Fortinet black logo

Online Help

Container Traffic

Copy Link
Copy Doc ID cf00dcb1-0886-11ed-bb32-fa163e15d75b:254781

Container Traffic

The dotted line inside the Namespaces represents the traffic between the pods with the arrow pointing in the direction which the data traveled. There is no detail on what is being transferred from one pod to another, but only a record showing that there had been communication between the two pods.

Prerequisite

Container Traffic Detail

Suspicious IP Group

Prerequisite

Container Traffic feature requires CNI (Container Network Interface) plug-in. Depending on the CNI plug-in of the container platform you are using, Container Protection may or may not support the CNI plug-in of the container platform.

Table of CNI plug-in supported and not supported by Container Protection:

Supported CNI Plug-in

Unsupported CNI Plug-in

AKS (Kubernet)

GKE (Kubernet)

EKS VPC CNI (AWS)

Flannel

Calico (iptables mode)

Weave

Cilium

Calico (eBPF mode)

For Calico (iptables mode) users, if you would like to enable and use the container traffic feature, please append the following environment variables in the calico-config.yaml file:

- name: FELIX_CHAININSERTMODE

value: "Append"

Here is a screen shot of where the variables should be placed in:

Container Traffic Detail

Go to Container Visibility, then click on any View Container Visibility box. When moving the mouse over a dotted line inside a Namespace, it will turn into blue. Click on the blue line will show the internal traffic between the two pods.

Click on the Detail button under Connection, then the source/destination detail of the pod traffic will be shown.

In case where there is traffic between the pod and an external source, the dotted line will point to a source that is outside of the Namespace.

When clicking on the dotted traffic line, it will show the traffic detail between the pod and the external source.

Suspicious IP Group

Suspicious IP Group constantly gathers botnet and malicious IP addresses through FortiGuard, and when there is traffic between the suspicious IP addresses and the clusters that are being monitored, there will be traffic between the clusters and the suspicious IP group.

Container Traffic

The dotted line inside the Namespaces represents the traffic between the pods with the arrow pointing in the direction which the data traveled. There is no detail on what is being transferred from one pod to another, but only a record showing that there had been communication between the two pods.

Prerequisite

Container Traffic Detail

Suspicious IP Group

Prerequisite

Container Traffic feature requires CNI (Container Network Interface) plug-in. Depending on the CNI plug-in of the container platform you are using, Container Protection may or may not support the CNI plug-in of the container platform.

Table of CNI plug-in supported and not supported by Container Protection:

Supported CNI Plug-in

Unsupported CNI Plug-in

AKS (Kubernet)

GKE (Kubernet)

EKS VPC CNI (AWS)

Flannel

Calico (iptables mode)

Weave

Cilium

Calico (eBPF mode)

For Calico (iptables mode) users, if you would like to enable and use the container traffic feature, please append the following environment variables in the calico-config.yaml file:

- name: FELIX_CHAININSERTMODE

value: "Append"

Here is a screen shot of where the variables should be placed in:

Container Traffic Detail

Go to Container Visibility, then click on any View Container Visibility box. When moving the mouse over a dotted line inside a Namespace, it will turn into blue. Click on the blue line will show the internal traffic between the two pods.

Click on the Detail button under Connection, then the source/destination detail of the pod traffic will be shown.

In case where there is traffic between the pod and an external source, the dotted line will point to a source that is outside of the Namespace.

When clicking on the dotted traffic line, it will show the traffic detail between the pod and the external source.

Suspicious IP Group

Suspicious IP Group constantly gathers botnet and malicious IP addresses through FortiGuard, and when there is traffic between the suspicious IP addresses and the clusters that are being monitored, there will be traffic between the clusters and the suspicious IP group.