Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    6.5.1
    7.0.3
    7.0.1
    7.0.0
    6.6.3
    6.6.3
    6.6.1
    6.6.0
    6.5.1
    6.5.0
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.1

    Status

    Status

    FortiDDoS Dashboard contains tables or summary graphs of system information and system status. Use the dashboard to check system status at-a-glance or to quickly find system information, like the hardware serial number, firmware version, license status, or interface status. For a deeper look at attack traffic, use the Monitor and Log & Report menus.

    Before you begin:

    • You must have Read permission for Dashboard, FortiView, System and Network settings.
    To display the Dashboard:
    • Go to Dashboard menu item (default landing page).

    The default dashboard setup includes the following tables/graphs:

    Additional GUI options

    All Dashboard panels can enlarge to full screen for better visibility via the icon. To return the panel to its original size, click the icon.

    Some panels have additional hidden information. Those panels display two icons:

    • at the bottom center of applicable panels. Hovering the cursor over this icon opens the panel further. Moving the cursor outside the panel closes it again.
    • at the top right of applicable panels. Clicking this icon pins the panel fully open. To return the panel to its original display, click the icon again.
    Traffic graphs (Interface and SPPs) have additional modifiers:

    Modifier

    Options
    Y-axis display

    • Linear (default)

    • Logarithmic
    Traffic

    • Inbound (default)

    • Outbound
    Data rate

    The colors of the graphs change depending on the selection:

    • Packet (default)

    • Bits

    When you hover the cursor over the graph, an index line will appear on the graph with an empty circle over the peak rate of each graph. Place the cursor in the circle and the data rate at that point displays. When the cursor is over one graph the other graph dims.
    Period (X-axis display)

    • 1-hour (default)

    • 8-hours

    • 1-day

    • 1-week

    • 1-month

    • 1-year

    Note: Some graphs do not support all five periods.

    The Drops graph has additional modifiers. Drop graphs in the system always display Packets dropped:

    Modifier

    Options
    Y-axis display

    • Linear (default)

    • Logarithmic
    Traffic

    • Inbound (default)

    • Outbound
    Duration

    • 1-hour (default)

    • 8-hours

    • 1-day

    • 1-week

    • 1-month

    • 1-year

    System Information

    This dashboard displays basic System Information, such as firmware version, serial number, host name, system time, system uptime, effective HA mode (if configured) and Bypass Status (inline/bypass).

    You can manually toggle the inline/bypass state of the appliance by clicking the status information. A confirmation is required before the system will switch. VMs do not support this feature.

    System information dashboard

    License Information

    This dashboard displays license and registration status, including status for the FortiGuard IP Reputation and Domain Reputation Services. If the system is behind web proxy, set up Tunnel (proxy) under System > FortiGuard. These Tunnel settings work for system registration, IP Reputation, Domain Reputation and Signaling.

    License Information dashboard

    Placing the cursor over the text shows additional information. You may left-click the text to go to the Licensing and FortiGuard configuration page.

    SPP Status

    SPP Status shows summary information for each SPP configured in the system and allows the user to change Detection/Prevention Mode for each direction on SPP without navigating further into the system.

    Column

    Description
    Name Names assigned to the Service Protection Policy (SPP) from Service Protection: CONFIGURATION > Service Protection Policy.

    ID

    System-assigned ID number for the SPP.

    Different models support the following numbers of SPPs:

    • VM04 = 4

    • 200F/VM08 = 8

    • 1500F/2000F/VM16 = 16
    Status SPP is enabled/disabled determined by the Status toggle in Service Protection: CONFIGURATION > Service Protection Policy.

    Mode (Inbound)

    Green Detection Mode (monitor only) or red Prevention Mode (full mitigation) per SPP, per Direction. Detection/Prevention can be toggled by clicking on the word.

    Note: Global ACLs of any time always drop matching traffic, even in Detection Mode.
    Mode (Outbound)

    Green Detection Mode (monitor only) or red Prevention Mode (full mitigation) per SPP, per Direction. Detection/Prevention can be toggled by clicking on the word.

    Note: Global ACLs of any time always drop matching traffic, even in Detection Mode.

    System Resources

    System Resources shows a real-time display of CPU, RAM, and disk usage for all processes. The default display shows the real-time usage percentage of the CPU, RAM, and disk. The usage time-line period can be adjusted using the period drop-down. Click the icons described in Additional GUI options to expand the panel to see a time-line view of the CPU and RAM usage.

    Note:

    • RAM tables and databases are pre-allocated. Do not expect much variation in the % usage over time.

    • System Resources shows actual CPU usage. Linux CLI top command will not provide accurate CPU usage when used with DPDK-based processors in FortiDDoS. Use CLI get system performance for accurate real-time CPU usage information.




    High Availability (HA)

    High Availability (HA) configuration allows you to synchronize configuration information between two FortiDDoS appliances to create a secondary appliance that always has an up-to-date configuration.

    Mode Standalone/HA configuration
    eMode

    Effective HA mode:

    • off — Not in a High Availability pair.

    • Standalone — In HA Mode but cannot contact HA partner.

    • Primary — Acting as Primary device.

    • Secondary — Acting as Secondary device.
    Group Optional group name of appliances configured in HA mode
    Override

    • Enable — Enable to make Device Priority a more important factor than up-time while selecting the Primary node. Override is enabled by default and strongly recommended.

    • Disable — If Override is Disabled, when the Primary fails, the Secondary becomes the new Primary until it fails, even if the Primary is replaced, and/or returns online, which is an unusual deployment.

    Attack Logs

    The Attack Logs dashboard displays the table which contains the most recent time-stamped attack logs by event type, drops count, SPP, Direction and SPP mode.

    Interfaces (Aggregate Interface Traffic)

    The Interfaces dashboard displays aggregate traffic through all interfaces ports.

    Use the following parameters to adjust the graph display:

    Parameter

    Description
    Linear/Logarithmic Changes the graph Y-axis for clarity. Normally use Linear.
    Inbound/Outbound

    Direction of traffic.

    FortiDDoS displays Ingress and Egress traffic differently than other networking devices to make it very obvious if FortiDDoS is dropping traffic through the system:

    Inbound

    • Ingress is traffic from the Internet to FortiDDoS.

    • Egress is traffic from FortiDDoS to the local network.

    Outbound

    • Ingress is from the local network to FortiDDoS.

    • Egress is from FortiDDoS to the Internet.
    Packet/bits Throughput in pps or bps.
    Period

    Display periods of 1-Hour, 8-Hours, 1-Day, 1-Week, and 1-Year, as calculated backwards from the current time.

    Click the icons described in Additional GUI options to expand the panel and see additional information.

    SPPs (Aggregate SPP Traffic)

    This dashboard displays the trend in aggregate throughput over a specific period of time across all SPPs. This graph provides an overview of the traffic pattern.

    To display inbound or outbound traffic, select Inbound / Outbound links on the top-right of the graph.

    Aggregate SPP Traffic dashboard

    You can hide or display the throughput for Aggregate Ingress or Aggregate Egress traffic by clicking the label.

    Aggregate SPP Traffic dashboard - hide/show specific traffic

    Aggregate Drops Graph

    The Drops dashboard displays traffic with packets dropped based on types of attack.

    Data Path Resources

    The Data Path Resources table displays the internal table usage statistics.

    Administrators

    Tracks recent Administrator successful and failed logins. For more Event information, go to Log & Report: LOG ACCESS > Logs > Event Log tab.

    Previous
    Next

    Status

    Status

    FortiDDoS Dashboard contains tables or summary graphs of system information and system status. Use the dashboard to check system status at-a-glance or to quickly find system information, like the hardware serial number, firmware version, license status, or interface status. For a deeper look at attack traffic, use the Monitor and Log & Report menus.

    Before you begin:

    • You must have Read permission for Dashboard, FortiView, System and Network settings.
    To display the Dashboard:
    • Go to Dashboard menu item (default landing page).

    The default dashboard setup includes the following tables/graphs:

    Additional GUI options

    All Dashboard panels can enlarge to full screen for better visibility via the icon. To return the panel to its original size, click the icon.

    Some panels have additional hidden information. Those panels display two icons:

    • at the bottom center of applicable panels. Hovering the cursor over this icon opens the panel further. Moving the cursor outside the panel closes it again.
    • at the top right of applicable panels. Clicking this icon pins the panel fully open. To return the panel to its original display, click the icon again.
    Traffic graphs (Interface and SPPs) have additional modifiers:

    Modifier

    Options
    Y-axis display

    • Linear (default)

    • Logarithmic
    Traffic

    • Inbound (default)

    • Outbound
    Data rate

    The colors of the graphs change depending on the selection:

    • Packet (default)

    • Bits

    When you hover the cursor over the graph, an index line will appear on the graph with an empty circle over the peak rate of each graph. Place the cursor in the circle and the data rate at that point displays. When the cursor is over one graph the other graph dims.
    Period (X-axis display)

    • 1-hour (default)

    • 8-hours

    • 1-day

    • 1-week

    • 1-month

    • 1-year

    Note: Some graphs do not support all five periods.

    The Drops graph has additional modifiers. Drop graphs in the system always display Packets dropped:

    Modifier

    Options
    Y-axis display

    • Linear (default)

    • Logarithmic
    Traffic

    • Inbound (default)

    • Outbound
    Duration

    • 1-hour (default)

    • 8-hours

    • 1-day

    • 1-week

    • 1-month

    • 1-year

    System Information

    This dashboard displays basic System Information, such as firmware version, serial number, host name, system time, system uptime, effective HA mode (if configured) and Bypass Status (inline/bypass).

    You can manually toggle the inline/bypass state of the appliance by clicking the status information. A confirmation is required before the system will switch. VMs do not support this feature.

    System information dashboard

    License Information

    This dashboard displays license and registration status, including status for the FortiGuard IP Reputation and Domain Reputation Services. If the system is behind web proxy, set up Tunnel (proxy) under System > FortiGuard. These Tunnel settings work for system registration, IP Reputation, Domain Reputation and Signaling.

    License Information dashboard

    Placing the cursor over the text shows additional information. You may left-click the text to go to the Licensing and FortiGuard configuration page.

    SPP Status

    SPP Status shows summary information for each SPP configured in the system and allows the user to change Detection/Prevention Mode for each direction on SPP without navigating further into the system.

    Column

    Description
    Name Names assigned to the Service Protection Policy (SPP) from Service Protection: CONFIGURATION > Service Protection Policy.

    ID

    System-assigned ID number for the SPP.

    Different models support the following numbers of SPPs:

    • VM04 = 4

    • 200F/VM08 = 8

    • 1500F/2000F/VM16 = 16
    Status SPP is enabled/disabled determined by the Status toggle in Service Protection: CONFIGURATION > Service Protection Policy.

    Mode (Inbound)

    Green Detection Mode (monitor only) or red Prevention Mode (full mitigation) per SPP, per Direction. Detection/Prevention can be toggled by clicking on the word.

    Note: Global ACLs of any time always drop matching traffic, even in Detection Mode.
    Mode (Outbound)

    Green Detection Mode (monitor only) or red Prevention Mode (full mitigation) per SPP, per Direction. Detection/Prevention can be toggled by clicking on the word.

    Note: Global ACLs of any time always drop matching traffic, even in Detection Mode.

    System Resources

    System Resources shows a real-time display of CPU, RAM, and disk usage for all processes. The default display shows the real-time usage percentage of the CPU, RAM, and disk. The usage time-line period can be adjusted using the period drop-down. Click the icons described in Additional GUI options to expand the panel to see a time-line view of the CPU and RAM usage.

    Note:

    • RAM tables and databases are pre-allocated. Do not expect much variation in the % usage over time.

    • System Resources shows actual CPU usage. Linux CLI top command will not provide accurate CPU usage when used with DPDK-based processors in FortiDDoS. Use CLI get system performance for accurate real-time CPU usage information.




    High Availability (HA)

    High Availability (HA) configuration allows you to synchronize configuration information between two FortiDDoS appliances to create a secondary appliance that always has an up-to-date configuration.

    Mode Standalone/HA configuration
    eMode

    Effective HA mode:

    • off — Not in a High Availability pair.

    • Standalone — In HA Mode but cannot contact HA partner.

    • Primary — Acting as Primary device.

    • Secondary — Acting as Secondary device.
    Group Optional group name of appliances configured in HA mode
    Override

    • Enable — Enable to make Device Priority a more important factor than up-time while selecting the Primary node. Override is enabled by default and strongly recommended.

    • Disable — If Override is Disabled, when the Primary fails, the Secondary becomes the new Primary until it fails, even if the Primary is replaced, and/or returns online, which is an unusual deployment.

    Attack Logs

    The Attack Logs dashboard displays the table which contains the most recent time-stamped attack logs by event type, drops count, SPP, Direction and SPP mode.

    Interfaces (Aggregate Interface Traffic)

    The Interfaces dashboard displays aggregate traffic through all interfaces ports.

    Use the following parameters to adjust the graph display:

    Parameter

    Description
    Linear/Logarithmic Changes the graph Y-axis for clarity. Normally use Linear.
    Inbound/Outbound

    Direction of traffic.

    FortiDDoS displays Ingress and Egress traffic differently than other networking devices to make it very obvious if FortiDDoS is dropping traffic through the system:

    Inbound

    • Ingress is traffic from the Internet to FortiDDoS.

    • Egress is traffic from FortiDDoS to the local network.

    Outbound

    • Ingress is from the local network to FortiDDoS.

    • Egress is from FortiDDoS to the Internet.
    Packet/bits Throughput in pps or bps.
    Period

    Display periods of 1-Hour, 8-Hours, 1-Day, 1-Week, and 1-Year, as calculated backwards from the current time.

    Click the icons described in Additional GUI options to expand the panel and see additional information.

    SPPs (Aggregate SPP Traffic)

    This dashboard displays the trend in aggregate throughput over a specific period of time across all SPPs. This graph provides an overview of the traffic pattern.

    To display inbound or outbound traffic, select Inbound / Outbound links on the top-right of the graph.

    Aggregate SPP Traffic dashboard

    You can hide or display the throughput for Aggregate Ingress or Aggregate Egress traffic by clicking the label.

    Aggregate SPP Traffic dashboard - hide/show specific traffic

    Aggregate Drops Graph

    The Drops dashboard displays traffic with packets dropped based on types of attack.

    Data Path Resources

    The Data Path Resources table displays the internal table usage statistics.

    Administrators

    Tracks recent Administrator successful and failed logins. For more Event information, go to Log & Report: LOG ACCESS > Logs > Event Log tab.

    Previous
    Next