Interface Usage Dashboard
This dashboard provides an overview of the usage of individual interfaces of Router and Firewall devices. The dashboard has three levels:
- The Top view displays device level metrics in a tabular form.
- Once you select a device in the Top view, the middle table shows the basic interface level metrics such as received and sent bytes.
- You can drill-down and get Application level usage and QoS metrics for a specific device interface. To do this, select a device in the Top view and a specific interface in the middle view.
The following sections provide more information about the Interface Usage Dashboard:
- Data Source
- Adding/Removing Devices and Interfaces to the Dashboard
- Viewing Device Level Metrics
- Viewing Interface Level Metrics
- Viewing Application Usage
- Viewing QoS Statistics
- Drill-down from Widgets
- Modifying Widget Information Display
- Changing Refresh Interval
- Forcing a Refresh
Data Source
This dashboard applies to network devices: Routers/Switches and Firewalls.
- Top View - Device level metrics are sourced from Ping monitoring and SNMP.
- Middle View – Basic interface level metrics are also sourced from SNMP.
- The sent and receive metrics are available for all network devices implementing MIB2 (RFC 1213).
- Latency, Jitter, and Loss are available for FortiGate Firewalls/UTM devices via SNMP – see FORTINET-FORTIGATE-MIB:
fgSystem.fgLinkMonitor
(see note below on configuration restriction).
- Bottom View
- Application Usage is available from Netflow
- QoS values are available for FortiGate Firewalls/UTM devices via SNMP – see FORTINET-FORTIGATE-MIB: fgIntf.fgIntfBcs.fgIntfBcInTable.fgIntfBcInEntry for ingress and fgIntf.fgIntfBcs.fgIntfBcTable.fgIntfBcEntry for egress.
Configuring Latency, Jitter and Loss
FortiGate SNMP metrics report Latency, Jitter. and Loss by link ID, which is different from SNMP interface ID. FortiSIEM requires that the user configures the link ID to be identical to SNMP interface ID.
SNMP interface IDs are available by running the SNMP walk command: snmpwalk –v2c –c<cred> <ip> ifName. In the output, the integer after ifName is the interface ID.
#snmpwalk –v2c –cpwd 10.1.1.1 ifName IF-MIB::ifName.1 = STRING: port1 IF-MIB::ifName.2 = STRING: port2 IF-MIB::ifName.3 = STRING: port3
Here the SNMP interface ID of port1 is 1, SNMP interface ID of port2 is 2 and so on.
Use the SNMP interface ID in the config system virtual-wan-link command – see the examples below:
This is a basic example where the port, health check members and SNMP index can align naturally, however this is not likely to be the case with all configurations.
#config system virtual-wan-link set status enable config members edit 1 set interface port1 next edit 2 set interface port2 next end #config health-check edit "HC_Backoffice" set server "8.8.8.8" set update-static-route disable set members 1 2 next
As mentioned, to ensure that the Interface SNMP Index ID corresponds to that of the virtual WAN link and the health check, it is required that SNMP index must align. This example and description shows how to configure a FortiGate for SDWAN monitoring with FortiSIEM.
- The interface should specify the SNMP index, for example,
105
(set snmp-index 105
) :config system interface
edit "port4"
set vdom "root"
set ip 10.1.31.10 255.255.255.240
set allowaccess ping https ssh
set type physical
set netflow-sampler both
set inbandwidth 50192
set outbandwidth 50192
set ingress-shaping-profile "test_Internal"
set egress-shaping-profile "test_Internal"
set alias "MPLS"
set snmp-index 105
set preserve-session-route enable
next
end
- The member ID in the virtual WAN link must be same as the SNMP index associated with the Interface, for example,
105
.config system virtual-wan-link
set status enable
config members
edit 105
set interface "ha"
set gateway 10.1.31.1
set comment "MPLS"
next
……
……
end
end
- The member ID should be added to a health check, again in this example it is
105
.config health-check
edit "TEST_Backoffice"
set server "10.10.33.240" "10.10.1.240"
set interval 5
set update-cascade-interface disable
set update-static-route disable
set members 1 2 105
next
end
- When monitoring Latency, Jitter and Loss via SNMP it is now possible to identify the Interface it is associated
with the health check.
[snmpwalk -v2c -c {password} {HostIp} 1.3.6.1.4.1.12356.101.4.9.2.1
SNMPv2-SMI::enterprises.12356.101.4.9.2.1.3.7 = Gauge32: 105
SNMPv2-SMI::enterprises.12356.101.4.9.2.1.5.7 = STRING: "20.078" (latency)
SNMPv2-SMI::enterprises.12356.101.4.9.2.1.6.7 = STRING: "0.736" (Jitter)
SNMPv2-SMI::enterprises.12356.101.4.9.2.1.9.7 = STRING: "0.000" (Loss)
Adding/Removing Devices and Interfaces to the Dashboard
When you create an Interface Usage Dashboard for the first time, no devices are displayed.
Complete these steps to add a device to the dashboard:
- Click the devices icon.
- Select the Organization and then click the Firewall or Router Switch folder.
- Select a device and its interface of interest.
- Click the right arrow.
- Click Save.
Complete these steps to remove a device from the dashboard:
- Click the devices icon.
- Select the Device/Interface pair from the selected list.
- Click the left arrow.
- Click Save.
This dashboard is data driven. That means the dashboard will be populated only if the metrics are present. First, create a Summary dashboard and see if the devices are present in that dashboard and display values. Then, you will see them in this dashboard.
Viewing Device Level Metrics
The Top view displays Device level metrics. The metrics are averaged over three minute intervals. To see the trend, click the trend icon next to the numbers.
Viewing Interface Level Metrics
Once you select a device in the Top view, the middle table displays the interface level metrics for that device. The metrics are averaged over three minute intervals. To see the trend, click the trend icon next to the numbers.
Viewing Application Usage
Complete these steps to see the Application Usage for an interface:
- Select a device in the Top view.
- Select an interface in the Middle view.
- Click the Application Usage tab.
Viewing QoS Statistics
Complete these steps to see the QoS Statistics for an interface:
- Select a device in the Top view.
- Select an interface for the selected device in the Middle view.
- Click the QoS Statistics tab.
Drill-down from Widgets
Click the magnifying glass icon on a widget. This will take you to the ANALYTICS tab with the values populated. From there, you can analyze the data in more depth.
Modifying Widget Information Display
Follow the steps in Widget Dashboard > Modifying widget information display.
Changing Refresh Interval
Select the refresh interval from the drop-down menu on top-right.
Forcing a Refresh
To update the whole dashboard, select the refresh icon on the top-right menu.