To track instances where users have bypassed these warnings:
Logging: First, ensure that FortiClient logging is appropriately configured to capture web filtering events, especially ones where users choose to bypass warnings.
Navigate to the EMS dashboard.
Look for the relevant logging or reporting section. This might be under "Logging & Reports" or a similar menu.
Configure the EMS to collect logs from the FortiClient installations regarding web filter events.
Once the EMS is collecting the appropriate logs, you can generate reports based on this data.
You might be specifically looking for events where the action was "bypass" or "allow after warning" or a similar event label.
Depending on your EMS version and configuration, you might be able to schedule regular reports or generate them on-demand.
FortiAnalyzer Integration (Optional):
If you have a FortiAnalyzer in your environment, you can forward logs from EMS to FortiAnalyzer.
FortiAnalyzer provides a comprehensive platform for log analysis and reporting, which can help you create detailed reports regarding web filter bypass events.
Alerts: Consider setting up alerts in the EMS for such bypass events. This way, administrators can be immediately notified when such an action occurs.
Review and Update Policies: If you notice that users are frequently bypassing certain categories or specific websites, it might be an opportunity to review your web filtering policies. Maybe there's a legitimate reason users need access to certain sites, or perhaps the category is too broad.
Remember, the exact steps and options might vary depending on the version of EMS you are using and how it's configured. If you're unsure about any step or need detailed guidance, the Fortinet documentation for your specific EMS version or Fortinet's support resources can be valuable.
We use version 7.2.1.0793, and can't find a place to "ensure that FortiClient logging is appropriately configured to capture web filtering events, especially ones where users choose to bypass warnings."?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.