Really confused by FortiView. Seems as though it is intentionally hindered in an effort to push FortiAnalyzer, which is annoying.
Anyway two questions and one complaint.
1.) Am I missing something or does FortiView (sources for example) not support the ability to refresh. I can use a browser extension to refresh, but then sorting is lost.
2.) Also the time scale settings seem to give funny info. (Sources again) When on "now" a particular user might have "Received" 5gb of data. When I switch to "5 Minutes" that same user shows 500kB, when I switch to "1 hour" 2MB when I switch to "24 hours" something totally different...
What am I missing? I would expect now to show what the user has done in the last min or so, 5 mins to be everything in the last 5 mins, 1 hour everything in the last hour etc... In other words 24 hours should have the highest totals... Very ODD.
Gripe:
Why can't I sort by Sent or by Received in FortiView?
For 1), FortiView auto refresh is only supported for Bubble Chart (in drop down list left to "now") and "now" view when "Auto update realtime visualizations" enabled in FortiView Setting (right top button).
For 2), "now" is for realtime statistic that retrieved from current live sessions. Those data has not been reflected to history view like "5 minutes" "1 hour" "24 hours" yet since FGT doesn't know when those sessions will be end.
"sort by Sent or by Received in FortiView" works fine in my setup.
So it is supposed to refresh in Table view, but only in "now". Sorry if I read that wrong. Mine does not seem to refresh even with "auto update realtime" on. Thoughts?
When I'm in Sources and either now, 5 mins, 1 hour, 24 hours. There is now arrows next to "Sent" or by "Received" O I can sort by "Sent/Received" just not individually. Same for you?
pmit wrote:2.) Also the time scale settings seem to give funny info. (Sources again) When on "now" a particular user might have "Received" 5gb of data. When I switch to "5 Minutes" that same user shows 500kB, when I switch to "1 hour" 2MB when I switch to "24 hours" something totally different...
What am I missing? I would expect now to show what the user has done in the last min or so, 5 mins to be everything in the last 5 mins, 1 hour everything in the last hour etc... In other words 24 hours should have the highest totals... Very ODD.
As was previously mentioned, the "now" time period in FortiView is from live sessions. This includes all traffic passing through the FortiGate. The historical time periods are based on logged traffic on the disk. Depending on your configuration, you can see considerably less traffic in the historical views if you do not enable full traffic log in your policies. To have both charts line-up, you will need to enable "Log All Sessions" on the policies you are interested in.
I used a chrome extension called Web Override with the following JavaScript to automatically update the FortiView data every 30 seconds:
setInterval(function() {
$('.menu-bar .menu-item button').first().click();
}, 30000)
Update: the original code used the refresh button in the bottom right which only updates the table data. The new code above uses the refresh button in the upper left which also updates the graph if available.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1768 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.