Ciao,
we use Fortigate device since years and now we need to check bandwidth usage per protocol and this is is not possible. We made this test:
1) all policy Logging Options - Log all Sessions 2) forticloud enabled 3) two syslogd server setup (config syslogd filter all enabled) 4) from Internet computer executed FTP get versus a FTP server in our internal LAN (using VIP NAT). Transferred one file size 670.347.264 byte in about 50 minutes
Looking at the syslogd we found only six log records related to the traffic FTP and total sentbyte and rcvdbyte less then 400.000 byte. Forticloud top source IP traffic of the day show another host (not the ftp server) 2mb traffic. So there are no log of 600Mb traffic passed throgh fortigate in none place. We opened a ticket to Fortinet and they reply to us: "There is nothing wrong with what you observed. The session is defined by when it was initiated and when it was over, it does not give you the information what exactly you have been doing - uploading/downloading and how big was the file you transferred/downloaded. "
These means for us: log fields sentbyte and rcvdbyte generated by fortigate is not reliable and third part software like ManageEngine Firewall Analyzer using these fields could not be used for Fortigate traffic analysis. Even Forticloud report bandwidht usage statistics are unreliable because many traffic is missed.
Regards Luca