Interface Usage Dashboard

This dashboard provides an overview of the usage of individual interfaces of Router and Firewall devices. The dashboard has three levels:

  • The Top view displays device level metrics in a tabular form.
  • Once you select a device in the Top view, the middle table shows the basic interface level metrics such as received and sent bytes.
  • You can drill-down and get Application level usage and QoS metrics for a specific device interface. To do this, select a device in the Top view and a specific interface in the middle view.

The following sections provide more information about the Interface Usage Dashboard:

Data Source

This dashboard applies to network devices: Routers/Switches and Firewalls.

  • Top View - Device level metrics are sourced from Ping monitoring and SNMP.
  • Middle View – Basic interface level metrics are also sourced from SNMP.
    • The sent and receive metrics are available for all network devices implementing MIB2 (RFC 1213).
    • Latency, Jitter, and Loss are available for FortiGate Firewalls/UTM devices via SNMP – see FORTINET-FORTIGATE-MIB: fgSystem.fgLinkMonitor (see note below on configuration restriction).
  • Bottom View
    • Application Usage is available from Netflow
    • QoS values are available for FortiGate Firewalls/UTM devices via SNMP – see FORTINET-FORTIGATE-MIB: fgIntf.fgIntfBcs.fgIntfBcInTable.fgIntfBcInEntry for ingress and fgIntf.fgIntfBcs.fgIntfBcTable.fgIntfBcEntry for egress.

Configuring Latency, Jitter and Loss

FortiGate SNMP metrics report Latency, Jitter. and Loss by link ID, which is different from SNMP interface ID. FortiSIEM requires that the user configures the link ID to be identical to SNMP interface ID.

SNMP interface IDs are available by running the SNMP walk command: snmpwalk –v2c –c<cred> <ip> ifName. In the output, the integer after ifName is the interface ID.

#snmpwalk –v2c –cpwd 10.1.1.1 ifName
IF-MIB::ifName.1 = STRING: port1
IF-MIB::ifName.2 = STRING: port2
IF-MIB::ifName.3 = STRING: port3

Here the SNMP interface ID of port1 is 1, SNMP interface ID of port2 is 2 and so on.

Use the SNMP interface ID in the config system virtual-wan-link command – see the examples below:

This is a basic example where the port, health check members and SNMP index can align naturally, however this is not likely to be the case with all configurations.

#config system virtual-wan-link
  set status enable
  config members
    edit 1
      set interface port1 
    next
    edit 2
      set interface port2 
    next
  end
 
#config health-check
    edit "HC_Backoffice"
                set server "8.8.8.8"
                set update-static-route disable
                set members 1 2
     next
 

As mentioned, to ensure that the Interface SNMP Index ID corresponds to that of the virtual WAN link and the health check, it is required that SNMP index must align. This example and description shows how to configure a FortiGate for SDWAN monitoring with FortiSIEM.

  1. The interface should specify the SNMP index, for example, 105 (set snmp-index 105) :

    config system interface

    edit "port4"

    set vdom "root"

    set ip 10.1.31.10 255.255.255.240

    set allowaccess ping https ssh

    set type physical

    set netflow-sampler both

    set inbandwidth 50192

    set outbandwidth 50192

    set ingress-shaping-profile "test_Internal"

    set egress-shaping-profile "test_Internal"

    set alias "MPLS"

    set snmp-index 105

    set preserve-session-route enable

    next

    end

  2. The member ID in the virtual WAN link must be same as the SNMP index associated with the Interface, for example, 105.

    config system virtual-wan-link

    set status enable

    config members

    edit 105

    set interface "ha"

    set gateway 10.1.31.1

    set comment "MPLS"

    next

    ……

    ……

    end

    end

  3. The member ID should be added to a health check, again in this example it is 105.

    config health-check

    edit "TEST_Backoffice"

    set server "10.10.33.240" "10.10.1.240"

    set interval 5

    set update-cascade-interface disable

    set update-static-route disable

    set members 1 2 105

    next

    end

  4. When monitoring Latency, Jitter and Loss via SNMP it is now possible to identify the Interface it is associated with the health check.

    [snmpwalk -v2c -c {password} {HostIp} 1.3.6.1.4.1.12356.101.4.9.2.1

    SNMPv2-SMI::enterprises.12356.101.4.9.2.1.3.7 = Gauge32: 105

    SNMPv2-SMI::enterprises.12356.101.4.9.2.1.5.7 = STRING: "20.078" (latency)

    SNMPv2-SMI::enterprises.12356.101.4.9.2.1.6.7 = STRING: "0.736" (Jitter)

    SNMPv2-SMI::enterprises.12356.101.4.9.2.1.9.7 = STRING: "0.000" (Loss)

Adding/Removing Devices and Interfaces to the Dashboard

When you create an Interface Usage Dashboard for the first time, no devices are displayed.

Complete these steps to add a device to the dashboard:

  1. Click the devices icon.
  2. Select the Organization and then click the Firewall or Router Switch folder.
  3. Select a device and its interface of interest.
  4. Click the right arrow.
  5. Click Save.

Complete these steps to remove a device from the dashboard:

  1. Click the devices icon.
  2. Select the Device/Interface pair from the selected list.
  3. Click the left arrow.
  4. Click Save.

This dashboard is data driven. That means the dashboard will be populated only if the metrics are present. First, create a Summary dashboard and see if the devices are present in that dashboard and display values. Then, you will see them in this dashboard.

Viewing Device Level Metrics

The Top view displays Device level metrics. The metrics are averaged over three minute intervals. To see the trend, click the trend icon next to the numbers.

Viewing Interface Level Metrics

Once you select a device in the Top view, the middle table displays the interface level metrics for that device. The metrics are averaged over three minute intervals. To see the trend, click the trend icon next to the numbers.

Viewing Application Usage

Complete these steps to see the Application Usage for an interface:

  1. Select a device in the Top view.
  2. Select an interface in the Middle view.
  3. Click the Application Usage tab.

Viewing QoS Statistics

Complete these steps to see the QoS Statistics for an interface:

  1. Select a device in the Top view.
  2. Select an interface for the selected device in the Middle view.
  3. Click the QoS Statistics tab.

Drill-down from Widgets

Click the magnifying glass icon on a widget. This will take you to the ANALYTICS tab with the values populated. From there, you can analyze the data in more depth.

Modifying Widget Information Display

Follow the steps in Widget Dashboard > Modifying widget information display.

Changing Refresh Interval

Select the refresh interval from the drop-down menu on top-right.

Forcing a Refresh

To update the whole dashboard, select the refresh icon on the top-right menu.