Hi all, my situation is the following, I need to collect web activity logs from all of my users regardless of whether they are in the Office, or at home connected to the VPN, or at home not connected to the VPN.
If I go to my FortiAnalyzer, I only seem to have web activity logs for users when they are in the office, or when they are at home connected to the VPN.
Is there a way to get the web activity logs when they're at home but not connected to the VPN? I thought that because they have the FortiClient, the FCT would collect the web activity logs, pass them to the EMS server via the public IP address, then the EMS would pass them to the FortiAnalyzer, but this doesn't seem to be the case?
Thanks in advance!
have exact same problem. have tried to change web filter profile setting but nothing works. FortiClient 7.0.5 and ems 7.0.4. did you get any solution?
Been in talks with both FAZ & EMS support. EMS support believe that the FAZ needs to have a public IP address.
I was under the impression that the FCT would forward all logs to the EMS (which does have a public IP) then the EMS could forward the logs to the FAZ internally on the LAN. Apparently, this isn't how it works. The FCT will send directly to the FAZ.
I've created a policy using port 514 for the FAZ to be public facing & modified the EMS profile to use the external rather than internal IP of the FAZ.
No idea if this will work, will leave it 24hrs to test.
did the setup work?.are web filter logs now available
Nope, still not working. Fortinet are bouncing me between the FAZ & EMS/FCT Team, neither seems to fully understand how to get this working, which is bemusing as it seems such a simple request.
Hi Team,
Please confirm if you have enabled web filtering under concerned ssl vpn policy of fortigate.
Also, if you scroll down to bottom you can see two options for logging "all sessions and UTM session", please select all sessions.
Please keep us posted
I'm not sure setting anything in FortiGate policies would help in the case of FortiClient (not FortiGate) logging web activity and reporting this directly to FortiGate, no matter if the FortiClient is on-net or not.
Regarding Matthew's setup:
- I don't know your support tickets, so I may just be repeating what other colleagues have already suggested, but I would proceed something like this:
-> verify FortiClient profile (is logging enabled, is upload to FortiAnalyzer enabled)
-> verify that FortiClient is actually generating logs (try to download the local logs, check them to see if they are generated)
-> verify that FortiAnalyzer is reachable on port 514 from the FortiClient
-> verify that FortiClient is trying to reach FortiAnalyzer (packet captures for example)
-> verify that FortiAnalyzer has an EMS ADOM (or a Fabric ADOM) that the clients should log to
I'm now being told that this is a known bug - Bug ID #0799062. Fix is due in 7.0.6, not sure when this is due for release though.
Hey Matthew,
FortiClient 7.0.6 is currently looking to be released around end of June/beginning of July, but there is no fixed date as yet, so this could be subject to change.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.