- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: FortiView general configuration and...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Description
This article describes how to configure and troubleshoot FortiView.
Solution
FortiView only reflects the traffic passing through the CPU so the first step is to check whether offload is disabled and basic troubleshooting when the logs are not displayed in FortiView.
Log traffic must be enabled in firewall policies:
-Log off & and log on again.
-Refresh the page.
The logs will be shown under log & Report
Notive that the values of bandwidth in FortiView do not correspond exactly to the values passing through the FortiGate.
FortiView only reflects the traffic passing through the CPU so the first step is to check whether offload is disabled.
This issue can be corrected by disabling offloading on the IPv4 Policy:
Enable this option is not recommended to be used for a long time.
Performing this change causes more load to be handled by CPU directly instead of CHIP/NPU.
Which is lead to CPU being over-utilized ending up with network disruption.
This article describes how to configure and troubleshoot FortiView.
Solution
FortiView only reflects the traffic passing through the CPU so the first step is to check whether offload is disabled and basic troubleshooting when the logs are not displayed in FortiView.
Log traffic must be enabled in firewall policies:
# config firewall policyCheck the log settings and select from the following:
edit <Policy_id>
set logtraffic all/utm
end
# config log settingExample:
setendresolve-ip <----- Add resolved domain name into traffic log if possible.
resolve-port <----- Add resolved service name into traffic log if possible.
log-user-in-upper <----- Enable/disable collect log with user-in-upper.
fwpolicy-implicit-log <----- Enable/disable collect firewall implicit policy log.
fwpolicy6-implicit-log <----- Enable/disable collect firewall implicit policy6 log.
log-invalid-packet <----- Enable/disable collect invalid packet traffic log.
local-in-allow <----- Enable/disable collect local-in-allow log.
local-in-deny-unicast <----- Enable/disable collect local-in-deny-unicast log.
local-in-deny-broadcast <----- Enable/disable collect local-in-deny-broadcast log.
local-out <----- Enable/disable collect local-out log.
daemon-log <----- Enable/disable collect daemon log.
neighbor-event <----- Enable/disable collect neighbor event log.
brief-traffic-format <----- Enable/disable use of brief format for traffic log.
user-anonymize <----- Enable/disable anonymize log user name.
expolicy-implicit-log <----- Enable/disable collect explicit proxy firewall implicit policy log.
log-policy-comment <----- Enable/disable insertion of policy comment in to traffic log.
set resolve-ip enableConfigure where the logs will be sent:
# config log memory/disk/fortianalyzer/syslog settingSelect the source of the log information in FortiView:
set status enable
end
# config log gui-displayCheck the severity is set to information, to view all the logs from the lowest level:
set location
memory <----- Display memory log.
disk <----- Display disk log.
fortianalyzer <----- Display FortiAnalyzer log.
forticloud <----- Display FortiCloud log.
end
# config log memory/disk/fortianalyzer/syslog filterExecute the following command to restart the process:
set severity information
set
forward-traffic : enable
local-traffic : enable
multicast-traffic : enable
sniffer-traffic : enable
anomaly : enable
voip : enable
dns : enable
filter :
filter-type : include
#diag sys top 2 50Wait some seconds to verify the PID of miglog, in this example "55".
newcli 2151 R 1.4 1.0Run a log test:
sshd 2149 S 0.4 0.7
httpsd 147 S 0.0 1.6
pyfcgid 2147 S 0.0 1.5
miglogd 55 S 0.0 1.4
#diag sys kill 11 <PID> --> #diag sys kill 11 55
# diag log testTo view the logs in FortiView from the FortiGate GUI either:
-Log off & and log on again.
-Refresh the page.
The logs will be shown under log & Report
Notive that the values of bandwidth in FortiView do not correspond exactly to the values passing through the FortiGate.
FortiView only reflects the traffic passing through the CPU so the first step is to check whether offload is disabled.
This issue can be corrected by disabling offloading on the IPv4 Policy:
# config firewall policyNote:
edit <policy_id>
set auto-asic-offload disable
next
end
Enable this option is not recommended to be used for a long time.
Performing this change causes more load to be handled by CPU directly instead of CHIP/NPU.
Which is lead to CPU being over-utilized ending up with network disruption.
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.