Fortview Reference

Filtering options

When you select the Add Filter button, a drop-down list appears with a list of available filtering options. Available options differ based on which console is currently being viewed. The following table explains all of the available filtering options:

Filter option                             Description

Accelerated Sessions               You can filter the console on ‘FortiASIC’ (‘Accelerated’ versus ‘Not Accel- erated’) sessions.

AP                                            Filter by Access Point (AP) identification number.

Application                                Filter by application name.

Checksum                                  Filter by checksum value. Checksums are reference digits used to rep- resent the correct datasum of a packet in order to detect errors.

Cloud Application                    Filter by cloud application name.

Note: This filter is only available in the Cloud Applications console.

Country                                      Filter by the country from which the source accessed the server.

Destination Interface                Filter by the interface type used by the destination user, e.g. wan1.

Destination IP                            Filter by the IP address used by the destination.

Destination Port                        Filter by the port used by the destination.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Domain                                       Filter by domain name.

Note: This filter is only available in the Web Sites console.

Filter option                             Description

Event Name                                Filter by security event name.

Note: This filter is only available in the System Events console.

File Name                                   Filter by file name.

Note: This filter is only available in the FortiSandbox console.

Login Type                                Filter by type of login (eg. WEP) associated with the displayed authen- tication attempt.

Note: This filter is only available in the Failed Authentications console.

NAT Source IP                           Filter by the NAT-translated source IP address.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

NAT Source Port                       Filter by the NAT-translated source interface.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Policy                                         Filter by the policy identification number.

Protocol                                      Filter by the protocol used by the source, e.g. tcp or udp.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Result                                         Filter by the result of whatever security action was taken by FortiOs in the selected session, eg. Accept (all).

Security Action                         Filter by the type of response taken to the security event. The types of pos- sible actions are as follows:

Allowed: No threat was detected and the connection was let through. Blocked: A threat was detected and the connection was not let through. Reset: A possible issue was detected and the connection was reset.

Traffic Shape: Some data packets may have been delayed to improve sys- tem-wide performance.

Filter option                             Description

Severity                                      Filter by the severity level (Critical, High, Medium or Low) associated with a security event.

Source

Source IP

Filter by the source IP address.

Source Device                           Filter by source device type, e.g. mobile.

Source Interface                        Filer by the interface type used by the source user, e.g. wan1.

Source Port                                Filter by the source interface.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Source SSID                               Filter by the Service Set Identifier (SSID) associated with the selected user.

An SSID is a case sensitive, 32 character alphanumerical identifier that acts as a password attributed to a mobile device.

Status                                         Filter by the maliciousness of a file. The types of possible status’ are Mali– cious, High, Medium, Low, Clean, Unknown, and Pending.

Note: This filter is only available in the FortiSandbox console.

Threat                                         Filter by threat name and/or URL

Threat Type                               Filter by threat category, e.g. Illegal/Unethical or P2P.

Type                                            Note: This filter is only available in the Failed Authentications console.

User Name                                 Filter by user name.

VPN Type                                   Filter by Virtual Private Network (VPN) protocol type, eg. PPTP.

Note: This filter is only available in the VPN console.

This entry was posted in FortiOS 5.4 Handbook and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.