• All Files

Home > Online Help

Columns displayed

The following columns appear in the initial window of the consoles. Some columns may only be visible by selecting them from the column drop-down menu. Options also vary depending on the console selected.

Column name	Description
Action	Displays the type of response taken to a security event. The types of possible actions are as follows: Allowed: No threat was detected and the connection was let through. Blocked: A threat was detected and the connection was not let through. Reset: A possible issue was detected and the connection was reset. Traffic Shape: Some data packets may have been delayed to improve system-wide performance. Note: This column is only available in the All Sessions console.
Application	Displays the application name and service. When Time Display is set to now, you can access further information about an application by selecting the column entry.
Application Category	Displays the type of application used in the selected session, e.g. video player, social media. Note: This column is only available in the All Sessions console.
Application ID	Displays the identification number associated with the application used in the selected session. Note:This column is only available in the All Sessions console.
Application Risk Risk	Displays the application risk level. You can hover the mouse cursor over the entry in the column for additional information, and select the column header to sort entries by level of risk. Risk uses a 5-point risk rating. The rating system is as follows: Critical: Applications that are used to conceal activity to evade detection. High: Applications that can cause data leakage, are prone to vulnerabilities, or may download malware. Medium: Applications that can be misused. Elevated: Applications that are used for personal communications or can lower productivity. Low: Business-related applications or other harmless applications.
Browsing Time	Displays the amount of time a user has spent browsing a web site (in seconds). Note: This column is only available in the Web Sites console, in Categories view..
Bytes (Sent/Received)	Displays the size of sent and received data packets, as measured in bytes. Select the column header to sort the entries by size. Note: This information is available on some consoles as two separate columns: Sent and Received.
Category	Displays the category descriptor appropriate to whatever console is being displayed. For example, threat categories are displayed in the Threats console.
Clean	Displays the number of "clean" (safe) files found in the selected FortiSandbox session. Note: This column is only available in the FortiSandbox console, in Source view.
Cloud User	Displays the users accessing cloud applications by IP address. Note: This column is only available in the Cloud Applications console, in Users view.
Configuration Changes	Displays the number of configuration changes made by the user. You can hover the mouse cursor over an entry for additional information. Note: This column is only available in the Admin Logins console.
Connections	Displays the number of VPN connections made by the selected user.. Note: This column is only available in the VPN console.
Destination	Displays the destination name, IP address and geographic region.
Destination Country	Displays the country session data is being sent to. Note: This column is only available in the All Sessions console.
Destination Interface	Displays which interface session data is being sent through, e.g. wan1.
Destination Port	Displays the port number of the destination server being used to accept data. Note: This column is only available in the All Sessions console.
Device	Displays the device IP address or Fully Qualified Domain Name (FQDN).
Domain	Displays the domain associated with the selected web site, e.g. google.com. Note: This column is only available in the Web Sites console.
DST Nat IP NAT Destination	Displays the Network Address Translation (NAT) IP address associated with the destination server. Note: This column is only available in the All Sessions console.
DST Nat Port NAT Destination Port	Displays the Network Address Translation (NAT) port number associated with the destination server. Note: This column is only available in the All Sessions console.
Duration	Displays the amount of time (in seconds) a user has been logged in. Note: This column is only available in the Admin Logins console.
Event Name (Description)	Displays the name and description of the selected security event. Note: This column is only available in the System Events console.
Events	Displays the number of security events that occurred within a selected session. Note: This column is only available in the System Events console.
Expires	Displays the amount of time a session has (in seconds) before it is set to expire. Note: This column is only available in the All Sessions console, in now Time Display view.
Failed Logins	Displays the number of failed login attempts made by an administrator over the specified time period. Note: This column is only available in the Admin Logins console.
Files (Up/Down)	Displays the number of files uploaded and downloaded. Hover the mouse cursor over the entry in the column for additional information. Note: This column is only available in the Cloud Applications console.
FortiASIC	Displays the type of FortiASIC hardware acceleration used in the specified session, if present. Note: This column is only available in the All Sessions console, in the now Time Display view.
Group	Displays the group ID associated with the selected session. Note: This column is only available in the All Sessions console.
Last Connection Time	Displays the most recent instance of connection to the selected Virtual Private Network (VPN). Note: This column is only available in the VPN console.
Level Threat Level	Displays the threat level. Select the column header to sort entries by threat level.
Log ID	Displays the identification number for the data log associated with this entry. Note: This column is only available in the All Sessions console.
Login IDs	Displays the number of login IDs associated with the selected cloud application. Note: This column is only available in the Cloud Applications console, in Applications view.
Logins	Displays the number of successful logins made by an administrator over the specified time period. Note: This column is only available in the Admin Logins console.
Policy ID	Displays the identification number of the policy under which the selected connection was allowed.
Policy UUID	Displays the Universally Unique Identifier (UUID) of the selected policy, if present. Note: This column is only available in the All Sessions console.
Protocol	Displays the protocol type associated with the selected session, e.g. TCP. Note: This column is only available in the All Sessions console.
Security Action	Displays the action taken in response to the selected security event. The types of possible actions are as follows:  Allowed: No threat was detected and the connection was let through. Blocked: A threat was detected and the connection was not let through. Reset: A possible issue was detected and the connection was reset. Traffic Shape: Some data packets may have been delayed to improve system-wide performance.
Security Events	Displays the type of security event detected in the selected session. Note: This column only appears in the All Sessions console.
Sequence Number	Displays the TCP sequence number associated with the selected session. Note: This column only appears in the All Sessions console.
Service	Displays the ID of the service application in use in the selected session. Note: This column only appears in the All Sessions console.
Sessions	Displays the number of sessions associated with the selected destination. Note: This column only appears in the Destinations console, in the now Time Display view.
Sessions (Blocked/Allowed)	Displays the number of sessions blocked and allowed by FortiOs. In some consoles, entries can be sorted by number of sessions by selecting the column header..
Severity	Displays the severity level (Critical, High, Medium or Low) associated with the selected security event. Note: This column is only available in the System Events console.
Source	Displays the source IP address and/or user ID, if applicable.
Source Interface	Displays which interface is being used by the destination server (eg. wan1).
Source Port	Displays the port number being used by the source server to send data.
Src NAT IP NAT Source	Displays the Network Address Translation (NAT) IP address associated with the source server.
Src NAT Port NAT Source Port	Displays the Network Address Translation (NAT) port number associated with the source server.
Status	Displays the status of Note: This column is only available in the FortiSandbox console, in Files view.
Submittted	Displays the number of files submitted to the FortiSandbox for assessment in the selected session. Note: This column is only available in the FortiSandbox console, in Files view.
Threat	Displays the threat type detected in the selected session.
Threat Score (Blocked/Allowed)	Displays the threat score value, a measurement of the total number of threats detected over the course of the session. You can select the column header to sort entries by threat score.
Threat Weight	Displays the threat weight profile associated with the selected session.
Timestamp	Displays the selected session's PHP timestamp.
User User Name	Displays the user name associated with the selected administrator.
Videos Played	Displays the number of videos played via cloud applications. Note: This column is only available in the Cloud Applications console.
VPN	Displays the Virtual Private Networks (VPNs) connected to the FortiGate, by name. Note: This column is only available in the All Sessions console.
VPN Type	Displays the type of VPN protocol (eg. PPTP, L2TP) in use by the associated connection.