We upgraded our FortiGate and FortiAnalyzer from 5.6.3 to 6.0.2 following correct path and procedures, both were successful however I have noted a funny changes in the way our logs are recorded. It appears that certain sessions especially streaming is now accumalating and reporting an updated bandwidth measurement every few seconds. This is causing the widgets and reports to sum all those logs and give me a huge amount of bandwidth statistics.
When I look at ipv4 counters it does not reflect to what the widgets and reports/fortiview is showing. For instance one IP address used 254GB in one night ( had a music stream on throughout the night) which in no way can take that much bandwidth, however when I investigated I found the total bandwidth was 1gb only and that the firewall logged the same session over and over with a growing bandwidth amount. The ipv4 counters are only showing 8.5 GB on that same policy which proves there is an issue or irregularity in the logs.
Is there any way I can get this fixed or what sort of troubleshooting can I perform to resolve.
We have the same issue and I know it's not a fix but I hope this gives you peace of mind. It's a known issue in this version. Link is to the release notes. In the Known Issues portion, it has the FortiView bug listed.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.