Fortinet 600 FortiWeb 5.0 Patch 6 Administration Guide
city/state can occur if complete, precise location data is not available, or perhaps if the IP
address belongs to multiple regions such as can occur in border regions.
•Internal IPs — 10.*, 172.16.*, or 192.168.* addresses that are reserved for private networks
according to RFC 1918, and therefore might be located anywhere on the planet.
To access this part of the web UI, your administrator’s account access profile must have Read
and Write permission to items in the Log & Report category. For details, see “Permissions” on
page 47.
Data analytics organizes the data collected by server policies into two distinct cross-sections.
Click the buttons on the top right corner to toggle between:
•Geographic Location View — Displays data per clients’ geographical location (e.g. Canada,
China, Portugal, Morocco, Brazil, Australia, etc.) in graphical format.
While this view is selected, a format toggle appears below the view toggle. The format toggle
allows you to choose what will accompany the data analytics charts: either List (for a table of
statistics by country) or Map (for a map of the Earth). To display the statistics for a
country/region, hover your mouse cursor over it. The statistics will appear in a tool tip.
If you click a specific country/region on the map of the Earth, the map will zoom in to show
the states within that area. Similar to the view of the entire Earth, to display statistics for a
sub-region, hover your mouse cursor over it. The statistics appear in a tool tip.
To make sure that the mappings are correct, you should periodically update FortiWeb’s
geography-to-IP mappings. See “Updating data analytics definitions” on page 598.
If all client IP addresses appear to originate on private networks (“Internal IPs”) and
especially from a single IP, SNAT may be interfering and you may need to configure FortiWeb
to deduce the client’s location using X-headers instead. See “Defining your proxies, clients,
& X-headers” on page 266.
The data analytics feature can be resource-intensive. To avoid impacting performance, view the
data analytics report in off-peak hours.
If traffic from a country is predominantly attacks instead of legitimate requests, you can
block it. See “Blacklisting countries & regions” on page 331.