Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

security rating of the FG

hello friends, a question:
I was checking the security rating of the FG and I noticed the following: (image)
I have reviewed each policy identified at that point and they all have the all for sending logs in the Faz. I also checked the log setting and have event logging enabled.
What is the problem? I don't understand what this failed rating refers to. Could you help me with that clarification please? since I don't understand.Screenshot_4.jpg

 

 If I disable the usb option as indicated by the security rating, will it generate any impact on my network?

Screenshot_5.jpg

 

Is there a way to correct this point? since within the options there is not ssl vpn only dmz, lan or wan.

Screenshot_6.jpg

 

4 REPLIES 4
srajeswaran
Staff
Staff

Hi @unknown1020 


Below are the possible answers.

For the audit log settings, please make sure you have enabled "Generate Logs when Session Starts" as below

image.png

Regarding USB auto configuration, it is a feature that can be utilized to manage a device when there is no technical person available on site to connect to configure/upgrade. if the device is in managed location, you can disable this feature.
Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firmware-Upgrade-and-Configuration-Restore...

Regarding SSL VPN interface, the best option would be WAN side classification.



Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

unknown1020

thanks my friend

ede_pfau
Esteemed Contributor III

Regarding "Generate Logs when Session Starts", you will find this option in the WebGUI only on bigger models, usually with internal storage. But still, you can enable this kind of logging if you add this option

 

set logtraffic-start enable

 

in every policy. So, it's not a general option but available in every security policy.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
unknown1020
New Contributor III

thanks my friend for you comment