Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    2024.7.0
    2024.10.0
    2024.9.0
    2024.7.0

    Sensor status

    Sensor status

    To view the status page for a sensor, click the sensor ID in Sensors page. The Status tab shows information regarding the physical deployment of the sensor.

    Connection Status

    The Connection Status section displays the state of the sensor's connectivity to FortiNDR Cloud's infrastructure and the IP address of the sensor's management interface. The Interfaces section lists each network interface on the sensor. The sensor's management interface will be indicated with the string mgmt. A green interface indicates that a cable is connected, while gray indicates that a cable is not connected. Additionally, you can click on the interface label to view its MAC address.

    The following table details the naming convention for interfaces on FortiNDR Cloud sensors.

    Label Sensor Type Interface Type Purpose Max Bandwidth
    em4 Physical Ethernet Management 1 Gb/s
    em3 Physical Ethernet Monitoring 1 Gb/s
    em2 Physical Ethernet Monitoring 10 Gb/s
    em1 Physical Ethernet Monitoring 10 Gb/s
    p#p## Physical Fiber Monitoring 10 Gb/s
    eth0 Virtual Virtual Management N/A
    eth1+ Virtual Virtual Monitoring N/A
    Note

    The Max Bandwidth column shows the physical limitation of the interface, not the maximum sustained bandwidth that the sensor can handle.

    Hardware

    The Hardware pane displays the sensor Processor(s), Number of Cores, Total Memory and Total Disk Space.

    Software

    The Software pane displays the Operating System, ZEEK Version, Suricata Version and Sensor Version.

    Sensor History

    The Sensor History table shows the actions performed (paused or resumed), the user who initiated the action, well as any comments from the user. The table is sorted in descending order by timestamp. A message appears if there is no history to display.

    Telemetry

    The Telemetry tab plots measurements of total throughput across the sensor's interfaces in bits per second, and the number of events produced by the sensor. These plots can be found on the Throughput and Events tabs, respectively. Measurements for both are available in perpetuity. Each plot can be displayed as either a line or bar plot for any time period, and the Events plot can be grouped by event type.

    The Telemetry page also displays observed devices for the sensor on the Visibility tab. This data is essentially a slimmed down version of the Devices page.

    Settings

    The Settings tab shows the configurable fields for a sensor. This includes a sensor's location, arbitrary labels (hostname, site/building code, etc.), and whether to enable PCAP.

    Note

    To modify these settings, contact your Technical Success Manager.

    Note

    Enabling PCAP has security and privacy complications. Before enabling PCAP, consult with your Technical Success Manager.

    For example, networks with data that is subject to regulatory requirements may require certain controls to be in place before enabling this feature. Enabling this feature may also require uploading a public key to encrypt any PCAPs. See, Account Management or contact Customer Support for more information on public keys.
    Previous
    Next

    Sensor status

    Sensor status

    To view the status page for a sensor, click the sensor ID in Sensors page. The Status tab shows information regarding the physical deployment of the sensor.

    Connection Status

    The Connection Status section displays the state of the sensor's connectivity to FortiNDR Cloud's infrastructure and the IP address of the sensor's management interface. The Interfaces section lists each network interface on the sensor. The sensor's management interface will be indicated with the string mgmt. A green interface indicates that a cable is connected, while gray indicates that a cable is not connected. Additionally, you can click on the interface label to view its MAC address.

    The following table details the naming convention for interfaces on FortiNDR Cloud sensors.

    Label Sensor Type Interface Type Purpose Max Bandwidth
    em4 Physical Ethernet Management 1 Gb/s
    em3 Physical Ethernet Monitoring 1 Gb/s
    em2 Physical Ethernet Monitoring 10 Gb/s
    em1 Physical Ethernet Monitoring 10 Gb/s
    p#p## Physical Fiber Monitoring 10 Gb/s
    eth0 Virtual Virtual Management N/A
    eth1+ Virtual Virtual Monitoring N/A
    Note

    The Max Bandwidth column shows the physical limitation of the interface, not the maximum sustained bandwidth that the sensor can handle.

    Hardware

    The Hardware pane displays the sensor Processor(s), Number of Cores, Total Memory and Total Disk Space.

    Software

    The Software pane displays the Operating System, ZEEK Version, Suricata Version and Sensor Version.

    Sensor History

    The Sensor History table shows the actions performed (paused or resumed), the user who initiated the action, well as any comments from the user. The table is sorted in descending order by timestamp. A message appears if there is no history to display.

    Telemetry

    The Telemetry tab plots measurements of total throughput across the sensor's interfaces in bits per second, and the number of events produced by the sensor. These plots can be found on the Throughput and Events tabs, respectively. Measurements for both are available in perpetuity. Each plot can be displayed as either a line or bar plot for any time period, and the Events plot can be grouped by event type.

    The Telemetry page also displays observed devices for the sensor on the Visibility tab. This data is essentially a slimmed down version of the Devices page.

    Settings

    The Settings tab shows the configurable fields for a sensor. This includes a sensor's location, arbitrary labels (hostname, site/building code, etc.), and whether to enable PCAP.

    Note

    To modify these settings, contact your Technical Success Manager.

    Note

    Enabling PCAP has security and privacy complications. Before enabling PCAP, consult with your Technical Success Manager.

    For example, networks with data that is subject to regulatory requirements may require certain controls to be in place before enabling this feature. Enabling this feature may also require uploading a public key to encrypt any PCAPs. See, Account Management or contact Customer Support for more information on public keys.
    Previous
    Next