Sources
The Sources console provides information about the sources of traffic on your FortiGate unit. This console can be filtered by Destination Interface, Policy, Security Action, Source Device, Source Interface, and Source IP.
Specific devices and time periods can be selected and drilled down for deep inspection.
Scenario: Investigating a spike in traffic
A system administrator notices a spike in traffic and wants to investigate it. From the Sources window, they can determine which user is responsible for the spike by following these steps:
- Go to System > FortiView > Sources.
- In the graph display, click and drag across the peak that represents the spike in traffic.
- Sort the sources by bandwidth use by selecting the Bytes (Sent/Received) header.
- Drill down into whichever source is associated with the highest amount of bandwidth use by double-clicking it. From this screen, you have an overview of that source's traffic activity.
- Again, in either the Applications or Destinations view, select the Bytes (Sent/Received) header to sort by bandwidth use.
- Double-click the top entry to drill down to the final inspection level, from which you can access further details on the application or destination, and/or apply a filter to prohibit or limit access.
Only FortiGate models 100D and above support the 24 hour historical data. |