Fortinet black logo

Handbook

Enabling FortiView

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:560153
Download PDF

Enabling FortiView

By default, FortiView is enabled on FortiGates running FortiOS firmware version 5.2 and above. You will find the FortiView consoles in the main menu. However, certain options will not appear unless the FortiGate has Disk Logging enabled.

Only certain FortiGate models support Disk Logging. A complete list of FortiGate platforms that support Disk Logging is provided in the matrix below.

To enable Disk Logging
  1. Go to Log & Report > Log Settings and select the checkbox next to Disk.
  2. Apply the change.
To enable Disk Logging - CLI

config log disk setting

set status enable

end

FortiView feature support - platform matrix

Note that the following table identifies three separate aspects of FortiView in FortiOS, which are explained in greater detail below:

Platform

Basic Feature Support

Disk Logging

Historical Data *

FG/FWF-30D/E Series

X

FG/FWF-50E

X

FG/FWF-51E

X

X

1 hour

FG-52E

X

X

1 hour

FG/FWF-60D/E

X

FG-61E

X

X

1 hour

FG/FWF-70D Series

X

FG-80D

X

X

1 hour

FG-80E

X

FG-81E

X

X

1 hour

FG/FWF-90D

X

X

1 hour

FG-90E

X

FG-91E

X

X

1 hour

FG/FWF-92D Series

X

X

1 hour

FG-100D

X

X

24 hours

FG-100E

X

FG-101E

X

X

24 hours

FG-200D

X

X

24 hours

FG-200E

X

FG-201E

X

X

24 hours

FG-300D

X

X

24 hours

FG-300E

X

FG-301E

X

X

24 hours

FG-400E

X

FG-500D

X

X

24 hours

FG-500E

X

FG-501E

X

X

24 hours

FG-600D

X

X

24 hours

FG-600E

X

FG-601E

X

X

24 hours

FG-800D

X

X

24 hours

FG-900D

X

X

24 hours

FG-1000D

X

X

24 hours

FG-1200D

X

X

24 hours

FG-1500D

X

X

7 days

FG-2000E

X

X

7 days

FG-2500E

X

X

7 days

FG-3000D

X

X

7 days

FG-3100D

X

X

7 days

FG-3200D

X

X

7 days

FG-3700D/DX

X

X

7 days

FG-3800D

X

X

7 days

FG-3810D

X

X

7 days

FG-3815D

X

X

7 days

FG-3960E

X

X

7 days

FG-3980E

X

X

7 days

FG-5001D

X

X

7 days

* Refer to section on Historical Data below.

Basic feature support

FortiView's consoles give insight into your user's traffic, not merely showing which users are creating the most traffic, but what sort of traffic it is, when the traffic occurs, and what kind of threat the traffic may pose to the network.

FortiView basic feature support consists of the following consoles:

The complete array of features in FortiView requires disk logging enabled (see below). It includes those consoles listed above as well as the following:

Historical data

Not all consoles have the same available historical data options, depending on whether or not your traffic is locally stored.

Below is a table showing which features are available for units using local storage, including the historical data options.

note icon

Only FortiGate models 100D and above support the 24 hour historical data.

Features

With Local Storage

Without Local Storage

Now

5 min

1 hr

24 hr *

Now

5 min

1 hr

24 hr

Sources

X

X

X

X

X

Destinations

X

X

X

X

X

Interfaces

X

X

X

X

Policies

X

X

X

X

All Sessions

X

X

X

X

X

Applications

X

X

X

X

X

WiFi Clients

X

X

X

Cloud Applications

X

X

X

X

X

Web Sites

X

X

X

X

Threats

X

X

X

Threat Map

X

FortiSandbox

X

X

X

System Events

X

X

X

VPN

X

X

X

* Not available for desktop models with SSD.

7-day time display

As mentioned previously, certain models support 7-day time display. These models are listed below:

  • FortiGate 1000D
  • FortiGate 1500D
  • FortiGate 3700DX
  • FortiGate 3700D

The option for 7-day time display, however, can only be configured in the CLI using the following command:

config log setting

set fortiview-weekly-data {enable|disable}

end

Disk logging

Only certain FortiGate models support Disk Logging (see above).

To enable Disk Logging, go to Log & Report > Log Settings, and select the checkbox next to Disk and apply the change. Some devices will require disk logging to be enabled in the CLI, using the following command:

config log disk setting

set status enable

end

Configuration dependencies

Most FortiView consoles require the user to enable several features to produce data. The following table summarizes the dependencies:

Feature

Dependencies (Realtime)

Dependencies (Historical)

Sources

None, always supported

Traffic logging enabled in policy

Destinations

None, always supported

Traffic logging enabled in policy

Interfaces

None, always supported

Disk logging enabled

Traffic logging enabled in policy

Policies

None, always supported

Disk logging enabled

Traffic logging enabled in policy

All Sessions

None, always supported

Traffic logging enabled in policy

Applications

None, always supported

Disk logging enabled

Traffic logging enabled in policy

Application control enabled in policy

WiFi Clients

SSID must be in Tunnel mode

Disk logging enabled

Traffic logging enabled in policy

SSID must be in Tunnel mode

Cloud Applications

Not supported

Disk logging enabled

Application control enabled in policy

SSL "deep inspection" enabled in policy

Deep application inspection enabled in application sensor

Extended UTM log enabled in application sensor

Web Sites

Disk logging enabled

Web Filter enabled in policy

"web-url-log" option enabled in Web Filter profile

Disk logging enabled

Web Filter enabled in policy

"web-url-log" option enabled in Web Filter profile

Threats

Not supported

Disk logging enabled

Traffic logging enabled in policy

Threat weight detection enabled

Threat Map

Disk logging enabled

Traffic logging enabled in policy

Threat weight detection enabled

Disk logging enabled

Traffic logging enabled in policy

Threat weight detection enabled

FortiSandbox

Not supported

Disk logging enabled

Traffic logging enabled in policy

System Events

Not supported

Disk logging enabled

VPN

Not supported

Disk logging enabled

Traffic logging enabled in policy

Enabling FortiView

By default, FortiView is enabled on FortiGates running FortiOS firmware version 5.2 and above. You will find the FortiView consoles in the main menu. However, certain options will not appear unless the FortiGate has Disk Logging enabled.

Only certain FortiGate models support Disk Logging. A complete list of FortiGate platforms that support Disk Logging is provided in the matrix below.

To enable Disk Logging
  1. Go to Log & Report > Log Settings and select the checkbox next to Disk.
  2. Apply the change.
To enable Disk Logging - CLI

config log disk setting

set status enable

end

FortiView feature support - platform matrix

Note that the following table identifies three separate aspects of FortiView in FortiOS, which are explained in greater detail below:

Platform

Basic Feature Support

Disk Logging

Historical Data *

FG/FWF-30D/E Series

X

FG/FWF-50E

X

FG/FWF-51E

X

X

1 hour

FG-52E

X

X

1 hour

FG/FWF-60D/E

X

FG-61E

X

X

1 hour

FG/FWF-70D Series

X

FG-80D

X

X

1 hour

FG-80E

X

FG-81E

X

X

1 hour

FG/FWF-90D

X

X

1 hour

FG-90E

X

FG-91E

X

X

1 hour

FG/FWF-92D Series

X

X

1 hour

FG-100D

X

X

24 hours

FG-100E

X

FG-101E

X

X

24 hours

FG-200D

X

X

24 hours

FG-200E

X

FG-201E

X

X

24 hours

FG-300D

X

X

24 hours

FG-300E

X

FG-301E

X

X

24 hours

FG-400E

X

FG-500D

X

X

24 hours

FG-500E

X

FG-501E

X

X

24 hours

FG-600D

X

X

24 hours

FG-600E

X

FG-601E

X

X

24 hours

FG-800D

X

X

24 hours

FG-900D

X

X

24 hours

FG-1000D

X

X

24 hours

FG-1200D

X

X

24 hours

FG-1500D

X

X

7 days

FG-2000E

X

X

7 days

FG-2500E

X

X

7 days

FG-3000D

X

X

7 days

FG-3100D

X

X

7 days

FG-3200D

X

X

7 days

FG-3700D/DX

X

X

7 days

FG-3800D

X

X

7 days

FG-3810D

X

X

7 days

FG-3815D

X

X

7 days

FG-3960E

X

X

7 days

FG-3980E

X

X

7 days

FG-5001D

X

X

7 days

* Refer to section on Historical Data below.

Basic feature support

FortiView's consoles give insight into your user's traffic, not merely showing which users are creating the most traffic, but what sort of traffic it is, when the traffic occurs, and what kind of threat the traffic may pose to the network.

FortiView basic feature support consists of the following consoles:

The complete array of features in FortiView requires disk logging enabled (see below). It includes those consoles listed above as well as the following:

Historical data

Not all consoles have the same available historical data options, depending on whether or not your traffic is locally stored.

Below is a table showing which features are available for units using local storage, including the historical data options.

note icon

Only FortiGate models 100D and above support the 24 hour historical data.

Features

With Local Storage

Without Local Storage

Now

5 min

1 hr

24 hr *

Now

5 min

1 hr

24 hr

Sources

X

X

X

X

X

Destinations

X

X

X

X

X

Interfaces

X

X

X

X

Policies

X

X

X

X

All Sessions

X

X

X

X

X

Applications

X

X

X

X

X

WiFi Clients

X

X

X

Cloud Applications

X

X

X

X

X

Web Sites

X

X

X

X

Threats

X

X

X

Threat Map

X

FortiSandbox

X

X

X

System Events

X

X

X

VPN

X

X

X

* Not available for desktop models with SSD.

7-day time display

As mentioned previously, certain models support 7-day time display. These models are listed below:

  • FortiGate 1000D
  • FortiGate 1500D
  • FortiGate 3700DX
  • FortiGate 3700D

The option for 7-day time display, however, can only be configured in the CLI using the following command:

config log setting

set fortiview-weekly-data {enable|disable}

end

Disk logging

Only certain FortiGate models support Disk Logging (see above).

To enable Disk Logging, go to Log & Report > Log Settings, and select the checkbox next to Disk and apply the change. Some devices will require disk logging to be enabled in the CLI, using the following command:

config log disk setting

set status enable

end

Configuration dependencies

Most FortiView consoles require the user to enable several features to produce data. The following table summarizes the dependencies:

Feature

Dependencies (Realtime)

Dependencies (Historical)

Sources

None, always supported

Traffic logging enabled in policy

Destinations

None, always supported

Traffic logging enabled in policy

Interfaces

None, always supported

Disk logging enabled

Traffic logging enabled in policy

Policies

None, always supported

Disk logging enabled

Traffic logging enabled in policy

All Sessions

None, always supported

Traffic logging enabled in policy

Applications

None, always supported

Disk logging enabled

Traffic logging enabled in policy

Application control enabled in policy

WiFi Clients

SSID must be in Tunnel mode

Disk logging enabled

Traffic logging enabled in policy

SSID must be in Tunnel mode

Cloud Applications

Not supported

Disk logging enabled

Application control enabled in policy

SSL "deep inspection" enabled in policy

Deep application inspection enabled in application sensor

Extended UTM log enabled in application sensor

Web Sites

Disk logging enabled

Web Filter enabled in policy

"web-url-log" option enabled in Web Filter profile

Disk logging enabled

Web Filter enabled in policy

"web-url-log" option enabled in Web Filter profile

Threats

Not supported

Disk logging enabled

Traffic logging enabled in policy

Threat weight detection enabled

Threat Map

Disk logging enabled

Traffic logging enabled in policy

Threat weight detection enabled

Disk logging enabled

Traffic logging enabled in policy

Threat weight detection enabled

FortiSandbox

Not supported

Disk logging enabled

Traffic logging enabled in policy

System Events

Not supported

Disk logging enabled

VPN

Not supported

Disk logging enabled

Traffic logging enabled in policy