Fortinet black logo

Handbook

Sources

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:287428
Download PDF

Sources

The Sources console provides information about the sources of traffic on your FortiGate unit.

This console can be filtered by Country, Destination Interface, Policy, Result, Source, and Source Interface. For more on filters, see Filtering options.

Specific devices and time periods can be selected and drilled down for deep inspection.

Scenario: Investigating a spike in traffic

A system administrator notices a spike in traffic and wants to investigate it. From the Sources window, they can determine which user is responsible for the spike by following these steps:

  1. Go to FortiView > Sources.
  2. In the graph display, click and drag across the peak that represents the spike in traffic.
  3. Sort the sources by bandwidth use by selecting the Bytes (Sent/Received) header.
  4. Drill down into whichever source is associated with the highest amount of bandwidth use by double-clicking it. From this screen, you have an overview of that source's traffic activity.
  5. Again, in either the Applications or Destinations view, select the Bytes (Sent/Received) header to sort by bandwidth use.
  6. Double-click the top entry to drill down to the final inspection level, from which you can access further details on the application or destination, and/or apply a filter to prohibit or limit access.

    note icon

    Only FortiGate models 100D and above support the 24 hour historical data.

Sources

The Sources console provides information about the sources of traffic on your FortiGate unit.

This console can be filtered by Country, Destination Interface, Policy, Result, Source, and Source Interface. For more on filters, see Filtering options.

Specific devices and time periods can be selected and drilled down for deep inspection.

Scenario: Investigating a spike in traffic

A system administrator notices a spike in traffic and wants to investigate it. From the Sources window, they can determine which user is responsible for the spike by following these steps:

  1. Go to FortiView > Sources.
  2. In the graph display, click and drag across the peak that represents the spike in traffic.
  3. Sort the sources by bandwidth use by selecting the Bytes (Sent/Received) header.
  4. Drill down into whichever source is associated with the highest amount of bandwidth use by double-clicking it. From this screen, you have an overview of that source's traffic activity.
  5. Again, in either the Applications or Destinations view, select the Bytes (Sent/Received) header to sort by bandwidth use.
  6. Double-click the top entry to drill down to the final inspection level, from which you can access further details on the application or destination, and/or apply a filter to prohibit or limit access.

    note icon

    Only FortiGate models 100D and above support the 24 hour historical data.