Default on Demand Default 2016 06-04-205918

7/26/2019 Default on Demand Default 2016 06-04-205918

1/11

FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7

FortiGate: FG-300C-02

Bandwidth and Applications

Bandwidth Usage for Past 24 Hours

0K

70K

140K

210K

280K

350K420K

490K

560K

630K

700K

20:00

21:00

22:00

23:00

00:00

01:00

02:00

03:00

04:00

05:00

06:00

07:00

08:00

09:00

10:00

11:00

12:00

13:00

14:00

15:00

16:00

17:00

18:00

19:00

Bandwidth(bit/s)

In Out Number of Sessions for Past 24 Hours

0

500

1000

1500

2000

25003000

3500

4000

4500

5000

20:00

21:00

22:00

23:00

00:00

01:00

02:00

03:00

04:00

05:00

06:00

07:00

08:00

09:00

10:00

11:00

12:00

13:00

14:00

15:00

16:00

17:00

18:00

19

Sessions

Top Users by Bandwidth Usage

User IP Sent Recv

113.175.40.8 113.175.40.8 123.4 MB

113.160.200.109 113.160.200.109 61.2 MB27.72.68.67 27.72.68.67 43.7 MB

123.30.175.226 123.30.175.226 40.7 MB

27.66.5.33 27.66.5.33 40.0 MB

118.68.38.135 118.68.38.135 38.5 MB

14.189.62.199 14.189.62.199 38.4 MB

113.175.90.223 113.175.90.223 37.4 MB

113.174.7.165 113.174.7.165 37.1 MB

14.187.209.160 14.187.209.160 37.1 MB

Top Users by Sessions

User IP Sessions

123.31.26.64 123.31.26.64 3.7

88.198.239.9 88.198.239.9 3.142.112.27.51 42.112.27.51 3.0

113.177.148.73 113.177.148.73 1.2

113.160.200.109 113.160.200.109 1.1

123.31.12.210 123.31.12.210 53

172.16.0.254 172.16.0.254 48

123.30.239.224 123.30.239.224 47

14.161.4.56 14.161.4.56 4

113.160.200.14 113.160.200.14 4

Top Applications by Bandwidth Usage

Application Sent Recv

HTTP 1.8 GB

RDP 4.8 MB

FTP 95.0 KB

HTTPS 87.2 KB

Camera 37.4 KB

POP3S 21.9 KB

IMAPS 10.4 KB

POP3 5.7 KB

IMAP 4.1 KB

SMTP 1.4 KB

Top Applications by Sessions

Application Sessions

HTTP 35.0

RDP 12.3

HTTPS 39

FTP 16

POP3S 9

Camera 8

IMAPS 3

POP3 2

IMAP

SMTP

Top Destinations by Bandwidth Usage

thaibinh.gov.vn (1.2 GB)

tuyengiaothaibinh.vn (548.2 MB)

benhviennhithaibinh.c (35.2 MB)

thpt-lequydon-thaibin (22.1 MB)

10.132.2.70 (9.3 MB)

10.132.2.80 (4.2 MB)

10.132.2.171 (755.5 KB)

10.132.2.165 (213.9 KB)

10.132.2.11 (94.5 KB)

10.132.2.193 (80.4 KB)

Top Destinations by Sessions

10.132.2.70 (33.7 K)

10.132.2.80 (10.6 K)

10.132.2.171 (2.0 K)

10.132.2.165 (933)

10.132.2.193 (353)

10.132.2.17 (170)

10.132.2.11 (154)

thaibinh.gov.vn (118)

10.132.2.111 (88)

tuyengiaothaibinh.vn (56)

Fortinet Inc. All rights reserved


2/11



Bandwidth and Applications

DHCP Summary

Interface Allocated / Available New Clients Count

Top Wifi Client by Bandwidth

IP SSID MAC Sent Rec

Number of Active Users for Past 24 Hours

0

40

80

120

160

200

240

280

320

360

400

20:00

21:00

22:00

23:00

00:00

01:00

02:00

03:00

04:00

05:00

06:00

07:00

08:00

09:00

10:00

11:00

12:00

13:00

14:00

15:00

16:00

17:00

18:00

19:00

ActiveUser

s

Web Usage

Top Allowed Websites by Requests

Website Requests

Top Websites by Bandwidth

Website Sent Recv

Top Blocked Websites by Requests

Website Requests

Top Blocked Users

User(or IP) Hostname(MAC) Requests



3/11



Web Usage

Top Web Users by Requests

User(or IP) Hostname(MAC) Requests

Top Web Users by Bandwidth

User(or IP) Hostname(Mac) Sent Recv

Top Web Streaming Websites by Bandwidth

Emails

Top Senders by Number of Emails

Sender Number of Emails

Top Email Senders by Bandwidth

Sender Bandwidth

Top Recipients by Number of Emails

Recipient Number of Emails

Top Email Recipients by Bandwidth

Recipient Bandwidth



4/11



Threats

Top Viruses by Name

Virus Name Occurrence

oversize 177

av-error 1

Top Virus Victims

Virus Victim Occurrence

113.160.200.109

113.175.40.8

117.4.176.2427.66.5.33

42.112.233.51

42.113.158.135

1.53.229.244

113.160.65.50

113.162.73.55

113.185.1.112

Top Attack Sources

Top Attack Victims



5/11



VPN Usage

Top Site-to-Site IPSec Tunnels by Bandwidth

Tunnel Sent Recv

Top Dial-Up IPSec Tunnels by Bandwidth

User Tunnel Sent Recv

Top SSL-VPN Tunnel Users by Bandwidth

User IP Sent Recv

lamnh 27.76.193.170 15.5 MB

hienpq 27.76.193.170 12.1 MB

dungdp 117.6.135.61 5.5 MB

hapt 117.6.135.61 1.4 MB

lamnh 27.76.203.182 401.8 KB

hienpq 27.76.203.182 28.9 KB

dungdp 113.185.18.79 15.2 KB

thevt 27.76.193.170 12 B

Top SSL-VPN Web Mode Users by Bandwidth

User IP Sent Recv

lamnh 27.76.193.170 13.3 M

hienpq 27.76.193.170 12.1 M

dungdp 117.6.135.61 5.5 M

hapt 117.6.135.61 1.4 M

lamnh 27.76.203.182 400.6 K

hienpq 27.76.203.182 28.8 K

dungdp 113.185.18.67 14.5 K

thevt 27.76.193.170 12

Top Dial Up Users

User Type Duration (Sec) Sent Recv

lamnh ssl 56m 15s 29.6 MB

hienpq ssl 52m 21s 24.2 MB

dungdp ssl 38m 17s 11.0 MB

hapt ssl 02h 39m 2.7 MB

thevt ssl 04m 58s 24 B

VPN Traffic Usage Trend

0

1

2

3

4

5

6

7

89

10

20:00

21:00

22:00

23:00

00:00

01:00

02:00

03:00

04:00

05:00

06:00

07:00

08:00

09:00

10:00

11:00

12:00

13:00

14:00

15:00

16:00

17:00

18:00

19

Bandwidth(bit/s)

SSL Out SSL In IPSec Out IPSec



6/11



Admin Login and System Events

Admin Login Summary =Config Changed =Conf ig Not Changed

Date/Time User Name Login Interface Duration Date/Time User Name Login Interface Duration

06/04 19:26 hienpq https(10.212.134.200) 11m 40s

06/04 19:16 hienpq https(10.212.134.200) 05m 34s

06/04 15:28 hienpq https(10.132.196.66) 08m 03s

06/04 15:12 hienpq https(10.132.196.66) 14m 00s

06/04 14:38 hienpq https(10.132.196.66) 20m 55s

System Activity Summary

Date/Time Event Date/Time Event

06/04 19:38 Administrator hienpq timed out on https(10.212.134.200)

06/04 19:38 Configuration is changed in the admin session

06/04 19:27 Purge system.admin:dashboard-tabs

06/04 19:27 Add system.admin:dashboard-tabs hienpq:1






06/04 19:27 Purge system.admin:dashboard

06/04 19:27 Add system.admin:dashboard hienpq:64











06/04 19:27 Add system.admin:dashboard hienpq:5106/04 19:27 Add system.admin:dashboard hienpq:61

06/04 19:26 Administrator hienpq logged in successfully from https(10.212.134.2



06/04 18:27 Disk log has rolled.



06/04 15:31 Edit vpn.ssl.settings













06/04 15:22 Send token FTKMOB4A031EEEDF activation code DEICM7CIEPG




06/04 14:49 Send token FTKMOB4A031EEEDF activation code DEICM7CIEPG

06/04 14:48 User hienpq added local user dpdung from GUI(10.132.196.66)

06/04 14:48 Add user.local dpdung

06/04 14:48 Edit user.group VPN-ThaiBinh

06/04 14:45 Completed reputation db maintenance


06/04 09:11 The ntp daemon step adjusted time from Sat Jun 4 09:11:23 2016 t

06/04 02:45 Completed reputation db maintenance

06/04 01:44 Fortigate scheduled update virdb(35.00114) etdb(35.00114) idsdb(8

06/04 00:06 System deleted log file tlog.64628

06/04 00:06 System deleted log file tlog.64627

06/04 00:06 System deleted log file elog.6491306/04 00:06 System deleted log file vlog.65447

06/04 00:06 System deleted log file wlog.65447

06/04 00:06 System deleted log file alog.65447

06/04 00:06 System deleted directory pcap.65447.

06/04 00:06 System deleted log file slog.65447

06/04 00:06 System deleted log file clog.65447

06/04 00:06 System deleted log file plog.65447

06/04 00:06 System deleted log file dlog.65447

06/04 00:06 System deleted directory dlp_archive.65447.

06/04 00:06 System deleted log file rlog.65447

06/04 00:06 System deleted log file nlog.65447

06/04 00:00 Disk log roll request has been sent.

06/04 00:00 Start uploading disk logs to FortiCloud from vdom root.



7/11



Appendix A - Individual Report for 1st Highest User: 113.175.40.8 Usage: 123.4 MB IP: 113.175.40.8 Device:

Traffic Summary

Total Number of Bytes123.4 MB

122.0 MB in 1.4 MB out

Total Number of Sessions 152

Top 5 Destinations

Destination Bandwidth APP

tuyengiaothaibinh 123.3 MB HTTP

10.132.2.70 31.3 KB HTTP

Email Activity Summary

Number Bandwidth

0 0 0 B 0 B

Total Email Sent Total Email Received

Top 5 Email Recipients

Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth

Web Activity Summary

Top 10 Allowed Sites

Host Name Number of Visits

Top 10 Blocked Sites


Threat Summary

Threat Name Type Counts

oversize

Application Summary

Top 5 Applications by Bandwidth

HTTP (123.4 MB)

Top 5 Applications by Sessions

HTTP (152)



8/11



Appendix B - Individual Report for 2nd Highest User: 113.160.200.109 Usage: 61.2 MB IP: 113.160.200.109 Device:

Traffic Summary


61.0 MB in 285.3 KB out

Total Number of Sessions 1.1 K

Top 5 Destinations


thaibinh.gov.vn 61.0 MB HTTP

10.132.2.70 222.3 KB HTTP

10.132.2.165 5.7 KB HTTP


Number Bandwidth

0 0 0 B 0 B



Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth






Threat Summary


oversize

Application Summary


HTTP (61.2 MB)


HTTP (1.1 K)



9/11



Appendix C - Individual Report for 3rd Highest User: 27.72.68.67 Usage: 43.7 MB IP: 27.72.68.67 Device:

Traffic Summary


43.7 MB in 65.5 KB out


Top 5 Destinations




Number Bandwidth

0 0 0 B 0 B



Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth






Threat Summary


oversize

Application Summary


HTTP (43.7 MB)


HTTP (2)



10/11



Appendix D - Individual Report for 4th Highest User: 123.30.175.226 Usage: 40.7 MB IP: 123.30.175.226 Device:

Traffic Summary


40.6 MB in 63.3 KB out


Top 5 Destinations



10.132.2.70 8.1 KB HTTP


Number Bandwidth

0 0 0 B 0 B



Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth






Threat Summary


oversize

Application Summary


HTTP (40.7 MB)


HTTP (25)



11/11



Appendix E - Individual Report for 5th Highest User: 27.66.5.33 Usage: 40.0 MB IP: 27.66.5.33 Device:

Traffic Summary


39.8 MB in 126.5 KB out


Top 5 Destinations




Number Bandwidth

0 0 0 B 0 B



Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth






Threat Summary


oversize

Application Summary


HTTP (40.0 MB)


HTTP (4)

Documents

Default on Demand Default 2016 06-04-205918