Understanding FortiView Settings on FortiManager
FortiView is an integral feature of FortiManager, providing insightful visualizations of network traffic and security events. Configuring FortiView correctly is crucial for optimizing its performance and ensuring accurate data representation. In this guide, we’ll explore how to configure FortiView settings and the purpose behind these configurations.
Configuring FortiView Settings
To access the FortiView settings, use the following CLI command:
config system fortiview setting
Within this context, several configurations can be adjusted to tailor FortiView to your network needs:
- Data Source: The data-source parameter allows you to set the source for FortiView queries. You can choose from:
set data-source {auto | cache-only | log-and-cache}
- auto: Dynamically utilizes data from both hcache and logs.
- cache-only: Exclusively uses data from hcache.
- log-and-cache: Combines data from logs and hcache.
- Application Scanning: Decide whether to include or exclude unscanned applications using the not-scanned apps parameter:
set not-scanned apps {exclude | include}
include is the default setting. Opt for exclude to filter out applications that are never scanned. - IP Resolution: The resolve-ip setting allows the conversion of IP addresses to hostnames:
set resolve-ip {enable | disable}
By default, this is disabled. Enabling it enhances readability by showing hostnames instead of IPs.
To finalize your configuration changes, use:
end
Enhancing FortiView with Auto-Cache
The FortiView auto-cache feature is another powerful tool that optimizes data loading and visualization speeds:
config system fortiview auto-cache
- Aggressive Auto-Cache: You can enable or disable aggressive caching, which can be tailored through:
set aggressive-fortiview {enable | disable}
This is disabled by default. Enabling it can enhance cache performance, especially in high-volume environments. - Incremental Auto-Cache: This option facilitates the gradual caching of data instead of loading everything at once:
set incr-fortiview {enable | disable}
It’s also disabled by default. - Cache Interval: Define how often the cache should refresh using:
set interval
The interval is set in hours, with a default value of 168 hours (one week). - Status: Finally, control the overall status of the auto-cache feature:
set status {enable | disable}
By default, auto-cache is enabled to provide seamless data visualization.
To apply these settings, use:
end
Summary
Proper configuration of FortiView settings in FortiManager ensures you harness the full potential of network traffic analysis and reporting. By understanding and utilizing data source settings and auto-cache options, you can achieve more efficient and accurate insights into your network’s behavior.
For further details, visit the official documentation: FortiManager CLI Reference.