Using the Layer 3 graphs

Example Layer 3 Graph

Before you begin:

• You must have Read permission for the Monitor menu.

• Refer to Reading Monitor graphs to understand the graphs in detail.

To display the graphs:

Go to Monitor / Traffic Monitor / > Layer 3/4/7 > Layer 3 > [SPP] [Sources / Destinations / Protocols / Other] [Y-Axis view] [Direction] [Reporting Period].

The follow table summarizes the statistics displayed in each graph.

Layer 3 graphs
Statistic	Description
Sources Tab	Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop information for: Most Active Source Ingress Traffic (pps) - Trend in observed ingress packet rate of the most active source address. Note that this is not necessarily a graph of the same source over time, but rather a trend of the rate for the most active source during each sampling period. Most Active Source Egress (pps) - Trend in observed egress packet rate of the most active source address. Note that this is not necessarily a graph of the same source over time, but rather a trend of the rate for the most active source during each sampling period. Most Active Source Estimated Threshold (pps) - Trend in the Estimated Threshold described above. Most Active Source Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting most-active-source threshold
Destinations Tab	Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop information for: Most Active Destination Ingress Traffic (pps) - Trend in observed ingress packet rate of the most active destination address. Note that this is not necessarily a graph of the same destination over time, but rather a trend of the rate for the most active destinations during each sampling period. Most Active Destination Egress Traffic (pps) - Trend in observed egress packet rate of the most active destination address. Note that this is not necessarily a graph of the same destination over time, but rather a trend of the rate for the most active destinations during each sampling period. Most Active Destination Estimated Threshold - Trend in the estimated threshold described above. Most Active Source Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting most-active-destination threshold Note: FortiDDoS System Recommendations does not set a Most Active Destination Threshold (i.e. sets the Threshold to system maximum). You can add a manual Threshold if desired.
Protocols Tab	Displays pps Traffic, Threshold and per-5-minute Drop information for: Selected Layer 3 Protocols from 0-255 [Protocol] Ingress Traffic (pps) - Trend in observed ingress packet rate of this Protocol [Protocol] Egress Traffic (pps) - Trend in observed egress packet rate of this Protocol Note: When the Protocol number is selected, the current System Recommended Threshold for that Protocol is shown at the top-left of the graph. FortiDDoS System Recommendations does not set Thresholds (i.e. uses system maximums) for: TCP (Protocol 6) UDP (Protocol 17) Other mitigations normally protect from attacks using these Protocols. You can add Thresholds for these Protocols if desired.
Other Tab
Count of Unique Sources	Displays the total count of unique source IP addresses in the session table.
Fragmented Packets	Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop and ACL information for: Other Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP Other Fragments Egress Traffic (pps) Other Fragments Estimated Threshold (pps) – See Estimated Thresholds above Other Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold Other Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by Other Fragment Check ACL in the IP Profile assigned to this SPP. Note: Other Fragment Check ACL is not recommended. Misconfigured clients can create significant GRE (Protocol 47) and IPSEC (Protocol 5) fragmentation. Use System Recommended Thresholds. TCP Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP TCP Fragments Egress Traffic (pps) TCP Fragments Estimated Threshold (pps) – See Estimated Thresholds above TCP Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold TCP Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by the TCP Fragment Check in the IP Profile assigned to this SPP. Note: TCP Fragment Check ACL is not recommended. Misconfigured clients can create significant TCP fragmentation. Use System Recommended Thresholds. UDP Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP UDP Fragments Egress Traffic (pps) UDP Fragments Estimated Threshold (pps) – See Estimated Thresholds above UDP Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold UDP Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by UDP Fragment Check in the IP Profile assigned to this SPP. Note: TCP Fragment Check ACL is not recommended. Misconfigured clients can create significant TCP fragmentation. Use System Recommended Thresholds.

Layer 3 graphs

Statistic

Description

Sources Tab

Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop information for:

Most Active Source Ingress Traffic (pps) - Trend in observed ingress packet rate of the most active source address. Note that this is not necessarily a graph of the same source over time, but rather a trend of the rate for the most active source during each sampling period.
Most Active Source Egress (pps) - Trend in observed egress packet rate of the most active source address. Note that this is not necessarily a graph of the same source over time, but rather a trend of the rate for the most active source during each sampling period.
Most Active Source Estimated Threshold (pps) - Trend in the Estimated Threshold described above.
Most Active Source Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting most-active-source threshold

Destinations Tab

Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop information for:

Most Active Destination Ingress Traffic (pps) - Trend in observed ingress packet rate of the most active destination address. Note that this is not necessarily a graph of the same destination over time, but rather a trend of the rate for the most active destinations during each sampling period.
Most Active Destination Egress Traffic (pps) - Trend in observed egress packet rate of the most active destination address. Note that this is not necessarily a graph of the same destination over time, but rather a trend of the rate for the most active destinations during each sampling period.
Most Active Destination Estimated Threshold - Trend in the estimated threshold described above.
Most Active Source Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting most-active-destination threshold

Note: FortiDDoS System Recommendations does not set a Most Active Destination Threshold (i.e. sets the Threshold to system maximum). You can add a manual Threshold if desired.

Protocols Tab

Displays pps Traffic, Threshold and per-5-minute Drop information for:

Selected Layer 3 Protocols from 0-255
- [Protocol] Ingress Traffic (pps) - Trend in observed ingress packet rate of this Protocol
- [Protocol] Egress Traffic (pps) - Trend in observed egress packet rate of this Protocol

Note:

When the Protocol number is selected, the current System Recommended Threshold for that Protocol is shown at the top-left of the graph.
FortiDDoS System Recommendations does not set Thresholds (i.e. uses system maximums) for:
- TCP (Protocol 6)
- UDP (Protocol 17)

Other mitigations normally protect from attacks using these Protocols. You can add Thresholds for these Protocols if desired.

Other Tab

Count of Unique Sources

Displays the total count of unique source IP addresses in the session table.

Fragmented Packets

Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop and ACL information for:

Other Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP
Other Fragments Egress Traffic (pps)
Other Fragments Estimated Threshold (pps) – See Estimated Thresholds above
Other Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold
Other Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by Other Fragment Check ACL in the IP Profile assigned to this SPP.

Note: Other Fragment Check ACL is not recommended. Misconfigured clients can create significant GRE (Protocol 47) and IPSEC (Protocol 5) fragmentation. Use System Recommended Thresholds.

TCP Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP
TCP Fragments Egress Traffic (pps)
TCP Fragments Estimated Threshold (pps) – See Estimated Thresholds above
TCP Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold
TCP Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by the TCP Fragment Check in the IP Profile assigned to this SPP.

Note: TCP Fragment Check ACL is not recommended. Misconfigured clients can create significant TCP fragmentation. Use System Recommended Thresholds.

UDP Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP
UDP Fragments Egress Traffic (pps)
UDP Fragments Estimated Threshold (pps) – See Estimated Thresholds above
UDP Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold
UDP Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by UDP Fragment Check in the IP Profile assigned to this SPP.

Note: TCP Fragment Check ACL is not recommended. Misconfigured clients can create significant TCP fragmentation. Use System Recommended Thresholds.

Handbook

Using the Layer 3 graphs