Upload
hong-chuong
View
250
Download
0
Embed Size (px)
Citation preview
7/26/2019 Default on Demand Default 2016 06-04-205918
1/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Bandwidth and Applications
Bandwidth Usage for Past 24 Hours
0K
70K
140K
210K
280K
350K420K
490K
560K
630K
700K
20:00
21:00
22:00
23:00
00:00
01:00
02:00
03:00
04:00
05:00
06:00
07:00
08:00
09:00
10:00
11:00
12:00
13:00
14:00
15:00
16:00
17:00
18:00
19:00
Bandwidth(bit/s)
In Out Number of Sessions for Past 24 Hours
0
500
1000
1500
2000
25003000
3500
4000
4500
5000
20:00
21:00
22:00
23:00
00:00
01:00
02:00
03:00
04:00
05:00
06:00
07:00
08:00
09:00
10:00
11:00
12:00
13:00
14:00
15:00
16:00
17:00
18:00
19
Sessions
Top Users by Bandwidth Usage
User IP Sent Recv
113.175.40.8 113.175.40.8 123.4 MB
113.160.200.109 113.160.200.109 61.2 MB27.72.68.67 27.72.68.67 43.7 MB
123.30.175.226 123.30.175.226 40.7 MB
27.66.5.33 27.66.5.33 40.0 MB
118.68.38.135 118.68.38.135 38.5 MB
14.189.62.199 14.189.62.199 38.4 MB
113.175.90.223 113.175.90.223 37.4 MB
113.174.7.165 113.174.7.165 37.1 MB
14.187.209.160 14.187.209.160 37.1 MB
Top Users by Sessions
User IP Sessions
123.31.26.64 123.31.26.64 3.7
88.198.239.9 88.198.239.9 3.142.112.27.51 42.112.27.51 3.0
113.177.148.73 113.177.148.73 1.2
113.160.200.109 113.160.200.109 1.1
123.31.12.210 123.31.12.210 53
172.16.0.254 172.16.0.254 48
123.30.239.224 123.30.239.224 47
14.161.4.56 14.161.4.56 4
113.160.200.14 113.160.200.14 4
Top Applications by Bandwidth Usage
Application Sent Recv
HTTP 1.8 GB
RDP 4.8 MB
FTP 95.0 KB
HTTPS 87.2 KB
Camera 37.4 KB
POP3S 21.9 KB
IMAPS 10.4 KB
POP3 5.7 KB
IMAP 4.1 KB
SMTP 1.4 KB
Top Applications by Sessions
Application Sessions
HTTP 35.0
RDP 12.3
HTTPS 39
FTP 16
POP3S 9
Camera 8
IMAPS 3
POP3 2
IMAP
SMTP
Top Destinations by Bandwidth Usage
thaibinh.gov.vn (1.2 GB)
tuyengiaothaibinh.vn (548.2 MB)
benhviennhithaibinh.c (35.2 MB)
thpt-lequydon-thaibin (22.1 MB)
10.132.2.70 (9.3 MB)
10.132.2.80 (4.2 MB)
10.132.2.171 (755.5 KB)
10.132.2.165 (213.9 KB)
10.132.2.11 (94.5 KB)
10.132.2.193 (80.4 KB)
Top Destinations by Sessions
10.132.2.70 (33.7 K)
10.132.2.80 (10.6 K)
10.132.2.171 (2.0 K)
10.132.2.165 (933)
10.132.2.193 (353)
10.132.2.17 (170)
10.132.2.11 (154)
thaibinh.gov.vn (118)
10.132.2.111 (88)
tuyengiaothaibinh.vn (56)
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
2/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Bandwidth and Applications
DHCP Summary
Interface Allocated / Available New Clients Count
Top Wifi Client by Bandwidth
IP SSID MAC Sent Rec
Number of Active Users for Past 24 Hours
0
40
80
120
160
200
240
280
320
360
400
20:00
21:00
22:00
23:00
00:00
01:00
02:00
03:00
04:00
05:00
06:00
07:00
08:00
09:00
10:00
11:00
12:00
13:00
14:00
15:00
16:00
17:00
18:00
19:00
ActiveUser
s
Web Usage
Top Allowed Websites by Requests
Website Requests
Top Websites by Bandwidth
Website Sent Recv
Top Blocked Websites by Requests
Website Requests
Top Blocked Users
User(or IP) Hostname(MAC) Requests
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
3/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Web Usage
Top Web Users by Requests
User(or IP) Hostname(MAC) Requests
Top Web Users by Bandwidth
User(or IP) Hostname(Mac) Sent Recv
Top Web Streaming Websites by Bandwidth
Emails
Top Senders by Number of Emails
Sender Number of Emails
Top Email Senders by Bandwidth
Sender Bandwidth
Top Recipients by Number of Emails
Recipient Number of Emails
Top Email Recipients by Bandwidth
Recipient Bandwidth
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
4/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Threats
Top Viruses by Name
Virus Name Occurrence
oversize 177
av-error 1
Top Virus Victims
Virus Victim Occurrence
113.160.200.109
113.175.40.8
117.4.176.2427.66.5.33
42.112.233.51
42.113.158.135
1.53.229.244
113.160.65.50
113.162.73.55
113.185.1.112
Top Attack Sources
Top Attack Victims
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
5/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
VPN Usage
Top Site-to-Site IPSec Tunnels by Bandwidth
Tunnel Sent Recv
Top Dial-Up IPSec Tunnels by Bandwidth
User Tunnel Sent Recv
Top SSL-VPN Tunnel Users by Bandwidth
User IP Sent Recv
lamnh 27.76.193.170 15.5 MB
hienpq 27.76.193.170 12.1 MB
dungdp 117.6.135.61 5.5 MB
hapt 117.6.135.61 1.4 MB
lamnh 27.76.203.182 401.8 KB
hienpq 27.76.203.182 28.9 KB
dungdp 113.185.18.79 15.2 KB
thevt 27.76.193.170 12 B
Top SSL-VPN Web Mode Users by Bandwidth
User IP Sent Recv
lamnh 27.76.193.170 13.3 M
hienpq 27.76.193.170 12.1 M
dungdp 117.6.135.61 5.5 M
hapt 117.6.135.61 1.4 M
lamnh 27.76.203.182 400.6 K
hienpq 27.76.203.182 28.8 K
dungdp 113.185.18.67 14.5 K
thevt 27.76.193.170 12
Top Dial Up Users
User Type Duration (Sec) Sent Recv
lamnh ssl 56m 15s 29.6 MB
hienpq ssl 52m 21s 24.2 MB
dungdp ssl 38m 17s 11.0 MB
hapt ssl 02h 39m 2.7 MB
thevt ssl 04m 58s 24 B
VPN Traffic Usage Trend
0
1
2
3
4
5
6
7
89
10
20:00
21:00
22:00
23:00
00:00
01:00
02:00
03:00
04:00
05:00
06:00
07:00
08:00
09:00
10:00
11:00
12:00
13:00
14:00
15:00
16:00
17:00
18:00
19
Bandwidth(bit/s)
SSL Out SSL In IPSec Out IPSec
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
6/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Admin Login and System Events
Admin Login Summary =Config Changed =Conf ig Not Changed
Date/Time User Name Login Interface Duration Date/Time User Name Login Interface Duration
06/04 19:26 hienpq https(10.212.134.200) 11m 40s
06/04 19:16 hienpq https(10.212.134.200) 05m 34s
06/04 15:28 hienpq https(10.132.196.66) 08m 03s
06/04 15:12 hienpq https(10.132.196.66) 14m 00s
06/04 14:38 hienpq https(10.132.196.66) 20m 55s
System Activity Summary
Date/Time Event Date/Time Event
06/04 19:38 Administrator hienpq timed out on https(10.212.134.200)
06/04 19:38 Configuration is changed in the admin session
06/04 19:27 Purge system.admin:dashboard-tabs
06/04 19:27 Add system.admin:dashboard-tabs hienpq:1
06/04 19:27 Add system.admin:dashboard-tabs hienpq:2
06/04 19:27 Add system.admin:dashboard-tabs hienpq:3
06/04 19:27 Add system.admin:dashboard-tabs hienpq:4
06/04 19:27 Add system.admin:dashboard-tabs hienpq:5
06/04 19:27 Add system.admin:dashboard-tabs hienpq:6
06/04 19:27 Purge system.admin:dashboard
06/04 19:27 Add system.admin:dashboard hienpq:64
06/04 19:27 Add system.admin:dashboard hienpq:62
06/04 19:27 Add system.admin:dashboard hienpq:1
06/04 19:27 Add system.admin:dashboard hienpq:2
06/04 19:27 Add system.admin:dashboard hienpq:3
06/04 19:27 Add system.admin:dashboard hienpq:4
06/04 19:27 Add system.admin:dashboard hienpq:5
06/04 19:27 Add system.admin:dashboard hienpq:6
06/04 19:27 Add system.admin:dashboard hienpq:63
06/04 19:27 Add system.admin:dashboard hienpq:31
06/04 19:27 Add system.admin:dashboard hienpq:41
06/04 19:27 Add system.admin:dashboard hienpq:5106/04 19:27 Add system.admin:dashboard hienpq:61
06/04 19:26 Administrator hienpq logged in successfully from https(10.212.134.2
06/04 19:22 Administrator hienpq timed out on https(10.212.134.200)
06/04 19:16 Administrator hienpq logged in successfully from https(10.212.134.2
06/04 18:27 Disk log has rolled.
06/04 15:36 Administrator hienpq timed out on https(10.132.196.66)
06/04 15:36 Configuration is changed in the admin session
06/04 15:31 Edit vpn.ssl.settings
06/04 15:31 Edit vpn.ssl.settings
06/04 15:30 Edit vpn.ssl.settings
06/04 15:30 Edit vpn.ssl.settings
06/04 15:30 Edit vpn.ssl.settings
06/04 15:29 Edit vpn.ssl.settings
06/04 15:29 Edit vpn.ssl.settings
06/04 15:29 Edit vpn.ssl.settings
06/04 15:28 Edit vpn.ssl.settings
06/04 15:28 Edit vpn.ssl.settings
06/04 15:28 Edit vpn.ssl.settings
06/04 15:28 Administrator hienpq logged in successfully from https(10.132.196.6
06/04 15:26 Administrator hienpq timed out on https(10.132.196.66)
06/04 15:22 Send token FTKMOB4A031EEEDF activation code DEICM7CIEPG
06/04 15:12 Administrator hienpq logged in successfully from https(10.132.196.6
06/04 14:59 Administrator hienpq timed out on https(10.132.196.66)
06/04 14:59 Configuration is changed in the admin session
06/04 14:49 Send token FTKMOB4A031EEEDF activation code DEICM7CIEPG
06/04 14:48 User hienpq added local user dpdung from GUI(10.132.196.66)
06/04 14:48 Add user.local dpdung
06/04 14:48 Edit user.group VPN-ThaiBinh
06/04 14:45 Completed reputation db maintenance
06/04 14:38 Administrator hienpq logged in successfully from https(10.132.196.6
06/04 09:11 The ntp daemon step adjusted time from Sat Jun 4 09:11:23 2016 t
06/04 02:45 Completed reputation db maintenance
06/04 01:44 Fortigate scheduled update virdb(35.00114) etdb(35.00114) idsdb(8
06/04 00:06 System deleted log file tlog.64628
06/04 00:06 System deleted log file tlog.64627
06/04 00:06 System deleted log file elog.6491306/04 00:06 System deleted log file vlog.65447
06/04 00:06 System deleted log file wlog.65447
06/04 00:06 System deleted log file alog.65447
06/04 00:06 System deleted directory pcap.65447.
06/04 00:06 System deleted log file slog.65447
06/04 00:06 System deleted log file clog.65447
06/04 00:06 System deleted log file plog.65447
06/04 00:06 System deleted log file dlog.65447
06/04 00:06 System deleted directory dlp_archive.65447.
06/04 00:06 System deleted log file rlog.65447
06/04 00:06 System deleted log file nlog.65447
06/04 00:00 Disk log roll request has been sent.
06/04 00:00 Start uploading disk logs to FortiCloud from vdom root.
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
7/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Appendix A - Individual Report for 1st Highest User: 113.175.40.8 Usage: 123.4 MB IP: 113.175.40.8 Device:
Traffic Summary
Total Number of Bytes123.4 MB
122.0 MB in 1.4 MB out
Total Number of Sessions 152
Top 5 Destinations
Destination Bandwidth APP
tuyengiaothaibinh 123.3 MB HTTP
10.132.2.70 31.3 KB HTTP
Email Activity Summary
Number Bandwidth
0 0 0 B 0 B
Total Email Sent Total Email Received
Top 5 Email Recipients
Recipient Bandwidth
Top 5 Email Senders
Sender Bandwidth
Web Activity Summary
Top 10 Allowed Sites
Host Name Number of Visits
Top 10 Blocked Sites
Host Name Number of Visits
Threat Summary
Threat Name Type Counts
oversize
Application Summary
Top 5 Applications by Bandwidth
HTTP (123.4 MB)
Top 5 Applications by Sessions
HTTP (152)
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
8/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Appendix B - Individual Report for 2nd Highest User: 113.160.200.109 Usage: 61.2 MB IP: 113.160.200.109 Device:
Traffic Summary
Total Number of Bytes61.2 MB
61.0 MB in 285.3 KB out
Total Number of Sessions 1.1 K
Top 5 Destinations
Destination Bandwidth APP
thaibinh.gov.vn 61.0 MB HTTP
10.132.2.70 222.3 KB HTTP
10.132.2.165 5.7 KB HTTP
Email Activity Summary
Number Bandwidth
0 0 0 B 0 B
Total Email Sent Total Email Received
Top 5 Email Recipients
Recipient Bandwidth
Top 5 Email Senders
Sender Bandwidth
Web Activity Summary
Top 10 Allowed Sites
Host Name Number of Visits
Top 10 Blocked Sites
Host Name Number of Visits
Threat Summary
Threat Name Type Counts
oversize
Application Summary
Top 5 Applications by Bandwidth
HTTP (61.2 MB)
Top 5 Applications by Sessions
HTTP (1.1 K)
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
9/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Appendix C - Individual Report for 3rd Highest User: 27.72.68.67 Usage: 43.7 MB IP: 27.72.68.67 Device:
Traffic Summary
Total Number of Bytes43.7 MB
43.7 MB in 65.5 KB out
Total Number of Sessions 2
Top 5 Destinations
Destination Bandwidth APP
thaibinh.gov.vn 43.7 MB HTTP
Email Activity Summary
Number Bandwidth
0 0 0 B 0 B
Total Email Sent Total Email Received
Top 5 Email Recipients
Recipient Bandwidth
Top 5 Email Senders
Sender Bandwidth
Web Activity Summary
Top 10 Allowed Sites
Host Name Number of Visits
Top 10 Blocked Sites
Host Name Number of Visits
Threat Summary
Threat Name Type Counts
oversize
Application Summary
Top 5 Applications by Bandwidth
HTTP (43.7 MB)
Top 5 Applications by Sessions
HTTP (2)
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
10/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Appendix D - Individual Report for 4th Highest User: 123.30.175.226 Usage: 40.7 MB IP: 123.30.175.226 Device:
Traffic Summary
Total Number of Bytes40.7 MB
40.6 MB in 63.3 KB out
Total Number of Sessions 25
Top 5 Destinations
Destination Bandwidth APP
thaibinh.gov.vn 40.7 MB HTTP
10.132.2.70 8.1 KB HTTP
Email Activity Summary
Number Bandwidth
0 0 0 B 0 B
Total Email Sent Total Email Received
Top 5 Email Recipients
Recipient Bandwidth
Top 5 Email Senders
Sender Bandwidth
Web Activity Summary
Top 10 Allowed Sites
Host Name Number of Visits
Top 10 Blocked Sites
Host Name Number of Visits
Threat Summary
Threat Name Type Counts
oversize
Application Summary
Top 5 Applications by Bandwidth
HTTP (40.7 MB)
Top 5 Applications by Sessions
HTTP (25)
Fortinet Inc. All rights reserved
7/26/2019 Default on Demand Default 2016 06-04-205918
11/11
FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Appendix E - Individual Report for 5th Highest User: 27.66.5.33 Usage: 40.0 MB IP: 27.66.5.33 Device:
Traffic Summary
Total Number of Bytes40.0 MB
39.8 MB in 126.5 KB out
Total Number of Sessions 4
Top 5 Destinations
Destination Bandwidth APP
thaibinh.gov.vn 40.0 MB HTTP
Email Activity Summary
Number Bandwidth
0 0 0 B 0 B
Total Email Sent Total Email Received
Top 5 Email Recipients
Recipient Bandwidth
Top 5 Email Senders
Sender Bandwidth
Web Activity Summary
Top 10 Allowed Sites
Host Name Number of Visits
Top 10 Blocked Sites
Host Name Number of Visits
Threat Summary
Threat Name Type Counts
oversize
Application Summary
Top 5 Applications by Bandwidth
HTTP (40.0 MB)
Top 5 Applications by Sessions
HTTP (4)