Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
atravel
New Contributor III

Web filter reporting

We are using Web filtering in EMS. Is there a way to get a report of where someone click pass the warning about a bad site? 

1 Solution
atravel
New Contributor III

I put in a support ticket. 

View solution in original post

6 REPLIES 6
Jean-Philippe_P
Moderator
Moderator

Hello atravel,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

 

Thanks,

Jean-Philippe - Fortinet Community Team
atravel
New Contributor III

I am still looking for an answer. 

spoojary
Staff
Staff

To track instances where users have bypassed these warnings:

  1. Logging: First, ensure that FortiClient logging is appropriately configured to capture web filtering events, especially ones where users choose to bypass warnings.

  2. EMS Configuration:

    • Navigate to the EMS dashboard.
    • Look for the relevant logging or reporting section. This might be under "Logging & Reports" or a similar menu.
    • Configure the EMS to collect logs from the FortiClient installations regarding web filter events.
  3. Generate Reports:

    • Once the EMS is collecting the appropriate logs, you can generate reports based on this data.
    • You might be specifically looking for events where the action was "bypass" or "allow after warning" or a similar event label.
    • Depending on your EMS version and configuration, you might be able to schedule regular reports or generate them on-demand.
  4. FortiAnalyzer Integration (Optional):

    • If you have a FortiAnalyzer in your environment, you can forward logs from EMS to FortiAnalyzer.
    • FortiAnalyzer provides a comprehensive platform for log analysis and reporting, which can help you create detailed reports regarding web filter bypass events.
  5. Alerts: Consider setting up alerts in the EMS for such bypass events. This way, administrators can be immediately notified when such an action occurs.

  6. Review and Update Policies: If you notice that users are frequently bypassing certain categories or specific websites, it might be an opportunity to review your web filtering policies. Maybe there's a legitimate reason users need access to certain sites, or perhaps the category is too broad.

Remember, the exact steps and options might vary depending on the version of EMS you are using and how it's configured. If you're unsure about any step or need detailed guidance, the Fortinet documentation for your specific EMS version or Fortinet's support resources can be valuable.

Siddhanth Poojary
atravel
New Contributor III

We use version 7.2.1.0793, and can't find a place to "ensure that FortiClient logging is appropriately configured to capture web filtering events, especially ones where users choose to bypass warnings."?

atravel
New Contributor III

I put in a support ticket.