Filtering options
When you select the Add Filter button, a drop-down list appears with a list of available filtering options. Available options differ based on which console is currently being viewed. The following table explains all of the available filtering options:
Filter option | Description |
---|---|
Accelerated Sessions | You can filter the console on 'FortiASIC' ('Accelerated' versus 'Not Accelerated') sessions. |
AP | Filter by Access Point (AP) identification number. |
Application | Filter by application name. |
Checksum | Filter by checksum value. Checksums are reference digits used to represent the correct datasum of a packet in order to detect errors. |
Cloud Application | Filter by cloud application name. Note: This filter is only available in the Cloud Applications console. |
Country | Filter by the country from which the source accessed the server. |
Destination Interface | Filter by the interface type used by the destination user, e.g. wan1. |
Destination IP | Filter by the IP address used by the destination. |
Destination Port | Filter by the port used by the destination. Note: This filter is only available in the All Sessions console,(viewing the now time display). |
Domain | Filter by domain name. Note: This filter is only available in the Web Sites console. |
Event Name | Filter by security event name. Note: This filter is only available in the System Events console. |
File Name | Filter by file name. Note: This filter is only available in the FortiSandbox console. |
Login Type | Filter by type of login (eg. WEP) associated with the displayed authentication attempt. Note: This filter is only available in the Failed Authentications console. |
NAT Source IP | Filter by the NAT-translated source IP address. Note: This filter is only available in the All Sessions console,(viewing the now time display). |
NAT Source Port | Filter by the NAT-translated source interface. Note: This filter is only available in the All Sessions console,(viewing the now time display). |
Policy | Filter by the policy identification number. |
Protocol | Filter by the protocol used by the source, e.g. tcp or udp. Note: This filter is only available in the All Sessions console,(viewing the now time display). |
Result | Filter by the result of whatever security action was taken by FortiOs in the selected session, eg. Accept (all). |
Security Action | Filter by the type of response taken to the security event. The types of possible actions are as follows: Allowed: No threat was detected and the connection was let through. Blocked: A threat was detected and the connection was not let through. Reset: A possible issue was detected and the connection was reset. Traffic Shape: Some data packets may have been delayed to improve system-wide performance. |
Severity | Filter by the severity level (Critical, High, Medium or Low) associated with a security event. |
Source Source IP |
Filter by the source IP address. |
Source Device | Filter by source device type, e.g. mobile. |
Source Interface | Filer by the interface type used by the source user, e.g. wan1. |
Source Port | Filter by the source interface. Note: This filter is only available in the All Sessions console,(viewing the now time display). |
Source SSID | Filter by the Service Set Identifier (SSID) associated with the selected user. An SSID is a case sensitive, 32 character alphanumerical identifier that acts as a password attributed to a mobile device. |
Status | Filter by the maliciousness of a file. The types of possible status' are Malicious, High, Medium, Low, Clean, Unknown, and Pending. Note: This filter is only available in the FortiSandbox console. |
Threat | Filter by threat name and/or URL |
Threat Type | Filter by threat category, e.g. Illegal/Unethical or P2P. |
Type | Note: This filter is only available in the Failed Authentications console. |
User Name | Filter by user name. |
VPN Type | Filter by Virtual Private Network (VPN) protocol type, eg. PPTP. Note: This filter is only available in the VPN console. |