Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bartman10
Contributor

FortiGate Suggestion: Allow Logging to USB

In the past 2-3 years many of my Fortigate devices have lost features due to the removal of internal storage. WAN Acceleration, web cache, logging.. From 90D, 60D, 94D and so on. Many new units also don't come with internal storage 50E. Fortinet, please consider allowing at least logging to a user provided USB device. We could use a USB flash drive or external HD. I understand maybe all 500GB on that HD may not be accessable for logging on say a 30D but something reasonable the device could support would be great!

-It costs Fortinet nothing, and could save Fortinet money.

-Assists in troubleshooting problems with TAC.

-Reduces RMA on devices as only user replaceable USB flash is being used, not affecting internal storage with read/write cycles. -Build loyalty with users like myself by restoring features the unit was sold with.

Users please speak with your sales rep and maybe comment in this post if you'd like to see this feature added.

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track. Over 100 WiFi AP's and growing. FAZ-200D FAC-VM 2 node cluster Friends don't let friends FWF!
2 Solutions
Baptiste

I consider small box are normaly used for only few users and not all UTM stuffs on and hundred VPN.

On my small box (40C) I don't have big CPU usage (high memory usage : yes), I don't think performance will be impact.

And it could be our choice to loose some perf for logging.

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

View solution in original post

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
rcarreras
New Contributor III

You can log to forticloud with internet speed and you can not log to local usb because is going to slow down the firewall? 

View solution in original post

15 REPLIES 15
storaid
Contributor

I think it's impossible for their business policy....XD...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
pcraponi

Fortigate has no CPU dedicated to Log/disk usage. So, the I/O speed of a remote USB/disk will affect all Firewall performance... It's the architecture, not business policy.

 

Others vendors, like Palo Alto (), can do it because they have a "Management Plane" outside of "Dataplane" on hardware architecture.

 

Fortinet try to solve this putting SSD high performance disks in new "D" devices. But only for 100D and higher. On small devices this impact on hardware price (here we can talking about business policy)

 

 

Regards, Paulo Raponi

Regards, Paulo Raponi
bartman10

Pcraponi.. I think you are wrong and can give examples to prove it.. like well.. the 90D.. it has logging to what basically amounts to flash. It just wares out. 

Also look up the 51E.. again has integrated SSD for logging. 

 

I have no idea what you're talking about with your dedicated CPU comment.. but ok.. 

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track. Over 100 WiFi AP's and growing. FAZ-200D FAC-VM 2 node cluster Friends don't let friends FWF!
emnoc
Esteemed Contributor III

 I have to agree pcraponi, no dedicate CPU for logging. Also most of these smaller device will not have NPs or other items, so how much impact on the CPU could be a concern and I wonder how it impacts the  thru-put.

 

So if you enable a heavy amouint of logging or archival, would it impact the   FW? I believe yes.

 

If you take for example a FGT140D and see the process in a heavily logging fw you will see it continously running in some cases. ( R )

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Baptiste

I consider small box are normaly used for only few users and not all UTM stuffs on and hundred VPN.

On my small box (40C) I don't have big CPU usage (high memory usage : yes), I don't think performance will be impact.

And it could be our choice to loose some perf for logging.

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
rcarreras
New Contributor III

You can log to forticloud with internet speed and you can not log to local usb because is going to slow down the firewall? 

storaid

rcarreras wrote:

You can log to forticloud with internet speed and you can not log to local usb because is going to slow down the firewall? 

forticloud is limited service for free and it's not cheap....

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
bartman10

What on earth makes you think logging to usb would be "slow".. god never mind.. 

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track. Over 100 WiFi AP's and growing. FAZ-200D FAC-VM 2 node cluster Friends don't let friends FWF!
storaid

new box like 50E, it's cpu is defintely better than 60D...

Marvell Armada 385 is usually used for NAS application...

IMHO, performance impact is not a good reason I think...

 

if someone means 60D, okay..

I agreed, maybe...

cpu of D box sucks...

but for new E box, I don't think...

 

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
Labels
Top Kudoed Authors