Hi Osama,

The detail you are after is based on the web filtering on the Fortigate. So a few things to check:-

1. Do you have a valid licence for web filtering?

2. You need to have setup a "web filter" security profile and applied that filter to the policies you want to monitor.

3. When you configure the "web filter" the categories you want to monitor need to be set to "monitor". "block" will be reported (and access to sites prvented), but if you use the default "allow" option on the profile then the web traffic just passes through and will not be "monitored" as you seem to be wanting. There is a default "monitor-all" web filter which you could use on your policies for testing.

You could also check the admin guides- https://docs.fortinet.com/document/fortigate/6.4.4/administration-guide/833698/web-filter describes how to configure and setup the web filter correctly.

I hope that helps you move forward.

Kind Regards,

Andy.

Thanks, Andy Bailey for your response.

Below are my responses to your questions.

1. Do you have a valid license for web filtering?

Yes we have a valid license.

2. You need to have setup a "web filter" security profile and applied that filter to the policies you want to monitor.

Yes, we have a different profile level which is based on users' grade-level like we have Officers, Managers, and Executives, and based on grade level we have to allow and block different web filter categories.

3. When you configure the "web filter" the categories you want to monitor need to be set to "monitor". "block" will be reported (and access to sites prvented), but if you use the default "allow" option on the profile then the web traffic just passes through and will not be "monitored" as you seem to be wanting. There is a default "monitor-all" web filter which you could use on your policies for testing.

We do not have "allow" default to all Web Categories however allow for some categories 

For Example in a Executive, we allow Games, Advertising, Brokerage and Trading and so on and pornography is blocked.

Now my question and observation is that in a report i can see that some sites have higher visits but showing 00h 00m 00s and a long yellow bar what does it mean ? does it means that user visited these sites but blocked therfore it shows 00h 00m 00s ? please correct me.

Hi again Osama,

So for the categories you want to "allow" you need to set them to "monitor".

Have a look at this link from the admin guide:-

https://docs.fortinet.com/document/fortigate/6.4.4/administration-guide/675558/fortiguard-filter

If you set "allow" the the site is allowed but not logged. So you need to use "monitor" for all sites you are wanting to allow and see monitoring for. You can also see in this link that using "monitor" also allows quotas to be set- eg allow a certain limit for the games catgegory (for example).

If sounds like that is the cause of your monitoring issue- and I made the same mistake myself originally. It isn't entirely obvious or intuitive.

If you set "monitor" in the web filter you should see all the web sites being visited reported in the "log & report", "web filter" area. Anything set to "monitor" will be logged and the action will show as "passthrough". Any attempts to access a blocked category will show action as "blocked".

If that is working fine then you should correctly see the browsing times as you expect. The browsing times won't always be 100% accurate (they are probably based on session lenght which may not directly reflect real "browsing" time) but they certainly indicate what your organisation is doing and looking at.

Again, hope that helps you.

Kind Regards,

Andy.