FortiView – FortiManager 5.2

Top Applications

The Top Applications dashboard shows information about the applications being used on your network, including the application name, category, and risk level. You can drill down the displayed information, select the device and time period, and apply search filters.

Top applications

The following information is displayed:

Application Displays the application name and service. Select the column header to sort entries by application. You can apply a search filter to the application (app) column.
Category Displays the application category. Select the column header to sort entries by category. You can apply a search filter to the category (appcat) column.
Risk Displays the application risk level. Hover the mouse cursor over the entry in the column for additional information. Select the column header to sort entries by risk.

Risk uses a new 5-point risk rating. The rating system is as follows: l Critical: Applications that are used to conceal activity to evade detection.

High: Applications that can cause data leakage, are prone to vulnerabilities, or downloading malware. l Medium: Applications that can be misused.

Elevated: Applications that are used for personal communications or can lower productivity.

Low: Business related applications or other harmless applications.

Sessions (Blocked/Allowed) Displays the number of sessions blocked and allowed. Select the column header to sort entries by sessions.
Bytes (Sent/Received) Displays the value for sent and received packets. Select the column header to sort entries by bytes.

The following options are available:

Refresh Refresh the displayed information.
Search Click the search field to add a search filter and select the GO button to apply the search filter. Alternatively, you can right-click the column entry to add the search filter.
Devices Select the device or log array from the drop-down list or select All Devices. Select the GO button to apply the device filter.
Time Period Select the time period from the drop-down list. Select Custom from the list to specify the start and end date and time. Select the GO button to apply the time period filter.
N When selecting a time period with last N in the entry, you can enter the value for N in this text field.
Custom When Custom is selected the custom icon will be displayed. Select the icon to change the custom time period.
Go Select the GO button to apply the filter.
Pagination Select the number of entries to display per page and browse pages.
Right-click menu  
Source Select to drill down by source to view source related information including the source IP address, device MAC address or FQDN, threat score (blocked/allowed), number of sessions (blocked/allowed), and bytes (sent/received).

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the source (srcip) and device (dev_src) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon to return to the Top Applications page.

Destination Select to drill down by destination to view destination related information including the destination IP address and geographic region, the threat score (blocked/allowed), number of sessions (blocked/allowed), and bytes (sent/received). You can select to sort entries displayed by selecting the column header.

You can apply a search filter in the destination (dstip) column to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon to return to the Top Applications page.

Threat Select to drill down by threat to view threat related information including the threat type, category, threat level, threat score (blocked/allowed), and number of incidents (blocked/allowed).

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the threat (threat) or category (threattype) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon to return to the Top Applications page.

Sessions Select to drill down by sessions to view session related information including date/time, source/device, destination IP address and geographic region, service, bytes (sent/received), user, application, and security action.

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the destination (dstip), service (service), user (user), or application (app) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon to return to the Top Applications page.

Search Add a search filter and select the GO button to apply the filter.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiManager and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

16 thoughts on “FortiView – FortiManager 5.2

  1. Stief

    Hello,
    Maybe you can help me. I keep seeing “No Data” if I open Fortiview on my fortimanager.
    I have 2 Fortigates (300D and a 200D) connected to it.
    If I select logview, I can see all the traffic info of both Fortigates.
    If I log on on the Fortigates, Fortiview is working fine. But somehow I can not get data in Fortiview on the Fortimanager.
    What am I doing wrong?

    Regards.
    Stief

    Reply
    1. Mike Post author

      What version of FortiOS are you running on the Manager as well as the FortiGates? (I know you posted this on the FortiManager 5.2 page but I would like to confirm)

      Reply
  2. Stief

    Hi Mike,
    Thanks for the reply.
    It’s set to log all traffic. But also UTM stuff.
    In Logview I can see everything but Fortiview stays empty.

    Reply
  3. Mike Post author

    I would check to see if ADOM’s were enabled. If they aren’t….enable them and make sure the ADOM that the FortiGate’s are a part of are listed as 5.4.

    Sometimes I notice weird shenannigans and after looking deeper it is because during the upgrade process, or something along those lines…..the FortiManager/FortiAnalyzer is still operating the devices beneath it in 5.2 mode.

    Let me know if that doesn’t make any sense. Long day so this response is sort of stream of consciousness lol

    Reply
  4. Stief

    Hi,
    Apperently it was a bug that is fixed in the latest release. After installing everything is working fine again.

    Reply
  5. surendran

    Dear Mike,
    In fortimanager under fortiview -vpn-ssl-dialup-ipsec-monitor stopped reporting for last 4 days. Pls guide how to resolve the issue.
    Regards,

    Reply
  6. surendran

    All devices are registered/added in device manager, fortview has stopped logging from 26th april,

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.