I have a FG100C. Upgraded it to 5.2.1 a week ago and made sure DB was rebuilt. I'm getting some good reports out of it. FG is still on 4.3.18 but moving to 5.2.2 soon as I'm testing that on duplicate unit. All is working with the exception of the Fortiview-Log View-Traffic screen. Nothing is shown on this now. If I go to Custom View I do see traffic and I can search using different criteria. If I go under Security I can see traffic listed there also. It is as if the screen is corrupted somehow because it doesn't list the packet specific columns at the top. Wondering if anyone else has seen this.
Hi, which browser are you using? Could you post a screenshot to show the corrupted screen?
It looks like page is not fully loaded. Could you clear browser cache and try again or try it on another pc? If you still see this issue, pls open a ticket and post ticket number here.
Thanks,
hz
Ticket #1323299
Update regarding this. Support advised the problem might be caused by us having two FG100Ds, one running 5.2.2 and the other 4.3.18. Apparently if you have different firmware FGs logging to one FAZ, you should have VDOMs setup per firmware type. We were running it this way to test before cutting over to the FG running 5.2.2. So I finally decided to format the boot device on the FAZ and reload the 5.2.1 FAZ firmware. This worked but it did not format the log partition and the problem remained. So I copied all of the logs off the FAZ (which took forever) and then formatted the log partition also.
This fixed the problem with the column headers in the traffic logs not displaying but problems remain.
1. It does not seem like all traffic is being logged.
2. Real-time traffic display does not work.
3. Content does not display.
4. Lots of traffic is marked as "Not.Scanned" trying to figure out why.
I have found that even though it is supported, the 5.2 build of the FAZ really needs the 5.2 log format from the FG to produce useful info. Once that is done and you enable the right filter options (boy is that a challenge in 5.2 (way too much cli involved), you can see some nice info about the top applications and top cloud apps. If SSL Scanning is enabled (also takes extra work) you can see the file names that people are sending via Gmail and Outlook. It also records the names of the videos people are watching on Youtube.
I am finding that FG 5.2 while mostly accurate, is not detecting some apps correctly and in some circumstances displays bogus icons or mismatched, for example the icon for ICQ is displayed for Facebook. 5.2 has nice new features but you should make sure to test it thoroughly before upgrading so you will understand how it operates differently from 4.3.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.