A company asked me to analyze some of their network traffic to verify some of the projects they are working on to cut costs won’t impact their business. One of the projects includes removing a 100 Mbps fiber connection to their colocation and replacing it with a cable modem that is asynchronous with 50 Mbps download and 5 Mbps upload. Unfortunately they do not have any solid historical network data capture software such as Cacti so before setting up such a service I had to provide initial data via what was available. One of the tools I was able to use was the dashboard data that lives in memory on their FortiGate 200A. Below is information on where to find this information in the FortiGate 200A dashboard.
View Minimal Historical Bandwidth Usage Data On FortiGate 200A:
There are two locations where this data can be viewed which include directly from System Resources widget on the FortiGate 200A dashboard and also on the Memory Report Access screen which can be reached via the Log&Report navigation menu. Below are more details and examples of this network and bandwidth data on the FortiGate 200A.
View Network Utilization History On FortiGate 200A:
Below is an example image of what the default dashboard looks like on the FortiGate 200A. Without hovering over the top right corner of the System Resources widget you won’t see the History link displayed in the below example image so when you are ready to view the Network Utilization History hover the top right corner of this widget and the History link will appear.
Once you have moved your mouse over the top right corner of the System Resources widget and the History link displays click it to display the System Resource History window as shown in the below example.
FortiGate 200A System Resource History Window:
Notice the default Time Interval is 10 minutes and the data will refresh every 30 seconds. As you can see in the first example image below you can set the Time Interval to 10 minutes, 30 minutes, 1 hour, 12 hours, 24 hours. The second System Resource History example image below displays 12 hours of historical data and will refresh every 36 minutes.
FortiGate 200A System Resource History Time Interval Drop Down:
FortiGate 200A System Resource History Time Interval 12 Hours:
So as you can see in all of the above examples of the System Resource History window you can get a very basic historical overview of various data including CPU Usage History, Memory Usage History, Session History, Network Utilization History, Virus History, and Intrusion History. You will only be able to see historical data for the past 24 hours in this view and you will only be able to see Network Utilization History as a whole versus inbound and outbound traffic which is typically required for accurate assessments of network data. There is a more detailed report noted below that actually stores a month of data and will display the different protocols making up the bandwidth usage.
FortiGate 200A Historical Bandwidth Usage Displayed By Protocal:
Close the System Resource History pop up window and then click on the Log&Report menu in the left navigation menu which will display the various choices below it as shown in the below example image.
FortiGate 200A Log & Report Navigation Menu:
Click on Report Access which is now located underneath the Log & Report menu section which will likely display an error message complaining of no FortiAnalyzer device as shown in the below example image. If you are lucky enough to have a FortiAnalyzer device then you will be able to see much more detailed network bandwidth information.
FortiGate 200A Report Access: No FortiAnalyzer Error Message
Instead of clicking the OK button click the Memory tab located to the right of the FortiAnalyzer tab which is active and displaying the error message above. Once you click on the Memory tab you will be able to view the historical Network Utilization data broken down by protocol or service as shown in the below example image.
FortiGate 200A Memory Display Of Historical Network Utilization By Protocol:
In the above example image the default 1 day view has been changed via the Time Period drop down to one week to provide more historical Bandwidth Per Service information. You can also uncheck any of the Services or Protocols to remove them from the graph view. The services available for view via the FortiGate 200A Memory Report Access graph include Browsing, DNS, E-Mail, FTP, Gaming, Instant Message, Newsgroups, P2p, Streaming, TFTP, VoIP, Generic TCP, Generic UDP, Generic ICMP, and Generic IP.
An ideal scenario would be to both have a FortiAnalyzer device as well as to have a open source network graphing solution such as Cacti. Historical network data is critical to any business so you can troubleshoot issues and plan ahead in regards to various hardware and software resources.