Fortinet black logo

Handbook

Home FortiDDoS-F 6.3.3 Handbook

Generate Traffic Statistics

6.3.3
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1
Copy Link
Copy Doc ID 369dfb00-033f-11ed-bb32-fa163e15d75b:534595
Download PDF

Generate Traffic Statistics

Baseline traffic statistics overview

The baseline traffic statistics are the maximum value (rate or count) measured by the counter for each parameter, in each direction in each Service Protection Policy during the observation period. The system saves data points every five minutes. During a 1-hour period, for example, there are 12, 5-minute observation periods. FortiDDoS saves a data point for each 5-minute interval. If you choose a 1-hour period, the system generates the maximum value across these 12 periods of 5-minute intervals.

The baseline statistics are used to establish the configured minimum threshold and ultimately the absolute maximum rate limit.

Generating baseline traffic statistics

You can generate baseline traffic statistics based on the following observation periods:

  • Past 1 hour
  • Past 8 hours
  • Past 1 day
  • Past 1 week – recommended for enterprise customers
  • Past 1 month – recommended for ISP/Hosting customers
  • Past 1 year
  • Past 10 minutes – CLI only, normally used for PoC or training

Use a time period that is representative of typical traffic volume and has had no attacks.

Before you begin:

• You must have Read-Write permission for Protection Profile settings.

• Note that the FortiDDoS is accessed when you generate traffic statistics or set system recommended thresholds. Do not perform multiple operations simultaneously.

To generate baseline traffic statistics:
  1. Go to Service Protection > Service Protection Policy > {SPP Rule} > Threshold Settings > System Recommendation, and click Generate Statistics
  2. Select the time period from the drop-down list.
  3. Select Generate Statistics.
  4. It takes several minutes for the process to complete. Click Refresh to track the status. The process is complete when the status shows "Available" and a timestamp.

Note: VM platform maintains a single resource to store traffic data for each of TCP Ports (1024-65535), URL(1024-65535), UDP ports (10240-65535) & ICMP type Code (40:0-255:255). So, it is possible to see one single entry in Traffic statistics data for these ports in VM platforms only.

To configure using the CLI:

execute generate-traffic-stats spp <rule_name> <report_period> 1h|8h|1d|1w|1m|1y|600s
Displaying baseline traffic statistics

You can review the statistics that are the basis of the system recommended thresholds.

Before you begin:

• You must have generated traffic statistics as described above.

• You must have Read-Write permission for Protection Profile settings.

To display baseline traffic statistics
  1. Go to Service Protection > Service Protection Policy > {SPP Rule} > Threshold Settings > System Recommendation.
  2. Select the type of statistics from the drop-down list.
  3. Select the time period from the drop-down list.

Note: By default, the system does not display parameters with counts lower than default Low threshold value i.e. 500

Clear Do not show values below low threshold option if you want to see these low counts

Previous
Next

Generate Traffic Statistics

Baseline traffic statistics overview

The baseline traffic statistics are the maximum value (rate or count) measured by the counter for each parameter, in each direction in each Service Protection Policy during the observation period. The system saves data points every five minutes. During a 1-hour period, for example, there are 12, 5-minute observation periods. FortiDDoS saves a data point for each 5-minute interval. If you choose a 1-hour period, the system generates the maximum value across these 12 periods of 5-minute intervals.

The baseline statistics are used to establish the configured minimum threshold and ultimately the absolute maximum rate limit.

Generating baseline traffic statistics

You can generate baseline traffic statistics based on the following observation periods:

  • Past 1 hour
  • Past 8 hours
  • Past 1 day
  • Past 1 week – recommended for enterprise customers
  • Past 1 month – recommended for ISP/Hosting customers
  • Past 1 year
  • Past 10 minutes – CLI only, normally used for PoC or training

Use a time period that is representative of typical traffic volume and has had no attacks.

Before you begin:

• You must have Read-Write permission for Protection Profile settings.

• Note that the FortiDDoS is accessed when you generate traffic statistics or set system recommended thresholds. Do not perform multiple operations simultaneously.

To generate baseline traffic statistics:
  1. Go to Service Protection > Service Protection Policy > {SPP Rule} > Threshold Settings > System Recommendation, and click Generate Statistics
  2. Select the time period from the drop-down list.
  3. Select Generate Statistics.
  4. It takes several minutes for the process to complete. Click Refresh to track the status. The process is complete when the status shows "Available" and a timestamp.

Note: VM platform maintains a single resource to store traffic data for each of TCP Ports (1024-65535), URL(1024-65535), UDP ports (10240-65535) & ICMP type Code (40:0-255:255). So, it is possible to see one single entry in Traffic statistics data for these ports in VM platforms only.

To configure using the CLI:

execute generate-traffic-stats spp <rule_name> <report_period> 1h|8h|1d|1w|1m|1y|600s
Displaying baseline traffic statistics

You can review the statistics that are the basis of the system recommended thresholds.

Before you begin:

• You must have generated traffic statistics as described above.

• You must have Read-Write permission for Protection Profile settings.

To display baseline traffic statistics
  1. Go to Service Protection > Service Protection Policy > {SPP Rule} > Threshold Settings > System Recommendation.
  2. Select the type of statistics from the drop-down list.
  3. Select the time period from the drop-down list.

Note: By default, the system does not display parameters with counts lower than default Low threshold value i.e. 500

Clear Do not show values below low threshold option if you want to see these low counts

Previous
Next