Hot!Fortigate Application Control "Dropbox" excludes web-based access?

Page: < 12 Showing page 2 of 2
Author
AlexFeren
Silver Member
  • Total Posts : 111
  • Scores: 4
  • Reward points: 0
  • Joined: 2011/10/05 17:04:08
  • Status: offline
Re: Fortigate Application Control "Dropbox" excludes web-based access? 2017/05/02 17:06:08 (permalink)
0
Hi HoMing,
> I looked at the spreadsheet and everything looks right to me.
Oh, please do explain why list of destinations over last 3 days is fewer than that that over last 1 day (68 vs 71).
 
> If SNI was not included ... id-at-commonName of the SSL Certificate
We don't do deep-inspection. In this case, what would "hostname" field show? (Better still, a hyperlink to relevant documentation?)
R's, Alex
post edited by AlexFeren - 2017/05/02 17:22:10
#21
hmtay_FTNT
Gold Member
  • Total Posts : 169
  • Scores: 22
  • Reward points: 0
  • Joined: 2017/02/22 11:02:10
  • Status: offline
Re: Fortigate Application Control "Dropbox" excludes web-based access? 2017/05/03 07:38:35 (permalink)
0
>>Oh, please do explain why list of destinations over last 3 days is fewer than that that over last 1 day (68 vs 71).
 
Can you do the filtering on your FortiAnalyzer, download the logs and send them to me? I dont see it in the ticket. The 2 images for 7day and 1day are the same. 
 
>>We don't do deep-inspection. In this case, what would "hostname" field show?
 
It will still be the id-at-commonName of the SSL Certificate. The engine does not need to do deep-inspection to see the commonName.
#22
AlexFeren
Silver Member
  • Total Posts : 111
  • Scores: 4
  • Reward points: 0
  • Joined: 2011/10/05 17:04:08
  • Status: offline
Re: Fortigate Application Control "Dropbox" excludes web-based access? 2017/05/03 16:58:03 (permalink)
0
> The 2 images for 7day and 1day are the same.
 
My mistake. However, the pictures are only proof that data in spreadsheet is genuine - the actual data is in multiple "sheets" (or "tabs") of the spreadsheet.
 
> Can you do the filtering on your FortiAnalyzer
 
Could you please see Ticket #2159670's "2017-05-01 18:24:00 (PT)" and "2017-05-02 01:30:00 (PT)" entries.
 
 
#23
hmtay_FTNT
Gold Member
  • Total Posts : 169
  • Scores: 22
  • Reward points: 0
  • Joined: 2017/02/22 11:02:10
  • Status: offline
Re: Fortigate Application Control "Dropbox" excludes web-based access? 2017/05/04 06:40:07 (permalink)
0
Hi Alex,
 
Okay, I see it now. Yes, it does look unusual for the 2 days log to have more entries than the 3 days log. Can I know what is your FortiAnalyzer version? I checked with the developers and there is a bug with inaccurate FortiAnalyzer log results for version 5.2.6 and below and 5.4.0. Are you using any of the versions mentioned?
#24
AlexFeren
Silver Member
  • Total Posts : 111
  • Scores: 4
  • Reward points: 0
  • Joined: 2011/10/05 17:04:08
  • Status: offline
Re: Fortigate Application Control "Dropbox" excludes web-based access? 2017/05/04 18:52:46 (permalink)
0
Hi HoMing,
>  I checked with the developers and there is a bug with inaccurate FortiAnalyzer log results for version 5.2.6 and below and 5.4.0.
 
We're on "v5.2.4-build0738 150923 (GA)". Since this matches "version 5.2.6 and below", I see no point in further analysis since the advice will always be to update, agree?
 
Additionally, in the Ticket I've asked: "how can I retrieve the file output of a command "execute tac report" specified with a filename?" as both CLI Reference Guide and command line documents the option, however, not how to retrieve the resulting file.
R's, Alex
 
 
#25
hmtay_FTNT
Gold Member
  • Total Posts : 169
  • Scores: 22
  • Reward points: 0
  • Joined: 2017/02/22 11:02:10
  • Status: offline
Re: Fortigate Application Control "Dropbox" excludes web-based access? 2017/05/04 19:41:24 (permalink)
0
Hello Alex,
 
>>We're on "v5.2.4-build0738 150923 (GA)". Since this matches "version 5.2.6 and below", I see no point in further analysis since the advice will always be to update, agree?
 
Unfortunately, yes. In some cases, we can improvise some ways to get around bugs, but not this one.
 
>>Additionally, in the Ticket I've asked: "how can I retrieve the file output of a command "execute tac report" specified with a filename?" as both CLI Reference Guide and command line documents the option, however, not how to retrieve the resulting file.
 
If you are using a software like PuTTy, it will save the output to a file. If you are using a Unix terminal, you can execute the command as such: "ssh admin@xx.xx.xx.xx > out.txt". This will save the logs to the output file. You cant do this on the GUI as you wont be able to save the output automatically as the logs are generated.
 
HoMing
#26
AlexFeren
Silver Member
  • Total Posts : 111
  • Scores: 4
  • Reward points: 0
  • Joined: 2011/10/05 17:04:08
  • Status: offline
Re: Fortigate Application Control "Dropbox" excludes web-based access? 2017/05/04 21:06:14 (permalink)
0
Hi HoMing,
 
>>Additionally, in the Ticket I've asked: "how can I retrieve the file output of a command "execute tac report" specified with a filename?" as both CLI Reference Guide and command line documents the option, however, not how to retrieve the resulting file.
> If you are using a software like PuTTy, it will save the output to a file.

let's not divert - I'm not asking for a workaround, I'm specifically referring to parameter documented in FortiAnalyzer CLI Reference Guide (in 5.2.4, page 146):
tac
Use this command to run a TAC report.
Syntax
execute tac report [< file_name>]
Variable Description
< file_name> Optional output file name

and, on my device's command prompt:

FAZ3000E # execute tac report ?
output file name Optional output file name.

 
The question is - how to retrieve the file "my_tac_report" created as a result of issuing command "execute tac report my_tac_report"?
R's, Alex
#27
Page: < 12 Showing page 2 of 2
Jump to:
© 2017 APG vNext Commercial Version 5.5