Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
garyhuxley
New Contributor

Can we see internet activity from users connecting from offsite locations

We use FortiNet products to monitor sites visited from our office network, and we've experienced no problems with that functionality, but sometimes, our staff work from home, and they have to connect to our network using FortiClient.  Is it possible we could be seeing what sites our staff visit from their personal computers at home while they're connected to our network with FortiClient?  And if so, how do we tell the difference?

 

Thanks,

Gary

1 REPLY 1
AtiT
Valued Contributor

Hello Gary,

Welcome to the forum.

 

Sipmle answer is yes, you can do it (in some cases).

But we need to know how the remote clients connect to your network. I mean: are they using SSLVPN with split tunneling enabled or disabled and all the traffic goes through the FortiGate?

 

If the split tunneling is disabled it is very easy to monitor the remote clients. In this case the users have reserved IP address range only for them and policy allowing traffic from ssl interface (probably ssl.root) to the Internet. You will see everything in the logs.

If there is a split tunnel enalbed it means that only your company resources are accessible via FortiGate and other Internet browsing goes directly from the client to the Internet. In this case the FortiGate is not in the middle and will not log everything - only company resources access.

I am not sure whether it is possible to get these data when the split tunneling is enabled. Maybe someone else can help with this - probably endpoint control enabled or some logging feature in the forticlient? I have no experience with this.

AtiT

AtiT
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors