Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

StuaKend
New Contributor II

Top Talkers within a given policy

Can we think of a way to list the Top Talkers permitted by a particular policy?

i.e. I have Policy XX, which permits access to whatever.  I want to know the top (5) remote IP addresses pumping traffic permitted by that Policy, across the last 24 hours.  [Or even the last 5 minutes would be sufficient for some use cases.]

Could use Fortianalyzer or the Fortigate's native interface

--sk
1 REPLY 1
JereChau
Staff
Staff

This is available in the FortiGate UI under the FortiView Policies.  It will list the policies and when you drill down, there will be a tab for Sources, Destinations, Applications, Web Sites, Web Categories and Sessions.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.