Description
This article shows the 'network-visibility' functions that include Destination and Source Country/Region, country flag, and destination hostnames to appear in forward traffic logs.
Scope
FortiGate.
Solution
The 'network-visibility' functions are enabled by default:
config system network-visibility
set destination-visibility enable
set source-location enable
set destination-hostname-visibility enable
set hostname-ttl 86400
set hostname-limit 5000
set destination-location enable
end
Below are the details of each function:
• 'destination-visibility'
Enable destination visibility options (destination-location/ destination-hostname-visibility)
• 'destination-hostname-visibility'
Will display hostnames for links embedded in the visited web page. Host name will show under forward traffic logs in the "Destination" field along with the IP address.
Enable 'Resolve hostnames' under Log & Report -> Log Settings to show the hostname's details.
The following screenshot illustrates the 'destination-hostname-visibility' function:
• 'destination-location'
Enable 'Destination Country/Region' field and destination country "flag" in forward traffic logs.
The following screenshot illustrates the 'destination-location' function:
• 'source-location'
Enable to show 'Source Country/Region' in the logs (the 'reserved' flag will be displayed for internal source).
The following screenshot illustrates the 'source-location' function:
Important note:
- The 'destination-hostname-visibility' requires DNSHelper enabled. If the Helper is removed, this particular function will not work.
- The 'destination-hostname-visibility' learns the IP address for wildcard FQDNs from the DNS traffic passing through the device.
Related article:
Troubleshooting Tip: Wildcard FQDN addresses are not getting populated
