Fortinet black logo

Handbook

6.3.3
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1

Status

Status

FortiDDoS Dashboard contains tables or summary graphs of system information and system status. Use the dashboard to check system status at-a-glance or to quickly find system information, like the hardware serial number, firmware version, license status, or interface status. For a deeper look at attack traffic, use the Monitor and Log & Report menus.

Before you begin:

  • You must have Read permission for Dashboard, FortiView, System and Network settings.
To display the Dashboard:
  • Go to Dashboard menu item (default landing page).

The default dashboard setup includes the following tables/graphs:

For any graph, you can select either Linear or Logarithmic scale link from the top right corner. If there is a range of data where one or a few points are much larger than the bulk of the data, select Logarithmic scale to reduce the skewness towards large values. The graphs are displayed in linear scale by default.

System Information

This dashboard displays basic System Information, such as firmware version, serial number, host name, system time, system uptime, effective HA mode (if configured) and Bypass Status (inline/bypass).

System information dashboard

License Information

This dashboard displays license and registration status, including status for the FortiGuard IP Reputation and Domain Reputation Services. If the system is behind web proxy, set up Tunnel (proxy) under System > FortiGuard. These Tunnel settings work for system registration, IP Reputation, Domain Reputation and Signaling.

License Information dashboard

SPP Status

SPP Status shows summary information for each SPP configured in the system and allows the user to change Detection/Prevention Mode for each direction on SPP without navigating further into the system.

Column

Description
Name Names assigned to the Service Protection Policy (SPP) from Service Protection: CONFIGURATION > Service Protection Policy.

ID

System-assigned ID number for the SPP.

Different models support the following numbers of SPPs:

  • VM04 = 4

  • 200F/VM08 = 8

  • 1500F/2000F/VM16 = 16
Status SPP is enabled/disabled determined by the Status toggle in Service Protection: CONFIGURATION > Service Protection Policy.

Mode (Inbound)

Green Detection Mode (monitor only) or red Prevention Mode (full mitigation) per SPP, per Direction. Detection/Prevention can be toggled by clicking on the word.

Note: Global ACLs of any time always drop matching traffic, even in Detection Mode.
Mode (Outbound)

Green Detection Mode (monitor only) or red Prevention Mode (full mitigation) per SPP, per Direction. Detection/Prevention can be toggled by clicking on the word.

Note: Global ACLs of any time always drop matching traffic, even in Detection Mode.

System Resources

System Resources shows a real-time display of CPU, RAM, and disk usage for all processes. The default display shows the real-time usage percentage of the CPU, RAM, and disk. Click the < icon to expand the panel to see a time-line view of the CPU and RAM usage. The usage time-line period can be adjusted using the time-line drop-down.


Note:

  • System Resources shows actual CPU usage. Linux CLI top command will not provide accurate CPU usage when used with DPDK-based processors in FortiDDoS. Use CLI get system performance for accurate real-time CPU usage information.

  • RAM is pre-allocated for many tables and settings which results in 30-40% RAM allocation when the system is not passing traffic or fully configured. This is normal.

High Availability (HA)

High Availability (HA) configuration allows you to synchronize configuration information between two FortiDDoS appliances to create a secondary appliance that always has an up-to-date configuration.

Mode Standalone/HA configuration
eMode

Effective HA mode:

  • off — Not in a High Availability pair.

  • Standalone — In HA Mode but cannot contact HA partner.

  • Primary — Acting as Primary device.

  • Secondary — Acting as Secondary device.
Group Optional group name of appliances configured in HA mode
Override

  • Enable — Enable to make Device Priority a more important factor than up-time while selecting the Primary node. Override is enabled by default and strongly recommended.

  • Disable — If Override is Disabled, when the Primary fails, the Secondary becomes the new Primary until it fails, even if the Primary is replaced, and/or returns online, which is an unusual deployment.

Attack Logs

The Attack Logs dashboard displays the table which contains the most recent time-stamped attack logs by event type, drops count, SPP, Direction and SPP mode.

Interfaces (Aggregate Interface Traffic)

The Interfaces dashboard displays aggregate traffic through all interfaces ports.

Use the following parameters to adjust the graph display:

Parameter

Description
Linear/Logarithmic Changes the graph Y-axis for clarity. Normally use Linear.
Inbound/Outbound

Direction of traffic.

FortiDDoS displays Ingress and Egress traffic differently than other networking devices to make it very obvious if FortiDDoS is dropping traffic through the system:

Inbound

  • Ingress is traffic from the Internet to FortiDDoS.

  • Egress is traffic from FortiDDoS to the local network.

Outbound

  • Ingress is from the local network to FortiDDoS.

  • Egress is from FortiDDoS to the Internet.
Packet/bits Throughput in pps or bps.
Period

Display periods of 1-Hour, 8-Hours, 1-Day, 1-Week, and 1-Year, as calculated backwards from the current time.

Click the < icon to open a table displaying the last-reported peak data rate (in bps or pps) for each interface.

SPPs (Aggregate SPP Traffic)

This dashboard displays the trend in aggregate throughput over a specific period of time across all SPPs. This graph provides an overview of the traffic pattern.

To display inbound or outbound traffic, select Inbound / Outbound links on the top-right of the graph.

Aggregate SPP Traffic dashboard

You can hide or display the throughput for Aggregate Ingress or Aggregate Egress traffic by clicking the label.

Aggregate SPP Traffic dashboard - hide/show specific traffic

Aggregate Drops Graph

The Drops dashboard displays traffic with packets dropped based on types of attack.

Data Path Resources

The Data Path Resources table displays the internal table usage statistics.

Administrators

Tracks recent Administrator successful and failed logins. For more Event information, go to Log & Report: LOG ACCESS > Logs > Event Log tab.

Cloud Signaling

The Cloud Signaling table displays records for devices registered in cloud center.

Previous
Next

Status

FortiDDoS Dashboard contains tables or summary graphs of system information and system status. Use the dashboard to check system status at-a-glance or to quickly find system information, like the hardware serial number, firmware version, license status, or interface status. For a deeper look at attack traffic, use the Monitor and Log & Report menus.

Before you begin:

  • You must have Read permission for Dashboard, FortiView, System and Network settings.
To display the Dashboard:
  • Go to Dashboard menu item (default landing page).

The default dashboard setup includes the following tables/graphs:

For any graph, you can select either Linear or Logarithmic scale link from the top right corner. If there is a range of data where one or a few points are much larger than the bulk of the data, select Logarithmic scale to reduce the skewness towards large values. The graphs are displayed in linear scale by default.

System Information

This dashboard displays basic System Information, such as firmware version, serial number, host name, system time, system uptime, effective HA mode (if configured) and Bypass Status (inline/bypass).

System information dashboard

License Information

This dashboard displays license and registration status, including status for the FortiGuard IP Reputation and Domain Reputation Services. If the system is behind web proxy, set up Tunnel (proxy) under System > FortiGuard. These Tunnel settings work for system registration, IP Reputation, Domain Reputation and Signaling.

License Information dashboard

SPP Status

SPP Status shows summary information for each SPP configured in the system and allows the user to change Detection/Prevention Mode for each direction on SPP without navigating further into the system.

Column

Description
Name Names assigned to the Service Protection Policy (SPP) from Service Protection: CONFIGURATION > Service Protection Policy.

ID

System-assigned ID number for the SPP.

Different models support the following numbers of SPPs:

  • VM04 = 4

  • 200F/VM08 = 8

  • 1500F/2000F/VM16 = 16
Status SPP is enabled/disabled determined by the Status toggle in Service Protection: CONFIGURATION > Service Protection Policy.

Mode (Inbound)

Green Detection Mode (monitor only) or red Prevention Mode (full mitigation) per SPP, per Direction. Detection/Prevention can be toggled by clicking on the word.

Note: Global ACLs of any time always drop matching traffic, even in Detection Mode.
Mode (Outbound)

Green Detection Mode (monitor only) or red Prevention Mode (full mitigation) per SPP, per Direction. Detection/Prevention can be toggled by clicking on the word.

Note: Global ACLs of any time always drop matching traffic, even in Detection Mode.

System Resources

System Resources shows a real-time display of CPU, RAM, and disk usage for all processes. The default display shows the real-time usage percentage of the CPU, RAM, and disk. Click the < icon to expand the panel to see a time-line view of the CPU and RAM usage. The usage time-line period can be adjusted using the time-line drop-down.


Note:

  • System Resources shows actual CPU usage. Linux CLI top command will not provide accurate CPU usage when used with DPDK-based processors in FortiDDoS. Use CLI get system performance for accurate real-time CPU usage information.

  • RAM is pre-allocated for many tables and settings which results in 30-40% RAM allocation when the system is not passing traffic or fully configured. This is normal.

High Availability (HA)

High Availability (HA) configuration allows you to synchronize configuration information between two FortiDDoS appliances to create a secondary appliance that always has an up-to-date configuration.

Mode Standalone/HA configuration
eMode

Effective HA mode:

  • off — Not in a High Availability pair.

  • Standalone — In HA Mode but cannot contact HA partner.

  • Primary — Acting as Primary device.

  • Secondary — Acting as Secondary device.
Group Optional group name of appliances configured in HA mode
Override

  • Enable — Enable to make Device Priority a more important factor than up-time while selecting the Primary node. Override is enabled by default and strongly recommended.

  • Disable — If Override is Disabled, when the Primary fails, the Secondary becomes the new Primary until it fails, even if the Primary is replaced, and/or returns online, which is an unusual deployment.

Attack Logs

The Attack Logs dashboard displays the table which contains the most recent time-stamped attack logs by event type, drops count, SPP, Direction and SPP mode.

Interfaces (Aggregate Interface Traffic)

The Interfaces dashboard displays aggregate traffic through all interfaces ports.

Use the following parameters to adjust the graph display:

Parameter

Description
Linear/Logarithmic Changes the graph Y-axis for clarity. Normally use Linear.
Inbound/Outbound

Direction of traffic.

FortiDDoS displays Ingress and Egress traffic differently than other networking devices to make it very obvious if FortiDDoS is dropping traffic through the system:

Inbound

  • Ingress is traffic from the Internet to FortiDDoS.

  • Egress is traffic from FortiDDoS to the local network.

Outbound

  • Ingress is from the local network to FortiDDoS.

  • Egress is from FortiDDoS to the Internet.
Packet/bits Throughput in pps or bps.
Period

Display periods of 1-Hour, 8-Hours, 1-Day, 1-Week, and 1-Year, as calculated backwards from the current time.

Click the < icon to open a table displaying the last-reported peak data rate (in bps or pps) for each interface.

SPPs (Aggregate SPP Traffic)

This dashboard displays the trend in aggregate throughput over a specific period of time across all SPPs. This graph provides an overview of the traffic pattern.

To display inbound or outbound traffic, select Inbound / Outbound links on the top-right of the graph.

Aggregate SPP Traffic dashboard

You can hide or display the throughput for Aggregate Ingress or Aggregate Egress traffic by clicking the label.

Aggregate SPP Traffic dashboard - hide/show specific traffic

Aggregate Drops Graph

The Drops dashboard displays traffic with packets dropped based on types of attack.

Data Path Resources

The Data Path Resources table displays the internal table usage statistics.

Administrators

Tracks recent Administrator successful and failed logins. For more Event information, go to Log & Report: LOG ACCESS > Logs > Event Log tab.

Cloud Signaling

The Cloud Signaling table displays records for devices registered in cloud center.

Previous
Next