Category Archives: FortiWAN

FortiWAN Appendices

Appendix A: Default Values

In console, enter the command ‘resetconfig’, or on the Web UI select “Factory Default” to do a hard reset and restore all settings to factory default.

When restored to factory default, accounts and passwords for access of CLI, Web UI and SSH login will also be reset to:

FortiWAN Log-ins    
  < V4.0.x V4.1.0
Web-based Manager Default Adminstrator/1234 Adminstrator/1234
Monitor/5678 (read-only) Monitor/5678 (read-only)
  admin/null (Fortinet default)
CLI Default Adminstrator/fortiwan Adminstrator/1234
  admin/null (Fortinet default)

The Web UI login port will be restored to the default port 443.

FortiWAN also supports SSH logins. The interface for SSH login is the same as the console with identical username and password.

WAN Link Health Detection Default Values

l System default values contain 13 fixed servers IPs for health detection. l Values for all Port Speed and Duplex Settings will also be reset. l All ports are restored back to AUTO state.

Network default Values (FortiWAN 200B) Port 1: WAN

  • WAN Link: 1
  • IP: 192.168.1.1 l Netmask : 255.255.255.0 l IP in DMZ 192.168.1.2~192.168.1.253 l Default Gateway 192.168.1.254 l DMZ at Port 5 Port 2: WAN
  • WAN Link: 2 l IP: 192.168.2.1 Appendix A: Default
  • Netmask: 255.255.255.0 l IP in DMZ 192.168.2.2~192.168.2.253 l Default Gateway 192.168.2.254 l DMZ at Port 5 Port 3: WAN
  • WAN Link: 3
  • IP: 192.168.3.1 l Netmask: 255.255.255.0 l IP in DMZ 192.168.3.2~192.168.3.253 l Default Gateway: 192.168.3.254 l DMZ at Port 5 Port 4: LAN
  • IP: 192.168.0.1 l Netmask: 255.255.255.0 l DHCP Server Disabled

Port 5: DMZ

Fields such as Domain Name Server, VLAN and Port Mapping, WAN/DMZ Subnet Settings are all cleared Service Category Default Values

l Firewall: default security rules apply l Persistent Routing: Enabled l Auto Routing: By Downstream Traffic as default l Virtual Server: Disabled l Bandwidth Managemet: Disabled l Cache Redirection: Disabled l Multihoming: Disabled l All fields in the Log/Control Category are cleared

Appendix B: Suggested Maximum Configuration Values

FortiWAN’s Web UI does not set maximum limitations to numbers of most services rules and policies, but as the configured rules and policies increase interminably, performance of both FortiWAN and its Web UI decrease, especially for FortiWAN’s critical services, such as Bandwidth Management, Multihoming and Tunnel Routing. Not only FortiWAN appliances use more and more hardware resources to run and handle traffic with a large number of configurations, but also your local computer spends more time to run the Web UI pages. The following table shows the suggested maximum configuration values to FortiWAN’s services. Remember that FortiWAN

Web UI allows you to create configurations more than the value, but the performance may not be guaranteed.

  FWN-200B FWN-1000B FWN-3000B
WAN link health detection      
Ping lists 1024 1024 1024
Optimum route detection      
Static IP-ISP tables 1024 1024 1024
Total rules of static IP-ISP tables 1024 1024 1024
Backup line setting      
Backup line rules 1024 1024 1024
IP grouping      
IP groups 300 300 300
IPv4 rules of an IP group 1024 1024 1024
IPv6 rules of an IP group 1024 1024 1024
Service grouping      
Service group 300 300 300
IPv4 rules of a service group 1024 1024 1024
IPv6 rules of a service group 1024 1024 1024
Busyhour setting      
Busyhour rules 1024 1024 1024
Date/Time      

Appendix B: Suggested Maximum Configuration

  FWN-200B FWN-1000B FWN-3000B
Time servers 4 4 4
Administration      
Administrator accounts 1000 1000 1000
Monitor accounts 1000 1000 1000
Firewall      
IPv4 rules 1024 1024 1024
IPv6 rules 1024 1024 1024
NAT      
1-to-1 NAT rules 1024 1024 1024
NAT rules 1024 1024 1024
IPv6 NAT rules 1024 1024 1024
Persistent routing      
IPv4 web service rules 1024 1024 1024
IPv4 IP pair rules 1024 1024 1024
IPv6 web service rules 1024 1024 1024
IPv6 IP pair rules 1024 1024 1024
Auto routing      
Policies 1024 1024 1024
IPv4 filters 1024 1024 1024
IPv6 filters 1024 1024 1024
Virtual Server      
IPv4 virtual servers 1024 1024 1024
Server IPs of an IPv4 virtual server 50 50 50
Total server IPs of enabled IPv4 virtual servers 512 512 512

 

  FWN-200B FWN-1000B FWN-3000B
IPv6 virtual servers 1024 1024 1024
Bandwidth management      
Inbound classes 99 99 99
Inbound IPv4 filters 299 299 299
Inbound IPv6 filters 1024 1024 1024
Outbound classes 99 99 99
Outbound IPv4 filters 299 299 299
Outbound IPv6 filters 1024 1024 1024
Connection limit      
Count limit rules 1024 1024 1024
Rate limit rules 512 512 512
Cache redirect      
Cache groups 1024 1024 1024
Group servers of a cache group 1024 1024 1024
Redirect rules 1024 1024 1024
Multihoming      
Global setting      
IPv4 PTR records 1024 1024 1024
PTR entries of an IPv4 PTR record 1024 1024 1024
IPv6 PTR records 1024 1024 1024
PTR entries of an IPv6 PTR record 1024 1024 1024
A record policy      
A record policies 1024 1024 1024
Total WAN links of A record policies 1024 1024 1024

Appendix B: Suggested Maximum Configuration

  FWN-200B FWN-1000B FWN-3000B
AAAA record policy      
AAAA record policies 1024 1024 1024
Total WAN links of AAAA record policies 1024 1024 1024
Domain setting      
Domains 1024 1024 1024
DNSSEC private keys of a domain 100 100 100
NS records of a domain 1024 1024 1024
A records of a domain 1024 1024 1024
AAAA records of a domain 1024 1024 1024
CName records of a domain 1024 1024 1024
DName records of a domain 1024 1024 1024
SRV records of a domain 1024 1024 1024
MX records of a domain 1024 1024 1024
TXT records of a domain 1024 1024 1024
External subdomains of a domain 1024 1024 1024
NS records of an external subdomain of a domain 1024 1024 1024
Multihoming – Backup      
Remote master servers 100 100 100
Internal DNS      
Global setting      
IPv4 PTR records 1024 1024 1024
IPv6 PTR records 1024 1024 1024
Domain setting      
Domains 1024 1024 1024

 

  FWN-200B FWN-1000B FWN-3000B
NS records of a domain 1024 1024 1024
A records of a domain 1024 1024 1024
AAAA records of a domain 1024 1024 1024
CName records of a domain 1024 1024 1024
SRV records of a domain 1024 1024 1024
MX records of a domain 1024 1024 1024
External subdomains of a domain 1024 1024 1024
NS records of an external subdomain of a domain 1024 1024 1024
DNS proxy      
Intranet source rules 1024 1024 1024
Proxy domain rules 1024 1024 1024
IP-MAC mapping      
Mapping rules 1024 1024 1024
Tunnel Routing      
Tunnel groups 100 400 1000
Tunnels of a tunnel group 16 16 16
Total enabled tunnels 2500 2500 2500
Default rules of a tunnel group 1024 1024 1024
Routing rules 1024 1024 1024
Persistent rules 1024 1024 1024
Reports      
IP annotations 1024 1024 1024
Scheduled emails 20 20 20

FortiWAN Database Data Utility

Database Data Utility

FortiWAN’s Reports keeps report data in the built-in hard disk (HDD) for long-term analysis and reports. As the data increases, disk storage consumption increases. The DB data utility provides functions to manage FortiWAN Reports database:

l Backup: Backup report data for migration. l Delete: Delete report data to release disk space. l Restore: Restore backup data to Reports’ database.

The DB data utility is a Web-based management tool providing limited features very similar to the Reports database tool.

Go to Reports > Settings > DB Data Utility, an operation panel with tabs Backup, Restore and Delete is shown.

Backup

This feature allows you a database backup for a single day. For having backups of a couple of days, you will need to either perform the backups individually (day by day) or install a Reports Database tool on your local computer to perform a single database backup for a couple of days.

To backup report data of a single date, click the Backup tab on the panel and simply follow the steps:

  1. Click the Date field to open the calender and specify a date for backup.
  2. Click the Backup button to start data backup procedure. The backup file will be named in form Default_ yyyymmdd.data by default, such as Default_20161007.data. This backup file will be required when you are restoring it back to FortiWAN.

Restore

To restore a data backup to Reports, click the Restore tab on the panel and simply follow the steps:

  1. Click the filed Select the data file to restore to select a backup file (.data file) for restoring.
  2. Click the Restore button to start data restore procedure.

Note that it is not allowed to backup or restore report data of the current date (today) since FortiWAN Reports is receiving and processing the data for today. The operations are available for data before today.

Note that both the Web-based database data utility and the Reports database tool use the common backup file format (.data), which implies that a backup file (.data), whether is generated by the Web-based database data utility or the Reports database tool, can be restored back to Reports database in both the ways.

Delete

To delete report data from the database, click the Delete tab on the panel and simply follow the steps:

  1. Click the From date field to open the calender and specify the start date for deleting.
  2. Click the To date field to open the calender and specify the end date for deleting.
  3. Click the Delete button to delete the report data of the specified period.

 

A: Default Values

FortiWAN Disk Space Control

Disk Space Control

Disk space of the FortiWAN Reports is being consumed by increasing report database. Once the disk space is used up, Reports will fail to continue log processing. Disk Space Control monitors the disk space status of Reports and triggers actions (purge and alert) according to user-defined conditions. Click Settings > Disk Space Control to enter the Disk Space Control settings page.

Purge old data from database

The Purge function is triggered by two conditions, day duration and percentage of free disk space. It will purge the old data from database when any of the two conditions is satisfied. This function purges data from database without data backup. Please refer section of Reports Database Utility in Advanced Functions for more information about database backup (See “Reports Database Tool”).

Days         :         Enter the number of days for the duration. When database data exceeds the day duration, Reports keeps the latest data of the day duration in database and purges the earlier data. Leave the field empty if you want disable the condition.

Percentage (%) : Enter the percentage. When disk free space is less than the percentage of total disk space, Reports purges the earlier data from database to keep disk free space more than the amount. Leave the field empty if you want disable the condition.
Send notification after purge data : Click to enable notification via email after data purging. Settings > Email Server must be configured to ensure the notification (See “Reports Email Server”).

Send Alerts

The alert function is triggered by two conditions, day duration and percentage of free disk space. It will alert administrator via email when any of the two conditions is satisfied. Settings > Email Server must be configured to ensure the notification (See “Reports Email Server”).

Days : Enter the number of days for the duration. Reports sends an alert to users when database data exceeds the day duration. Leave the field empty if you want disable the condition.
Percentage (%) : Enter the percentage. Reports sends an alert to users when disk free space is less than the percentage of total disk space. Leave the field empty if you want disable the condition.

Note that system schedules condition check for database purge and sending alerts at 04:00 A.M. everyday. You are suggested to set a looser condition for sending alerts than database purge so that you get the alert earlier before the data being purged, if you need to backup the data (via Reports database tool) in advance.

Mail To

e-mail address         :         Enter the email address for system delivers alerts and notifications to. Settings > Email Server must be configured to ensure the notification (See “Reports Email Server”).

Disk Space Status

Current usage of disk space is displayed here for reference. A pie chart of disk space usage is generated based on free space, database used and other used. Moving the mouse over the three parts of the chart displays the correspondent amount of space.

Free Space : Display the amount of free disk space in MB and percentage.
Database Used : Display the disk amount used by Reports database in MB and percentage.
Other Used : Display the amount of disk overhead or pre-allocated space in MB and percentage.
Total Space : Display the total disk space in MB.
Save : Click to save the configuration.

FortiWAN Scheduled Emails

Scheduled Emails

You may have get some report emails scheduled (see Report Email). Go to Reports > Settings > Scheduled Emails, then you can edit or delete the schedules.

Email The scheduled report email. You can see the information of the email:
l Period: Daily, weekly or monthly.
l Reports: The report categories included in the email.
l Recipients: Email addresses of report email recipients
l Format: Format that the reports are attached in, PDF or CSV.
Action Edit or Delete the report email.

Edit a scheduled report email

Recipients Edit the email address of report email recipients.
Format Select the format that the reports are attached in: PDF or CSV.
Schedule Select the period for automatic email sending: Daily, Weekly or Monthly.
Reports Delete report categories from the report email. The only way to add report categories to a scheduled report email is the “Add to existing” function on every report page (see Report Email).
Save Click to save the changes.

FortiWAN Reports Settings

Reports Settings

The Settings here is used to simply manage the Reports on database, disk space and the SMTP server used to email reports. Click the listed settings and you can further configure them:

Reports    :   Enable/disable Reports (See “Reports”).

IP Annotation : Create, modify and delete the notes of IP addresses (See “IP Annotation”).
Dashboard Page Refresh

Time

: Auto refresh dashboard page according the time interval you specify (See “Dashboard Page Refresh Time”).
Email Server : Manage email server settings for sending emails (See “Email Sever”).
Scheduled Emails : Manage the existing email scheduling (See “Scheduled Emails”)
Disk Space Control : Monitor disk free space, and send alerts or purge data when it is low (See “Disk Space

Control”).

DB Data Utility : Manage the Reports database via backup, restore and delete operations (See

“Database Data Utility”)

Please note that this function is only available for the users log-in as administrator permission.

Reports

FortiWAN Reports works by parsing and analyzing the various system logs. Before using the FortiWAN Reports, you have to enable it by specifying the way and the events to push system logs to Reports. You will be redirected to Log > Reports to complete the necessary settings to enable the FortiWAN Reports (See “Log > Reports”).

IP Annotation

IP annotation helps users to recognize IP addresses shown in Reports by predefined notes. An annotation icon will appear next to the IP address listed in a report page. Users can read the content of the annotation through clicking the icon. Click Settings > IP Annotation to enter the IP Annotation settings page.

Search IP Annotations

The search function for IP annotations is on the right upper corner of the page.

Search : Type in the IP address or annotation content that you want to search in the search field and click the magnifier icon to start searching. The searching result based on existing IP annotation information will be listed in the table under the field.
Prev : Click to return to previous page of IP annotation list.
Next : Click to go to next page of IP annotation list.
Show rows : Allow you to select the number of IP annotation to be displayed in the search result per page: 10, 20 or 50 rows.

List the IP Annotations

All IP annotations are displayed in the table on the center of the page.

IP address    :   List the IP address of an annotation.

Note    :    Lists the annotation content of the IP address.

Action         :         Click Edit to edit the content of an IP annotation. The edit interface is the same as what for adding a new annotation (See below). Click Delete to delete an IP annotation.

Add a New IP Annotation

Click the New Note button on the left upper corner to enter the page for adding a new IP annotation.

IP address    :   Enter the IP address for the IP annotation.

Note Content    :    Enter the annotation content.

Save    :   Click to save the configuration and complete adding an IP annotation.

Dashboard Page Refresh Time

Reports dashboard displays instant hardware states and information of FortiWAN (See “Dashboard”). The refresh interval keeps your dashboard in sync with the latest data, however frequent page refresh might cause high CPU usage especially when FortiWAN is processing large traffic flow. Please select the appropriate fresh interval for your system. The options are refreshing dashboard every 5 sec, 15 sec, 20 sec and 30 sec, or Do not refresh the dashboard.

Email Server

Individual reports (See “Report Email”) and system alerts (See “Disk Space Control”) can be sent to users via email. It is necessary to configure the email server first to deliver the report and alert emails to users. Note that configuration here is the same as the configuration made in the tab “Email” of every report page (See “Report Email”).You can maintain the unique configuration of mail server for Reports via Settings > Email Server or the “Email” function of every report page. The mail servers used for Reports, log push (See “Log Control”) and notifications (See “Notification”) could be different. Click Settings > Email Server to enter the Email Server settings page.

SMTP Server : Enter the SMTP server used to transfer emails.
Port : Enter the port number of the SMTP server.
SSL : Click to allow SMTP server to transfer emails through SSL.
Mail From : Fill in the sender’s name of emails.
Account : Enter the user name for SMTP server authentication.
Password : Enter the password for SMTP server authentication.
Save : Click to save the configuration.

FortiWAN Reports Database Tool

Reports Database Tool

FortiWAN’s Reports stores database in the built-in hard disk (HDD) for long-term analysis and reports. As the data increases, storage consumption increases. The Reports database tool (DB tool) is an application running on your local computer to manage remote FortiWAN Reports database. Note that the DB tool must be ran on a host that can access FortiWAN Web UI. Please contact Fortinet CSS to get the tool and install it following the instructions below.

A Web-based Reports database management tool providing limited functions similar to the Reports database tool is available, see Database Data Utility.

Installation Procedures

Step 1: Click the installation file (such as FWN-dbtool-4.0.0-B20150303.exe) to run the installer. Select the language of your choice.

Step 2: Read the System Requirements.

Step 3: Click ‘Next’ to begin the setup.

Step 4: Read the License Agreement carefully. Click the ‘I Agree’ button to accept the agreement and begin the installation process. Otherwise, please click ‘Cancel’.

Step 5: Choose a destination folder for setup and click ‘Next’.

Step 6: Choose a Start Menu folder (or check ‘Do not create shortcuts’ to ignore it). Click ‘Install’ and then the installation process will begin.

Step 7: Click ‘Finish’ to complete Reports DB Tool setup.

Start DB Tool

To perform the database tool, please go to: Start > Programs > FWN-dbtool, and DB Tool utility is available for selection.

DB Tool: Tool to manage report data from the Reports database.

Fortinet: Link to Fortinet web site.

Uninstall: Uninstalls DB Tool.

Setting

The first time when you use the DB tool, please go to Setting to specify the database to be managed.

DB IP Specify the location of the Reports database. it would be the IP address of FortiWAN Web UI.
DB Port Specify the port number that Reports database is listening. Please use the default port 5432.
Save Click to save the setting.

The DB tool can be used to backup, restore and delete data from FortiWAN’s Reports database.

Backup

From date Specify the start date to back up the data by selecting a date from the drop-down calendar.
To date Specify the end date to back up the data by selecting a date from the drop-down calendar.
Save to the directory Click Browse to select a location where the backup data should be saved.
Delete the data after exported Check it to delete the data in Reports database after it is backed up.
Backup Click to start backing up the data of selected dates.

Restore

Restore Click to select backup files to restore to database.

 

Delete

From date Select a date from the drop-down calendar to specify the start date to delete the data.
To date Select a date from the drop-down calendar to specify the end date to delete the data.
Delete Click to start deleting data of selected dates.

Note that although operations that Backup and Restore data of the current date (today) are allowed, it might cause damages the report data since FortiWAN Reports is receiving and processing the data for today. Backup and Restore are strongly recommend to be used for data before today.

FortiWAN Custom Filter

Custom Filter

Reports offers 6 fixed reports of bandwidth usage by default; In Class, Out Class, WAN, Service, Internal IP, and External IP. Usually, administrators will need to check drilled-in information for particular target regularly. As discussed previously, Drill-in function can be used to obtain more report specifics, while Filter helps to directly obtain more traffic data of a specific target. In order to quickly perform a query based on a specific filter without going through those tedious steps over again, Custom Filter allows users to apply their own filters based on particular requirements for query on bandwidth usage reports.

Click Filter above every Bandwidth Usage report to see an extended block for further settings.

Add new condition:

  • A Filter can be composed of multiple conditions. Click Add new condition and select an option from the drop-down menu to start setting your filter: In Class, Out Class, WAN, Service, Internal IP, External IP, Internal Group and External Group.

Conditions:

  • There are two actions for options while setting the condition:
  • Including: Extract only those records that fulfill the specified criterion.
  • Excluding: Extract those records that not fulfill the specified criterion.
  • Configurations for report categories:
  • In Class: Enter the Inbound Class name you want to query (include or exclude) in the input field. l Out Class: Enter the Outbound Class name you want to query (include or exclude) in the input field. l WAN: Enter the WAN number you want to query (include or exclude) in the input field.
  • Service: Enter the Service you want to query (include or exclude) in the input field. Click on the arrow next to the input field to see more Service options. Predefined L4 and L3 protocols are available. Entering a single or a range of port number is also allowed.
  • Internal IP: Enter the Internal IP address you want to query (include or exclude) in the input field.
  • External IP: Enter the External IP address you want to query (include or exclude) in the input field.
  • Delete: Delete the extended block of condition settings in the filter.

Cancel:

Click Cancel to close the extended block of filter settings.

Apply:

Click Apply to start the query based on the filter conditions defined. The result is presented in the report area. Note both the result and filter conditions will not be saved in user profile. When the page moves to other report categories, the filter conditions will be invalid.

Example

Check out the Internal IP report first, and create and apply a customer filter, for example, with the conditions

WAN = 1 and Service = HTTPS(TCP@443). The query result of traffic statistics that are associated with the Service HTTPS(TCP@443) and passed through FortiWAN via WAN1 will then be displayed by Services accordingly. As illustrated below, the block marked in blue indicates the query subject of current report:

Continuing the example described above, apply the custom filter: Service=HTTPS(TCP@443), WAN=1 and Internal IP=10.12.106.17 in the Traffic Rate report, and the query result will show the corresponding traffic statistics by traffic rate as follows (the block marked in blue indicates the query subject of current report):

Note: Saved custom filters are kept in user account profile. Users can edit and delete custom filters from their account profile. Please refer to section of Customer Filters in Account Settings for more information.

Export

All reports generated by Reports can be exported as PDF or CSV format. By clicking Export button on the upper side of any report page, PDF and CSV are displayed for options.

Report Email

All reports generated by Reports can be sent to users via email. Reports saved in PDF or CSV format can be sent out as email attachments.

Note: Prior to creating emails, you must first configure an email server used to transfer report emails to Reports. You can set the email server through Reports > Settings > Email Server, or the email function on every report page.

Click the Email button on the right upper corner of any report page to configure email settings to current report page. For example, in the settings dialog below, you are currently in Traffic Rate report (see the header “Email : Traffic Rate” on the setting dialog), then you can:

  • Send Traffic Rate through email immediately l Configure the email server used to transfer report emails l Set Traffic Rate email scheduled
  • Add Traffic Rate to an existing scheduled report email

The Email function is also available for custom-filter reports and drill-in reports. No matter which report page you’re at, you can always click the Email button on that page to determine when you want to send the current report through email.

Send now

Click the Send now tab on the setting dialog. This feature requires a email server configured first.

Recipients Enter the email address of report email recipients.
Format Select the format of reports included in this email: PDF or CSV.
Cancel Click to cancel current configuration and close the dialog window.
Send Click to send the report email immediately.

Email Server

Click the Email Server tab on the setting dialog. You can also set the email server through Reports > Settings > Email Server. Both ways directs to one Reports to one email server.

SMTP Server Enter the SMTP server used to transfer emails.
Port Enter the port number of the SMTP server.
SSL Click to allow SMTP server to transfer emails through SSL.
Account Enter the user name for SMTP server authentication.
Password Enter the password for SMTP server authentication.
Mail From Fill in the sender’s name of emails.

Schedule

Click the Schedule tab on the setting dialog to set the report email scheduled. This feature requires a email server configured first.

Recipients Enter the email address of report email recipients.
Format Select the format of reports included in this email: PDF or CSV.
Schedule Select the period for automatic report email sending.
l Daily: the report bounded in previous day 00:00 ~ 24:00 will be automatically sent at 05:00 everyday.
l Weekly: the report bounded in the last week (Monday 00:00 ~ Sunday 24:00) will be automatically sent at 05:00 every Monday.
l Monthly: the report bounded in the last month (the first day 00:00 ~ the last day 24:00) will be automatically sent on the first day of every month at 05:00.

Add to existing

Click the Add to existing tab on the setting dialog to list the schedule. By clicking the button “Add to this” on the right upper corner of every schedule item, you can add current report category to one of the scheduled report emails. You can edit the schedule through Reports > Settings > Scheduled Emails.

Advanced Functions of Reports

Advanced Functions of Reports

Reports provides advanced functions beyond the basic reports to give an accurate analysis. Drill In and Custom Filter are the functions about querying the reports with complex conditions. It delivers only the data that a user needs from large data sets. Export and Report Email are the functions about documentations and delivering of the on-line reports. The details of the advanced functions are described as follows.

Drill In

There are 7 different query conditions for Bandwidth Usage, including In Class, Out Class, WAN, Service, Internal IP, External IP and Traffic Rate. In every Bandwidth Usage report, analysis can be further drilled-in to include more traffic data statistics; in other words, Reports allows traffic to be queried based on combination of multiple conditions. For example, select Service as the query subject from the menu in the category area, and the Service report will be displayed accordingly, as shown below:

Service=All

Go to Reports > Service, you can have an overall service report which gives the traffic statistics of all the service usages (query result is as shown below).

 

The HTTPS(TCP@443) service can be further drilled in to query which WAN link of FortiWAN are utilizing this service by clicking the Drill In magnifier icon in the row of HTTPS(TCP@443) listed in the table and select WAN (query result is as shown below):

Service=HTTPS(TCP@443) & WAN=All

As indicated in the blue box (shown in the figure above), this page presents the data of HTTPS(TCP@443) traffic in the WAN report, In the statistics table, the WAN link 1 can be further drilled in to query what internal IP addresses are included by clicking the Drill In magnifier icon in the row of WAN 1 listed in the table and select Internal IP (query result is as shown below):

Service=HTTPS(TCP@443) & WAN=1 & Internal IP=All

As indicated in the blue box (shown in the figure above), this page presents the data of Internal IP report that includes the traffic of WAN 1 (WAN) using HTTPS(TCP@443) (Service), The IP address: 10.12.106.17 can be further drilled in to query what External IP addresses it is connected to by clicking the Drill In magnifier icon in the row of 10.12.106.17 IP listed in the table and select External IP (query result is as shown below):

Service=HTTPS(TCP@443) & WAN=1 & Internal IP=10.12.106.17 & External IP=All

As indicated in the blue box (shown in the figure above), this page presents the data of External IP report that includes the traffic of WAN 1 (WAN) at internal IP=10.12.106.17 (Internal IP) using HTTPS(TCP@443) (Service).

From the example illustrated above, administrators can easily query the traffic flow based on combination of various conditions needed, while analysis can be drilled in to more details for better review. In the upper section of the report page, you’ll see a summary of the query conditions used in the existing report (highlighted in blue as shown in the image above), making it clear for administrators to keep track of the query details.

Service=HTTPS(TCP@443) & WAN=1 & Internal IP=10.12.106.17 & Traffic Rate=All

Continuing the example described above, the query submitted returns a result that the IP address: 10.12.106.17 via WAN 1 is connecting to External IP addresses, via the HTTPS(TCP@443) service. You can change the last Drill In condition (External IP) to a different one (such as traffic rate of bandwidth usage) using the same filter: WAN=1, Internal IP=10.12.106.17 and Service=HTTPS(TCP@443), by selecting Traffic Rate from the drop-down menu of External IP (as shown below):

The report presented by Traffic Rate using the same filter: Service=HTTP(TCP@443), WAN=1 and Internal IP=10.12.106.17 is illustrated as follows.

As illustrated in the example above, Reports offers two kinds of advanced query: you can either keep drilling in with different conditions to get a report with more specific details, or change query condition at any Drill In level; in other words, network flow data can be queried either vertically or horizontally.