Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate 60E SSL VPN Connection Logging

I have a 60E running firmware 5.4.4.  I am not finding a way to log/view information about SSL VPN connections.  My logging is set to "Memory" as I do not have a FortiManager/FortiAnalyzer.  I have tried both log settings in the SSL.ROOT IPv4 Policy (Security Events and All Sessions).  I have also made sure that "VPN Activity Events" and "User Activity Events" are set in the Log Settings.  I have seen on some devices a "User Activity" log which is not present on the 60E.  I also do not see a dedicated VPN log.  None of my logs (System, Local Traffic, Forward Traffic) have any VPN logging information written to them.  I would expect that there would be a way to view this information for auditing purposes.



New Contributor

I have gone ahead and set this up to send logs via Syslog.  This captures SSL VPN logins, logoffs and failed logins.  It appears the FortiManager/FortiAnalyzer may be the only option on the 60E other than Syslog/SNMP to track successful and failed SSL VPN connections.  It would be nice though if this information was available in the GUI.




I have found some additional information on this.  Since the 60E doesn't have a hard disk (61E does), the default is to show logs from memory.  To save space the default is to only save/show warnings and above.  SSL VPN Connections are informational if successful.  I have found that if you want to see them in the GUI you can do so if you have "FortiCloud" setup (Free or paid).  Once setup, you can change the log settings to display from "FortiCloud" and the SSL VPN Connections can be then viewed under "User Events" and/or "VPN Events" in the GUI. 


Dear Netengwi,


You can change the logging severity for memory logging like this:


#config log memory filter

#set severity information



Then your FortiGate unit should store the VPN logs you want to see in the memory and display them as needed. Please do be aware that logging with severity 'information' can use up more memory than logging only events of level 'warning' or above.


I hope this helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
New Contributor III

You should try the Forticloud free account. It retains up to 7 days of logs (the previous cap was 1GB) but it can send a report so you can have something to relay on.


I have a FWF60 and since 5.2 the loging to "disk" was gone. The only options were Cache and Wan Opt, after 5.4 the Wan Opt dissapeared, so, with my 16GB flash space I can only send logs (for free) to Forticloud.


Give it a try, it's something (insert meme here).



Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors