Default Schedule Default 2014 06-26-000102

FortiGate System Analysis Report for Jun 25, 2014
FortiGate: fw_deltoromty
Bandwidth and Applications

In
Out
Number of Sessions for Past 24 Hours

20K
4500K
18K
4000K
16K
3500K
14K
Sessions
5000K
3000K
2500K
2000K
1500K
12K
10K
8K
6K
4K
500K
2K
0K
0K
Top Users by Bandwidth Usage

User
00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:
20 00
:
21 00
:
22 00
:
23 00
:0
0
1000K
00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:
20 00
:
21 00
:
22 00
:
23 00
:0
0
Bandwidth (bit/s)
Bandwidth Usage for Past 24 Hours
Top Users by Sessions

Sent
IP
Recv
User
IP
Sessions
192.168.0.138
192.168.0.138
1.6 GB
192.168.0.5
192.168.0.5
192.168.0.248
192.168.0.248
1.2 GB
192.168.0.104
192.168.0.104
6.4 K
192.168.0.189
192.168.0.189
971.3 MB
192.168.0.246
192.168.0.246
6.3 K
192.168.0.75
192.168.0.75
942.2 MB
192.168.0.107
192.168.0.107
5.3 K
192.168.0.143
192.168.0.143
938.2 MB
192.168.0.167
192.168.0.167
4.5 K
192.168.0.195
192.168.0.195
751.1 MB
192.168.0.248
192.168.0.248
4.1 K
192.168.0.15
192.168.0.15
676.3 MB
192.168.0.103
192.168.0.103
3.0 K
192.168.0.156
192.168.0.156
618.8 MB
192.168.0.142
192.168.0.142
2.8 K
192.168.0.72
192.168.0.72
576.6 MB
192.168.0.118
192.168.0.118
2.8 K
192.168.0.245
192.168.0.245
511.1 MB
192.168.0.84
192.168.0.84
2.5 K
Top Applications by Bandwidth Usage

Application
Sent
12.6 K
Top Applications by Sessions

Recv
Application
Sessions
YouTube
3.8 GB
HTTP
71.8 K
HTTP.Video
3.7 GB
POP3S
22.1 K
HTTP
2.5 GB
Twitter
4.1 K
1.9 GB
HTTP.Audio
Gmail
3.9 K
Gmail
677.1 MB
YouTube
3.6 K
POP3S
663.1 MB
Skype
3.6 K
MS.Windows.Update
401.4 MB
MS.Windows.Update
2.8 K
Ultrasurf_9.6+
327.7 MB
DNS
800
HTTP.Download.Accelerator
89.2 MB
HTTP.Video
796
Facebook
79.8 MB
Hotmail
746
Top Destinations by Bandwidth Usage
Fortinet Inc. All rights reserved
Top Destinations by Sessions
googlevideo.com (7.8 GB)
gmail.com (21.8 K)
youtube.com (808.6 MB)
it-finance.com (13.9 K)
gmail.com (744.1 MB)
google.com (5.1 K)
google.com (724.9 MB)
twitter.com (4.2 K)
akamaihd.net (614.9 MB)
terra.com.mx (3.8 K)
microsoft.com (545.8 MB)
doubleclick.net (3.1 K)
yac.mx (432.4 MB)
googlevideo.com (2.7 K)
windowsupdate.com (361.2 MB)
microsoft.com (2.6 K)
ytimg.com (110.0 MB)
youtube.com (2.1 K)
pinimg.com (95.9 MB)
googlesyndication.com (1.8 K)

Bandwidth and Applications

DHCP Summary
Interface
Top Wifi Client by Bandwidth

Allocated /
Available
New Clients Count
IP
SSID
Sent
MAC
Recv
200
180
160
140
120
100
80
60
40
20
0
00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:
20 00
:
21 00
:
22 00
:
23 00
:0
0
Active Users
Number of Active Users for Past 24 Hours
Web Usage
Top Allowed Websites by Requests
Website
Top Websites by Bandwidth

Requests
Sent
Website
Recv
it-finance.com
13.9 K
terra.com.mx
3.8 K
akamaihd.net
615.0 MB
doubleclick.net
3.1 K
microsoft.com
508.4 MB
googlevideo.com
2.7 K
yac.mx
432.4 MB
googlesyndication.com
1.9 K
windowsupdate.com
361.2 MB
ytimg.com
1.6 K
ytimg.com
110.0 MB
msn.com
1.6 K
pinimg.com
95.9 MB
youtube.com
1.4 K
info7.mx
86.1 MB
info7.mx
1.4 K
andrea.com
83.2 MB
ooyala.com
1.3 K
64.3 MB
Top Blocked Websites by Requests

Website
googlevideo.com
7.8 GB
Top Blocked Users

Requests
User(or IP)
Hostname(MAC)
Requests
crwdcntrl.net
126
192.168.0.246
2c:27:d7:1c:39:a5
122
kalooga.com
39
192.168.0.15
60:67:20:a0:ec:04
45
m2pub.com
36
192.168.0.127
d4:85:64:03:bf:ad
36
dalealplay.com
27
192.168.0.220
d4:85:64:03:bf:24
29
txtsrving.info
25
192.168.0.118
d4:85:64:03:bf:51
18
beforeitsnews.com
22
192.168.0.134
d4:85:64:03:bf:82
16
adroll.com
17
192.168.0.248
d4:85:64:03:bf:a8
16
frogupdate.com
11
192.168.0.167
00:26:82:cb:bd:a2
15
stgbssint.com
11
192.168.0.249
20:10:7a:23:42:0b
14
infolinks.com
10
192.168.0.86
00:26:82:cb:bd:9b
14

Web Usage
Top Web Users by Requests
User(or IP)
Top Web Users by Bandwidth
Hostname(MAC)
User(or IP)
Requests
192.168.0.5
d4:85:64:03:bf:f8
192.168.0.104
d4:85:64:03:be:ca
192.168.0.246
2c:27:d7:1c:39:a5
192.168.0.107
2c:27:d7:36:58:fd
192.168.0.248
d4:85:64:03:bf:a8
192.168.0.167
00:26:82:cb:bd:a2
192.168.0.103
d4:85:64:03:bf:b7
192.168.0.142
d4:85:64:03:bf:17
192.168.0.84
00:21:85:9c:af:44
192.168.0.85
10:60:4b:80:5c:b6
Average Usage of Top 10
12.6 K
6.0 K
5.9 K
4.2 K
3.9 K
3.2 K
2.9 K
2.4 K
2.3 K
2.2 K
4.6 K
Hostname(Mac)
Sent
192.168.0.138
1c:c1:de:a1:ed:d7
192.168.0.248
d4:85:64:03:bf:a8
192.168.0.189
b8:a3:86:8e:59:ec
192.168.0.143
d4:85:64:03:bf:16
192.168.0.75
00:25:ab:1e:cb:4c
192.168.0.15
60:67:20:a0:ec:04
192.168.0.156
d4:85:64:03:bf:6b
192.168.0.72
40:f0:2f:c5:69:8c
192.168.0.245
d4:85:64:03:bf:72
192.168.0.142
d4:85:64:03:bf:17
Average Usage of Top 10
Recv
1.6 GB
1.2 GB
971.2 MB
922.1 MB
914.0 MB
671.6 MB
613.3 MB
575.5 MB
453.5 MB
436.5 MB
836.0 MB
Top Web Streaming Websites by Bandwidth
Sent
Website
Recv
45.3%
youtube.com
53.6 M
22.2%
msn.com
26.3 M
15.6%
savefrom.net
18.5 M
7.2%
thestaticvube.com
8.5 M
3.0%
netflix.com
3.6 M
6.8%
others
8.1 M
Emails
Top Senders by Number of Emails
Sender
Top Email Senders by Bandwidth

Number of Emails
Top Recipients by Number of Emails

Recipient
Number of Emails
Sender
Bandwidth
Top Email Recipients by Bandwidth

Recipient
Bandwidth

Threats
Top Viruses by Name
Virus Name
Top Virus Victims

Occurrence
Virus Victim
Occurrence
Top Attack Sources
Attack Source
Occurrence
27.0%
199.66.238.110
24.3%
192.168.0.37
10
9
24.3%
199.66.238.111
24.3%
199.66.238.112
Top Attack Victims
Attack Victim
Occurrence
75.7%
192.168.0.37
28
8.1%
199.66.238.110
8.1%
199.66.238.111
8.1%
199.66.238.112

VPN Usage
Top Site-to-Site IPSec Tunnels by Bandwidth
Sent
Tunnel
Top Dial-Up IPSec Tunnels by Bandwidth
Recv
User
Top SSL-VPN Tunnel Users by Bandwidth

User
IP
Type
Sent
Recv
User
Sent
Sent
IP
VPN Traffic Usage Trend

Duration (Sec)
Recv
Top SSL-VPN Web Mode Users by Bandwidth
Top Dial Up Users

User
Sent
Tunnel
SSL Out
SSL In
Recv
IPSec Out
IPSec In
10
Recv
Bandwidth (bit/s)
8
7
6
5
4
3
2
1
00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:
20 00
:
21 00
:
22 00
:
23 00
:0
0

Admin Login and System Events

Admin Login Summary
Date/Time
06/24 16:12
User Name
admin
=Config Changed
Login Interface
https(192.168.0.78)
Duration
Date/Time
User Name
=Config Not Changed
Login Interface
Duration
08h 21m 31s
System Activity Summary

Date/Time
Event
Date/Time
Event
06/25 22:16
Disk log has rolled.
06/25 11:26
06/25 18:12
Completed reputation db maintenance
06/25 07:55
06/25 17:33
Administrator admin logged in successfully from https(192.168.0.137
06/25 06:12
Completed reputation db maintenance
06/25 16:13
06/25 02:00
Fortigate scheduled update virdb(22.00381) etdb(22.00381) idsdb(4.
06/25 16:06
The ntp daemon step adjusted time from Wed Jun 25 16:06:48 2014
06/25 00:33
Administrator admin timed out on https(192.168.0.78)
06/25 15:20
06/25 00:33
Configuration is changed in the admin session
06/25 13:33
Log upload to FortiCloud completed on vdom root
06/25 00:00
Disk log roll request has been sent.
06/25 13:20
Start uploading disk logs to FortiCloud from vdom root.

Appendix A
- Individual Report for 1st Highest User: 192.168.0.138 Usage: 1.6 GB IP: 192.168.0.138 Device:
Traffic Summary
Web Activity Summary

Top 10 Allowed Sites
1.6 GB
Total Number of Bytes
1.5 GB in
Total Number of Sessions
53.2 MB out
1.4 K
Top 5 Destinations
Destination
Bandwidth
googlevideo.com
googlevideo.com
googlevideo.com
ytimg.com
gmail.com
APP
986.5 MB
521.6 MB
36.6 MB
14.9 MB
10.1 MB
Host Name
Number of Visits
googlevideo.com
ytimg.com
youtube.com
doubleclick.net
google.com
HTTP.Video
HTTP.Audio
YouTube
HTTP
POP3S
265
163
136
122
46
Top 10 Blocked Sites
Host Name
Email Activity Summary

Number
Number of Visits
crwdcntrl.net
Bandwidth
Total Email Sent
0B
0B
Total Email Received
Threat Summary
Threat Name
Type
Counts
Top 5 Email Recipients

Recipient
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
Top 5 Applications by Bandwidth
Top 5 Applications by Sessions
HTTP.Video (990.6 MB)
HTTP (664)
HTTP.Audio (521.6 MB)
Twitter (312)
YouTube (44.8 MB)
YouTube (183)
HTTP (26.9 MB)
HTTP.Video (147)
POP3S (10.2 MB)
HTTP.Audio (87)

Appendix B
- Individual Report for 2nd Highest User: 192.168.0.248 Usage: 1.2 GB IP: 192.168.0.248 Device:
Traffic Summary

1.2 GB
1.1 GB in
39.1 MB out
3.9 K
Top 5 Destinations
Destination
Bandwidth
googlevideo.com
akamaihd.net
mediotiempo.com
ytimg.com
serving-sys.com
APP
891.9 MB
233.1 MB
12.3 MB
10.3 MB
9.7 MB
Host Name
Number of Visits
googlevideo.com
serving-sys.com
outbrain.com
gigya.com
mediotiempo.com
YouTube
HTTP.Video
HTTP
HTTP
HTTP
723
269
231
190
188
Host Name

Number
Bandwidth
Total Email Sent
0B
Number of Visits
infolinks.com
m2pub.com
crwdcntrl.net
mathtag.com
singlessalad.com
7
6
1
1
1
0B
Threat Summary
Threat Name
Type
Counts

Recipient
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
YouTube (893.6 MB)
HTTP (2.9 K)
YouTube (799)
HTTP (68.4 MB)
Twitter (167)
Ooyala (1.7 MB)
POP3S (53)
Twitter (881.8 KB)
MS.Windows.Update (45)

Appendix C
- Individual Report for 3rd Highest User: 192.168.0.189 Usage: 971.3 MB IP: 192.168.0.189 Device:
Traffic Summary

971.3 MB
946.3 MB in
25.0 MB out
1.2 K
Top 5 Destinations
Destination
Bandwidth
googlevideo.com
ytimg.com
viva-images.com
youtube.com
googlesyndicatio
APP
936.2 MB
14.7 MB
7.3 MB
3.7 MB
1.6 MB
Host Name
Number of Visits
ytimg.com
googlevideo.com
youtube.com
doubleclick.net
gstatic.com
YouTube
HTTP
HTTP
YouTube
HTTP
285
256
136
109
72
Host Name

Number
Number of Visits
putaslocuras.com
Bandwidth
Total Email Sent
0B
0B
Threat Summary
Threat Name
Type
Counts

Recipient
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
YouTube (939.9 MB)
HTTP (763)
HTTP (29.6 MB)
YouTube (369)
HTTP.Video (1.5 MB)
HTTP.Video (39)
MS.Windows.Update (186.6 KB)
MS.Windows.Update (8)
Google.Search_Never (132.5 KB)
Google.Search_Never.Insta (4)

Appendix D
- Individual Report for 4th Highest User: 192.168.0.75 Usage: 941.6 MB IP: 192.168.0.75 Device:
Traffic Summary

941.6 MB
901.9 MB in
39.6 MB out
727
Top 5 Destinations
Destination
Bandwidth
googlevideo.com
googlevideo.com
live.com
snt149.afx.ms
youtube.com
APP
557.8 MB
345.2 MB
14.6 MB
12.1 MB
4.5 MB
Host Name
Number of Visits
googlevideo.com
trafficmanager.net
youtube.com
doubleclick.net
bing.com
HTTP.Audio
HTTP.Video
Hotmail
Hotmail
YouTube
220
119
118
102
89
Host Name
Number of Visits

Number
Bandwidth
Total Email Sent
0B
0B
Threat Summary
Threat Name
Type
Counts

Recipient
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
HTTP (447)
YouTube (153)
Hotmail (27.6 MB)
HTTP.Audio (110)
YouTube (5.5 MB)
HTTP.Video (108)
HTTP (4.5 MB)
Hotmail (40)
10

Appendix E
- Individual Report for 5th Highest User: 192.168.0.143 Usage: 937.8 MB IP: 192.168.0.143 Device:
Traffic Summary

937.8 MB
906.7 MB in
31.0 MB out
1.1 K
Top 5 Destinations
Destination
Bandwidth
googlevideo.com
googlevideo.com
google.com
bp.blogspot.com
youtube.com
APP
643.1 MB
237.9 MB
12.5 MB
8.8 MB
8.6 MB
Host Name
Number of Visits
googlevideo.com
youtube.com
doubleclick.net
ytimg.com
HTTP.Video
HTTP.Audio
Gmail
Blogger
YouTube
212
184
171
125
59
Host Name
Number of Visits

Number
Bandwidth
Total Email Sent
0B
0B
Threat Summary
Threat Name
Type
Counts

Recipient
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
HTTP (586)
YouTube (214)
HTTP (20.7 MB)
POP3S (189)
Gmail (12.5 MB)
HTTP.Video (115)
YouTube (11.5 MB)
HTTP.Audio (95)
11

Default Schedule Default 2014 06-26-000102

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Default Schedule Default 2014 06-26-000102

Uploaded by

Copyright:

Available Formats

FortiGate System Analysis Report for Jun 25, 2014

Bandwidth and Applications

Number of Sessions for Past 24 Hours

Top Users by Bandwidth Usage

Bandwidth Usage for Past 24 Hours

Top Users by Sessions

Top Applications by Bandwidth Usage

Top Applications by Sessions

Top Destinations by Bandwidth Usage

Fortinet Inc. All rights reserved

Top Destinations by Sessions

googlevideo.com (7.8 GB)

youtube.com (808.6 MB)

gmail.com (744.1 MB)

google.com (724.9 MB)

akamaihd.net (614.9 MB)

microsoft.com (545.8 MB)

yac.mx (432.4 MB)

windowsupdate.com (361.2 MB)

ytimg.com (110.0 MB)

pinimg.com (95.9 MB)

FortiGate System Analysis Report for Jun 25, 2014

Bandwidth and Applications

Top Wifi Client by Bandwidth

New Clients Count

Number of Active Users for Past 24 Hours

Top Websites by Bandwidth

Top Blocked Websites by Requests

Top Blocked Users

Fortinet Inc. All rights reserved

FortiGate System Analysis Report for Jun 25, 2014

Top Web Users by Bandwidth

Top Web Streaming Websites by Bandwidth

Top Email Senders by Bandwidth

Top Recipients by Number of Emails

Fortinet Inc. All rights reserved

Top Email Recipients by Bandwidth

FortiGate System Analysis Report for Jun 25, 2014

Top Virus Victims

Top Attack Sources

Top Attack Victims

Fortinet Inc. All rights reserved

FortiGate System Analysis Report for Jun 25, 2014

Top Dial-Up IPSec Tunnels by Bandwidth

Top SSL-VPN Tunnel Users by Bandwidth

VPN Traffic Usage Trend

Top SSL-VPN Web Mode Users by Bandwidth

Top Dial Up Users

Fortinet Inc. All rights reserved

FortiGate System Analysis Report for Jun 25, 2014

Admin Login and System Events

=Config Not Changed

08h 21m 31s

System Activity Summary

Disk log has rolled.

Disk log has rolled.

Completed reputation db maintenance

Disk log has rolled.

Administrator admin logged in successfully from https(192.168.0.137

Completed reputation db maintenance

Disk log has rolled.

Fortigate scheduled update virdb(22.00381) etdb(22.00381) idsdb(4.

Administrator admin timed out on https(192.168.0.78)

Disk log has rolled.