I have a 60E running firmware 5.4.4. I am not finding a way to log/view information about SSL VPN connections. My logging is set to "Memory" as I do not have a FortiManager/FortiAnalyzer. I have tried both log settings in the SSL.ROOT IPv4 Policy (Security Events and All Sessions). I have also made sure that "VPN Activity Events" and "User Activity Events" are set in the Log Settings. I have seen on some devices a "User Activity" log which is not present on the 60E. I also do not see a dedicated VPN log. None of my logs (System, Local Traffic, Forward Traffic) have any VPN logging information written to them. I would expect that there would be a way to view this information for auditing purposes.
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have gone ahead and set this up to send logs via Syslog. This captures SSL VPN logins, logoffs and failed logins. It appears the FortiManager/FortiAnalyzer may be the only option on the 60E other than Syslog/SNMP to track successful and failed SSL VPN connections. It would be nice though if this information was available in the GUI.
I have found some additional information on this. Since the 60E doesn't have a hard disk (61E does), the default is to show logs from memory. To save space the default is to only save/show warnings and above. SSL VPN Connections are informational if successful. I have found that if you want to see them in the GUI you can do so if you have "FortiCloud" setup (Free or paid). Once setup, you can change the log settings to display from "FortiCloud" and the SSL VPN Connections can be then viewed under "User Events" and/or "VPN Events" in the GUI.
Dear Netengwi,
You can change the logging severity for memory logging like this:
#config log memory filter
#set severity information
#end
Then your FortiGate unit should store the VPN logs you want to see in the memory and display them as needed. Please do be aware that logging with severity 'information' can use up more memory than logging only events of level 'warning' or above.
I hope this helps!
You should try the Forticloud free account. It retains up to 7 days of logs (the previous cap was 1GB) but it can send a report so you can have something to relay on.
I have a FWF60 and since 5.2 the loging to "disk" was gone. The only options were Cache and Wan Opt, after 5.4 the Wan Opt dissapeared, so, with my 16GB flash space I can only send logs (for free) to Forticloud.
Give it a try, it's something (insert meme here).
Cheers
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.