Created on 09-09-2022 08:29 AM Edited on 04-30-2024 04:44 PM By chall_FTNT
Description
This article describes how to configure FortiGate and FortiAnalyzer to resolve the IPs to hostname in FortiView.
When on FortiGate under the 'FortiView' section, 'Source IP Hostname' is visible. However, on FortiAnalyzer, information is only in the IP address format. To make it visible on the FortiAnalyzer side as well, make sure the following configuration has been made on both FortiGate and FortiAnalyzer.
Scope
FortiGate, FortiAnalyzer.
Solution
config log gui-display
set resolve-hosts enable | disable
end
This must not be confused with the following command, as this is a different option in FortiGate:
config log setting
set resolve-ip enable | disable
end
This can be verified by enabling this option in the CLI while it is disabled on GUI and checking if it will be enabled on GUI as well.
For example:
As seen on the CLI, this option is enabled, even if Resolve Hostname is disabled:
But the following is disabled, matching the GUI setting:
Enable hostname resolution in CLI.
config system log settings
set dns-resolve-dstip enable
end
config system fortiview setting
set resolve-ip enable
end
Enable Resolve hostname to get the same results in Reports.
To get the same info as in the FortiView, one must enable the setting to resolve both source and destination which is only available in GUI per report:
Troubleshooting.
As on every DB rebuild, FortiAnalyzer will flood the DNS below commands can help to troubleshoot the issue
On FortiAnalyzer:
get system dns
diagnose debug enable
diagnose debug application dns 255
Check the DNS resolution flow by using the below command:
diagnose debug sniffer any “port 53” 3 0
On FortiGate:
execute ping www.google.com
execute traceroute www.google.com
Both should return the primary IP address for a given domain.
It is assumed, that the FortiGate unit has a valid private or public DNS configured.
If the public is used, like FortiGuard DNS, then the private hostname will not be resolved.
If the resolution does not work, refer to the following related KB article.
Related article:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.