Fortinet 5.0 Patch 6

Fortinet 600 FortiWeb 5.0 Patch 6 Administration Guide

city/state can occur if complete, precise location data is not available, or perhaps if the IP

address belongs to multiple regions such as can occur in border regions.

•Internal IPs — 10.*, 172.16.*, or 192.168.* addresses that are reserved for private networks

according to RFC 1918, and therefore might be located anywhere on the planet.

To access this part of the web UI, your administrator’s account access profile must have Read

and Write permission to items in the Log & Report category. For details, see “Permissions” on

page 47.

Data analytics organizes the data collected by server policies into two distinct cross-sections.

Click the buttons on the top right corner to toggle between:

•Geographic Location View — Displays data per clients’ geographical location (e.g. Canada,

China, Portugal, Morocco, Brazil, Australia, etc.) in graphical format.

While this view is selected, a format toggle appears below the view toggle. The format toggle

allows you to choose what will accompany the data analytics charts: either List (for a table of

statistics by country) or Map (for a map of the Earth). To display the statistics for a

country/region, hover your mouse cursor over it. The statistics will appear in a tool tip.

If you click a specific country/region on the map of the Earth, the map will zoom in to show

the states within that area. Similar to the view of the entire Earth, to display statistics for a

sub-region, hover your mouse cursor over it. The statistics appear in a tool tip.

To make sure that the mappings are correct, you should periodically update FortiWeb’s

geography-to-IP mappings. See “Updating data analytics definitions” on page 598.

If all client IP addresses appear to originate on private networks (“Internal IPs”) and

especially from a single IP, SNAT may be interfering and you may need to configure FortiWeb

to deduce the client’s location using X-headers instead. See “Defining your proxies, clients,

& X-headers” on page 266.

The data analytics feature can be resource-intensive. To avoid impacting performance, view the

data analytics report in off-peak hours.

If traffic from a country is predominantly attacks instead of legitimate requests, you can

block it. See “Blacklisting countries & regions” on page 331.