Default Schedule Default 2013 10-31-000102

FortiGate System Analysis Report for Oct 30, 2013
FortiGate: FortiGate-Demo-140D
Bandwidth and Applications

In
Out
Number of Sessions for Past 24 Hours

500
270K
450
240K
400
210K
350
Sessions
300K
180K
150K
120K
90K
300
250
200
150
100
30K
50
0K
Top Users by Bandwidth Usage

User
Top Users by Sessions

Sent
IP
10.170.203.2
10.170.203.2
test user
101:101:101:101:10
test user
172.16.78.32
Received
1.1 GB
Sent
User
IP
Sessions
10.170.203.2
10.170.203.2
9.9 K
100.5 MB
test user
172.16.78.32
900 B
test user
101:101:101:101:10
test user
172.16.78.88
Top Applications by Bandwidth Usage

Application
00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:
20 00
:
21 00
:
22 00
:
23 00
:0
0
60K
00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:
20 00
:
21 00
:
22 00
:
23 00
:0
0
Bandwidth (bit/s)
Bandwidth Usage for Past 24 Hours
Top Applications by Sessions

Received
HTTP.Video
Application
1.1 GB
AIM
100.5 MB
Sessions
DNS
4.4 K
HTTP.BROWSER_Chrome
3.5 K
HTTP.BROWSER_Chrome
36.9 MB
HTTP
436
HTTP.BROWSER_IE
13.6 MB
SSL
374
SSL
4.0 MB
unknown
298
DNS
1.9 MB
MS.NetSend
178
HTTP.Executable
744.7 KB
HTTP.Video
163
MS.Windows.Update
544.4 KB
HTTP.BROWSER_IE
147
NetBIOS.Name.Service
254.4 KB
Fortiguard.Search
126
POP3S
235.2 KB
NetBIOS.Name.Service
118
Top Destinations by Bandwidth Usage
Fortinet Inc. All rights reserved
Top Destinations by Sessions
akamaihd.net (1.1 GB)
208.91.112.53 (3.9 K)
202:202:202:202:202: (100.5 MB)
10.170.203.255 (592)
turner.com (20.2 MB)
208.91.112.52 (562)
96.45.33.99 (11.0 MB)
turner.com (406)
ads.cnn.com (4.6 MB)
chartbeat.net (375)
www.cnn.com (3.1 MB)
data.cnn.com (311)
96.45.32.96 (1.7 MB)
www.cnn.com (304)
208.91.112.53 (1.6 MB)
ads.cnn.com (289)
data.cnn.com (1.1 MB)
akamaihd.net (166)
windowsupdate.com (937.0 KB)
8.27.235.254 (115)

Bandwidth and Applications

DHCP Summary
Interface
Top Wifi Client by Bandwidth

Allocated /
Available
New Clients Count
STAFF-WIFI
0/253
SW-AP
0/253
SW-PHONES
0/253
IP
SSID
Sent
MAC
Received
10
9
8
7
6
5
4
3
2
1
0
00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:
20 00
:
21 00
:
22 00
:
23 00
:0
0
Active Users
Number of Active Users for Past 24 Hours
Web Usage
Top Allowed Websites by Requests
Website
Top Websites by Bandwidth

Requests
Sent
Website
Received
krxd.net
Top Blocked Websites by Requests

Website
krxd.net
168.2 KB
Top Blocked Users

Requests
User(or IP)
47
10.170.203.2
Hostname(MAC)
dell
Requests
47

Web Usage
Top Web Users by Requests
User(or IP)
Top Web Users by Bandwidth
Hostname(MAC)
User(or IP)
Requests
10.170.203.2
dell
Average Usage of Top 1
47
47
Hostname(Mac)
Sent
10.170.203.2
dell
Average Usage of Top 1
Received
168.2 KB
168.2 KB
Top Web Streaming Websites by Bandwidth
Emails
Top Senders by Number of Emails
Sender
Top Email Senders by Bandwidth

Number of Emails
Top Recipients by Number of Emails

Recipient
Number of Emails
Sender
Bandwidth
Top Email Recipients by Bandwidth

Recipient
Bandwidth

Threats
Top Viruses by Name
Virus Name
Top Virus Victims

Occurrence
Virus Victim
Occurrence
Top Attack Sources
%
100.0%
Attack Source
Occurrence
32.78.16.172
Top Attack Victims
%
100.0%
Attack Victim
32.1.1.1
Occurrence
1

VPN Usage
Top Site-to-Site IPSec Tunnels by Bandwidth
Sent
Tunnel
Top Dial-Up IPSec Tunnels by Bandwidth
Received
User
Top SSL-VPN Tunnel Users by Bandwidth

User
IP
Type
VPN-Demo
test user
vpn
1.1 GB
100.5 MB
Sent
Received
User
Sent
Sent
IP
VPN Traffic Usage Trend

Duration (Sec)
Received
Top SSL-VPN Web Mode Users by Bandwidth
Top Dial Up Users

User
Sent
Tunnel
10.170.203.2
SSL Out
SSL In
Received
IPSec Out
IPSec In
2000M
Received
1800M
Bandwidth (bit/s)
1600M
1400M
1200M
1000M
800M
600M
400M
200M
00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:
20 00
:
21 00
:
22 00
:
23 00
:0
0
0M

Admin Login and System Events

Admin Login Summary
Date/Time
User Name
=Config Changed
Login Interface
Duration
Date/Time
User Name
Login Interface
=Config Not Changed
Duration
10/30 23:12
demo
https(125.18.132.99)
26m 46s
10/30 09:49
demo
https(189.106.237.228)
34m 02s
10/30 22:55
demo
https(113.33.180.14)
12m 28s
10/30 09:49
demo
jsconsole
35m 45s
10/30 22:36
demo
https(125.18.132.99)
32m 02s
10/30 09:37
demo
https(187.15.38.187)
30m 27s
10/30 22:28
demo
https(120.63.162.164)
30m 14s
10/30 09:32
demo
https(201.155.121.237)
37m 17s
10/30 22:10
demo
https(190.40.162.140)
31m 23s
10/30 09:30
demo
https(201.155.121.237)
31m 33s
10/30 21:48
demo
https(182.71.149.18)
37m 41s
10/30 09:27
demo
https(200.5.230.123)
57m 22s
10/30 21:36
demo
https(125.18.132.99)
30m 16s
10/30 09:26
demo
https(177.97.125.45)
47m 45s
10/30 21:06
demo
https(190.134.113.95)
31m 38s
10/30 09:23
demo
https(92.79.61.254)
30m 20s
10/30 21:04
demo
https(218.188.7.198)
44m 53s
10/30 09:20
demo
https(92.79.61.254)
01h 23m 26s
10/30 20:07
demo
https(61.8.64.165)
06m 27s
10/30 09:15
demo
https(82.159.137.2)
01h 04m 49s
10/30 18:45
demo
https(121.97.68.162)
33m 43s
10/30 09:10
demo
https(216.120.213.99)
42m 03s
10/30 18:29
demo
https(203.206.220.46)
35m 25s
10/30 09:05
demo
https(62.99.69.194)
33m 45s
10/30 18:04
demo
https(187.163.97.105)
37m 24s
10/30 09:00
demo
https(84.91.3.242)
34m 19s
10/30 17:54
demo
https(203.213.6.46)
01h 04m 40s
10/30 08:47
demo
https(186.67.11.50)
58m 01s
10/30 17:14
demo
https(197.35.195.108)
45m 22s
10/30 08:46
demo
https(80.50.145.10)
31m 08s
10/30 17:03
demo
https(184.167.50.100)
35m 10s
10/30 08:41
demo
https(178.254.133.67)
36m 40s
10/30 16:19
demo
https(187.28.2.82)
04m 13s
10/30 08:38
demo
https(162.39.14.193)
32m 41s
10/30 16:04
demo
https(190.166.252.66)
23m 49s
10/30 08:38
demo
https(69.113.139.36)
35m 12s
10/30 15:17
demo
https(181.255.4.242)
46m 34s
10/30 08:32
demo
https(217.111.193.242)
30m 27s
10/30 15:01
demo
https(201.48.90.43)
49m 14s
10/30 08:31
demo
https(63.243.33.65)
32m 51s
10/30 14:58
demo
https(190.166.252.66)
01h 01m 53s
10/30 08:31
demo
https(41.251.145.190)
32m 20s
10/30 14:52
demo
https(186.67.11.50)
58m 42s
10/30 08:18
demo
https(132.219.142.130)
34m 04s
10/30 14:51
demo
https(200.216.152.19)
49m 48s
10/30 08:06
demo
https(190.153.51.186)
31m 57s
10/30 14:42
demo
https(190.50.185.150)
01h 03m 45s
10/30 07:47
demo
https(213.188.40.142)
32m 41s
10/30 14:40
demo
https(189.253.12.190)
07m 27s
10/30 07:36
demo
https(93.121.152.202)
40m 58s
10/30 14:15
demo
https(190.223.63.202)
34m 45s
10/30 07:34
demo
https(186.148.90.56)
34m 27s
10/30 13:44
demo
https(200.188.169.248)
32m 42s
10/30 07:34
demo
https(219.117.237.165)
34m 57s
10/30 13:09
demo
https(190.223.63.202)
51m 52s
10/30 07:29
demo
https(66.50.166.130)
50m 32s
10/30 12:42
demo
https(201.166.128.139)
40m 11s
10/30 07:12
demo
https(194.2.149.121)
31m 23s
10/30 12:37
demo
jsconsole
23m 47s
10/30 07:09
demo
https(186.148.90.56)
31m 51s
10/30 12:37
demo
https(201.56.92.203)
24m 31s
10/30 06:54
demo
https(190.104.208.34)
38m 03s
10/30 12:36
demo
https(190.106.3.126)
33m 45s
10/30 06:46
demo
https(178.212.122.240)
42m 13s
10/30 12:15
demo
https(201.48.90.45)
31m 07s
10/30 06:40
demo
https(190.234.157.218)
01h 25m 24s
10/30 12:12
demo
https(201.166.128.139)
30m 06s
10/30 06:39
demo
https(193.192.227.194)
30m 20s
10/30 12:01
demo
https(204.76.203.9)
34m 07s
10/30 06:36
demo
https(41.251.145.190)
43m 08s
10/30 11:55
demo
https(190.153.51.186)
51m 14s
10/30 06:31
demo
https(200.156.24.105)
39m 14s
10/30 11:51
demo
https(69.47.65.249)
57m 38s
10/30 06:26
demo
https(192.162.109.165)
01h 02m 12s
10/30 11:49
demo
https(87.148.88.96)
35m 56s
10/30 06:20
demo
https(190.153.51.186)
32m 54s
10/30 11:42
demo
https(217.248.109.35)
30m 56s
10/30 06:11
demo
https(200.185.248.89)
46m 36s
10/30 11:40
demo
jsconsole
30m 11s
10/30 06:08
demo
https(200.68.21.26)
30m 19s
10/30 11:39
demo
https(76.164.124.25)
58m 32s
10/30 06:06
demo
https(212.12.178.66)
30m 26s
10/30 11:31
demo
https(200.146.46.44)
37m 53s
10/30 06:05
demo
https(200.175.44.252)
30m 45s
10/30 11:14
demo
jsconsole
30m 06s
10/30 05:50
demo
https(201.33.148.1)
35m 34s
10/30 11:13
demo
https(66.98.36.8)
56m 25s
10/30 05:44
demo
https(24.217.98.89)
32m 54s
10/30 11:12
demo
https(190.166.252.66)
01h 03m 56s
10/30 05:41
demo
https(62.167.9.67)
01h 18m 25s
10/30 11:09
demo
https(186.148.90.56)
31m 28s
10/30 05:40
demo
https(186.148.90.56)
50m 06s
10/30 10:54
demo
jsconsole
30m 28s
10/30 05:40
demo
jsconsole
04h 44m 40s
10/30 10:50
demo
https(200.146.46.44)
39m 02s
10/30 05:39
demo
https(41.202.69.216)
01h 16m 03s
10/30 10:34
demo
https(201.47.57.247)
16m 40s
10/30 05:35
demo
https(201.55.89.82)
30m 16s
10/30 10:25
demo
jsconsole
31m 32s
10/30 05:32
demo
https(197.133.244.136)
56m 32s
10/30 10:23
demo
https(200.68.21.26)
33m 57s
10/30 05:29
demo
https(189.188.116.154)
30m 57s

System Activity Summary

Date/Time
Event
Date/Time
Event
10/30 23:55
2 files were dropped by quard to global_fsb: 0 reached max retries, 2
10/30 21:48
Administrator demo logged in successfully from https(182.71.149.18)
10/30 23:50
The ntp server 208.91.113.71 is determined unreachable at Wed Oct
10/30 21:48
10/30 23:49
10/30 21:45
10/30 23:45
10/30 21:38
Administrator demo timed out on https(190.134.113.95)
10/30 23:42
Administrator root login failed from https(118.143.38.130) because of
10/30 21:36
10/30 23:42
Login disabled from IP 118.143.38.130 for 60 seconds because of 3
10/30 21:34
10/30 23:41
Administrator unknown login failed from https(118.143.38.130) beca
10/30 21:25
10/30 23:41
Administrator admin login failed from https(118.143.38.130) because
10/30 21:24
10/30 23:41
Administrator admin login failed from https(118.143.38.130) because
10/30 21:24
10/30 23:38
10/30 21:19
Administrator demo1 login failed from https(111.84.99.181) because
10/30 23:38
Administrator demo logged out from https(125.18.132.99)
10/30 21:17
Administrator demo login failed from https(111.84.99.181) because o
10/30 23:35
10/30 21:15
Add system.admin:dashboard demo:6
10/30 23:26
10/30 21:15
10/30 23:25
10/30 21:15
10/30 23:24
10/30 21:15
10/30 23:19
10/30 21:15
10/30 23:15
10/30 21:15
10/30 23:12
10/30 21:15
10/30 23:08
10/30 21:15
10/30 23:07
Administrator demo logged out from https(113.33.180.14)
10/30 21:15
10/30 23:05
10/30 21:15
10/30 23:02
10/30 21:15
Purge system.admin:dashboard
10/30 23:00
10/30 21:15
10/30 23:00
FortiCloud Report file has been downloaded by user demo via GUI(1
10/30 21:15
10/30 22:58
10/30 21:15
10/30 22:55
10/30 21:15
10/30 22:55
10/30 21:15
10/30 22:53
10/30 21:15
10/30 22:53
Login disabled from IP 113.33.180.14 for 60 seconds because of 3 b
10/30 21:15
10/30 22:53
10/30 21:15
10/30 22:53
10/30 21:15
10/30 22:45
10/30 21:15
10/30 22:41
10/30 21:15
Purge system.admin:dashboard
10/30 22:38
10/30 21:14
10/30 22:36
10/30 21:06
Administrator demo logged in successfully from https(190.134.113.9
10/30 22:36
10/30 21:04
10/30 22:35
10/30 21:04
10/30 22:28
10/30 21:01
10/30 22:26
10/30 20:59
10/30 22:25
10/30 20:57
Administrator demo 1 login failed from https(218.188.7.198) because
10/30 22:15
Administrator admin login failed from https(147.6.1.81) because of in
10/30 20:57
Login disabled from IP 218.188.7.198 for 60 seconds because of 3 b
10/30 22:15
Login disabled from IP 147.6.1.81 for 60 seconds because of 3 bad
10/30 20:57
10/30 22:15
Administrator demo login failed from https(147.6.1.81) because of in
10/30 20:56
10/30 22:15
10/30 20:54
10/30 22:14
Administrator demo login failed from https(147.6.1.81) because of in
10/30 20:44
10/30 22:14
10/30 20:41
Administrator demo login failed from https(124.120.169.222) becaus
10/30 22:12
10/30 20:37
10/30 22:10
10/30 20:35
10/30 22:06
10/30 20:34
10/30 22:05
10/30 20:25
Administrator fortigate login failed from https(113.33.180.14) becaus
10/30 21:55
10/30 20:25
Administrator demo login failed from https(113.33.180.14) because o
10/30 21:51
FortiClient registration renewed.
10/30 20:24
10/30 21:51
Add a FortiClient Connection.
10/30 20:22
10/30 21:50
10/30 20:22
Login disabled from IP 124.120.169.222 for 60 seconds because of
10/30 21:49
10/30 20:21

Appendix A
- Individual Report for 1st Highest User: 10.170.203.2 Usage: 1.1 GB IP: 10.170.203.2 Device: dell
Traffic Summary
Web Activity Summary
Total Number of Sessions
Top 10 Allowed Sites
9.9 K
Host Name
1.1 GB
Total Number of Bytes
1.1 GB in
Number of Visits
55.6 MB out
Top 5 Destinations
Destination
Number of Sessions
208.91.112.53
208.91.112.52
turner.com
chartbeat.net
data.cnn.com
APP
3.8 K
562
406
375
311
DNS
DNS
HTTP.BROWSER
HTTP.BROWSER
HTTP.BROWSER
Top 10 Blocked Sites
Host Name
Email Activity Summary

Number
Number of Visits
krxd.net
47
Bandwidth
Total Email Sent
0B
0B
Total Email Received
Threat Summary
Threat Name
Type
Counts
Top 5 Email Recipients

Recipient
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
Top 5 Applications by Bandwidth
Top 5 Applications by Sessions
HTTP.Video (1.1 GB)
DNS (4.4 K)
HTTP.BROWSER_Chr (36.9 MB)
HTTP.BROWSER_Chrom (3.5 K)
HTTP.BROWSER_IE (13.6 MB)
HTTP (436)
SSL (4.0 MB)
SSL (374)
DNS (1.9 MB)
unknown (298)

Appendix B
- Individual Report for 2nd Highest User: test user Usage: 100.5 MB IP: 172.16.78.88 Device: host
Traffic Summary
6
Host Name
100.5 MB
500.6 KB in
Number of Visits
100.0 MB out
Top 5 Destinations
Destination
Number of Sessions
1.1.1.32
120.86.52.18
202:202:202:202:
229.118.95.200
APP
3
1
1
1
800/tcp
other
AIM
AIM
Host Name
Number of Visits

Number
Bandwidth
Total Email Sent
0B
0B
Threat Summary
Threat Name
Type
Counts

Recipient
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
AIM (100.5 MB)

800/tcp (3)
AIM (2)
800/tcp (900 B)
other (1)

Appendix C
- Individual Report for 3rd Highest User: test user Usage: 100.5 MB IP: 172.16.78.88 Device: host
Traffic Summary
6
Host Name
100.5 MB
500.6 KB in
Number of Visits
100.0 MB out
Top 5 Destinations
Destination
Number of Sessions
1.1.1.32
120.86.52.18
202:202:202:202:
229.118.95.200
APP
3
1
1
1
800/tcp
other
AIM
AIM
Host Name
Number of Visits

Number
Bandwidth
Total Email Sent
0B
0B
Threat Summary
Threat Name
Type
Counts

Recipient
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
AIM (100.5 MB)

800/tcp (3)
AIM (2)
800/tcp (900 B)
other (1)
10

Default Schedule Default 2013 10-31-000102

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Default Schedule Default 2013 10-31-000102

Hochgeladen von

Copyright:

Verfügbare Formate

FortiGate System Analysis Report for Oct 30, 2013

Bandwidth and Applications

Number of Sessions for Past 24 Hours

Top Users by Bandwidth Usage

Top Users by Sessions

Top Applications by Bandwidth Usage

Bandwidth Usage for Past 24 Hours

Top Applications by Sessions

Top Destinations by Bandwidth Usage

Fortinet Inc. All rights reserved

Top Destinations by Sessions

akamaihd.net (1.1 GB)

202:202:202:202:202: (100.5 MB)

turner.com (20.2 MB)

96.45.33.99 (11.0 MB)

ads.cnn.com (4.6 MB)

www.cnn.com (3.1 MB)

96.45.32.96 (1.7 MB)

208.91.112.53 (1.6 MB)

data.cnn.com (1.1 MB)

windowsupdate.com (937.0 KB)

FortiGate System Analysis Report for Oct 30, 2013

Bandwidth and Applications

Top Wifi Client by Bandwidth

New Clients Count

Number of Active Users for Past 24 Hours

Top Websites by Bandwidth

Top Blocked Websites by Requests

Fortinet Inc. All rights reserved

Top Blocked Users

FortiGate System Analysis Report for Oct 30, 2013

Top Web Users by Bandwidth

Top Web Streaming Websites by Bandwidth

Top Email Senders by Bandwidth

Top Recipients by Number of Emails

Fortinet Inc. All rights reserved

Top Email Recipients by Bandwidth

FortiGate System Analysis Report for Oct 30, 2013

Top Virus Victims

Top Attack Sources

Top Attack Victims

Fortinet Inc. All rights reserved

FortiGate System Analysis Report for Oct 30, 2013

Top Dial-Up IPSec Tunnels by Bandwidth

Top SSL-VPN Tunnel Users by Bandwidth

VPN Traffic Usage Trend

Top SSL-VPN Web Mode Users by Bandwidth

Top Dial Up Users

Fortinet Inc. All rights reserved

FortiGate System Analysis Report for Oct 30, 2013

Admin Login and System Events

=Config Not Changed

01h 23m 26s

01h 04m 49s

01h 04m 40s

01h 01m 53s

01h 03m 45s

01h 25m 24s

01h 02m 12s

01h 03m 56s

01h 18m 25s

04h 44m 40s

01h 16m 03s