Fortinet Firewall Live!
Objective:
Explore and understand Fortinet logging, real-time monitoring, and FortiView dashboards. These tools are critical for reviewing activity, troubleshooting, and ensuring policy enforcement is working as expected.
Why This Lab?
Once your firewall is running and filtering traffic, it’s essential to monitor what’s happening on the network:
● Who is accessing what?
● Are your policies and filters working?
● Is there any malware or P2P usage?
● Is bandwidth being misused?
Step 1: Verify Logging is Enabled on Firewall Policies
Step 2: View Logs in Forward Traffic
1. Go to Log & Report > Forward Traffic
2. Filter using:
● Source IP (192.168.1.10)
● Destination URL
● Action (allowed/blocked)
This shows detailed logs: NATed IP, interfaces, policy ID, bytes sent, session duration, etc.
Step 3: View UTM Logs (Web Filter, AV, App Control)
Navigate to:
● Log & Report > Web Filter
● Log & Report > Antivirus
● Log & Report > Application Control
These show which categories, files, and apps were blocked or allowed.
Step 4: Optional: Export Logs for Reporting
1. Go to Log & Report > Log Settings
2. Export to a CSV or configure Syslog/FAZ (DMZ Serveer IP 192.168.2.10) if available. In our case syslog/FAZ is not available in this lab.
Useful for compliance and audits
