Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Cookbook

    6.2.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.0
    6.0.0
    5.6.0
    5.4.0

    Reliable web filter statistics

    Reliable web filter statistics

    FortiOS 6.2 provides command line tools to view the Web Filter statistics report. These command line tools currently fall into either proxy-based or flow-based Web Filter statistics commands.

    Proxy-based Web Filter statistics report

    • The proxy-based Web Filter statistics command line tools are as follows. These commands are available in both global or per-VDOM command lines.
      #diagnose wad filter   <----define the interested objects for output
(global) # diagnose wad ?
console-log    Send WAD log messages to the console.
debug          Debug setting.
stats          Show statistics.
filter         Filter for listing sessions or tunnels. <----use filter to filter-out interested object and output
kxp            SSL KXP diagnostics.
user           User diagnostics.
memory         WAD memory diagnostics.
restore        Restore configuration defaults.
history        Statistics history.
session        Session diagnostics.
tunnel         Tunnel diagnostics.
webcache       Web cache statistics.
worker         Worker diagnostics.
csvc           Cache service diagnostics.
 
#diagnose wad stat filter list/clear <----list/clear Web Filter/DLP statistics report
    • In the example below, there are two VDOMs using proxy-based policies which have Web Filter profiles enabled. The command line can be used to view the proxy-based Web Filter statistics report.
      (global) # diagnose wad filter ?
list                    Display current filter.
clear                   Erase current filter settings.
src                     Source address range to filter by.
dst                     Destination address range to filter by.
sport                   Source port range to filter by.
dport                   Destination port range to filter by.
vd                      Virtual Domain Name.  <----filter for per-vdom or global statistics report
explicit-policy         Index of explicit-policy. -1 matches all.
firewall-policy         Index of firewall-policy. -1 matches all.
drop-unknown-session    Enable drop message unknown sessions.
negate                  Negate the specified filter parameter.
protocol                Select protocols to filter by.
 
FGT_600D-ICAP-NAT (global) # diagnose wad filter vd 
<vdom>    Virtual Domain Name.
ALL     all vdoms
root    vdom
vdom1   vdom

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd root  <----filter-out root vdom statistics  
Drop_unknown_session is enabled.

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of vdom root  <----Displayed the WF statistics for root vdom
  dlp          = 0      <----Number of Reuqest that DLP Sensor processed;
  content-type = 0      <----Number of Reuqest that matching content-type filter;
  urls:
    examined = 6  <----Number of Request that Proxy Web-Filter(all wad daemons) examined;
    allowed = 3   <----Number of Request that be allowed in the examined requests;
    blocked = 0   <----Number of Request that be blocked in the examined requests;
    logged = 0    <----Number of Request that be logged in the examined requests;
    overridden = 0 <----Number of Request that be overrided to another Web Filter profile in the examined requests;

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd vdom1  <----filter-out vdom1 statistics

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of vdom vdom1  <----Displayed the WF statistics for vdom1
  dlp          = 0
  content-type = 0
  urls:
    examined = 13
    allowed = 2
    blocked = 9
    logged = 8
    overridden = 0

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd ALL 

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of all accessible vdoms  <----global statistics is sum of two VDOMs
  dlp          = 0
  content-type = 0
  urls:
    examined = 19
    allowed = 5
    blocked = 9
    logged = 8
    overridden = 0

    Flow-based Web Filter statistics report

    • The flow-based Web Filter statistics command line tools are as follows. These commands are available in global command lines only.
      (global) # diagnose test application ipsmonitor 

IPS Engine Test Usage:

    1: Display IPS engine information
    2: Toggle IPS engine enable/disable status
    3: Display restart log
    4: Clear restart log
    5: Toggle bypass status
    6: Submit attack characteristics now
   10: IPS queue length
   11: Clear IPS queue length
   12: IPS L7 socket statistics
   13: IPS session list
   14: IPS NTurbo statistics
   15: IPSA statistics
   18: Display session info cache
   19: Clear session info cache
   21: Reload FSA malicious URL database
   22: Reload whitelist URL database
   24: Display Flow AV statistics
   25: Reset Flow AV statistics
   27: Display Flow urlfilter statistics
   28: Reset Flow urlfilter statistics
   29: Display global Flow urlfilter statistics  <----List the Flow Web Filter Statistics
   30: Reset global Flow urlfilter statistics    <----Reset the Flow Web Filter Statistics
   96: Toggle IPS engines watchdog timer
   97: Start all IPS engines
   98: Stop all IPS engines
   99: Restart all IPS engines and monitor
    • In the example below, there are two VDOMs using flow-based policies which have Web Filter profiles enabled. The command line can be used to view the flow-based Web Filter statistics report.
      (global) # diagnose test application ipsmonitor 29
Global URLF states:
 request: 14   <----Number of Requests that Flow Web-Filter(all ips engines) received;
 response: 14  <----Number of Response that Flow Web-Filter(all ips engines) sent;
 pending: 0    <----Number of Requests that under processing at that moment;
 request error: 0     <----Number of Request that have error;
 response timeout: 0  <----Number of response that ips engine not been received in-time;
 blocked: 12          <----Number of Request that Flow Web-Filter blocked;
 allowed: 2           <----Number of Request that Flow Web-Filter allowed;
    Previous
    Next

    Reliable web filter statistics

    Reliable web filter statistics

    FortiOS 6.2 provides command line tools to view the Web Filter statistics report. These command line tools currently fall into either proxy-based or flow-based Web Filter statistics commands.

    Proxy-based Web Filter statistics report

    • The proxy-based Web Filter statistics command line tools are as follows. These commands are available in both global or per-VDOM command lines.
      #diagnose wad filter   <----define the interested objects for output
(global) # diagnose wad ?
console-log    Send WAD log messages to the console.
debug          Debug setting.
stats          Show statistics.
filter         Filter for listing sessions or tunnels. <----use filter to filter-out interested object and output
kxp            SSL KXP diagnostics.
user           User diagnostics.
memory         WAD memory diagnostics.
restore        Restore configuration defaults.
history        Statistics history.
session        Session diagnostics.
tunnel         Tunnel diagnostics.
webcache       Web cache statistics.
worker         Worker diagnostics.
csvc           Cache service diagnostics.
 
#diagnose wad stat filter list/clear <----list/clear Web Filter/DLP statistics report
    • In the example below, there are two VDOMs using proxy-based policies which have Web Filter profiles enabled. The command line can be used to view the proxy-based Web Filter statistics report.
      (global) # diagnose wad filter ?
list                    Display current filter.
clear                   Erase current filter settings.
src                     Source address range to filter by.
dst                     Destination address range to filter by.
sport                   Source port range to filter by.
dport                   Destination port range to filter by.
vd                      Virtual Domain Name.  <----filter for per-vdom or global statistics report
explicit-policy         Index of explicit-policy. -1 matches all.
firewall-policy         Index of firewall-policy. -1 matches all.
drop-unknown-session    Enable drop message unknown sessions.
negate                  Negate the specified filter parameter.
protocol                Select protocols to filter by.
 
FGT_600D-ICAP-NAT (global) # diagnose wad filter vd 
<vdom>    Virtual Domain Name.
ALL     all vdoms
root    vdom
vdom1   vdom

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd root  <----filter-out root vdom statistics  
Drop_unknown_session is enabled.

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of vdom root  <----Displayed the WF statistics for root vdom
  dlp          = 0      <----Number of Reuqest that DLP Sensor processed;
  content-type = 0      <----Number of Reuqest that matching content-type filter;
  urls:
    examined = 6  <----Number of Request that Proxy Web-Filter(all wad daemons) examined;
    allowed = 3   <----Number of Request that be allowed in the examined requests;
    blocked = 0   <----Number of Request that be blocked in the examined requests;
    logged = 0    <----Number of Request that be logged in the examined requests;
    overridden = 0 <----Number of Request that be overrided to another Web Filter profile in the examined requests;

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd vdom1  <----filter-out vdom1 statistics

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of vdom vdom1  <----Displayed the WF statistics for vdom1
  dlp          = 0
  content-type = 0
  urls:
    examined = 13
    allowed = 2
    blocked = 9
    logged = 8
    overridden = 0

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd ALL 

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of all accessible vdoms  <----global statistics is sum of two VDOMs
  dlp          = 0
  content-type = 0
  urls:
    examined = 19
    allowed = 5
    blocked = 9
    logged = 8
    overridden = 0

    Flow-based Web Filter statistics report

    • The flow-based Web Filter statistics command line tools are as follows. These commands are available in global command lines only.
      (global) # diagnose test application ipsmonitor 

IPS Engine Test Usage:

    1: Display IPS engine information
    2: Toggle IPS engine enable/disable status
    3: Display restart log
    4: Clear restart log
    5: Toggle bypass status
    6: Submit attack characteristics now
   10: IPS queue length
   11: Clear IPS queue length
   12: IPS L7 socket statistics
   13: IPS session list
   14: IPS NTurbo statistics
   15: IPSA statistics
   18: Display session info cache
   19: Clear session info cache
   21: Reload FSA malicious URL database
   22: Reload whitelist URL database
   24: Display Flow AV statistics
   25: Reset Flow AV statistics
   27: Display Flow urlfilter statistics
   28: Reset Flow urlfilter statistics
   29: Display global Flow urlfilter statistics  <----List the Flow Web Filter Statistics
   30: Reset global Flow urlfilter statistics    <----Reset the Flow Web Filter Statistics
   96: Toggle IPS engines watchdog timer
   97: Start all IPS engines
   98: Stop all IPS engines
   99: Restart all IPS engines and monitor
    • In the example below, there are two VDOMs using flow-based policies which have Web Filter profiles enabled. The command line can be used to view the flow-based Web Filter statistics report.
      (global) # diagnose test application ipsmonitor 29
Global URLF states:
 request: 14   <----Number of Requests that Flow Web-Filter(all ips engines) received;
 response: 14  <----Number of Response that Flow Web-Filter(all ips engines) sent;
 pending: 0    <----Number of Requests that under processing at that moment;
 request error: 0     <----Number of Request that have error;
 response timeout: 0  <----Number of response that ips engine not been received in-time;
 blocked: 12          <----Number of Request that Flow Web-Filter blocked;
 allowed: 2           <----Number of Request that Flow Web-Filter allowed;
    Previous
    Next