Fortinet black logo

Handbook

Filtering options

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:155242
Download PDF

Filtering options

When you select the Add Filter button, a drop-down list appears with a list of available filtering options. Available options differ based on which console is currently being viewed. The following table explains all of the available filtering options:

Filter option

Description

Accelerated Sessions

You can filter the console on 'FortiASIC' ('Accelerated' versus 'Not Accelerated') sessions.

AP

Filter by Access Point (AP) identification number.

Application

Filter by application name.

Checksum

Filter by checksum value. Checksums are reference digits used to represent the correct datasum of a packet in order to detect errors.

Cloud Application

Filter by cloud application name.

Note: This filter is only available in the Cloud Applications console.

Country

Filter by the country from which the source accessed the server.

Destination Interface

Filter by the interface type used by the destination user, e.g. wan1.

Destination IP

Filter by the IP address used by the destination.

Destination Port

Filter by the port used by the destination.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Domain

Filter by domain name.

Note: This filter is only available in the Web Sites console.

Event Name

Filter by security event name.

Note: This filter is only available in the System Events console.

File Name

Filter by file name.

Note: This filter is only available in the FortiSandbox console.

Login Type

Filter by type of login (eg. WEP) associated with the displayed authentication attempt.

Note: This filter is only available in the Failed Authentications console.

NAT Source IP

Filter by the NAT-translated source IP address.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

NAT Source Port

Filter by the NAT-translated source interface.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Policy

Filter by the policy identification number.

Protocol

Filter by the protocol used by the source, e.g. tcp or udp.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Result

Filter by the result of whatever security action was taken by FortiOs in the selected session, eg. Accept (all).

Security Action

Filter by the type of response taken to the security event. The types of possible actions are as follows:

  • Allowed: No threat was detected and the connection was let through.
  • Blocked: A threat was detected and the connection was not let through.
  • Reset: A possible issue was detected and the connection was reset.
  • Traffic Shape: Some data packets may have been delayed to improve system-wide performance.

Severity

Filter by the severity level (Critical, High, Medium or Low) associated with a security event.

Source

Source IP

Filter by the source IP address.

Source Device

Filter by source device type, e.g. mobile.

Source Interface

Filer by the interface type used by the source user, e.g. wan1.

Source Port

Filter by the source interface.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Source SSID

Filter by the Service Set Identifier (SSID) associated with the selected user. An SSID is a case sensitive, 32 character alphanumerical identifier that acts as a password attributed to a mobile device.

Status

Filter by the maliciousness of a file. The types of possible status' are: Malicious, High, Medium, Low, Clean, Unknown, and Pending.

Note: This filter is only available in the FortiSandbox console.

Threat

Filter by threat name and/or URL

Threat Type

Filter by threat category, e.g. Illegal/Unethical or P2P.

Type

Note: This filter is only available in the Failed Authentications console.

User Name

Filter by user name.

VPN Type

Filter by Virtual Private Network (VPN) protocol type, eg. PPTP.

Note: This filter is only available in the VPN console.

Filtering options

When you select the Add Filter button, a drop-down list appears with a list of available filtering options. Available options differ based on which console is currently being viewed. The following table explains all of the available filtering options:

Filter option

Description

Accelerated Sessions

You can filter the console on 'FortiASIC' ('Accelerated' versus 'Not Accelerated') sessions.

AP

Filter by Access Point (AP) identification number.

Application

Filter by application name.

Checksum

Filter by checksum value. Checksums are reference digits used to represent the correct datasum of a packet in order to detect errors.

Cloud Application

Filter by cloud application name.

Note: This filter is only available in the Cloud Applications console.

Country

Filter by the country from which the source accessed the server.

Destination Interface

Filter by the interface type used by the destination user, e.g. wan1.

Destination IP

Filter by the IP address used by the destination.

Destination Port

Filter by the port used by the destination.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Domain

Filter by domain name.

Note: This filter is only available in the Web Sites console.

Event Name

Filter by security event name.

Note: This filter is only available in the System Events console.

File Name

Filter by file name.

Note: This filter is only available in the FortiSandbox console.

Login Type

Filter by type of login (eg. WEP) associated with the displayed authentication attempt.

Note: This filter is only available in the Failed Authentications console.

NAT Source IP

Filter by the NAT-translated source IP address.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

NAT Source Port

Filter by the NAT-translated source interface.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Policy

Filter by the policy identification number.

Protocol

Filter by the protocol used by the source, e.g. tcp or udp.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Result

Filter by the result of whatever security action was taken by FortiOs in the selected session, eg. Accept (all).

Security Action

Filter by the type of response taken to the security event. The types of possible actions are as follows:

  • Allowed: No threat was detected and the connection was let through.
  • Blocked: A threat was detected and the connection was not let through.
  • Reset: A possible issue was detected and the connection was reset.
  • Traffic Shape: Some data packets may have been delayed to improve system-wide performance.

Severity

Filter by the severity level (Critical, High, Medium or Low) associated with a security event.

Source

Source IP

Filter by the source IP address.

Source Device

Filter by source device type, e.g. mobile.

Source Interface

Filer by the interface type used by the source user, e.g. wan1.

Source Port

Filter by the source interface.

Note: This filter is only available in the All Sessions console,(viewing the now time display).

Source SSID

Filter by the Service Set Identifier (SSID) associated with the selected user. An SSID is a case sensitive, 32 character alphanumerical identifier that acts as a password attributed to a mobile device.

Status

Filter by the maliciousness of a file. The types of possible status' are: Malicious, High, Medium, Low, Clean, Unknown, and Pending.

Note: This filter is only available in the FortiSandbox console.

Threat

Filter by threat name and/or URL

Threat Type

Filter by threat category, e.g. Illegal/Unethical or P2P.

Type

Note: This filter is only available in the Failed Authentications console.

User Name

Filter by user name.

VPN Type

Filter by Virtual Private Network (VPN) protocol type, eg. PPTP.

Note: This filter is only available in the VPN console.