Category Archives: FortiOS

FortiAnalyzer 5.4 Has Been Released!

Leave a reply

If you are using a FortiAnalyzer in any capacity, go ahead and upgrade to 5.4. You will be thankful!

There are some things you need to take note of though before proceeding:

  • in 5.4, Fortinet changed the raw log / SQL design and support per vdom log file and also quota is now ADOM based, so a rebuild of SQL db is needed.

What’s new in FortiAnalyzer version 5.4.0

The following is a list of new features and enhancements in FortiAnalyzer version 5.4.0.

  • New GUI look
  • Remote SQL database deprecated
  • Device support improvements
  • Log forwarding improvements
  • Log storage improvements
  • Fetch offline logs
  • FortiClient improvements
  • FortiView improvements
  • Reports improvements
  • Others
    • Improved Event Management usability
    • Added Factory Reset option to Event Handler

Introduction

  • Improved Action and Security Action for the Traffic Log
  • Improved HA Conversion efficiency
  • Correlated FortiClient Logs with FortiOS Logs for Application Detection
  • Added logging support for FortiDDoS l JSON API Syntax Validation for Report Configuration
  • Added SSN/Credit DLP Charts
  • PCI DSS Compliance Report
  • Added View Related Logs Option in FortiView
  • Added the ability to clone a chart from report layout
  • Added options for chart import and export l Added CVE Information to FortiView and Reports
  • Supporting EMS Managed Endpoint Logs
  • Support FortiOS Web Application Firewall (WAF) and GTP Logs

Disable SSL VPN Portal

10 Replies

If you are in an environment where you want to make sure that the SSL VPN portal page does NOT show that is fine. You can use the following command to disable the SSL VPN Portal page of a FortiGate

Config VPN SSL Settings
Set sslvpn-enable disable
End

This is commonly used when you are wanting to accept only IPSec tunnels etc to your device. I usually just leave mine up and customize the page to look cool and creative but that is me!

FortiOS 5.4 GUI Hate

Leave a reply

So FortiOS 5.4 has hit GA status which means regular people can download it to their supported devices. The firmware is great on several accounts but one of the items that seems to be getting a ton of backlash is the GUI layout / design. Yes, the default green GUI leaves a lot to be desired when it comes to the aesthetics of the code but that is an easy fix.

  • Login to the FortiGate
  • Go to System
  • Click Settings
  • Select the theme under “View Settings” that you like.

They have a green, blue, red, and of course melongene. My personal favorite is the blue but I see the red getting a lot of use lately. It is really up to you. I personally don’t care about the design quality of the GUI from an aesthetic point of view as long as it does what I need it to do feature and configuration wise.

Oh well. Enjoy the new code!

Logging and Reporting – FortiOS 5.2 Best Practices

13 Replies

Logging and reporting

The default log device settings must be modified so that system performance is not compromised. The FortiGate unit, by default, has all logging of FortiGate features enabled, except for traffic logging. The default logging location will be either the FortiGate unit’s system memory or hard disk, depending on the model. Units with a flash disk are not recommended for disk logging.

Log management

When the FortiGate unit records FortiGate activity, valuable information is collected that provides insight into how to better protect network traffic against attacks, including misuse and abuse. There is a lot to consider before enabling logging on a FortiGate unit, such as what FortiGate activities to enable and which log device is best suited for your network’s logging needs. A plan can help you in deciding the FortiGate activities to log, a log device, as well as a backup solution in the event the log device fails.

This plan should provide you with an outline, similar to the following:

  • What FortiGate activities you want and/or need logged (for example, security features).
  • The logging device best suited for your network structure.
  • If you want or require archiving of log files.
  • Ensuring logs are not lost in the event a failure occurs.

After the plan is implemented, you need to manage the logs and be prepared to expand on your log setup when the current logging requirements are outgrown. Good log management practices help you with these tasks.

Log management practices help you to improve and manage logging requirements. Logging is an ever-expanding tool that can seem to be a daunting task to manage. The following management practices will help you when issues arise, or your logging setup needs to be expanded.

  • Revisit your plan on a yearly basis to verify that your logging needs are being met by your current log setup. For example, your company or organization may require archival logging, but not at the beginning of your network’s lifespan. Archival logs are stored on a FortiGate unit’s local hard drive, a FortiAnalyzer unit, or a FortiCloud server, in increasing order of size.
  • Configure an alert message that will notify you of activities that are important to be aware about. For example: if a branch office does not have a FortiGate administrator, you will need to know at all times that the IPsec VPN tunnel is still up and running. An alert email notification message can be configured to send only if IPsec tunnel errors occur.
  • If your organization or company uses peer-to-peer programs such as Skype or other instant messaging software, use the IM usage dashboard widget or the Executive Summary’s report widget (Top 10 Application Bandwidth Usage Per Hour Summary) to help you monitor the usage of these types of instant messaging software. These widgets can help you in determining how these applications are being used, including if there is any misuse and abuse. Their information is taken from application log messages; however, application log messages should be viewed as well since they contain the most detailed information.
  • Ensure that your backup solution is up-to-date. If you have recently expanded your log setup, you should also review your backup solution. The backup solution provides a way to ensure that all logs are not lost in the event that the log device fails or issues arise with the log device itself.
  • When downloading log messages and viewing them on a computer, the log file will be downloaded like any other file. Log file names contain their log type and date in the name, so it is recommended to create a folder in which to archive your log messages, as they can be sorted easily.

System memory and hard disks

If the FortiGate unit has a hard disk, it is enabled by default to store logs. This also means that you do not have to enable this and configure the settings for logging to the hard disk, but modify these settings so that it is configured for your network logging requirements.

If the FortiGate unit has only flash memory, disk logging is disabled by default, as it is not recommended. Constant rewrites to flash drives can reduce the lifetime and efficiency of the memory. It must be enabled in the CLI under config log disk setting.

For some low-end models, disk logging is unavailable. Check a product’s Feature Matrix for more information. In either case, Fortinet recommends using either a FortiAnalyzer unit or the FortiCloud service.