Destinations
The Destinations console provides information about the destination IP addresses of traffic on your FortiGate unit, as well as the application used. You can drill down the displayed information, and also select the device and time period, and apply search filters.
This console can be filtered by Country, Destination Interface, Destination IP, Policy, Result, and Source Interface. For more on filters, see Filtering options.
Scenario: Monitoring destination data
The Destinations console can be used to access detailed information on user destination-accessing through the use of the console’s drilldown functionality. In this scenario, the console is used to find out more about a particular user’s Facebook usage patterns over a 24-hour period:
1. Go to FortiView > Destinations.
2. Select 1 hour from the Time Display options at the top right corner of the console.
3. The easiest way to locate most destinations is to scan the Applications column for the name of the application.
Once the session containing Facebook has been located, double-click it to access the Destination summary window.
4. Locate Facebook in the Applications column and double-click it to view the Facebook drilldown page. From here, detailed information regarding the user’s Facebook session can be accessed.
Only FortiGate models 100D and above support the 24 hour historical data.
Interfaces
The Interfaces console lists the total number of interfaces connected to your network, how many sessions there are in each interface, and what sort of traffic is occurring, represented in both bytes sent and received, and the
total bandwidth used.
This console can be filtered by Country, Destination Interface, Destination IP, Policy, Result, Source, and Source
Interface. For more on filters, see Filtering options.
Only FortiGate models 100D and above support the 24 hour historical data.
Scenario: Investigate traffic spikes per user
The wan1 interface is showing a higher amount of traffic than usual. A system administrator uses the console to inspect which user (as represented by an IP address) is creating the spike in traffic:
- 1. Go to FortiView > Interfaces and double-click on wan1, or right click and select Drill Down to Details….
- 2. The console will drill down to a summary page of wan1, showing how many bytes are being sent and received, how much bandwidth is being used, and how many sessions are currently using this interface. You see the
IP address of the user that is showing the most amount of traffic under Source.
- 3. You can further drill down to see the IP destination, the device, and the applications being used, and other options.