FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
CarlosColombini
Article Id 202112
Description This article describes new SSL logging options that provide more details about those connections.
Scope FortiGate running FortiOS 6.4.0+ and 7.0.1+
Solution

In FortiOS 6.4.0, a new option “set ssl-negotiation-log {enable | disable}” was added to the SSL/SSH profile option set. This new option captures results of unsupported SSL negotiations.

 

To log unsupported SSL negotiation:

config firewall ssl-ssh-profile

    edit <name>

        set ssl-negotiation-log {enable | disable}

    next

end

 

Please see below link for reference:

https://docs.fortinet.com/document/fortigate/6.4.0/new-features/644768/wad-and-proxyd-ssl-logging-im...

 

Starting in FortiOS 7.0.1, new options have been added to the SSL/SSH profile to log server certificate information and TLS handshakes. New fields are added to the UTM SSL logs when these options are enabled.

 

config firewall ssl-ssh-profile

    edit <name>

        set ssl-server-cert-log {enable | disable}

        set ssl-handshake-log {enable | disable}

    next

end


Please see below link for reference:

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/183724/enhance-tls-logging-7-0-1

https://docs.fortinet.com/document/fortigate/7.0.1/fortios-log-message-reference/172065/whats-new

 

The latest options added to FortiOS 7.0.1 are particularly helpful if customer needs further details for reporting purposes, such as TLS version, Key Exchange, SNI, SAN, Certificate Issuer.

The new fields are added to the raw logs, which can also be displayed on GUI. To be able to see those new fields on GUI, navigate to “Log & Report”, select SSL, then hover over the title row and click on the gear icon to customize columns as shown in the image below.

CarlosColombini_0-1640710617221.png

 

 

Note: 
Those new fields were also added to Forti Analyzer in firmware version 7.0.1, hence data for those fields will only be parsed and populated on Log Viewer if firmware of FAZ is running at least 7.0.1.

Contributors