FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hlngan
Staff
Staff
Article Id 332253
Description This article describes that no incorporating endpoint device data shown in the logs field 'device' even enable extended-utm-log in the log setting on v7.6 with flow mode inspection.
Scope FortiGate
Solution

On v7.6, a new feature has been added in which the Incorporating endpoint device data can be shown on the 'device' field on the web filter UTM logs by enabling the extended-utm-log:

 

config log setting
    set extended-utm-log {enable | disable
end

 

It is necessary to enable the device-identification enabled on the interface to work if  using Flow mode inspection

 

For example:

 

config system interface

    edit "port2"

        set vdom "vdom1"

        set ip 10.1.100.3 255.255.255.0

        set allowaccess ping https ssh snmp http telnet

        set type physical

        set device-identification enable <---------

        set snmp-index 4

    next

end

 

For Proxy mode, device-identification is not needed for the Incorporating endpoint device data. However, if web filtering  is used with flow mode inspection, device-identification needs to be enabled for the Incorporating endpoint device data in the logs to work.

Contributors