Enabling FortiView from devices
You can enable FortiView from SSD disk, FortiAnalyzer and FortiGate Cloud.
FortiView from disk
FortiView from disk is available on all FortiGates with an SSD disk.
Restrictions
Model |
Supported view |
---|---|
Desktop models (100 series) with SSD |
Five minutes and one hour |
Medium models with SSD |
Up to 24 hours |
Large models (1500D and above) with SSD |
Up to seven days To enable seven days view: config log setting set fortiview-weekly-data enable end |
Configuration
A firewall policy needs to be in place with traffic logging enabled. For optimal operation with FortiView, internal interface roles should be clearly defined as LAN. DMZ and internet facing or external interface roles should be defined as WAN.
To configure logging to disk:
config log disk setting
set status enable
end
To include sniffer traffic and local-deny traffic when FortiView from Disk:
config report setting
set report-source forward-traffic sniffer-traffic local-deny-traffic
end
This feature is only supported through the CLI.
Troubleshooting
Use execute report flush-cache
and execute report recreate-db
to clear up any irregularities that may be caused by upgrading or cache issues.
Traffic logs
To view traffic logs from disk:
- Go to Log & Report, and select either the Forward Traffic, Local Traffic, or Sniffer Traffic views.
- In the top menu bar, click Log location and select Disk.
FortiView from FortiAnalyzer
Connect FortiGate to a FortiAnalyzer to increase the functionality of FortiView. Adding a FortiAnalyzer is useful when adding monitors such as the Compromised Hosts. FortiAnalyzer also allows you to view historical information for up to seven days.
Requirements
- A FortiGate or FortiOS
- A compatible FortiAnalyzer (see Compatibility with FortiOS)
To configure logging to the FortiAnalyzer, see Configuring FortiAnalyzer
To enable FortiView from FortiAnalyzer:
- Go to Dashboard > FortiView Sources.
- Select a time range other than Now from the dropdown list to view historical data.
- In top menu, click the dropdown, and select Settings. The Edit Dashboard Widget dialog is displayed.
- In the Data Source area, click Specify.
- From the dropdown, select FortiAnalyzer, and click OK.
All the historical information now comes from the FortiAnalyzer.
When Data Source is set to Best Available Device, FortiAnalyzer is selected when available, then FortiGate Cloud, and then FortiGate Disk.
FortiView from FortiGate Cloud
This function requires a FortiGate that is registered and logged into a compatible FortiGate Cloud. When using FortiGate Cloud, the Time Period can be set to up to 24 hours.
To configure logging to FortiGate Cloud, see Configuring FortiGate Cloud.
To enable FortiView with log source as FortiGate Cloud:
- Go to Dashboard > FortiView Sources.
- In the top menu, click the dropdown, and select Settings. The Edit Dashboard Widget window opens.
- In the Data Source area, click Specify.
- From the dropdown, select FortiGate Cloud, then click OK.
You can select FortiGate Cloud as the data source for all available FortiView pages and widgets. |