Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 6.4.0 Administration Guide
    6.4.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Reliable web filter statistics

    Reliable web filter statistics

    FortiOS 6.4 provides command line tools to view the Web Filter statistics report. These command line tools currently fall into either proxy-based or flow-based Web Filter statistics commands.

    Proxy-based Web Filter statistics report

    • The proxy-based Web Filter statistics command line tools are as follows. These commands are available in both global or per-VDOM command lines.
      #diagnose wad filter   <----define the interested objects for output
(global) # diagnose wad ?
console-log    Send WAD log messages to the console.
debug          Debug setting.
stats          Show statistics.
filter         Filter for listing sessions or tunnels. <----use filter to filter-out interested object and output
kxp            SSL KXP diagnostics.
user           User diagnostics.
memory         WAD memory diagnostics.
restore        Restore configuration defaults.
history        Statistics history.
session        Session diagnostics.
tunnel         Tunnel diagnostics.
webcache       Web cache statistics.
worker         Worker diagnostics.
csvc           Cache service diagnostics.
 
#diagnose wad stat filter list/clear <----list/clear Web Filter/DLP statistics report
    • In the example below, there are two VDOMs using proxy-based policies which have Web Filter profiles enabled. The command line can be used to view the proxy-based Web Filter statistics report.
      (global) # diagnose wad filter ?
list                    Display current filter.
clear                   Erase current filter settings.
src                     Source address range to filter by.
dst                     Destination address range to filter by.
sport                   Source port range to filter by.
dport                   Destination port range to filter by.
vd                      Virtual Domain Name.  <----filter for per-vdom or global statistics report
explicit-policy         Index of explicit-policy. -1 matches all.
firewall-policy         Index of firewall-policy. -1 matches all.
drop-unknown-session    Enable drop message unknown sessions.
negate                  Negate the specified filter parameter.
protocol                Select protocols to filter by.
 
FGT_600D-ICAP-NAT (global) # diagnose wad filter vd 
<vdom>    Virtual Domain Name.
ALL     all vdoms
root    vdom
vdom1   vdom

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd root  <----filter-out root vdom statistics  
Drop_unknown_session is enabled.

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of vdom root  <----Displayed the WF statistics for root vdom
  dlp          = 0      <----Number of Reuqest that DLP Sensor processed;
  content-type = 0      <----Number of Reuqest that matching content-type filter;
  urls:
    examined = 6  <----Number of Request that Proxy Web-Filter(all wad daemons) examined;
    allowed = 3   <----Number of Request that be allowed in the examined requests;
    blocked = 0   <----Number of Request that be blocked in the examined requests;
    logged = 0    <----Number of Request that be logged in the examined requests;
    overridden = 0 <----Number of Request that be overrided to another Web Filter profile in the examined requests;

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd vdom1  <----filter-out vdom1 statistics

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of vdom vdom1  <----Displayed the WF statistics for vdom1
  dlp          = 0
  content-type = 0
  urls:
    examined = 13
    allowed = 2
    blocked = 9
    logged = 8
    overridden = 0

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd ALL 

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of all accessible vdoms  <----global statistics is sum of two VDOMs
  dlp          = 0
  content-type = 0
  urls:
    examined = 19
    allowed = 5
    blocked = 9
    logged = 8
    overridden = 0

    Flow-based Web Filter statistics report

    • The command to check the flow-based Web Filter statistics is:

      # diag webfilter stats list <vdom/global>

      This command is available in both VDOM and global command lines.

    • In the example below, the VDOM is using flow-based policies which have Web Filter profiles enabled. 
      FGT # diag webfilter stats list root
      Proxy/flow URL filter stats:
      request:   9474 <----Number of Requests that Flow Web-Filter(all ips engines) received;
      blocked:   8606 <----Number of Request that Flow Web-Filter blocked;
      allowed:   868 <----Number of Request that Flow Web-Filter allowed;
      overridden:0 <----Number of Request that be overrided to another Web Filter profile in the examined requests;
      logged:    8606 <----Number of Request that be logged in the examined requests;
      pending:   0 <----Number of Requests that under processing at that moment;
    Previous
    Next

    Reliable web filter statistics

    Reliable web filter statistics

    FortiOS 6.4 provides command line tools to view the Web Filter statistics report. These command line tools currently fall into either proxy-based or flow-based Web Filter statistics commands.

    Proxy-based Web Filter statistics report

    • The proxy-based Web Filter statistics command line tools are as follows. These commands are available in both global or per-VDOM command lines.
      #diagnose wad filter   <----define the interested objects for output
(global) # diagnose wad ?
console-log    Send WAD log messages to the console.
debug          Debug setting.
stats          Show statistics.
filter         Filter for listing sessions or tunnels. <----use filter to filter-out interested object and output
kxp            SSL KXP diagnostics.
user           User diagnostics.
memory         WAD memory diagnostics.
restore        Restore configuration defaults.
history        Statistics history.
session        Session diagnostics.
tunnel         Tunnel diagnostics.
webcache       Web cache statistics.
worker         Worker diagnostics.
csvc           Cache service diagnostics.
 
#diagnose wad stat filter list/clear <----list/clear Web Filter/DLP statistics report
    • In the example below, there are two VDOMs using proxy-based policies which have Web Filter profiles enabled. The command line can be used to view the proxy-based Web Filter statistics report.
      (global) # diagnose wad filter ?
list                    Display current filter.
clear                   Erase current filter settings.
src                     Source address range to filter by.
dst                     Destination address range to filter by.
sport                   Source port range to filter by.
dport                   Destination port range to filter by.
vd                      Virtual Domain Name.  <----filter for per-vdom or global statistics report
explicit-policy         Index of explicit-policy. -1 matches all.
firewall-policy         Index of firewall-policy. -1 matches all.
drop-unknown-session    Enable drop message unknown sessions.
negate                  Negate the specified filter parameter.
protocol                Select protocols to filter by.
 
FGT_600D-ICAP-NAT (global) # diagnose wad filter vd 
<vdom>    Virtual Domain Name.
ALL     all vdoms
root    vdom
vdom1   vdom

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd root  <----filter-out root vdom statistics  
Drop_unknown_session is enabled.

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of vdom root  <----Displayed the WF statistics for root vdom
  dlp          = 0      <----Number of Reuqest that DLP Sensor processed;
  content-type = 0      <----Number of Reuqest that matching content-type filter;
  urls:
    examined = 6  <----Number of Request that Proxy Web-Filter(all wad daemons) examined;
    allowed = 3   <----Number of Request that be allowed in the examined requests;
    blocked = 0   <----Number of Request that be blocked in the examined requests;
    logged = 0    <----Number of Request that be logged in the examined requests;
    overridden = 0 <----Number of Request that be overrided to another Web Filter profile in the examined requests;

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd vdom1  <----filter-out vdom1 statistics

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of vdom vdom1  <----Displayed the WF statistics for vdom1
  dlp          = 0
  content-type = 0
  urls:
    examined = 13
    allowed = 2
    blocked = 9
    logged = 8
    overridden = 0

FGT_600D-ICAP-NAT (global) # diagnose wad filter vd ALL 

FGT_600D-ICAP-NAT (global) # diagnose wad stats filter list
filtering of all accessible vdoms  <----global statistics is sum of two VDOMs
  dlp          = 0
  content-type = 0
  urls:
    examined = 19
    allowed = 5
    blocked = 9
    logged = 8
    overridden = 0

    Flow-based Web Filter statistics report

    • The command to check the flow-based Web Filter statistics is:

      # diag webfilter stats list <vdom/global>

      This command is available in both VDOM and global command lines.

    • In the example below, the VDOM is using flow-based policies which have Web Filter profiles enabled. 
      FGT # diag webfilter stats list root
      Proxy/flow URL filter stats:
      request:   9474 <----Number of Requests that Flow Web-Filter(all ips engines) received;
      blocked:   8606 <----Number of Request that Flow Web-Filter blocked;
      allowed:   868 <----Number of Request that Flow Web-Filter allowed;
      overridden:0 <----Number of Request that be overrided to another Web Filter profile in the examined requests;
      logged:    8606 <----Number of Request that be logged in the examined requests;
      pending:   0 <----Number of Requests that under processing at that moment;
    Previous
    Next