FortiGate Reports Menu Missing

You might come across an instance where your Reports menu is missing from within the FortiGate GUI. I noticed this today when I went to disable local report emails and wasn’t able to!

We use FortiAnalyzer for our reports, so when transferring to this we disabled Local Disk logging, this in turn removed the reports menu.

It is a quick fix to get the menu back;

  • Connect to your FortiGate GUI
  • Log & Report > Log Config > Log Settings
  • Enable Disk logging
  • Enable Local Reports
    • If you are using FortiAnalyzer you may get an error message about Fortinet recommendations, you can ignore this for the moment
  • Log out and then Log back in, you will now see the menu
  • Log & Report > Log Config > Report

In my case we disabled “Email Generated Reports” and then disabled Local Reports and Disk logging. By disabling Local Reports you clear the FortiAnalyzer message you might have come across earlier.

IPsec VPN with Public IP Subnet’s on a FortiGate

I recently came across a requirement where I had to create a site-to-site IPsec VPN, this is usually not an issue, set your Phase 1 and Phase 2 settings, apply your policies and you are good to go, but the difference this time was those local and remote subnets were Public IP addresses.
The Public IP address our side was also being used as a VIP

Below I will document the steps in getting this working – the issue I had was where I put my policies, and not enabling NAT on the outgoing policy!

Create your IPsec tunnel;

FortiGate GUI > VPN > IPsec > Tunnels > Create New

  • Set your name and chose your template. I used “Custom VPN Tunnel (No Template)”
  • Fill in your Phase1 settings
  • Fill in your Phase2 settings;
    • Local Subnet – this will be your Public IP/Range
    • Remote Subnet – this will be their Public IP/Range
  • Press OK to create the tunnel

Add in your new route;

FortiGate GUI > Router > Static Routes > Create New

  • Destination IP/Mask – this will be the Remote Subnet you entered for your Phase2
  • Device – this will be the tunnel you have just created
  • Change any of the other settings if you need to
  • OK to add the new route

Create an IP Pool;

FortiGate GUI > Policy & Objects > Objects > IP Pools > Create New

  • Add a name and comments if required, and set the type (I am using Overload)
  • External IP Range = the range you set for Local Subnet
  • Ok to create the IP Pool

Create your policies;

FortiGate GUI > Policy & Objects > Policy > IPv4 > Create New


  • Incoming Interface = The internal interface where your server exists
  • Source Address = An object with the internal IP address of your server
  • Outgoing Interface = The tunnel you just made
  • Destination Address = An object with the remote Public IP range
  • Apply any Schedules and Service restrictions and Action = Accept

You now need to enable NAT, this is the bit I missed at first;

  • NAT = On
  • Use Dynamic IP Pool = Select the pool you made in the previous step
  • Add any other settings and then OK to create your first policy


  • Create the second policy for Tunnel to Internal
  • Incoming Interface = The tunnel you just made
  • Source Address = An object with the remote Public IP range
  • Outgoing Interface = The internal interface where your server exists
  • Destination Address = The VIP that belongs to the internal server (same as the IP Pool address)
  • Apply any Schedules and Service restrictions and Action = Accept

On this policy you do not need NAT

  • NAT = Off
  • Add any other settings and then OK to create your first policy


Check to see if your Tunnel is Up and try sending some traffic down it
FortiGate GUI > VPN > Monitor > IPsec Monitor


Screenshots of the Outgoing and Incoming Policies

FortiGate IPsec Outgoing Policy

FortiGate IPsec Incoming Policy


Related Link: Site-to-Site IPSec VPN (Behind Firewall/NAT device)

Set Port Speed for a FortiGate Virtual Switch Interface

You might come across a scenario where you have created a Virtual Switch/Hardware Switch on your FortiGate and you need to set a specific port within that switch to a different speed

In our case we had a 4 port switch, 1 of those ports connected to another appliance, the other device was set as 100mb Full – by default all of the ports on the FortiGate virtual-switch were set to auto, so this 1 port ultimately fell down to 100mb Half

Below are the steps to set a port to the correct speed within a FortiGate switch

config system virtual-switch
edit <switch name>
config port
edit <port>
set speed <speed>

Speed options:

  • auto
  • 10full
  • 10half
  • 100full
  • 100half
  • 1000full

The steps needed to set an interface speed for a port that is not in a virtual-switch are slightly different, for that you use:

config system interface
edit <port>
set speed <speed>

You can use the show command to show available ports/switches that you can edit

Within the FortiGate web console under Network > Interfaces, if you hover over the Interface image you can see the speed of a port

Fortigate Interface GUI

Fortigate Interface GUI - Port Speed