Hello Everyone:
On my Fortigate 60E, I do not understand how the traffic is logged. For example, I am seeing some peaks on the dashboard at certain hours, and I just cannot find the way to relate those peaks to any connection or device or IP, even though I see the sources and destinations list. Maybe there is some other screen and I cannot find it.
Can anybody please help, I am new to managing this brand of devices.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
In the FortiView > All Sessions you should be able to sort by the current throughput. The traffic logs only will not assist you in this case, because if there is for example a software, which always uses the same session and doesn't close it, you will not see it in the log till the connection is closed.
Maybe you can try to set up a netflow/sflow analyzer, I guess this would help
Hi quirogaca,
Welcome & glad to have you using our products.
It is possible to select a timeframe within the widget, it will then prompt you to view either sources or destinations in FortiView.
Did this help you track down the reason for the spike?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1473 | |
1007 | |
748 | |
443 | |
207 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.