Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Created on ‎07-09-2023 01:58 AM

security rating of the FG

hello friends, a question:
I was checking the security rating of the FG and I noticed the following: (image)
I have reviewed each policy identified at that point and they all have the all for sending logs in the Faz. I also checked the log setting and have event logging enabled.
What is the problem? I don't understand what this failed rating refers to. Could you help me with that clarification please? since I don't understand.Screenshot_4.jpg

 

 If I disable the usb option as indicated by the security rating, will it generate any impact on my network?

Screenshot_5.jpg

 

Is there a way to correct this point? since within the options there is not ssl vpn only dmz, lan or wan.

Screenshot_6.jpg

 

Labels:
566
0 Kudos
4 REPLIES 4
srajeswaran
Staff
Staff

Created on ‎07-09-2023 02:13 AM

Hi @unknown1020 


Below are the possible answers.

For the audit log settings, please make sure you have enabled "Generate Logs when Session Starts" as below

image.png

Regarding USB auto configuration, it is a feature that can be utilized to manage a device when there is no technical person available on site to connect to configure/upgrade. if the device is in managed location, you can disable this feature.
Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firmware-Upgrade-and-Configuration-Restore...

Regarding SSL VPN interface, the best option would be WAN side classification.



Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
558
0 Kudos
unknown1020
New Contributor III
In response to srajeswaran

Created on ‎07-09-2023 08:37 AM

thanks my friend

528
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎07-09-2023 04:58 AM

Regarding "Generate Logs when Session Starts", you will find this option in the WebGUI only on bigger models, usually with internal storage. But still, you can enable this kind of logging if you add this option

 

set logtraffic-start enable

 

in every policy. So, it's not a general option but available in every security policy.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
541
0 Kudos
unknown1020
New Contributor III
In response to ede_pfau

Created on ‎07-09-2023 08:37 AM

thanks my friend for you comment

527
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.