Destinations

Destinations

The Destinations console provides information about the destination IP addresses of traffic on your FortiGate unit, as well as the application used. You can drill down the displayed information, and also select the device and time period, and apply search filters.

This console can be filtered by Country, Destination Interface, Destination IP, Policy, Result, and Source Interface. For more on filters, see Filtering options.

 

Scenario: Monitoring destination data

The Destinations console can be used to access detailed information on user destination-accessing through the use of the console’s drilldown functionality. In this scenario, the console is used to find out more about a particular user’s Facebook usage patterns over a 24-hour period:

1. Go to FortiView > Destinations.

2. Select 1 hour from the Time Display options at the top right corner of the console.

3. The easiest way to locate most destinations is to scan the Applications column for the name of the application.

Once the session containing Facebook has been located, double-click it to access the Destination summary window.

4. Locate Facebook in the Applications column and double-click it to view the Facebook drilldown page. From here, detailed information regarding the user’s Facebook session can be accessed.

Only FortiGate models 100D and above support the 24 hour historical data.

 

 

Interfaces

The Interfaces console lists the total number of interfaces connected to your network, how many sessions there are in each interface, and what sort of traffic is occurring, represented in both bytes sent and received, and the

 

 

 

 

total bandwidth used.

 

This console can be filtered by Country, Destination Interface, Destination IP, Policy, Result, Source, and Source

Interface. For more on filters, see Filtering options.

 

Only FortiGate models 100D and above support the 24 hour historical data.

 

 

Scenario: Investigate traffic spikes per user

 

The wan1 interface is showing a higher amount of traffic than usual. A system administrator uses the console to inspect which user (as represented by an IP address) is creating the spike in traffic:

 

  1. 1. Go to FortiView > Interfaces and double-click on wan1, or right click and select Drill Down to Details….
  2. 2. The console will drill down to a summary page of wan1, showing how many bytes are being sent and received, how much bandwidth is being used, and how many sessions are currently using this interface. You see the

IP address of the user that is showing the most amount of traffic under Source.

  1. 3. You can further drill down to see the IP destination, the device, and the applications being used, and other options.
This entry was posted in FortiOS 5.4 Handbook and tagged , , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.