, and select Settings. The Edit Dashboard Widget dialog is displayed.
    1. In the Data Source area, click Specify.
    2. From the dropdown, select FortiAnalyzer, and click OK.
    3. All the historical information now comes from the FortiAnalyzer.

      Note

      When Data Source is set to Best Available Device, FortiAnalyzer is selected when available, then FortiGate Cloud, and then FortiGate Disk.

FortiView from FortiGate Cloud

This function requires a FortiGate that is registered and logged into a compatible FortiGate Cloud. When using FortiGate Cloud, the Time Period can be set to up to 24 hours.

To configure logging to FortiGate Cloud, see FortiGate Cloud.

To enable FortiView with log source as FortiGate Cloud:
  1. Go to Dashboard > FortiView Sources.
  2. In the top menu, click the dropdown, and select Settings. The Edit Dashboard Widget window opens.
    1. In the Data Source area, click Specify.
    2. From the dropdown, select FortiGate Cloud, then click OK.

Tooltip

You can select FortiGate Cloud as the data source for all available FortiView pages and widgets.