7–day time display

In FortiOS 5.4, the following FortiGate models now support 7-day time display:

• FortiGate 1000D
• FortiGate 1500D
• FortiGate 3700DX
• FortiGate 3700D

The option for 7-day time display, however, can only be configured in the CLI using the following command:

config log setting

set fortiview-weekly-data {enable|disable}

end

FortiGuard Cloud App DB identification

FortiView now recognizes FortiGuard Cloud Application database traffic, which is mainly monitored and validated by FortiFlow, an internal application that identifies cloud applications based on IP, Port, and Protocol. Administrators can potentially use this information for WAN Link Load Balancing, for example.

WHOIS Lookup anchor for public IPv4 addresses

Reverse IP lookup is now possible in FortiOS 5.4. A WHOIS lookup icon is available when you mouse over a public IP address in a FortiView log. If you left-click on the lookup icon, a new tab is opened in your browser for www.networksolutions.com, and a lookup is performed on the selected IP address (this option persists after drilling down one level in FortiView).

Accelerated session filtering on All Sessions page

By default, on a FortiGate unit with NP6 processors, when you enable traffic logging in a firewall policy this also enables NP6 per-session accounting. If you disable traffic logging this also disables NP6 per-session accounting. This behavior can be changed using the following command:

config system np6 edit np6_0

set per-session-accounting {disable | all-enable | enable-by-log}

end

By default, per-session-accounting is set to enable-by-log, which results in per-session accounting being turned on when you enable traffic logging in a policy. This configuration is set separately for each NP6 processor.

When offloaded sessions appear on the FortiView All Sessions console they include an icon identifying them as

NP sessions:

You can hover over the NP icon to see some information about the offloaded sessions. You can also use a FortiASIC Filter to view just the accelerated sessions.

New bandwidth column added to realtime FortiView pages

The FortiView console provides a new bandwidth column that displays information for bandwidth calculated on a per-session level, providing administrators the ability to sort realtime bandwidth usage in descending order.

Visualization support for the Admin Logins page

A useful chart is now generated for Admin login events under FortiView > Admin Logins. You can view the information in either Table View or Timeline View (shown below). In Timeline View, each line represents on administrator, with individual sessions indicated per administrator line. When you hover over a particular timeline, detailed information appears in a tool tip.

Links created between FortiView and View/Create Policy

The Policy column in FortiView consoles and the Log Viewer pages has changed to a link, which navigates to the

IPv4 or IPv6 policy list and highlights the policy.

Right-clicking on a row in FortiView or the Log Viewer has menu items for Block Source, Block Destination and Quarantine Source where appropriate columns are available to determine these values. When multiple rows are selected, the user will be prompted to create a named Address Group to contain the new addresses.

When the user clicks Block Source or Block Destination they are taken to a policy creation page with enough information filled in to create a policy blocking the requested IP traffic.

The policy page will feature an informational message block at the top describing the actions that will be taken. Once the user submits the form, the requisite addresses, groups and policy will be created at once.

If the user clicks on Quarantine User then they will be prompted for a duration. They may also check a box for a

Permanent Ban. The user can manage quarantined users under Monitor > User Quarantine Monitor.

Realtime visualization

In addition to these new visualization options, you can now also enable realtime visualization.

To enable realtime visualization

1. Click on the Settings icon next to the upper right-hand corner and select Auto update realtime visualizations.

An option is displayed to set the Interval (seconds). The maximum value is 300.

2. Enter a desired Interval and click Apply.