default schedule default 2014 06-26-000102

11
FortiGate System Analysis Report for Jun 25, 2014 FortiGate: fw_deltoromty Bandwidth and Applications Bandwidth Usage for Past 24 Hours 0K 500K 1000K 1500K 2000K 2500K 3000K 3500K 4000K 4500K 5000K 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Bandwidth (bit/s) In Out Number of Sessions for Past 24 Hours 0K 2K 4K 6K 8K 10K 12K 14K 16K 18K 20K 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Sessions Top Users by Bandwidth Usage User IP Sent Recv 192.168.0.138 192.168.0.138 1.6 GB 192.168.0.248 192.168.0.248 1.2 GB 192.168.0.189 192.168.0.189 971.3 MB 192.168.0.75 192.168.0.75 942.2 MB 192.168.0.143 192.168.0.143 938.2 MB 192.168.0.195 192.168.0.195 751.1 MB 192.168.0.15 192.168.0.15 676.3 MB 192.168.0.156 192.168.0.156 618.8 MB 192.168.0.72 192.168.0.72 576.6 MB 192.168.0.245 192.168.0.245 511.1 MB Top Users by Sessions User IP Sessions 192.168.0.5 192.168.0.5 12.6 K 192.168.0.104 192.168.0.104 6.4 K 192.168.0.246 192.168.0.246 6.3 K 192.168.0.107 192.168.0.107 5.3 K 192.168.0.167 192.168.0.167 4.5 K 192.168.0.248 192.168.0.248 4.1 K 192.168.0.103 192.168.0.103 3.0 K 192.168.0.142 192.168.0.142 2.8 K 192.168.0.118 192.168.0.118 2.8 K 192.168.0.84 192.168.0.84 2.5 K Top Applications by Bandwidth Usage Application Sent Recv YouTube 3.8 GB HTTP.Video 3.7 GB HTTP 2.5 GB HTTP.Audio 1.9 GB Gmail 677.1 MB POP3S 663.1 MB MS.Windows.Update 401.4 MB Ultrasurf_9.6+ 327.7 MB HTTP.Download.Accelerator 89.2 MB Facebook 79.8 MB Top Applications by Sessions Application Sessions HTTP 71.8 K POP3S 22.1 K Twitter 4.1 K Gmail 3.9 K YouTube 3.6 K Skype 3.6 K MS.Windows.Update 2.8 K DNS 800 HTTP.Video 796 Hotmail 746 Top Destinations by Bandwidth Usage googlevideo.com (7.8 GB) youtube.com (808.6 MB) gmail.com (744.1 MB) google.com (724.9 MB) akamaihd.net (614.9 MB) microsoft.com (545.8 MB) yac.mx (432.4 MB) windowsupdate.com (361.2 MB) ytimg.com (110.0 MB) pinimg.com (95.9 MB) Top Destinations by Sessions gmail.com (21.8 K) it-finance.com (13.9 K) google.com (5.1 K) twitter.com (4.2 K) terra.com.mx (3.8 K) doubleclick.net (3.1 K) googlevideo.com (2.7 K) microsoft.com (2.6 K) youtube.com (2.1 K) googlesyndication.com (1.8 K) Fortinet Inc. All rights reserved 1

Upload: eduardogarcia01

Post on 26-Dec-2015

55 views

Category:

Documents


0 download

DESCRIPTION

Manual

TRANSCRIPT

Page 1: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Bandwidth and Applications

Bandwidth Usage for Past 24 Hours

0K

500K

1000K

1500K

2000K

2500K

3000K

3500K

4000K

4500K

5000K

00:0

001

:0002

:0003

:0004

:0005

:0006

:0007

:0008

:0009

:0010

:0011

:0012

:0013

:0014

:0015

:0016

:0017

:0018

:0019

:0020

:0021

:0022

:0023

:00

Ban

dwid

th (

bit/s

)

In Out Number of Sessions for Past 24 Hours

0K

2K

4K

6K

8K

10K

12K

14K

16K

18K

20K

00:0

001

:0002

:0003

:0004

:0005

:0006

:0007

:0008

:0009

:0010

:0011

:0012

:0013

:0014

:0015

:0016

:0017

:0018

:0019

:0020

:0021

:0022

:0023

:00

Ses

sion

s

Top Users by Bandwidth Usage

User IP Sent Recv

192.168.0.138 192.168.0.138 1.6 GB

192.168.0.248 192.168.0.248 1.2 GB

192.168.0.189 192.168.0.189 971.3 MB

192.168.0.75 192.168.0.75 942.2 MB

192.168.0.143 192.168.0.143 938.2 MB

192.168.0.195 192.168.0.195 751.1 MB

192.168.0.15 192.168.0.15 676.3 MB

192.168.0.156 192.168.0.156 618.8 MB

192.168.0.72 192.168.0.72 576.6 MB

192.168.0.245 192.168.0.245 511.1 MB

Top Users by Sessions

User IP Sessions

192.168.0.5 192.168.0.5 12.6 K

192.168.0.104 192.168.0.104 6.4 K

192.168.0.246 192.168.0.246 6.3 K

192.168.0.107 192.168.0.107 5.3 K

192.168.0.167 192.168.0.167 4.5 K

192.168.0.248 192.168.0.248 4.1 K

192.168.0.103 192.168.0.103 3.0 K

192.168.0.142 192.168.0.142 2.8 K

192.168.0.118 192.168.0.118 2.8 K

192.168.0.84 192.168.0.84 2.5 K

Top Applications by Bandwidth Usage

Application Sent Recv

YouTube 3.8 GB

HTTP.Video 3.7 GB

HTTP 2.5 GB

HTTP.Audio 1.9 GB

Gmail 677.1 MB

POP3S 663.1 MB

MS.Windows.Update 401.4 MB

Ultrasurf_9.6+ 327.7 MB

HTTP.Download.Accelerator 89.2 MB

Facebook 79.8 MB

Top Applications by Sessions

Application Sessions

HTTP 71.8 K

POP3S 22.1 K

Twitter 4.1 K

Gmail 3.9 K

YouTube 3.6 K

Skype 3.6 K

MS.Windows.Update 2.8 K

DNS 800

HTTP.Video 796

Hotmail 746

Top Destinations by Bandwidth Usage

googlevideo.com (7.8 GB)

youtube.com (808.6 MB)

gmail.com (744.1 MB)

google.com (724.9 MB)

akamaihd.net (614.9 MB)

microsoft.com (545.8 MB)

yac.mx (432.4 MB)

windowsupdate.com (361.2 MB)

ytimg.com (110.0 MB)

pinimg.com (95.9 MB)

Top Destinations by Sessions

gmail.com (21.8 K)

it-finance.com (13.9 K)

google.com (5.1 K)

twitter.com (4.2 K)

terra.com.mx (3.8 K)

doubleclick.net (3.1 K)

googlevideo.com (2.7 K)

microsoft.com (2.6 K)

youtube.com (2.1 K)

googlesyndication.com (1.8 K)

Fortinet Inc. All rights reserved 1

Page 2: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Bandwidth and Applications

DHCP Summary

Interface Allocated / Available New Clients Count

Top Wifi Client by Bandwidth

IP SSID MAC Sent Recv

Number of Active Users for Past 24 Hours

0

20

40

60

80

100

120

140

160

180

200

00:0

001

:0002

:0003

:0004

:0005

:0006

:0007

:0008

:0009

:0010

:0011

:0012

:0013

:0014

:0015

:0016

:0017

:0018

:0019

:0020

:0021

:0022

:0023

:00

Act

ive

Use

rs

Web Usage

Top Allowed Websites by Requests

Website Requests

it-finance.com 13.9 K

terra.com.mx 3.8 K

doubleclick.net 3.1 K

googlevideo.com 2.7 K

googlesyndication.com 1.9 K

ytimg.com 1.6 K

msn.com 1.6 K

youtube.com 1.4 K

info7.mx 1.4 K

ooyala.com 1.3 K

Top Websites by Bandwidth

Website Sent Recv

googlevideo.com 7.8 GB

akamaihd.net 615.0 MB

microsoft.com 508.4 MB

yac.mx 432.4 MB

windowsupdate.com 361.2 MB

ytimg.com 110.0 MB

pinimg.com 95.9 MB

info7.mx 86.1 MB

andrea.com 83.2 MB

googlesyndication.com 64.3 MB

Top Blocked Websites by Requests

Website Requests

crwdcntrl.net 126

kalooga.com 39

m2pub.com 36

dalealplay.com 27

txtsrving.info 25

beforeitsnews.com 22

adroll.com 17

frogupdate.com 11

stgbssint.com 11

infolinks.com 10

Top Blocked Users

User(or IP) Hostname(MAC) Requests

192.168.0.246 2c:27:d7:1c:39:a5 122

192.168.0.15 60:67:20:a0:ec:04 45

192.168.0.127 d4:85:64:03:bf:ad 36

192.168.0.220 d4:85:64:03:bf:24 29

192.168.0.118 d4:85:64:03:bf:51 18

192.168.0.134 d4:85:64:03:bf:82 16

192.168.0.248 d4:85:64:03:bf:a8 16

192.168.0.167 00:26:82:cb:bd:a2 15

192.168.0.249 20:10:7a:23:42:0b 14

192.168.0.86 00:26:82:cb:bd:9b 14

Fortinet Inc. All rights reserved 2

Page 3: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Web Usage

Top Web Users by Requests

User(or IP) Hostname(MAC) Requests

192.168.0.5 d4:85:64:03:bf:f8 12.6 K192.168.0.104 d4:85:64:03:be:ca 6.0 K192.168.0.246 2c:27:d7:1c:39:a5 5.9 K192.168.0.107 2c:27:d7:36:58:fd 4.2 K192.168.0.248 d4:85:64:03:bf:a8 3.9 K192.168.0.167 00:26:82:cb:bd:a2 3.2 K192.168.0.103 d4:85:64:03:bf:b7 2.9 K192.168.0.142 d4:85:64:03:bf:17 2.4 K192.168.0.84 00:21:85:9c:af:44 2.3 K192.168.0.85 10:60:4b:80:5c:b6 2.2 KAverage Usage of Top 10 4.6 K

Top Web Users by Bandwidth

User(or IP) Hostname(Mac) Sent Recv

192.168.0.138 1c:c1:de:a1:ed:d7 1.6 GB

192.168.0.248 d4:85:64:03:bf:a8 1.2 GB

192.168.0.189 b8:a3:86:8e:59:ec 971.2 MB

192.168.0.143 d4:85:64:03:bf:16 922.1 MB

192.168.0.75 00:25:ab:1e:cb:4c 914.0 MB

192.168.0.15 60:67:20:a0:ec:04 671.6 MB

192.168.0.156 d4:85:64:03:bf:6b 613.3 MB

192.168.0.72 40:f0:2f:c5:69:8c 575.5 MB

192.168.0.245 d4:85:64:03:bf:72 453.5 MB

192.168.0.142 d4:85:64:03:bf:17 436.5 MB

Average Usage of Top 10 836.0 MB

Top Web Streaming Websites by Bandwidth

% Website Sent Recv

45.3% youtube.com 53.6 M

22.2% msn.com 26.3 M

15.6% savefrom.net 18.5 M

7.2% thestaticvube.com 8.5 M

3.0% netflix.com 3.6 M

6.8% others 8.1 M

Emails

Top Senders by Number of Emails

Sender Number of Emails

Top Email Senders by Bandwidth

Sender Bandwidth

Top Recipients by Number of Emails

Recipient Number of Emails

Top Email Recipients by Bandwidth

Recipient Bandwidth

Fortinet Inc. All rights reserved 3

Page 4: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Threats

Top Viruses by Name

Virus Name Occurrence

Top Virus Victims

Virus Victim Occurrence

Top Attack Sources

% Attack Source Occurrence

27.0% 199.66.238.110 10

24.3% 192.168.0.37 9

24.3% 199.66.238.111 9

24.3% 199.66.238.112 9

Top Attack Victims

% Attack Victim Occurrence

75.7% 192.168.0.37 28

8.1% 199.66.238.110 3

8.1% 199.66.238.111 3

8.1% 199.66.238.112 3

Fortinet Inc. All rights reserved 4

Page 5: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

VPN Usage

Top Site-to-Site IPSec Tunnels by Bandwidth

Tunnel Sent Recv

Top Dial-Up IPSec Tunnels by Bandwidth

User Tunnel Sent Recv

Top SSL-VPN Tunnel Users by Bandwidth

User IP Sent Recv

Top SSL-VPN Web Mode Users by Bandwidth

User IP Sent Recv

Top Dial Up Users

User Type Duration (Sec) Sent Recv

VPN Traffic Usage Trend

0

1

2

3

4

5

6

7

8

9

10

00:0

001

:0002

:0003

:0004

:0005

:0006

:0007

:0008

:0009

:0010

:0011

:0012

:0013

:0014

:0015

:0016

:0017

:0018

:0019

:0020

:0021

:0022

:0023

:00

Ban

dwid

th (

bit/s

)

SSL Out SSL In IPSec Out IPSec In

Fortinet Inc. All rights reserved 5

Page 6: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Admin Login and System Events

Admin Login Summary =Config Changed =Config Not Changed

Date/Time User Name Login Interface Duration Date/Time User Name Login Interface Duration

06/24 16:12 admin https(192.168.0.78) 08h 21m 31s

System Activity Summary

Date/Time Event Date/Time Event

06/25 22:16 Disk log has rolled.

06/25 18:12 Completed reputation db maintenance

06/25 17:33 Administrator admin logged in successfully from https(192.168.0.137

06/25 16:13 Disk log has rolled.

06/25 16:06 The ntp daemon step adjusted time from Wed Jun 25 16:06:48 2014

06/25 15:20 Disk log has rolled.

06/25 13:33 Log upload to FortiCloud completed on vdom root

06/25 13:20 Start uploading disk logs to FortiCloud from vdom root.

06/25 11:26 Disk log has rolled.

06/25 07:55 Disk log has rolled.

06/25 06:12 Completed reputation db maintenance

06/25 02:00 Fortigate scheduled update virdb(22.00381) etdb(22.00381) idsdb(4.

06/25 00:33 Administrator admin timed out on https(192.168.0.78)

06/25 00:33 Configuration is changed in the admin session

06/25 00:00 Disk log roll request has been sent.

Fortinet Inc. All rights reserved 6

Page 7: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Appendix A - Individual Report for 1st Highest User: 192.168.0.138 Usage: 1.6 GB IP: 192.168.0.138 Device:

Traffic Summary

Total Number of Bytes1.6 GB

1.5 GB in 53.2 MB out

Total Number of Sessions 1.4 K

Top 5 Destinations

Destination Bandwidth APP

googlevideo.com 986.5 MB HTTP.Videogooglevideo.com 521.6 MB HTTP.Audiogooglevideo.com 36.6 MB YouTubeytimg.com 14.9 MB HTTPgmail.com 10.1 MB POP3S

Email Activity Summary

Number Bandwidth

0 0 0 B 0 B

Total Email Sent Total Email Received

Top 5 Email Recipients

Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth

Web Activity Summary

Top 10 Allowed Sites

Host Name Number of Visitsgooglevideo.com 265ytimg.com 163youtube.com 136doubleclick.net 122google.com 46

Top 10 Blocked Sites

Host Name Number of Visitscrwdcntrl.net 2

Threat Summary

Threat Name Type Counts

Application Summary

Top 5 Applications by Bandwidth

HTTP.Video (990.6 MB)

HTTP.Audio (521.6 MB)

YouTube (44.8 MB)

HTTP (26.9 MB)

POP3S (10.2 MB)

Top 5 Applications by Sessions

HTTP (664)

Twitter (312)

YouTube (183)

HTTP.Video (147)

HTTP.Audio (87)

Fortinet Inc. All rights reserved 7

Page 8: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Appendix B - Individual Report for 2nd Highest User: 192.168.0.248 Usage: 1.2 GB IP: 192.168.0.248 Device:

Traffic Summary

Total Number of Bytes1.2 GB

1.1 GB in 39.1 MB out

Total Number of Sessions 3.9 K

Top 5 Destinations

Destination Bandwidth APP

googlevideo.com 891.9 MB YouTubeakamaihd.net 233.1 MB HTTP.Videomediotiempo.com 12.3 MB HTTPytimg.com 10.3 MB HTTPserving-sys.com 9.7 MB HTTP

Email Activity Summary

Number Bandwidth

0 0 0 B 0 B

Total Email Sent Total Email Received

Top 5 Email Recipients

Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth

Web Activity Summary

Top 10 Allowed Sites

Host Name Number of Visitsgooglevideo.com 723serving-sys.com 269outbrain.com 231gigya.com 190mediotiempo.com 188

Top 10 Blocked Sites

Host Name Number of Visitsinfolinks.com 7m2pub.com 6crwdcntrl.net 1mathtag.com 1singlessalad.com 1

Threat Summary

Threat Name Type Counts

Application Summary

Top 5 Applications by Bandwidth

YouTube (893.6 MB)

HTTP.Video (250.6 MB)

HTTP (68.4 MB)

Ooyala (1.7 MB)

Twitter (881.8 KB)

Top 5 Applications by Sessions

HTTP (2.9 K)

YouTube (799)

Twitter (167)

POP3S (53)

MS.Windows.Update (45)

Fortinet Inc. All rights reserved 8

Page 9: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Appendix C - Individual Report for 3rd Highest User: 192.168.0.189 Usage: 971.3 MB IP: 192.168.0.189 Device:

Traffic Summary

Total Number of Bytes971.3 MB

946.3 MB in 25.0 MB out

Total Number of Sessions 1.2 K

Top 5 Destinations

Destination Bandwidth APP

googlevideo.com 936.2 MB YouTubeytimg.com 14.7 MB HTTPviva-images.com 7.3 MB HTTPyoutube.com 3.7 MB YouTubegooglesyndicatio 1.6 MB HTTP

Email Activity Summary

Number Bandwidth

0 0 0 B 0 B

Total Email Sent Total Email Received

Top 5 Email Recipients

Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth

Web Activity Summary

Top 10 Allowed Sites

Host Name Number of Visitsytimg.com 285googlevideo.com 256youtube.com 136doubleclick.net 109gstatic.com 72

Top 10 Blocked Sites

Host Name Number of Visitsputaslocuras.com 2

Threat Summary

Threat Name Type Counts

Application Summary

Top 5 Applications by Bandwidth

YouTube (939.9 MB)

HTTP (29.6 MB)

HTTP.Video (1.5 MB)

MS.Windows.Update (186.6 KB)

Google.Search_Never (132.5 KB)

Top 5 Applications by Sessions

HTTP (763)

YouTube (369)

HTTP.Video (39)

MS.Windows.Update (8)

Google.Search_Never.Insta (4)

Fortinet Inc. All rights reserved 9

Page 10: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Appendix D - Individual Report for 4th Highest User: 192.168.0.75 Usage: 941.6 MB IP: 192.168.0.75 Device:

Traffic Summary

Total Number of Bytes941.6 MB

901.9 MB in 39.6 MB out

Total Number of Sessions 727

Top 5 Destinations

Destination Bandwidth APP

googlevideo.com 557.8 MB HTTP.Audiogooglevideo.com 345.2 MB HTTP.Videolive.com 14.6 MB Hotmailsnt149.afx.ms 12.1 MB Hotmailyoutube.com 4.5 MB YouTube

Email Activity Summary

Number Bandwidth

0 0 0 B 0 B

Total Email Sent Total Email Received

Top 5 Email Recipients

Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth

Web Activity Summary

Top 10 Allowed Sites

Host Name Number of Visitsgooglevideo.com 220trafficmanager.net 119youtube.com 118doubleclick.net 102bing.com 89

Top 10 Blocked Sites

Host Name Number of Visits

Threat Summary

Threat Name Type Counts

Application Summary

Top 5 Applications by Bandwidth

HTTP.Audio (557.8 MB)

HTTP.Video (345.2 MB)

Hotmail (27.6 MB)

YouTube (5.5 MB)

HTTP (4.5 MB)

Top 5 Applications by Sessions

HTTP (447)

YouTube (153)

HTTP.Audio (110)

HTTP.Video (108)

Hotmail (40)

Fortinet Inc. All rights reserved 10

Page 11: Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014

FortiGate: fw_deltoromty

Appendix E - Individual Report for 5th Highest User: 192.168.0.143 Usage: 937.8 MB IP: 192.168.0.143 Device:

Traffic Summary

Total Number of Bytes937.8 MB

906.7 MB in 31.0 MB out

Total Number of Sessions 1.1 K

Top 5 Destinations

Destination Bandwidth APP

googlevideo.com 643.1 MB HTTP.Videogooglevideo.com 237.9 MB HTTP.Audiogoogle.com 12.5 MB Gmailbp.blogspot.com 8.8 MB Bloggeryoutube.com 8.6 MB YouTube

Email Activity Summary

Number Bandwidth

0 0 0 B 0 B

Total Email Sent Total Email Received

Top 5 Email Recipients

Recipient Bandwidth

Top 5 Email Senders

Sender Bandwidth

Web Activity Summary

Top 10 Allowed Sites

Host Name Number of Visitsgooglevideo.com 212youtube.com 184doubleclick.net 171ytimg.com 125googlesyndication.com 59

Top 10 Blocked Sites

Host Name Number of Visits

Threat Summary

Threat Name Type Counts

Application Summary

Top 5 Applications by Bandwidth

HTTP.Video (643.3 MB)

HTTP.Audio (237.9 MB)

HTTP (20.7 MB)

Gmail (12.5 MB)

YouTube (11.5 MB)

Top 5 Applications by Sessions

HTTP (586)

YouTube (214)

POP3S (189)

HTTP.Video (115)

HTTP.Audio (95)

Fortinet Inc. All rights reserved 11