Helpful ReplyHot!difference between the values appear in report output on FA and policy count on FG

Author
danielgoal
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/24 23:03:59
  • Status: offline
2017/08/05 00:27:49 (permalink) 5.4
0

difference between the values appear in report output on FA and policy count on FG

I want to monitor bandwidth used by Fortigate policies with Fortianalyzer but there is difference between the values appear in report output (bandwidth policy:Top 30 Policies by Bandwidth) on Fortianalyzer and policy count(byte in 5.4) on Fortigate. (I. e. the policy count is 58.55MB and the Fortianalyzer report shows 55.84MB for bandwidth policy)
I'm confused which one is right. What does the difference mean? How can I get the correct result?
 

Attached Image(s)

#1
danielgoal
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/24 23:03:59
  • Status: offline
Re: difference between the values appear in report output on FA and policy count on FG 2017/08/08 22:47:39 (permalink)
0
Is that a bug ?Submit Post
#2
AtiT
Gold Member
  • Total Posts : 398
  • Scores: 24
  • Reward points: 0
  • Joined: 2012/04/18 12:13:27
  • Location: Prague / Czech Republic
  • Status: offline
Re: difference between the values appear in report output on FA and policy count on FG 2017/08/08 23:29:09 (permalink) ☄ Helpfulby danielgoal 2017/08/12 04:18:22
0
Hi,
there is a possibility that there was an ongoing session via policy 2 when the report was generated that caused the difference.

AtiT
--------------------
NSE 8, CCNP R+S
#3
hzhao_FTNT
Expert Member
  • Total Posts : 325
  • Scores: 50
  • Reward points: 0
  • Joined: 2014/09/12 10:03:54
  • Status: offline
Re: difference between the values appear in report output on FA and policy count on FG 2017/08/10 15:19:16 (permalink) ☄ Helpfulby danielgoal 2017/08/12 04:18:58
0
Hi there, local traffic/invalid sesssions/duplicate sessions will be excluded from FAZ report.
 
hz
#4
danielgoal
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/24 23:03:59
  • Status: offline
Re: difference between the values appear in report output on FA and policy count on FG 2017/08/12 04:23:50 (permalink)
0
Hi AtiT,
Thank you for your reply
i had cleared all sessions before i ran reports,so i think there wasn't any running sessions on the device.


#5
danielgoal
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/10/24 23:03:59
  • Status: offline
Re: difference between the values appear in report output on FA and policy count on FG 2017/08/12 04:31:42 (permalink)
0
hi hz,
thanks a lot
your reply is so helpful
i guess the issue is related to what you mentioned.
would you please explain a little more about "Invalid Sessions/Duplicate Sessions" ?
Is there any fortinet document available for this issue?
 
P.S. Which value should be considered as real traffic throughput in a policy?
post edited by danielgoal - 2017/08/12 05:04:24
#6
hzhao_FTNT
Expert Member
  • Total Posts : 325
  • Scores: 50
  • Reward points: 0
  • Joined: 2014/09/12 10:03:54
  • Status: offline
Re: difference between the values appear in report output on FA and policy count on FG 2017/08/17 10:10:56 (permalink)
0
Logid filter "logid_to_int(logid) not in (4, 7, 14)" is applied to all traffic-log related datasets. This filter will exclude:

4: "Other start" sessions which is double counted before;
7: invalid sessions
14: local traffic
#7
Jump to:
© 2017 APG vNext Commercial Version 5.5