Description
This article describes that when using the bandwidth widget on FortiGate, the graph might look different from the Bandwidth and Applications Report on FortiAnalyzer. This is because they get their info in different ways.
Scope
FortiAnalyzer.
Solution
The widget on FortiGate shows real-time data right from the interfaces. However, the FortiAnalyzer report relies on logs sent by FortiGate after each session ends. So for more accuracy, the report period should be much longer than the session timeout like a week or a month to be sure that the majority of sessions for the period are closed and included.
If a big gap is noticed between the FortiGate widget and the FortiAnalyzer report, check that logging is enabled on all policies for the interface that is monitoring. This ensures all the necessary info is getting sent from FortiGate to FortiAnalyzer.
If detailed reports on physical interface use are necessary or to see the peak of an interface, the implementation of SNMP (Simple Network Management Protocol) emerges as the optimal solution. SNMP facilitates a more nuanced and thorough examination of network elements, offering a robust approach to monitoring and analysis.
Related articles:
Technical Tip: Using FortiGate to generate bandwidth report for specific server
Technical Note: FortiAnalyzer bandwidth report to filter entire subnet and single IP
