Filtering options

When you select the Add Filter button, a drop-down list appears with a list of available filtering options. Available options differ based on which console is currently being viewed. The following table explains all of the available filtering options:

Filter option Description
Accelerated Sessions You can filter the console on 'FortiASIC' ('Accelerated' versus 'Not Accelerated') sessions.
AP Filter by Access Point (AP) identification number.
Application Filter by application name.
Checksum Filter by checksum value. Checksums are reference digits used to represent the correct datasum of a packet in order to detect errors.
Cloud Application Filter by cloud application name.

Note: This filter is only available in the Cloud Applications console.
Country Filter by the country from which the source accessed the server.
Destination Interface Filter by the interface type used by the destination user, e.g. wan1.
Destination IP Filter by the IP address used by the destination.
Destination Port Filter by the port used by the destination.

Note: This filter is only available in the All Sessions console,(viewing the now time display).
Domain Filter by domain name.

Note: This filter is only available in the Web Sites console.
Event Name Filter by security event name.

Note: This filter is only available in the System Events console.
File Name Filter by file name.

Note: This filter is only available in the FortiSandbox console.
Login Type Filter by type of login (eg. WEP) associated with the displayed authentication attempt.

Note: This filter is only available in the Failed Authentications console.
NAT Source IP Filter by the NAT-translated source IP address.

Note: This filter is only available in the All Sessions console,(viewing the now time display).
NAT Source Port Filter by the NAT-translated source interface.

Note: This filter is only available in the All Sessions console,(viewing the now time display).
Policy Filter by the policy identification number.
Protocol Filter by the protocol used by the source, e.g. tcp or udp.

Note: This filter is only available in the All Sessions console,(viewing the now time display).
Result Filter by the result of whatever security action was taken by FortiOs in the selected session, eg. Accept (all).
Security Action Filter by the type of response taken to the security event. The types of possible actions are as follows:

Allowed: No threat was detected and the connection was let through.

Blocked: A threat was detected and the connection was not let through.

Reset: A possible issue was detected and the connection was reset.

Traffic Shape: Some data packets may have been delayed to improve system-wide performance.
Severity Filter by the severity level (Critical, High, Medium or Low) associated with a security event.
Source

Source IP
Filter by the source IP address.
Source Device Filter by source device type, e.g. mobile.
Source Interface Filer by the interface type used by the source user, e.g. wan1.
Source Port Filter by the source interface.

Note: This filter is only available in the All Sessions console,(viewing the now time display).
Source SSID Filter by the Service Set Identifier (SSID) associated with the selected user. An SSID is a case sensitive, 32 character alphanumerical identifier that acts as a password attributed to a mobile device.
Status Filter by the maliciousness of a file. The types of possible status' are Malicious, High, Medium, Low, Clean, Unknown, and Pending.

Note: This filter is only available in the FortiSandbox console.
Threat Filter by threat name and/or URL
Threat Type Filter by threat category, e.g. Illegal/Unethical or P2P.
Type Note: This filter is only available in the Failed Authentications console.
User Name Filter by user name.
VPN Type Filter by Virtual Private Network (VPN) protocol type, eg. PPTP.

Note: This filter is only available in the VPN console.