This article relates to the situation where the VPN report shows blank when ran on a FortiAnalyzer. Also, the datasets do not return any log data even when running the datasets related to the VPN chart.
The reason for this is a design change on FortiAnalyzer datasets. FortiAnalyzer uses VPN logs with action='tunnel-stats' and most of the VPN related datasets use this field to get bandwidth and duration data. If the raw VPN logs being forwarded by the FortiGate devices do not contain the field action='tunnel-stats', then no data will be returned in reports/datasets.
Firmware v5.0.8 and above, and v5.2.0.
The FortiGate should send the 'tunnel-stats' log to FortiAnalyzer. To achieve this it is important to make sure that the FortiGate has the following config set:
config system settings set vpn-stats-log ipsec ssl set vpn-stats-period 300 end
Note: After applying the above change, allow adequate time for the logs to be collected by the FortiAnalyzer before running the report.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.