Published at

Enable Fortinet Firewall + Fortianalyzer to Resolve Hostnames in Fortiview

Enable Fortinet Firewall + Fortianalyzer to Resolve Hostnames in Fortiview

Enable Fortinet Firewall + Fortianalyzer to resolve hostnames in Fortiview

Table of Contents

Introduction

I’ve been jumping knee-deep in Fortinet firewalls and their logging + reporting systems.

One thing that was driving me crazy is the fact the “Source” section was only the IP address. On the Fortigate firewall under “Fortiview” it did list the “Source IP Hostname” but it meant digging pretty deep into the logs. On the Fortianalyzer product it didn’t list the “Source IP Hostname” at all.

After digging around I found the commands to enable this on both the Fortigate and Fortianalyzer.

Configuration Steps

FortiGate

Terminal window
config log setting
set resolve-ip enable
end

FortiAnalyzer can resolve the IPs for FortiView & Reports, just not Log View.

  1. FortiView
    On FortiAnalyzer, for FortiView widgets, using DNS resolution to resolve IPs to hostname is configurable via the CLI:
Terminal window
config system fortiview setting
set resolve-ip {enable | disable}
end

Hope this post helps someone in the future with the same issue!