Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    6.6.1
    7.0.3
    7.0.1
    7.0.0
    6.6.3
    6.6.3
    6.6.1
    6.6.0
    6.5.1
    6.5.0
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.1

    Using the Layer 3 graphs

    Using the Layer 3 graphs

    Example Layer 3 graph

    Before you begin:

    • You must have Read permission for the Monitor menu.

    • Refer to Reading Monitor graphs to understand the graphs in detail.

    To display the graphs:
    • Go to Monitor / Traffic Monitor / > Layer 3/4/7 > Layer 3 > [SPP] [Sources / Destinations / Protocols / Other] [Y-Axis view] [Direction] [Reporting Period].

    The follow table summarizes the statistics displayed in each graph.

    Layer 3 graphs

    Statistic

    Description

    Sources Tab

    Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop information for:

    • Most Active Source Ingress Traffic (pps) - Trend in observed ingress packet rate of the most active source address. Note that this is not necessarily a graph of the same source over time, but rather a trend of the rate for the most active source during each sampling period.
    • Most Active Source Egress (pps) - Trend in observed egress packet rate of the most active source address. Note that this is not necessarily a graph of the same source over time, but rather a trend of the rate for the most active source during each sampling period.
    • Most Active Source Estimated Threshold (pps) - Trend in the Estimated Threshold described above.
    • Most Active Source Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting most-active-source threshold

    Destinations Tab

    Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop information for:

    • Most Active Destination Ingress Traffic (pps) - Trend in observed ingress packet rate of the most active destination address. Note that this is not necessarily a graph of the same destination over time, but rather a trend of the rate for the most active destinations during each sampling period.
    • Most Active Destination Egress Traffic (pps) - Trend in observed egress packet rate of the most active destination address. Note that this is not necessarily a graph of the same destination over time, but rather a trend of the rate for the most active destinations during each sampling period.
    • Most Active Destination Estimated Threshold - Trend in the estimated threshold described above.
    • Most Active Source Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting most-active-destination threshold

    Note: FortiDDoS System Recommendations does not set a Most Active Destination Threshold (i.e. sets the Threshold to system maximum). You can add a manual Threshold if desired.

    Protocols Tab

    Displays pps Traffic, Threshold and per-5-minute Drop information for:

    • Selected Layer 3 Protocols from 0-255
      • [Protocol] Ingress Traffic (pps) - Trend in observed ingress packet rate of this Protocol
      • [Protocol] Egress Traffic (pps) - Trend in observed egress packet rate of this Protocol

    Note:

    • When the Protocol number is selected, the current System Recommended Threshold for that Protocol is shown at the top-left of the graph.
    • FortiDDoS System Recommendations does not set Thresholds (i.e. uses system maximums) for:
      • TCP (Protocol 6)
      • UDP (Protocol 17)

    Other mitigations normally protect from attacks using these Protocols. You can add Thresholds for these Protocols if desired.

    Other Tab

    Count of Unique Sources

    Displays the total count of unique source IP addresses in the session table.

    Fragmented Packets

    Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop and ACL information for:

    • Other Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP
    • Other Fragments Egress Traffic (pps)
    • Other Fragments Estimated Threshold (pps) – See Estimated Thresholds above
    • Other Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold
    • Other Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by Other Fragment Check ACL in the IP Profile assigned to this SPP.

    Note: Other Fragment Check ACL is not recommended. Misconfigured clients can create significant GRE (Protocol 47) and IPSEC (Protocol 5) fragmentation. Use System Recommended Thresholds.

    • TCP Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP
    • TCP Fragments Egress Traffic (pps)
    • TCP Fragments Estimated Threshold (pps) – See Estimated Thresholds above
    • TCP Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold
    • TCP Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by the TCP Fragment Check in the IP Profile assigned to this SPP.

    Note: TCP Fragment Check ACL is not recommended. Misconfigured clients can create significant TCP fragmentation. Use System Recommended Thresholds.

    • UDP Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP
    • UDP Fragments Egress Traffic (pps)
    • UDP Fragments Estimated Threshold (pps) – See Estimated Thresholds above
    • UDP Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold
    • UDP Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by UDP Fragment Check in the IP Profile assigned to this SPP.

    Note: TCP Fragment Check ACL is not recommended. Misconfigured clients can create significant TCP fragmentation. Use System Recommended Thresholds.
    Previous
    Next

    Using the Layer 3 graphs

    Using the Layer 3 graphs

    Example Layer 3 graph

    Before you begin:

    • You must have Read permission for the Monitor menu.

    • Refer to Reading Monitor graphs to understand the graphs in detail.

    To display the graphs:
    • Go to Monitor / Traffic Monitor / > Layer 3/4/7 > Layer 3 > [SPP] [Sources / Destinations / Protocols / Other] [Y-Axis view] [Direction] [Reporting Period].

    The follow table summarizes the statistics displayed in each graph.

    Layer 3 graphs

    Statistic

    Description

    Sources Tab

    Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop information for:

    • Most Active Source Ingress Traffic (pps) - Trend in observed ingress packet rate of the most active source address. Note that this is not necessarily a graph of the same source over time, but rather a trend of the rate for the most active source during each sampling period.
    • Most Active Source Egress (pps) - Trend in observed egress packet rate of the most active source address. Note that this is not necessarily a graph of the same source over time, but rather a trend of the rate for the most active source during each sampling period.
    • Most Active Source Estimated Threshold (pps) - Trend in the Estimated Threshold described above.
    • Most Active Source Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting most-active-source threshold

    Destinations Tab

    Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop information for:

    • Most Active Destination Ingress Traffic (pps) - Trend in observed ingress packet rate of the most active destination address. Note that this is not necessarily a graph of the same destination over time, but rather a trend of the rate for the most active destinations during each sampling period.
    • Most Active Destination Egress Traffic (pps) - Trend in observed egress packet rate of the most active destination address. Note that this is not necessarily a graph of the same destination over time, but rather a trend of the rate for the most active destinations during each sampling period.
    • Most Active Destination Estimated Threshold - Trend in the estimated threshold described above.
    • Most Active Source Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting most-active-destination threshold

    Note: FortiDDoS System Recommendations does not set a Most Active Destination Threshold (i.e. sets the Threshold to system maximum). You can add a manual Threshold if desired.

    Protocols Tab

    Displays pps Traffic, Threshold and per-5-minute Drop information for:

    • Selected Layer 3 Protocols from 0-255
      • [Protocol] Ingress Traffic (pps) - Trend in observed ingress packet rate of this Protocol
      • [Protocol] Egress Traffic (pps) - Trend in observed egress packet rate of this Protocol

    Note:

    • When the Protocol number is selected, the current System Recommended Threshold for that Protocol is shown at the top-left of the graph.
    • FortiDDoS System Recommendations does not set Thresholds (i.e. uses system maximums) for:
      • TCP (Protocol 6)
      • UDP (Protocol 17)

    Other mitigations normally protect from attacks using these Protocols. You can add Thresholds for these Protocols if desired.

    Other Tab

    Count of Unique Sources

    Displays the total count of unique source IP addresses in the session table.

    Fragmented Packets

    Displays pps Traffic, Threshold, Estimated Threshold and per-5-minute Drop and ACL information for:

    • Other Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP
    • Other Fragments Egress Traffic (pps)
    • Other Fragments Estimated Threshold (pps) – See Estimated Thresholds above
    • Other Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold
    • Other Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by Other Fragment Check ACL in the IP Profile assigned to this SPP.

    Note: Other Fragment Check ACL is not recommended. Misconfigured clients can create significant GRE (Protocol 47) and IPSEC (Protocol 5) fragmentation. Use System Recommended Thresholds.

    • TCP Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP
    • TCP Fragments Egress Traffic (pps)
    • TCP Fragments Estimated Threshold (pps) – See Estimated Thresholds above
    • TCP Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold
    • TCP Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by the TCP Fragment Check in the IP Profile assigned to this SPP.

    Note: TCP Fragment Check ACL is not recommended. Misconfigured clients can create significant TCP fragmentation. Use System Recommended Thresholds.

    • UDP Fragments Ingress Traffic (pps) – Fragments for Protocols other than TCP or UDP
    • UDP Fragments Egress Traffic (pps)
    • UDP Fragments Estimated Threshold (pps) – See Estimated Thresholds above
    • UDP Fragments Packets Dropped (Packets/5-Minute Period) – Displays drops caused by the rate-limiting Other Fragments threshold
    • UDP Fragments Packets Blocked (Packets/5-Minute Period) – Displays drops caused by UDP Fragment Check in the IP Profile assigned to this SPP.

    Note: TCP Fragment Check ACL is not recommended. Misconfigured clients can create significant TCP fragmentation. Use System Recommended Thresholds.
    Previous
    Next