Description | This article describes that no incorporating endpoint device data shown in the logs field 'device' even enable extended-utm-log in the log setting on v7.6 with flow mode inspection. |
Scope | FortiGate |
Solution |
On v7.6, a new feature has been added in which the Incorporating endpoint device data can be shown on the 'device' field on the web filter UTM logs by enabling the extended-utm-log:
config log setting
It is necessary to enable the device-identification enabled on the interface to work if using Flow mode inspection
For example:
config system interface edit "port2" set vdom "vdom1" set ip 10.1.100.3 255.255.255.0 set allowaccess ping https ssh snmp http telnet set type physical set device-identification enable <--------- set snmp-index 4 next end
For Proxy mode, device-identification is not needed for the Incorporating endpoint device data. However, if web filtering is used with flow mode inspection, device-identification needs to be enabled for the Incorporating endpoint device data in the logs to work. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.