Technical Tip: Filtering a report by subnet or IP range
Description
This article explains how to run a report on traffic from a specific subnet.
Scope
FortiAnalyzer v5.4 v5.6 v6.0 v6.4 v7.0 v7.2.
Solution
This can be done through the filter settings on the report.
FortiAnalyzer v5.4+.
FortiAnalyzer v5.4+.
Go to Reports -> Edit the related report -> Settings -> Filters.
The FortiAnalyzer supports filtering by subnet using the following filter syntax:
srcip equal to 192.168.100.*
srcip equal to 192.168.100.0/24
srcip equal to 192.168.100.0/24
srcip equal to 192.168.1.60-192.168.1.70, 10.200.13.0/24, 192.168.1.177
To filter within the dataset, the 'inet' command can be used.
For example:
((`srcip` <<= inet '10.10.1.0/24'))