Fortinet black logo

Handbook

Home FortiDDoS-F 6.3.3 Handbook

Monitor graphs overview

6.3.3
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1
Copy Link
Copy Doc ID 369dfb00-033f-11ed-bb32-fa163e15d75b:577472
Download PDF

Monitor graphs overview

You can use the Monitor graphs to track trends in throughput rates, source and destination traffic, connections, and drops related to FortiDDoS detection and prevention settings.

Note: FortiDDoS Ingress/Egress traffic reporting is different from most network products. In order to immediately show attack drops, the graphs structure shows the differential in traffic arriving from the internet to FortiDDoS and traffic from FortiDDoS towards your infrastructure, the ingress/egress is structured like this.

From

To

Inbound

Ingress

Internet

FortiDDoS

Egress

FortiDDoS

Internal network

Outbound

Ingress

Internal network

FortiDDoS

Egress

FortiDDoS

Internet

The graph below shoes that the green Ingress traffic is significantly higher than the orange Egress traffic. This indicates that FortiDDoS is dropping traffic as it passes through the system and you are under attack.

The labels show that Ingress is from Port 2 (Internet facing port) and Egress is from Port 1 (internal network facing port), unlike a firewall where ingress and egress is shown for the same port.

Ingress/Egress is reversed for the outbound direction. Again, you will see immediately if FortiDDoS is dropping packets as they traverse the system.

Other graph features:

  • All graphs support both Inbound and Outbound views.
  • Most graphs are in packets-per-second but some graphs also show bits-per-second and some will show counts like Connections per Second or Drops.
  • Many graphs are SPP-related and will show a drop-down menu to select the SPP to view
  • All graphs can switch the Y-Axis view between Linear and Logarithmic. Logarithmic is useful when there is a combination of very high and very low sub-graphs within the same graph.
  • All graphs can display traffic and/or drops for 1-hour, 8-hours, 1-day, 1-week, 1-month or 1-year.
  • Most graphs do not refresh automatically so there is a refresh icon a the top-right of the graph.
  • Subgraph views such as the Port 1 Ingress Packets/Sec above can be hidden by clicking anywhere on the label. Click again to unhide. Hidden sub-graphs will be unhidden if you leave the graph page.
  • If there are a very large number of sub-graphs on the page, you will see pagination arrows to the left of the labels to see other labels.

The Monitor graphs menu includes the following categories:

  • Dashboard
    • Aggregate physical Interfaces traffic
    • Aggregate all-SPP traffic
    • Aggregate all-SPP Drops
  • FortiView > SPP > Viewprovides a per-SPP view of:
    • Traffic rates
    • Source Countries traffic rates
    • SPP Attacks aggregate drops
    • SPP Protocols aggregate traffic rate
  • Monitor
    • Interfaces
      • Per interface-port-pair graph showing:
        • Inbound Ingress traffic (from the internet to FortiDDoS)
    • Drops Monitor
      • Per-SPP Layer 3 to Layer 7 attack graphs for:
        • Aggregate Drops
        • Flood Drops
        • ACL Drops
        • Anomaly Drops
        • Memory Drops
    • Traffic Monitor
      • Per-SPP Protection Subnets traffic rates
      • Per-SPP Layer 3/4/7 traffic rates and attack drops

The multiple views and granular filters are useful for comparing and contrasting trends broadly, and for drilling into details. For example, you can use the Aggregate drops graph to get an overall picture on security events and see whether to review ACL graphs, flood graphs, or anomalies graphs next.

The following graph is an example of a monitor graph.

It shows the following information:

  • Data resolution Period - Whether data points for the graph are rolled up in 30 second, 5 minute, 1 hour, 3 hour, or 45 hour windows.
  • Threshold - The configured minimum threshold (matches the setting on the Service Protection > Service Protection Policy > {SPP Rule} >Thresholds).
  • Y-Axis Linear or Logarithmic selection which allows easier viewing of both low-rate and high-rate parameters at the same time
  • Inbound or Outbound traffic direction
  • Duration of the graph from 1 hour to 1 year
  • Throughput - A graph of the throughput rate for the selected protocol during the time period. Depending on context, some graphs will:
    • Allow selection of pps or bps (Interface and SPP Traffic graphs, for example)
    • Display counts (Connections per Second graph, for example)
  • Packets dropped - A graph of packets dropped because the threshold was exceeded, validation was undertaken or other reasons depending on the parameter.
  • Parameter sub-graphs may be hidden by clicking on the matching legend label along the bottom of the graph. When graphs support many parameters, the right side of the legend will show additional “pages” of labels with directional arrows ( < 1 / 2 >)

Tool-tip Data point details

The following figure shows tool-tip information displayed when the mouse pointer hovers over a point in the graph. The tool-tip has details about that data point.

Tool-tip information for point on graph line

Previous
Next

Monitor graphs overview

You can use the Monitor graphs to track trends in throughput rates, source and destination traffic, connections, and drops related to FortiDDoS detection and prevention settings.

Note: FortiDDoS Ingress/Egress traffic reporting is different from most network products. In order to immediately show attack drops, the graphs structure shows the differential in traffic arriving from the internet to FortiDDoS and traffic from FortiDDoS towards your infrastructure, the ingress/egress is structured like this.

From

To

Inbound

Ingress

Internet

FortiDDoS

Egress

FortiDDoS

Internal network

Outbound

Ingress

Internal network

FortiDDoS

Egress

FortiDDoS

Internet

The graph below shoes that the green Ingress traffic is significantly higher than the orange Egress traffic. This indicates that FortiDDoS is dropping traffic as it passes through the system and you are under attack.

The labels show that Ingress is from Port 2 (Internet facing port) and Egress is from Port 1 (internal network facing port), unlike a firewall where ingress and egress is shown for the same port.

Ingress/Egress is reversed for the outbound direction. Again, you will see immediately if FortiDDoS is dropping packets as they traverse the system.

Other graph features:

  • All graphs support both Inbound and Outbound views.
  • Most graphs are in packets-per-second but some graphs also show bits-per-second and some will show counts like Connections per Second or Drops.
  • Many graphs are SPP-related and will show a drop-down menu to select the SPP to view
  • All graphs can switch the Y-Axis view between Linear and Logarithmic. Logarithmic is useful when there is a combination of very high and very low sub-graphs within the same graph.
  • All graphs can display traffic and/or drops for 1-hour, 8-hours, 1-day, 1-week, 1-month or 1-year.
  • Most graphs do not refresh automatically so there is a refresh icon a the top-right of the graph.
  • Subgraph views such as the Port 1 Ingress Packets/Sec above can be hidden by clicking anywhere on the label. Click again to unhide. Hidden sub-graphs will be unhidden if you leave the graph page.
  • If there are a very large number of sub-graphs on the page, you will see pagination arrows to the left of the labels to see other labels.

The Monitor graphs menu includes the following categories:

  • Dashboard
    • Aggregate physical Interfaces traffic
    • Aggregate all-SPP traffic
    • Aggregate all-SPP Drops
  • FortiView > SPP > Viewprovides a per-SPP view of:
    • Traffic rates
    • Source Countries traffic rates
    • SPP Attacks aggregate drops
    • SPP Protocols aggregate traffic rate
  • Monitor
    • Interfaces
      • Per interface-port-pair graph showing:
        • Inbound Ingress traffic (from the internet to FortiDDoS)
    • Drops Monitor
      • Per-SPP Layer 3 to Layer 7 attack graphs for:
        • Aggregate Drops
        • Flood Drops
        • ACL Drops
        • Anomaly Drops
        • Memory Drops
    • Traffic Monitor
      • Per-SPP Protection Subnets traffic rates
      • Per-SPP Layer 3/4/7 traffic rates and attack drops

The multiple views and granular filters are useful for comparing and contrasting trends broadly, and for drilling into details. For example, you can use the Aggregate drops graph to get an overall picture on security events and see whether to review ACL graphs, flood graphs, or anomalies graphs next.

The following graph is an example of a monitor graph.

It shows the following information:

  • Data resolution Period - Whether data points for the graph are rolled up in 30 second, 5 minute, 1 hour, 3 hour, or 45 hour windows.
  • Threshold - The configured minimum threshold (matches the setting on the Service Protection > Service Protection Policy > {SPP Rule} >Thresholds).
  • Y-Axis Linear or Logarithmic selection which allows easier viewing of both low-rate and high-rate parameters at the same time
  • Inbound or Outbound traffic direction
  • Duration of the graph from 1 hour to 1 year
  • Throughput - A graph of the throughput rate for the selected protocol during the time period. Depending on context, some graphs will:
    • Allow selection of pps or bps (Interface and SPP Traffic graphs, for example)
    • Display counts (Connections per Second graph, for example)
  • Packets dropped - A graph of packets dropped because the threshold was exceeded, validation was undertaken or other reasons depending on the parameter.
  • Parameter sub-graphs may be hidden by clicking on the matching legend label along the bottom of the graph. When graphs support many parameters, the right side of the legend will show additional “pages” of labels with directional arrows ( < 1 / 2 >)

Tool-tip Data point details

The following figure shows tool-tip information displayed when the mouse pointer hovers over a point in the graph. The tool-tip has details about that data point.

Tool-tip information for point on graph line

Previous
Next