I want to monitor bandwidth used by Fortigate policies with Fortianalyzer but there is difference between the values appear in report output (bandwidth policy:Top 30 Policies by Bandwidth) on Fortianalyzer and policy count(byte in 5.4) on Fortigate. (I. e. the policy count is 58.55MB and the Fortianalyzer report shows 55.84MB for bandwidth policy) I'm confused which one is right. What does the difference mean? How can I get the correct result?
Solved! Go to Solution.
Hi,
there is a possibility that there was an ongoing session via policy 2 when the report was generated that caused the difference.
AtiT
Hi there, local traffic/invalid sesssions/duplicate sessions will be excluded from FAZ report.
hz
Is that a bug ?Submit Post
Hi,
there is a possibility that there was an ongoing session via policy 2 when the report was generated that caused the difference.
AtiT
Hi there, local traffic/invalid sesssions/duplicate sessions will be excluded from FAZ report.
hz
hi hz,
thanks a lot
your reply is so helpful
i guess the issue is related to what you mentioned.
would you please explain a little more about "Invalid Sessions/Duplicate Sessions" ?
Is there any fortinet document available for this issue?
P.S. Which value should be considered as real traffic throughput in a policy?
Logid filter "logid_to_int(logid) not in (4, 7, 14)" is applied to all traffic-log related datasets. This filter will exclude:
4: "Other start" sessions which is double counted before; 7: invalid sessions 14: local traffic
Hi AtiT, Thank you for your reply i had cleared all sessions before i ran reports,so i think there wasn't any running sessions on the device.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.