Fortinet black logo

Administration Guide

FortiView Top Source and Top Destination Firewall Objects monitors

FortiView Top Source and Top Destination Firewall Objects monitors

The FortiView Source Firewall Objects and FortiView Destination Firewall Objects monitors leverage UUID to resolve firewall object address names for improved usability.

Requirements

To have a historical Firewall Objects-based view, address objects' UUIDs need to be logged.

To enable address object UUID logging in the CLI:

config system global

set log-uuid-address enable

end

To add a firewall object monitor in the GUI:
  1. Click Add Monitor. The Add Monitor window opens.

  2. In the Search field, type Destination Firewall Objects and click the Add button next to the dashboard name.
  3. In the FortiGate area, select the FortiGate(s) from the dropdown.
  4. In the Data Source area, select Best Available Device or Specify. For information, see Using the FortiView interface.
  5. From the Time Period dropdown, select the time period. Select now for real-time information, or (1 hour, 24 hours, and 7 days) for historical information.
  6. In the Visualization area, select Table View or Bubble Chart.
  7. From the Sort By dropdown, select Bytes, Sessions, Bandwidth, or Packets.
  8. Click Add Monitor. The monitor is added to the tree menu.
To drill down Firewall Objects:
  1. Open the FortiView Source Firewall Objects or FortiView Destination Firewall Objects monitor.
  2. Right-click on any Source or Destination Object and click Drill Down to Details.

  3. Click the tabs to sort the sessions by Application, Destinations, Web Sites, or Policies.

  4. To view signatures, click the entry in the Category column.

  5. To views sessions, right-click an entry and click View Sessions, or click the Sessions tab.
  6. To end a session, right-click an entry in the Sessions tab and select End Sessions or End All Sessions.

FortiView Top Source and Top Destination Firewall Objects monitors

The FortiView Source Firewall Objects and FortiView Destination Firewall Objects monitors leverage UUID to resolve firewall object address names for improved usability.

Requirements

To have a historical Firewall Objects-based view, address objects' UUIDs need to be logged.

To enable address object UUID logging in the CLI:

config system global

set log-uuid-address enable

end

To add a firewall object monitor in the GUI:
  1. Click Add Monitor. The Add Monitor window opens.

  2. In the Search field, type Destination Firewall Objects and click the Add button next to the dashboard name.
  3. In the FortiGate area, select the FortiGate(s) from the dropdown.
  4. In the Data Source area, select Best Available Device or Specify. For information, see Using the FortiView interface.
  5. From the Time Period dropdown, select the time period. Select now for real-time information, or (1 hour, 24 hours, and 7 days) for historical information.
  6. In the Visualization area, select Table View or Bubble Chart.
  7. From the Sort By dropdown, select Bytes, Sessions, Bandwidth, or Packets.
  8. Click Add Monitor. The monitor is added to the tree menu.
To drill down Firewall Objects:
  1. Open the FortiView Source Firewall Objects or FortiView Destination Firewall Objects monitor.
  2. Right-click on any Source or Destination Object and click Drill Down to Details.

  3. Click the tabs to sort the sessions by Application, Destinations, Web Sites, or Policies.

  4. To view signatures, click the entry in the Category column.

  5. To views sessions, right-click an entry and click View Sessions, or click the Sessions tab.
  6. To end a session, right-click an entry in the Sessions tab and select End Sessions or End All Sessions.