Helpful ReplyHot!FortiGate Suggestion: Allow Logging to USB

Author
bartman10
Silver Member
  • Total Posts : 88
  • Scores: 18
  • Reward points: 0
  • Joined: 2014/05/01 18:22:38
  • Status: offline
2016/03/23 14:39:29 (permalink)
5 (3)

FortiGate Suggestion: Allow Logging to USB

In the past 2-3 years many of my Fortigate devices have lost features due to the removal of internal storage. WAN Acceleration, web cache, logging.. From 90D, 60D, 94D and so on. Many new units also don't come with internal storage 50E. Fortinet, please consider allowing at least logging to a user provided USB device. We could use a USB flash drive or external HD. I understand maybe all 500GB on that HD may not be accessable for logging on say a 30D but something reasonable the device could support would be great!
-It costs Fortinet nothing, and could save Fortinet money.
-Assists in troubleshooting problems with TAC.
-Reduces RMA on devices as only user replaceable USB flash is being used, not affecting internal storage with read/write cycles. -Build loyalty with users like myself by restoring features the unit was sold with.
Users please speak with your sales rep and maybe comment in this post if you'd like to see this feature added.

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
#1
storaid
Platinum Member
  • Total Posts : 760
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/03/24 03:53:07 (permalink)
0
I think it's impossible for their business policy....XD...

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#2
pcraponi
Gold Member
  • Total Posts : 451
  • Scores: 26
  • Reward points: 0
  • Joined: 2006/07/28 11:43:39
  • Location: Brazil
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/03/24 07:02:35 (permalink)
0
Fortigate has no CPU dedicated to Log/disk usage. So, the I/O speed of a remote USB/disk will affect all Firewall performance... It's the architecture, not business policy.
 
Others vendors, like Palo Alto (), can do it because they have a "Management Plane" outside of "Dataplane" on hardware architecture.
 
Fortinet try to solve this putting SSD high performance disks in new "D" devices. But only for 100D and higher. On small devices this impact on hardware price (here we can talking about business policy)
 
 
post edited by pcraponi - 2016/03/24 12:41:53
#3
bartman10
Silver Member
  • Total Posts : 88
  • Scores: 18
  • Reward points: 0
  • Joined: 2014/05/01 18:22:38
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/03/24 08:47:37 (permalink)
0
P****oni.. I think you are wrong and can give examples to prove it.. like well.. the 90D.. it has logging to what basically amounts to flash. It just wares out. 
Also look up the 51E.. again has integrated SSD for logging. 
 
I have no idea what you're talking about with your dedicated CPU comment.. but ok.. 

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
#4
emnoc
Expert Member
  • Total Posts : 5367
  • Scores: 351
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: online
Re: FortiGate Suggestion: Allow Logging to USB 2016/03/24 12:43:41 (permalink)
0
 I have to agree p****oni, no dedicate CPU for logging. Also most of these smaller device will not have NPs or other items, so how much impact on the CPU could be a concern and I wonder how it impacts the  thru-put.
 
So if you enable a heavy amouint of logging or archival, would it impact the   FW? I believe yes.
 
If you take for example a FGT140D and see the process in a heavily logging fw you will see it continously running in some cases. ( R )
 
 
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#5
Baptiste
Gold Member
  • Total Posts : 165
  • Scores: 13
  • Reward points: 0
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/03/25 06:25:55 (permalink) ☄ Helpfulby net@work 2016/05/10 05:19:23
5 (1)
I consider small box are normaly used for only few users and not all UTM stuffs on and hundred VPN.
On my small box (40C) I don't have big CPU usage (high memory usage : yes), I don't think performance will be impact.
And it could be our choice to loose some perf for logging.

2 FGT 100D  + FTK200
3 FGT 60E 
FAZ VM 
some FAP 210B/221C/223C/321C/421E
#6
rcarreras
Bronze Member
  • Total Posts : 25
  • Scores: 12
  • Reward points: 0
  • Joined: 2007/07/19 03:43:39
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/04/05 13:59:56 (permalink) ☄ Helpfulby net@work 2016/05/10 05:19:15
5 (3)
You can log to forticloud with internet speed and you can not log to local usb because is going to slow down the firewall? 
#7
storaid
Platinum Member
  • Total Posts : 760
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/04/05 16:43:41 (permalink)
0
rcarreras
You can log to forticloud with internet speed and you can not log to local usb because is going to slow down the firewall? 


forticloud is limited service for free and it's not cheap....

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#8
bartman10
Silver Member
  • Total Posts : 88
  • Scores: 18
  • Reward points: 0
  • Joined: 2014/05/01 18:22:38
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/04/06 06:07:33 (permalink)
5 (1)
What on earth makes you think logging to usb would be "slow".. god never mind.. 

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
#9
storaid
Platinum Member
  • Total Posts : 760
  • Scores: 13
  • Reward points: 0
  • Joined: 2012/09/24 20:19:19
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/04/06 06:27:05 (permalink)
5 (1)
new box like 50E, it's cpu is defintely better than 60D...
Marvell Armada 385 is usually used for NAS application...
IMHO, performance impact is not a good reason I think...
 
if someone means 60D, okay..
I agreed, maybe...
cpu of D box sucks...
but for new E box, I don't think...
 

FWF60D x2
FWF60C x3
FGT80C rev.2
FGT200B-POE
FAP220B x3
FAP221B x2
FSW224B x1
#10
josh
Bronze Member
  • Total Posts : 21
  • Scores: 2
  • Reward points: 0
  • Joined: 2015/09/01 18:57:13
  • Location: Auckland, New Zealand
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/05/03 20:50:18 (permalink)
5 (1)
I agree, this is a good idea.
 
I also disagree with the fact it would slow it down. Firewall performance is not dependant on the logging-rate.. If you're excessively logging they'd simply be dropped.. It's not like you're waiting for your logs to commit before processing the next packet through UTM, lol..
#11
bartman10
Silver Member
  • Total Posts : 88
  • Scores: 18
  • Reward points: 0
  • Joined: 2014/05/01 18:22:38
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/05/04 08:38:25 (permalink)
5 (1)
This is simply speculation and rumor. A made up fantasy that USB logging would slow it down.. There is no merit to it so there is no reason to debate it as fact.
 
The fact is it's not enabled and that's a choice. FYI.. did you know USB logging used to be available in version 4? It's also a fact logging used to be enabled on many low level devices but was removed because of the cheep flash FortiNet chose to used in these devices. Not because of performance.. Because of cost cutting on Fortinets part. 
 
That my friends is the root of this gripe. They have taken away vital features because they choose to use cheep flash in their products. They should have given us an alternative that is equal to the feature they removed. The "free" cloud logging is NOT even close. 
 
But what ever.. many of you don't get the point and want to have deep arguments about USB kernel mode linux drives and ****, how FAZ should be cheaper or what ever.. your missing the point. Simple, local logging is valuable for many users who don't want to run a freaking FAZ.. god never mind.. 

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
#12
emnoc
Expert Member
  • Total Posts : 5367
  • Scores: 351
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: online
Re: FortiGate Suggestion: Allow Logging to USB 2016/05/04 09:11:43 (permalink)
0

Firewall performance is not dependant on the logging-rate.. If you're excessively logging they'd simply be dropped.

 
That's not 100% true. if you benchmark various firewalls you will see that a lot of models are impacted by packets that are source from the control plane. This is not limited to  FGT either btw.
 
Unless you have a dedicate process for management of   log data, you could indeed impact that thru-put and latency of a firewall. By monitoring the cpu and log-rate b/ps  you can start trending & proper monitoring.
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#13
FredMB
Bronze Member
  • Total Posts : 24
  • Scores: 1
  • Reward points: 0
  • Joined: 2016/04/12 07:44:23
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/06/21 06:53:27 (permalink)
0
+ for this feature.
 
I just bought a 100D for our main office and 60D for a remote office, and I'm really disappointed to see that on the 60D I don't even have real-time logs because there is no disk. 
 
I understand that all policy logging can't be logged in memory and we had to subscribe to FortiCLoud for thant, but the 60D should at least store and display real time logs from memory.
 
And I also agree with rcarreras : I don't understand how logging to Forticloud through internet API can be faster that logging to usb.
#14
billtbyhand
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/01/16 10:27:24
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2016/06/23 04:11:29 (permalink)
0
I think a lot of it boils down to providing the ability to locally store logs on external media might impact Fortinet's ability to SELL you FortiAnalyzers and the like.  
There may be technical reasons, but there are definitely business decision reasons too.
#15
Steffi
New Member
  • Total Posts : 13
  • Scores: 0
  • Reward points: 0
  • Joined: 2010/03/25 08:44:53
  • Status: offline
Re: FortiGate Suggestion: Allow Logging to USB 2019/06/24 07:44:08 (permalink)
0
p****oni
Fortigate has no CPU dedicated to Log/disk usage. So, the I/O speed of a remote USB/disk will affect all Firewall performance... It's the architecture, not business policy.
 
Others vendors, like Palo Alto (), can do it because they have a "Management Plane" outside of "Dataplane" on hardware architecture.
 
Fortinet try to solve this putting SSD high performance disks in new "D" devices. But only for 100D and higher. On small devices this impact on hardware price (here we can talking about business policy)


Yes, I also think so. The 30E for example can do a Firewall with 950Mbps, but writing an USB stick once a day is by far too much. I can understand that clearly. It is like with my new Xeon Server: it can well serve theoretically 100 and 1000 of clients, but backing up a config file every day or copying some small files over the network wont work with it, no dedicated CPU.

If it is because Fortigate wants to earn money with it, why not? That is not a bad thing, but implemeting an usb port without being to use it, just for some plain stupid backups of config files is a shabby thing.
#16
Jump to:
© 2019 APG vNext Commercial Version 5.5