“The best part for me is that once I setup the reports and who they go to, I am out of the loop totally. The department manager can parse through the report, run more detailed reports, and take action without involving me at all as a net admin. Fastvue Site Clean made it even easier for the managers to understand (How do you explain what a CDN is to the accounting manager?).”

Andrew Reynolds, Frasca

“Fastvue Reporter makes reporting against Internet usage very easy and friendly to use. Non-technical staff/managers can now view reports and get a meaningful and clear picture of what is happening.”

David Sewell, Waimakariri District Council

Live Dashboards

Fastvue Reporter is always ready to show you what is happening on your network right now. Real-time dashboards focus on the trifecta of network concerns: Bandwidth, Productivity and Security.

Don’t Trust Your Firewall’s Internet Usage Reports

Fastvue Site Clean makes the log data from your firewall reflect real Internet usage activity. It removes images, scripts, fonts, ads, and other background traffic so you can send meaningful Internet usage reports and alerts, to the right person.

The Problem of Reporting on the Modern Web

Internet Reports produced by web gateways such as FortiGate do not distinguish between the web sites people intentionally access, and the web sites that are automatically accessed behind the scenes.

Fastvue Site Clean (Patent Pending) digs deeper and looks at all characteristics of web browsing log file data, to provide a more accurate picture of real web activity.

Simple Report Scheduling

Managing employee productivity is a job for Department Managers or HR. Get web activity reporting off your desk and into the hands of the people that need it! Easily filter reports by Departments, Security Groups, Offices, or Subnets and automatically send them to the right person each day, week or month.

Detailed Investigations

Fastvue’s innovative Activity Reports not only include full activity details such as timestamps and full URLs, but they intuitively group them into browsing sessions with green bars showing exactly when browsing started and stopped. A real time saver compared with trawling through logs.

Intelligent Alerts

Send instant alerts to the right people a soon as notable issues occur such as enormous downloads, and unacceptable activity and network threats. All the detail they need, sent straight to their inbox!

Productivity Reporting

Fastvue Reporter assesses web productivity according to your guidelines to highlight unproductive or unacceptable browsing.

See exactly what is being allowed (or blocked) that shouldn’t be, and adjust your Content Filter policies accordingly.

“Fastvue Reporter gave us the ability to identify time-wasting traffic and maximize our bandwidth usage for all employees. Such a great granular reporting tool!”

Chris Martel, Spiller's

Active Directory Integration

Seamless (zero config) AD integration, enables simple reporting across AD Departments, Offices, Companies and Security Groups.

Advanced Filtering

Need the flexibility to schedule reports for subnets instead of departments, or ‘monitored’ traffic vs ‘allowed’ traffic, or perhaps drill into a specific MAC address or Source Zone? Fastvue Reporter’s advanced filtering engine narrows down your reports to anything you can dream up!

Central Reporting Across Multiple FortiGates

Configure all your FortiGate devices to send Syslog messages to Fastvue Reporter and enjoy a centralized view of your entire network’s web and firewall activity.

“Fastvue Reporter is fantastic!!! Certainly one of the best software packages I’ve ever come across – does exactly what it needs to do, dead easy to use, and fantastic support from the Fastvue team!”.

Gordon Wells, Buckfast Abbey

“When our demo ran out I literally felt blind as to what was going on with people surfing, etc. Working with support has been a total pleasure as they’re willing to go above and beyond to make the customer completely satisfied!”

Scott Bentoske, FEC Automation Systems

Compare FortiGate Reporting Options

FortiAnalyzer

Designed for FortiGate Administrators
Reports on FortiGate hardware and network performance
Basic information about web usage (top users, domains and categories)

Fastvue Reporter for FortiGate

Designed for everyone else concerned about employee internet usage, but also very useful for FortiGate Administrators.
Goes beyond simple log aggregation to provide sensible and useful information around web usage and productivity.
Collates data from multiple FortiGates into single dashboards, reports and alerts.
Productivity Reports utilizing FortiGates Content Filtering Service (CFS).
Useful activity reports with full forensic details.
Real-time Alerts for any type of traffic or network issue.
Integrates with Active Directory for Department/Group reporting (requires user authentication on FortiGate)

Independent, Honest Reporting

Our reports are not focused on showing you how excellent your FortiGate is. Our reports may highlight traffic being allowed when it shouldn’t, blocked when it should, mis-categorized websites, ineffective policies and more.

Fastvue Reporter gives you the information you need to make your network efficient, productive and secure, getting the most out of your FortiGate investment.

Fastvue Reporter for FortiGate – Installation and Setup

New Installations

1. Download and Install

Download Fastvue Reporter for FortiGate and install on a machine (or virtual machine) that meets our recommended requirements for your network size.

Note: Fastvue Reporter is a resource intensive application by design in order to import data and run reports as fast as possible. We do not recommend installing Fastvue Reporter on a server that provides a critical network service such as a Domain Controller, DNS server, or DFS server. We recommend installing on a dedicated VM (virtual machine) so you can scale the resources appropriately.

Supported Operating Systems

Fastvue Reporter is designed for 64 bit Windows Server Operating Systems running Windows Server 2008 R2, Server 2012 R2, or above.

The Fastvue Reporter installer will automatically install and configure the required pre-requisites which include .Net 4.6 and IIS (Web Server and Application Server roles). It will also install Open JDK and Elasticsearch in its own self-managed directory.

When installing, you will be asked to select a website to install too. If you are installing on a server with existing websites, we recommend creating a new website in IIS and installing to that. You can also choose to install to a sub-folder of an existing website (such as Default Web Site\Fastvue).

RAM / CPU Requirements

Network Size	Recommended Server Specification
Less than 500 Users	4 CPUs/Cores, 6 GB RAM
500 – 1000 Users	4 CPUs/Cores, 8 GB RAM
1000 – 3000 Users	8 CPUs/Cores, 12 GB RAM
3000 – 5000 Users	8 CPUs/Cores, 16 GB RAM
5000+ Users	16 CPUs/Cores, 24 GB RAM

* Virtual environments are recommended so you can scale the resources as required.

Data Storage Requirements

During installation, you are asked where you want the Data Location to be. The amount of data stored per day will vary depending on the amount of traffic flowing through your FortiGate.

The default data retention policy in Fastvue Reporter is 90 days or 90% of drive space, whichever comes first. If 90% of the drive leaves less than 20 GB free, the retention policy will adjust to allow at least 20 GB for Operating System files if the data path is on the same drive as the OS.

These data retention settings can be adjusted in Settings | Data Storage.

We do not advise installing to a network drive due to latency issues affecting the stability of our very frequent read-write operations. For best performance, use a local SSD drive.

Do not install to a mapped network drive, or use a mapped network drive as Fastvue Reporter’s data path, as the assigned drive letters will not exist in the system context – only the user context. If you must use a network drive, specify a UNC path such as \\servername-or-ip\fastvue, but keep in mind the performance issues mentioned above, and you will have to configure ‘full’ permissions for the Fastvue Server’s local system account.

After one or two days of collecting data, check the size estimates in Settings | Data Storage | Settings to see if you need to make adjustments to the data retention policy or your server’s disk space. These estimates become more accurate as data is imported.

Install Fastvue Reporter

To install Fastvue Reporter:

Double-click the downloaded setup exe on a machine that meets the above recommendations
Proceed through the installation wizard to install the software. The installation wizard will ask you for:
- Installation folder (defaults to C:\Program Files\Fastvue\Reporter for FortiGate). Only application files are installed to this folder. It does not require much disk space.
- Website and Virtual Directory (defaults to ‘Default Web Site’). If you have other websites installed on your server, it is a good idea to install Fastvue Reporter to a virtual directory such as ‘fastvue’ or ‘fortigatereports’. Then you can access the site at http://yourserver/fastvue for example and it does not interfere with any other site on your server.
- Data Location (defaults to C:\ProgramData\Fastvue\Reporter for FortiGate). This is the location where all imported data, configuration and report files are stored. Specify a location with plenty of disk space.

2. Add the Fastvue Server as a Syslog Server in Fortinet FortiGate

Now that Fastvue Reporter for FortiGate has been installed, you need to add configure your Fortigate(s) to send syslog data to the Fastvue server.

This is done by adding the Fastvue Server as a syslog server in either the Fortinet FortiGate Web Interface (GUI), or using the Command Line Interface (CLI).

To add the Fastvue Server as a Syslog Server using the FortiGate GUI:

In FortiGate’s web interface, go to Log & Report | Log Settings
Scroll down to the Remote Logging and Archiving section and toggle the Send logs to syslog option to on
Enter the IP or FQDN of the Fastvue Server into the edit box.
Scroll down and click Apply to save the settings.

Configuring Fortinet Fortigate Syslog Server via the GUI

If you already have a syslog server specified, use the CLI method below to configure the syslogd2, syslogd3 or syslogd4 settings.

To add the Fastvue Server as a Syslog Server using the FortiGate CLI.

Log into the CLI and enter the following commands:

config log syslogd setting

set status enable

set facility user

set port 514

set server {IP or FQDN of the Fastvue server}

set format default

set mode reliable

end

Configuring Fortinet Fortigate Syslog Server via the CLI

You can configure up to four syslog servers on FortiGate. Just replace ‘syslogd’ with syslogd2, sylsogd3 or syslogd4 on the first line to configure each syslog server.

set mode reliable transmits syslog over TCP instead of UDP. This is required to enable extended logging below.

3. Configure forward, local and anomaly traffic logging

The following logging features should be enabled by default, but make sure forward and local traffic as well as anomalies are being logged with the severity level set to ‘information’. To do this:

config log syslogd filter

set forward-traffic enable

set local-traffic enable

set anomaly enable

set severity information

end

Configuring Fortinet Fortigate to log forward, local and anomaly traffic.

4. Configure logging of all urls, referrer urls and headers.

The logging of referrer URLs was introduced in FortiOS 5.4, which is a great feature for Internet usage analysis, and FortiOS 6.0 introduced ‘extended logging’ that adds useful HTTP headers to the logs. Unfortunately, you need to enable these features per web filter profile. This is also done at the CLI:

config webfilter profile

edit {name-of-profile}

set log-all-url enable

set web-content-log enable

set extended-log enable

set web-extended-all-action-log enable

-- repeat for all web filter profiles --

end

For proxy-based web filter profiles, also enable the web-filter-referer-log option:

config webfilter profile

edit {name-of-profile}

set web-filter-referer-log enable

-- repeat for all proxy-based web filter profiles --

end

Configuring Fortinet Fortigate to log all URLs and Referrer URLs

5. Add a Source

Add the FortiGate as a Source in Fastvue Reporter. This can be done on the start page that is presented after installation, or in Settings | Sources | Add Source.

6. Enjoy!

It may take 10-20 seconds before the first records are imported. You can watch the records and dates imported in Settings | Sources. Once records start importing, you can go to the Dashboard tab to see your live network traffic.

Now you can explore all the features of Fastvue Reporter for FortiGate.

Upgrading Existing Installations

1. Backup Fastvue Reporter’s Data and Settings

If you want to upgrade your existing installation, we recommend backing up your existing settings and data first. This is as simple as making a full copy of the contents of Fastvue Reporter’s data location, shown in Settings | Data Storage | Settings (default is C:\ProgramData\Fastvue\Reporter for FortiGate).

Tip: Compress the backup, especially the Data.elastic folder as this can be quite large.

2. Backup Custom IIS Settings (if applicable)

If you have secured the Fastvue Reporter website with IIS or applied any other custom settings in IIS directly, you should also backup the web.config file in the website’s directory (usually under c:\inetpub\wwwroot\<fastvuereporter’s site name>). The installer will attempt to also backup and restore this file for you, but this is a good idea just in case there is an issue with the installation.

3. Upgrade / Installation

Once your current environment is backed up, download the new installer and run it over the top of your existing installation to upgrade. The installer will pick up your existing settings, so just click next throughout the wizard without making any changes. Once installed, browse to the site and clear the browser cache by hitting ctrl + F5 (cmd + R on Mac).

4. Enjoy!

It may take 10-20 seconds before the first records are imported. You can watch the records count in Settings | Sources. Once records start importing, you can go to the Dashboard tab to see your live network traffic.

Now you can test out the many features of Fastvue Reporter for FortiGate.

Quick Navigation;