Advanced Functions of Reports

Advanced Functions of Reports

Reports provides advanced functions beyond the basic reports to give an accurate analysis. Drill In and Custom Filter are the functions about querying the reports with complex conditions. It delivers only the data that a user needs from large data sets. Export and Report Email are the functions about documentations and delivering of the on-line reports. The details of the advanced functions are described as follows.

Drill In

There are 7 different query conditions for Bandwidth Usage, including In Class, Out Class, WAN, Service, Internal IP, External IP and Traffic Rate. In every Bandwidth Usage report, analysis can be further drilled-in to include more traffic data statistics; in other words, Reports allows traffic to be queried based on combination of multiple conditions. For example, select Service as the query subject from the menu in the category area, and the Service report will be displayed accordingly, as shown below:

Service=All

Go to Reports > Service, you can have an overall service report which gives the traffic statistics of all the service usages (query result is as shown below).

 

The HTTPS(TCP@443) service can be further drilled in to query which WAN link of FortiWAN are utilizing this service by clicking the Drill In magnifier icon in the row of HTTPS(TCP@443) listed in the table and select WAN (query result is as shown below):

Service=HTTPS(TCP@443) & WAN=All

As indicated in the blue box (shown in the figure above), this page presents the data of HTTPS(TCP@443) traffic in the WAN report, In the statistics table, the WAN link 1 can be further drilled in to query what internal IP addresses are included by clicking the Drill In magnifier icon in the row of WAN 1 listed in the table and select Internal IP (query result is as shown below):

Service=HTTPS(TCP@443) & WAN=1 & Internal IP=All

As indicated in the blue box (shown in the figure above), this page presents the data of Internal IP report that includes the traffic of WAN 1 (WAN) using HTTPS(TCP@443) (Service), The IP address: 10.12.106.17 can be further drilled in to query what External IP addresses it is connected to by clicking the Drill In magnifier icon in the row of 10.12.106.17 IP listed in the table and select External IP (query result is as shown below):

Service=HTTPS(TCP@443) & WAN=1 & Internal IP=10.12.106.17 & External IP=All

As indicated in the blue box (shown in the figure above), this page presents the data of External IP report that includes the traffic of WAN 1 (WAN) at internal IP=10.12.106.17 (Internal IP) using HTTPS(TCP@443) (Service).

From the example illustrated above, administrators can easily query the traffic flow based on combination of various conditions needed, while analysis can be drilled in to more details for better review. In the upper section of the report page, you’ll see a summary of the query conditions used in the existing report (highlighted in blue as shown in the image above), making it clear for administrators to keep track of the query details.

Service=HTTPS(TCP@443) & WAN=1 & Internal IP=10.12.106.17 & Traffic Rate=All

Continuing the example described above, the query submitted returns a result that the IP address: 10.12.106.17 via WAN 1 is connecting to External IP addresses, via the HTTPS(TCP@443) service. You can change the last Drill In condition (External IP) to a different one (such as traffic rate of bandwidth usage) using the same filter: WAN=1, Internal IP=10.12.106.17 and Service=HTTPS(TCP@443), by selecting Traffic Rate from the drop-down menu of External IP (as shown below):

The report presented by Traffic Rate using the same filter: Service=HTTP(TCP@443), WAN=1 and Internal IP=10.12.106.17 is illustrated as follows.

As illustrated in the example above, Reports offers two kinds of advanced query: you can either keep drilling in with different conditions to get a report with more specific details, or change query condition at any Drill In level; in other words, network flow data can be queried either vertically or horizontally.

This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.