Implicit policy remediation with help of FAZ reporting

Hi,
The reports are made to summarize. Instead use the LogView and Download option there.

Best,

Hey atos_network,

I'm not sure what FortiGate firmware version you have, but you could check out the Learn Mode option (this requires both FortiAnalyzer AND FortiManager):

- If the FortiGate (or specific VDOM) is in NGFW mode (policy-based instead of profile-based), then you can enable the learn mode in policies
- this essentially allows all traffic and monitors everything

- this feeds logs to FortiAnalyzer
- FortiManager Policy Analyzer collects the logs from FortiAnalyzer to provide analyse and provide policy recommendations

Learn Mode on FortiGate:
https://docs.fortinet.com/document/fortigate/7.4.6/administration-guide/243446/ngfw-policy#IntroduceLearnMode

If you don't have a FortiManager, depending on your FortiGate firmware version (and if it has disk logging and reporting enabled), you should be able to generate a 'Learning Report' locally.

Is this at least in the direction you're looking for advice?

Regarding reporting on FortiAnalyzer, in principle FortiAnalyzer CAN provide an overview of whatever is logged on the FortiGate. The question is what you mean with 'unique connections'.
You could simply create a report that shows you every single traffic session, or a report that shows you unique source/destination IPs and how many sessions each saw, or you could use one of the webfilter/bandwidth reports to get an overview of what domains saw the most traffic, etc.
A more detailed outline of what you want to see on the report would be helpful :)

Cheers,

Debbie