Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nathan_emerson
New Contributor

Created on ‎10-01-2014 04:33 PM

SOLVED: Limit results for different logons by subnet?

Can anyone let me know if this is possible. We have a 2xFGT800C HA cluster logging to a FAZ 1000D. No VDOMs. A number of different agencies on an internal WAN behind the FGT each on their own subnet/s. Is there a way to create an admin account on the FAZ that will only allow reporting on data from a subnet or set of subnets?
3313
0 Kudos
5 REPLIES 5
emorillo
New Contributor II

Created on ‎10-01-2014 10:03 PM

I don' t think so. I think you would need VDOMS. Assuming a bunch of stuff: Can' t you just set up the reports for them? have them emailed out to the different agencies without giving each of them admin access? Cowboy networking would be to split the HA cluster, have all the traffic go through one of the 800s while you set up the VDOMs in the other FGT, once VDOMs are set and configured to log to the FAZ, move the traffic and recreate the HA cluster.... But you probably have a lot of red tape to go through...
2271
0 Kudos
nathan_emerson
New Contributor

Created on ‎10-01-2014 10:27 PM

I want to go with the generated reports method, but I find now I can' t even get the report filters to work. It' s a brand new FAZ 1000D update to v5.2.0 If I clone a report and add a more than one filter for example policyid=1 OR policyid=2 is only saves the last one in the list and then shows all policies in any case. Same thing with srcaddr. Applying the filter on the individual report components is hit and miss also...
2271
0 Kudos
emorillo
New Contributor II

Created on ‎10-02-2014 06:36 AM

did you try using commas for the OR: 2,3,4 ? From one of my old posts: - In FAZ I spent hours figuring out how to use the srcip/user filter so here, don' t waste your time like me, to search for IP ranges use: 1.1.*.*, 2.2.3.*, 3.*.*.194 (etc, don' t forget the commas)
Preview file
24 KB
2271
0 Kudos
wxhuFTNT
Staff
Staff

Created on ‎10-02-2014 11:01 AM

For report filter: policyid Equal To 6,7,8,9, in SQL query, it will become: (" policyid" ) IN (6, 7, 8, 9), so this filter should work.
2271
0 Kudos
nathan_emerson
New Contributor

Created on ‎10-06-2014 03:08 PM

Thanks emorillo and wxhuFTNT, I worked it through a support ticket and came to the same result, only just made it back to the forum to follow up.
2271
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.