FortiOS 5.6.1 - Logging to disk Disabled?!

myrdin · ‎08-02-2017

Hi,

i have 2 new units (FG100E) which i am trying to run 5.6.1. It looks like the local disk is disabled for logging, so i have like 2-3 seconds worth of logs in memory, no reports and no 24 hours span for Fortiview.

Ideas?

thanks

storaid · ‎08-02-2017

100E has no SSD storage..

http://docs.fortinet.com/...MTX-561-201707-R22.pdf

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

myrdin · ‎08-02-2017

what??

FG100D is reported NOT to have disk but on 5.2 you can create reports and have 24 hours of logs...

This seems to me a software lock to push people to use the bloody Forticloud

SMabille · ‎08-02-2017

FG100D have disk, FG100E don't (FG101E are disk variant). What is I think scandalous is charging $1000 for a small SSD. (Making the 101E RRP 50% more expensive than 100E).

myrdin · ‎08-02-2017

we might argue where is the system is booting from...

i think this is just stupid and confusing on the fortinet side...since they normally replace 100d with 100e and omit to say they are not exaclty 1:1

myrdin · ‎08-03-2017

I feel the need to apologies but i was pretty pissed off at that time...

anyway, turns out FortiCloud has made huge improvments since last time and it can actually integrate well with 5.6 , so i can actually see older logs even without hard drives.

I will make sure tho i will start selling 101E instead (hope the price different won't be huge)

MikePruett · ‎08-03-2017

Yeah, it wasn't a push to force FortiCloud though. Logging to disk is no bueno in general as it causes premature disk failure. They disabled it on smaller models for that reason.

Newer E model FortiGates have two versions as well. The 0 model is the non disk version (only enough flash for FortiOS). The 1 model is the one with on board storage.

So for example, the FortiGate 60E has no on board storage where as the FortiGate 61E does

Mike Pruett

Fortinet GURU | Fortinet Training Videos

FGTuser · ‎08-06-2017

SMabille wrote:
FG100D have disk, FG100E don't (FG101E are disk variant). What is I think scandalous is charging $1000 for a small SSD. (Making the 101E RRP 50% more expensive than 100E).

SSD version is overpriced and if you log a lot, it will die anyway at some point (in 1-2-3 years).

But what is absolutely ridiculous, you pay more for UTM subscription just because it's percentage of box price.

For the same box, same performance.

FAZ-VM makes much more (not only) financial sense for logging, even with couple of FGT's.

The only issue of non-SSD boxes is missing packet capture. I can't understand, why it's not possible to capture to RAM.

MikePruett · ‎08-06-2017

+1 at a VM FAZ. Awesome bang for the buck instead of doing something like forticloud or a 1 model of the Gate

Mike Pruett

Fortinet GURU | Fortinet Training Videos

bartman10 · ‎08-15-2017

I had a long rant about why they should enable logging to a USB device... but then again that does not make them money $$$ and it only wrecked the internal drives because Fortinet used the cheapest, ****, 3rd shift, B rated, flash from China they could find in those units.

Found it..

https://forum.fortinet.com/tm.aspx?m=135704

These guys keep getting hung up on lack of CPU.. but this is proved to be wrong as many models have had this feature in the past. It was the Wang Lo flash that was the issue.

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!