User Guide

FortiAIOps 2.1.0
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com

FORTINET VIDEO LIBRARY

https://video.fortinet.com

FORTINET BLOG
https://blog.fortinet.com

CUSTOMER SERVICE & SUPPORT

https://support.fortinet.com

FORTINET TRAINING & CERTIFICATION PROGRAM

https://www.fortinet.com/training-certification

FORTINET TRAINING INSTITUTE

https://training.fortinet.com

FORTIGUARD LABS
https://www.fortiguard.com

END USER LICENSE AGREEMENT

https://www.fortinet.com/doc/legal/EULA.pdf

FEEDBACK
Email: techdoc@fortinet.com

April 15, 2025

FortiAIOps 2.1.0 User Guide
83-210-1017991-20250415
 TABLE OF CONTENTS

Change log 6
Overview 7
Getting Started 12
Installing FortiAIOps 13
Initial FortiAIOps Configuration 13
Licensing 14
Adding FortiGate 15
Enable Log Forwarding 15
Monitoring 16
System Diagnostics 17
API Reference 18
Deploying FortiAIOps on VM Platforms 19
Pre-installation Requirements 19
Installing FortiAIOps on VMware ESXi 19
Installing FortiAIOps on Hyper-V 21
Installing FortiAIOps on KVM 29
Installing FortiAIOps on Nutanix 31
Installing FortiAIOps on Proxmox 35
Post-installation Tasks 36
Accessing FortiAIOps 36
Upgrading FortiAIOps 37
Deploying FortiAIOps on Public Cloud Platforms 38
Microsoft Azure 38
Post-installation Tasks 46
Google Cloud Platform 46
Amazon Web Services (AWS) 53
Oracle Cloud Infrastructure (OCI) 58
Deploying FortiAIOps on Hardware Platforms 62
Deploying FortiAIOps 500G (FAO-500G) 62
Initial Configuration 62
Accessing the GUI 62
Command Line Interface (CLI) Reference 63
Dashboard 70
Summary 70
AI Insights 74
Summary 76
Impacted Clients Trend 76
Overall Network Health 77
Top 3 Impacted Apps 79
Top 5 Problematic Devices 79
Wireless 80

FortiAIOps 2.1.0 User Guide 3

Fortinet Inc.
 WAN 96
Switching 101
Service Assurance 112
AI Insights 115
Impacted SLA 115
Impacted Devices 116
Network Benchmarks 119
SD-WAN 119
Wireless 126
Device Health 131
Inventory 133
Adding and Managing FortiGates 133
Adding a FortiGate 133
Importing and Exporting FortiGates 135
Managing FortiGates 135
Device Groups 146
VDOM Support 147
Wireless 149
Access Points 149
AP 149
Radio 151
Access Points Diagnostics and Tools 152
Clients 160
Clients Diagnostics and Tools 161
Channel Summary 164
Applications 166
Location Services Monitor 168
Heat Maps 170
Rogue APs 175
Map Management 176
Switch 182
FortiSwitch 182
FortiSwitch Clients 188
Security Fabric 190
Physical Topology 190
Logical Topology 191
Logs and Reports 192
Event Logs 192
Local Logs 195
Reports 196
Creating Reports 196
Viewing Reports 203
Scheduled Reports 203
PCI Reports 203

FortiAIOps 2.1.0 User Guide 4

Fortinet Inc.
 System 205
User Management 205
Users 205
User Groups 206
Backup and Restore 207
Upgrade 209
Settings 210
Licensing 213
FortiGuard 214
Location Services 214
Network 215
Certificates 216
Service Assurance 219
Trends 219
Results 221
Baseline 222
Schedule 228

FortiAIOps 2.1.0 User Guide 5

Fortinet Inc.
Change log

Change log

Date Change description

2024-10-08 FortiAIOps 2.1.0 release document.

2025-02-07 Updated document to include FortiAIOps 500G hardware support.

2025-04-15 Updated Installing FortiAIOps on Proxmox section.

FortiAIOps 2.1.0 User Guide 6

Fortinet Inc.
Overview

Overview

FortiAIOps enables you to proactively monitor the health of your entire wireless, wired, and SD-WAN network,
and provides insights into key health statistics, based on the Artificial Intelligence (AI) and Machine Learning
(ML) architecture that it is built upon. FortiAIOps ingests data for analysis and automated event correlation to
precisely detect anomalies that impact the clients’ network experience. It learns from numerous sources such
as FortiGates, FortiAPs, FortiSwitches, and FortiExtenders to report statistics on a series of comprehensive and
simple dashboards, providing visibility and deep insight into your network. This predictable network
infrastructure enables you to swiftly identify the root cause with the highest probability of association to actual
issues, and its resolution.
FortiAIOps is based upon a deployment-specific and adaptive learning AI/ML model, that automatically adjusts
whenever there are changes in the Radio Frequency (RF) environment. This is an enhancement from the static
AI/ML model of the previous releases. The system runs a weekly (on each Saturday) analysis, to detect any RF
changes based on the past week's collected data, and assess if accuracy improvements are possible. If
improvements are identified, the AI/ML model is updated to better align with your RF environment. All AI/ML
model changes are notified via a local log event message.
FortiAIOps monitors integrated wireless, wired, and SD-WAN networks by supporting the monitoring of
FortiGate controllers. You can monitor and manage FortiGate controllers concurrently associated with FortiAPs
and stations in a large deployments. The centralized real-time data and event logs offered by FortiAIOps, aim at
diagnosing and troubleshooting network issues by analyzing potential problems and suggesting remedial steps.

FortiAIOps 2.1.0 User Guide 7

Fortinet Inc.
Overview

The FortiAIOps application provides the following advantages.

l Maximizes the uptime of your organization's network infrastructure.
l Reduces the time taken to diagnose network issues, thereby the mean response time.
l Increases the productivity of network users and that of your organization.
FortiAIOps calculates the SLA thresholds/baselines dynamically using the AI-ML architecture, to enable you to
diagnose network issues based on accurate and latest data trends. The algorithms identify the values for each
environment by clustering clients based on the connection quality using specific parameters. The thresholds are
then derived based on the calculated average of the client connection data, to report variations in your network.
These AI driven algorithms are designed to learn new data regularly for changes in client activity, calculate
thresholds, and report statistics. You can also provide static threshold values for some SLAs, to report network
issues. You can view the impacted SLA data in the dashboards.
l Wireless
l Switching
l WAN

FortiAIOps 2.1.0 User Guide 8

Fortinet Inc.
Overview

Wireless

The following SLAs are monitored for wireless clients.

l Throughput
l Coverage
l Roaming
l Time to Connect
l Connection Failure
l AP Health and Uptime

Throughput

This SLA monitors your wireless network at the system and client level, to identify potential low throughput
conditions and categorize them based on the underlying issue type, into different classifiers and sub-classifiers.
Low throughput is determined based on specific network health parameters, such as, noise, retries, discards,
channel utilization etc. and client health parameters, such as, MCS index, data rate.

Coverage

Network coverage issues are monitored by detecting the coverage holes and overlapping FortiAPs (crowded
FortiAPs). These conditions in a network are determined by evaluating client’s RSSI (low signal strength) and
presence of multiple neighbouring FortiAPs.

Roaming

Wireless clients roam from one AP to another in a multi-AP deployment area swiftly and frequently. Associating
with different AP requires a process of re-authentication that can take some time to complete, impeding data
connectivity especially for time sensitive applications. The Roaming SLA identifies such slow roaming
connections, determines the causes for it and suggests suitable remedy for facilitating faster client roaming.

Time to Connect

This SLA computes the time taken by clients to connect to the network. FortiAIOps reports those clients that
take longer than certain thresholds to connect to the network. These thresholds are statically configured or
FortiAIOps computes them dynamically using machine learning algorithms. The algorithms compute specific
thresholds for the AP-client environment and for different connectivity phases such as association,
authentication (4-way handshake) and DHCP.

Connection Failure

This SLA determines the failed/unsuccessful client connections based on different stages of connection to a
network. For example, association failures due to low RSSI, authentication failures due to unreachable RADIUS
server, DHCP failure due to a DHCP server process crash, or DNS failure due to an invalid DNS domain.

AP Health and Uptime

This SLA determines the health of the FortiAPs based on the configured CPU, memory, temperature
thresholds, and events such as FortiAP reboot, FortiSwitch port down, FortiGate, and so on. FortiAIOps
displays relevant SLAs under different sections on the monitor dashboard.

FortiAIOps 2.1.0 User Guide 9

Fortinet Inc.
Overview

Switching

The switching SLAs monitor the switch health and connection status.
l Throughput
l Network
l Switch Health and Uptime
l Switch Connection Failure

Throughput

The Throughput SLA monitors your wired network at the system and client level, to identify potential low
throughput conditions and categorizes them based on the underlying issue type, into different classifiers and
sub-classifiers. Low throughput is reported based on traffic congestion due to high inbound/outbound traffic,
storm conditions, low wired bandwidth conditions leading to network slowdowns, packet drops, and increased
latency.

Network

The Network SLA monitors the deployed FortiSwitches to predict any potential network disruptions that may
lead to poor connectivity. FortiAIOps detects such issues based on monitoring broadcast and multicast storms,
possible IP address exhaustion in the DHCP server, or MCLAG issues such as hardware mismatch or peer
communication glitches.

Switch Health and Uptime

The Switch Health and Uptime SLA determines the health of the switches based on the configured thresholds
(CPU, memory, temperature) and events such as uplink and power budget issues, port flapping, port down,
switch down, and so on. FortiAIOps displays relevant SLAs under different sections on the AI Insight
dashboard and the Impacted SLA and Impacted Devices pages.

Switch Connection Failure

The Switch Connection Failure SLA determines the failed/unsuccessful client connections based on
authentication events such as MAC authentication and 802.1x authentication, MAC learning limit, and blocked
DHCP clients.

WAN

WAN is a software-defined approach for managing Wide-Area Networks (WAN). It allows you to offload internet
bound traffic, that is, private WAN services remain available for real-time and mission critical applications. This
added flexibility improves traffic flow and reduces pressure on the network. WAN has member interfaces and
ports that are used to run traffic.
l Performance
l FortiExtender

Performance

You can configure Performance SLAs to monitor member interface link quality and to detect link failures. The
link quality is measured based on latency, jitter, and packet loss. FortiAIOps WAN SLA can follow the

FortiAIOps 2.1.0 User Guide 10

Fortinet Inc.
Overview

performance SLAs defined on FortiGate and report the SLA breaches.

FortiExtender

FortiExtender integrates with FortiGate and WAN to become a part of Fortinet's security fabric. This integration
enables FortiGate’s WAN to have an extension using FortiExtender, providing continuous connectivity in case
FortiGate's primary WAN link fails. Also, FortiExtender enables network access for remote sites and branches
located beyond fixed broadband.
FortiExtender also facilitates load balancing for network traffic along with the primary WAN link. When
FortiExtender is a part of your network, FortiAIOps monitors and reports related issues/failures.
Note: FortiAIOps monitors only the FortiExtender devices managed by FortiGate.

FortiAIOps 2.1.0 User Guide 11

Fortinet Inc.
Getting Started

Getting Started

This section is a tutorial to get you started with installing, setting up, and using the FortiAIOps application to
monitor your networks.

The steps depicted in this graphic are described in the following sections.
l Installing FortiAIOps
l Initial FortiAIOps Configuration
l Accessing FortiAIOps
l Licensing
l Adding FortiGate
l Enable Log Forwarding
l Configure SLA Metrics
l Monitoring
l API Reference
l System Diagnostics

FortiAIOps 2.1.0 User Guide 12

Fortinet Inc.
Getting Started

Installing FortiAIOps

You can deploy FortiAIOps on supported VM, public cloud, and hardware platforms. Refer to the following
sections for detailed instructions on deployment procedures.
l VM Platforms - Deploying FortiAIOps on VM Platforms
l Public Cloud Platforms - Deploying FortiAIOps on Public Cloud Platforms
l Hardware Platforms - Deploying FortiAIOps on Hardware Platforms
Note: The FortiAIOps CLI and GUI users are different.

Initial FortiAIOps Configuration

After FortiAIOps is successfully installed, login as an administrator with the default username (admin). A
password is not required. For more information on the commands, see Command Line Interface (CLI)
Reference.
l Configuring a Password
l Configuring the IP Address
l NTP/Timezone and DNS Configurations
l Viewing the Configuration

Configuring a Password

Login into the CLI with the username admin, a password is not required. However, after you login, you are
prompted to change the password.

Configuring the IP Address

The DHCP IP address is assigned by default. Run the get system interface command to view the IP
address. Run the config system interface command to configure a static IP address.
fortiaiops # config system interface
fortiaiops (interface) # edit port1
fortiaiops (port1) # set mode static
fortiaiops (port1) # set ip 10.34.159.xxx/xx
fortiaiops (port1) # end

You are required to configure the gateway IP address when using a static IP address. Run the config
router static command.

FortiAIOps 2.1.0 User Guide 13

Fortinet Inc.
Getting Started

fortiaiops # config router static

fortiaiops (static) # edit 1
fortiaiops (1) # set gateway 10.34.159.xx
fortiaiops (1) # set device port1
fortiaiops (1) # end

NTP/Timezone and DNS Configurations

Fortinet recommends that you configure the NTP settings and DNS server. Run the following commands.
l config system ntp
l config system global [set timezone]
l config system dns

You can also configure the IP address , DNS, NTP, and the timezone via the GUI. See Settings.

Viewing the Configuration

Run the show full-configuration command to view all changes.

For detailed information on these configurations, see Post-installation Tasks

Licensing

FortiAIOps offers Monitoring, AI Insights, and SD-WAN subscriptions, with licensing based on the type of
devices you use. For more information, see FortiAIOps Data Sheet.
Perform the following steps to obtain the license for FortiAIOps on VM platforms or public cloud platforms.
1. Copy System ID information: Navigate to Dashboard > Summary and copy the System ID.
2. Contract Registration: Login to https://support.fortinet.com using your account credentials to register the
contract received over email for the product SKU purchased. Paste the copied system id during the
registration process to generate the license file.
3. Download License file: Once the registration is complete, validate the entitlement details and download
the license file if generated successfully. Upload this file in System > FortiGuard > Upload License File.

For FortiAIOps 500G, manual license upload is not required. FortiAIOps automatically
synchronizes the license from Fortinet Support.
To initiate an immediate license and definition update, navigate to System >
FortiGuard and click the Update License and Definitions Now.

Note: Fortinet recommends that all network elements are fully licensed.
If the network elements are partially licensed, related statistics are not reported in FortiAIOps. For example, a
FortiAP is licensed and the connected FortiSwitch is not licensed; a FortiAP down event is triggered due to
FortiSwitch port down/FortiSwitch reboot. In this case, the FortiAP down event is reported in FortiAIOps but the
FortiSwitch port issues or reboot is not reported in FortiAIOps (as the FortiSwitch is not licensed). For more
information, see Licensing.
Ensure that the FortiAIOps NTP settings and your time zone are synchronized.

FortiAIOps 2.1.0 User Guide 14

Fortinet Inc.
Getting Started

Adding FortiGate

In the FortiAIOps application portal, manually add the FortiGate controller. Navigate to Inventory > Managed
FortiGates > Add and provide the required configuration details. Standalone and HA FortiGate controllers can
be added. Optionally, you can add FortiGates in bulk using the import operation. For detailed information on
adding and managing FortiGate controllers, see Adding and Managing FortiGates.
You can group FortiGate controllers into Device Groups for ease of management. Each controller can belong
to only one group; if a controller is added to a second group, it is automatically removed from the previous
group. For detailed information on creating device groups, see Device Groups.

Enable Log Forwarding

FortiAIOps supports direct FortiGate log forwarding and FortiAnalyzer log forwarding.
l Run the following command to configure syslog in FortiGate.
l config log syslogd setting
l set status enable
l set server 10.34.xxx.xxx
l Direct FortiGate log forwarding - Navigate to Fabric Connectors > Logging & Analytics > Log Settings
in the FortiGate GUI and specify the FortiAIOps IP address. Enable FortiAnalyzer log forwarding.

FortiAIOps 2.1.0 User Guide 15

Fortinet Inc.
Getting Started

l Navigate to Log Forwarding in the FortiAnalyzer GUI, specify the FortiAIOps IP address and select the
FortiGate controller in Device Filters.

Note: The syslog port is the default UDP port 514.

Monitoring

After the FortiAIOps setup and configurations are complete, you can view different aspects of your network in
the following panels of the FortiAIOps application portal.

GUI Panels Description

Dashboard The dashboard provides a graphical overview of network elements,

resource usage, and AI insights.

AI Insights You can configure SLA metrics and the required thresholds, and monitor
the AI enabled data insights of your network and the impacted SLAs and
devices.

Inventory You can add FortiGate controllers and configure management operations.

Wireless The wireless section provides comprehensive data and statistics to monitor
wireless networks.

Switch The switch section provides comprehensive data and statistics to monitor
FortiSwitches and FortiSwitch clients.

FortiAIOps 2.1.0 User Guide 16

Fortinet Inc.
Getting Started

GUI Panels Description

Security Fabric The security fabric page represents the topology, that illustrates the logical
placement of the wireless service and the physical placement of hardware
devices.

Logs and Reports The logs section provides detailed WiFi and FortiSwitch event logs, you can
also generate detailed FortiAIOps reports.

System The system section includes several pages that offer valuable insights into
various aspects of system management, such as users, user groups,
backup and restore, settings, licensing, location services, and certificates.

Service Assurance The service assurance section provides an overview of the diagnostic and
trouble-prevention capability of FortiAIOps.

System Diagnostics

Access the FortiAIOps GUI and in top-right, click to download the diagnostics to aid in troubleshooting,
comprising of system, application, and FortiAIOps related logs. You can create the diagnostics file and
download it as required.

FortiAIOps 2.1.0 User Guide 17

Fortinet Inc.
Getting Started

API Reference

FortiAIOps is Swagger compliant providing well documented APIs and improving their accessibility. You can
access API documentation using the URL, https://<FortiAIOps IP address>/swagger.

FortiAIOps 2.1.0 User Guide 18

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

Deploying FortiAIOps on VM Platforms

Deploying FortiAIOps is a simple process that involves downloading the installation files, performing the
installation, and completing post-installation steps. Here is an overview of the deployment process:
1. Ensure that the prerequisites are met before performing the installation.
2. Download installation files from the Fortinet Support portal.
3. Perform the installation.
l Installing FortiAIOps on VMware ESXi
l Installing FortiAIOps on Hyper-V
l Installing FortiAIOps on KVM
l Installing FortiAIOps on Nutanix
l Installing FortiAIOps on Proxmox on page 35
4. Complete the post-installation tasks.

Pre-installation Requirements

Ensure that the following requirements are met before proceeding with the installation.

Supported Environments

Supported environments include:

l VMware ESXi - 7.0.3 and above
l Microsoft Hyper-V
l KVM - Ubuntu 20.04 and above, CentOS 9.0 and above

Hardware Requirements

The following table lists the minimum hardware requirements for deploying FortiAIOps.

Storage
CPU Memory
Disk 1 Disk 2

4 32 GB 8 GB 500 GB

Note: Disk 1 is used for OS and Disk 2 is used for data. You can extend or modify Disk 2 size based on your
requirements.

Installing FortiAIOps on VMware ESXi

Perform the following steps to deploy FortiAIOps.

FortiAIOps 2.1.0 User Guide 19

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

1. Download the installation file from Fortinet Support portal and unzip the file (FAO_VM64-vx.x.x-
devbuildxxxx-FORTINET.out.ovf.zip). This folder contains 4 installation files.

2. Connect and log in to the VMware ESXi host client with administrative rights.
3. Select Create/Register VM in the Host tab.

4. Select Deploy a virtual machine from an OVF or OVA file as the creation type.
5. Browse and select the downloaded installation files and enter a suitable hostname.

6. Select your preferred datastore to store the virtual machine files in the Select storage page.
7. Accept the end user license agreement.
8. In the Deployment options page:
a. Select you preferred VM network
b. Select your preferred disk provisioning method. Thin disk provisioning method is recommended.
c. Ensure Power on automatically option is selected
Note: To modify configurations, it is necessary to edit the VM configuration while the VM is in a
powered off state, and then start the VM.

FortiAIOps 2.1.0 User Guide 20

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

9. Review the summary of the deployment settings and click Finish.

10. You can monitor the progress of the deployment in the Recent Tasks pane. When the installation is
complete, the virtual machine will be listed in the Inventory pane.
11. Perform post-installation tasks.

Installing FortiAIOps on Hyper-V

Perform the following steps to deploy FortiAIOps.

1. Download the installation file from Fortinet Support portal and unzip the file FAO_VM64_HV-
vx.x.xdevbuildxxxx-FORTINET.out.hyperv.zip. This folder contains 2 installation files.
2. Open the Start menu, search for Hyper-V Manager, and click on the application to launch it.
3. Click New in the Actions pane and select Virtual Machine to start the New Virtual Machine Wizard. Click
Next.

FortiAIOps 2.1.0 User Guide 21

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

4. Enter a name and select location for FortiAIOps. Click Next.

FortiAIOps 2.1.0 User Guide 22

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

5. Select Generation 1 and click Next.

FortiAIOps 2.1.0 User Guide 23

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

6. Specify the memory that needs to be allocated. Click Next. See Pre-installation Requirements.

FortiAIOps 2.1.0 User Guide 24

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

7. Select network adapter and click Next.

FortiAIOps 2.1.0 User Guide 25

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

8. Select Use an existing virtual hard disk. Browse and select FAOWHV.vhd image locally stored. Click
Next.

9. Review the settings and click Finish.

10. Right click on the new virtual machine created and select Settings.

FortiAIOps 2.1.0 User Guide 26

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

11. Select IDE Controller 0 under Hardware in the left pane. Select Hard Drive and click Add.

FortiAIOps 2.1.0 User Guide 27

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

12. Select the newly created hard drive. Select Virtual hard disk option. Browse and select the
DATADRIVE.vhd image. Click Ok.

FortiAIOps 2.1.0 User Guide 28

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

13. Select Processor under Hardware in the left pane. Enter the number of virtual processors based on your
FortiAIOps configuration. Click Apply. Click Ok.

14. Right click on the virtual machine and click Start. Once the virtual machine is up and running, launch the
console.
15. Perform post-installation tasks.

Installing FortiAIOps on KVM

Perform the following steps to deploy FortiAIOps on KVM using virt-manager.

1. Download the installation file from Fortinet Support portal and unzip the file FAO_VM64_KVM-
vx.x.xdevbuildxxxx-FORTINET.out.kvm.zip.
2. Open terminal and navigate to the path of the downloaded and unzipped installation files.

FortiAIOps 2.1.0 User Guide 29

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

3. Run the ./deploy_kvm {name of machine} {interface to run the machine} command to
deploy FortiAIOps in the virt-manager automatically.

4. Open the virt-manager window.

FortiAIOps 2.1.0 User Guide 30

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

5. Click Open to launch the console after the virtual machine is in a running state.

6. Perform post-installation tasks.

Installing FortiAIOps on Nutanix

Perform the following steps to deploy FortiGuest on Nutanix.

1. Obtain FAO_VM64_HV-v2.0.1-[build0xxx]-FORTINET.out.hyperv.zip from Fortinet and extract it to obtain
the files FAOWHV.vhd and DATADRIVE.vhd.
2. Log in into the Nutanix Prism user interface and click the icon. Select Image Configuration.

3. Upload both the FAOWHV.vhd and DATADRIVE.vhd files in the order as mentioned here. To upload
FAOWHV.vhd, click Upload Image and update the following fields.

FortiAIOps 2.1.0 User Guide 31

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

l Enter a Name for the FortiAIOps image file.

l Select Disk in as the Image Type.
l Select the Storage Container.
l In the Image Source section, click Upload a file and browse to the FortiAIOps image file
FAOWHV.vhd.
4. Click Save.
5. Repeat steps 3 and 4 to upload DATADRIVE.vhd.

FortiAIOps 2.1.0 User Guide 32

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

6. Refresh the browser after a few seconds and the newly created images are listed in the Image
Configuration page.
7. To create a VM, navigate to the VM dashboard and click Create VM and enter the following configuration.

l Enter a Name for the FortiAIOps VM.

l Select your Timezone.
l In the Compute Details section, enter 4 vCPU(s) and 8 GB of Memory.

Note: By default, a CD-ROM is listed under Disks, delete this CD-ROM.

8. To create a new Boot disk, click Add New Disk and enter the following configuration.
l Select Clone from Image Service as the Operation and the disk is cloned from the FortiAIOps image
files uploaded earlier in this procedure.
l Select SCSI as the Bus Type.

FortiAIOps 2.1.0 User Guide 33

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

l Select the uploaded FortiAIOps disk Image - FAOWHV.vhd.

9. Click Add.
10. Add another disk for DATADRIVE.vhd following the previous step.
Note: Ensure to create a new disk for FAOWHV.vhd first and then for DATADRIVE.vhd.
11. Add 4 Network Adapters, click Add New NIC.

FortiAIOps 2.1.0 User Guide 34

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

12. Power on the VM and launch the console.

13. Configure the FortiAIOps static IP address on starting the VM. See Post-installation Tasks.

Installing FortiAIOps on Proxmox

Perform the following steps to deploy FortiAIOps on the Proxmox KVM platform.
1. Obtain FAO_VM64_KVM-v2.0.1-[build0xxx]-FORTINET.out.kvm.zip from Fortinet.
2. Use SCP to transfer this file to a Proxmox machine and extract it.
unzip FAO_VM64_KVM-v2.0.1-[build0xxx]-FORTINET.out.kvm.zip
-rwxrwxr-x 1 root root 3653632 May 9 12:06 OVMF_CODE_4M.secboot.fd
-rwxrwxr-x 1 root root 540672 May 9 12:06 Fimg_VARS.fd
-rw-r--r-- 1 root root 1394802688 May 9 12:20 FAOKVM.qcow2
-rwxr-xr-x 1 root root 1964 May 9 12:20 deploy_pmx
-rwxr-xr-x 1 root root 4112 May 9 12:20 deploy_kvm
-rw-r--r-- 1 root root 204608 May 9 12:20 datadrive.qcow2
-rw-r--r-- 1 root root 4521984 May 9 12:20 OVMF.qcow2
-rwxr-xr-x 1 root root 2749 May 9 12:20 KVM.xml.tmpl
-rw-r--r-- 1 root root 1358948555 May 9 16:48 FAO_VM64_KVM-v2.0.1-
[build0xxx]-FORTINET.out.kvm.zip
3. Import the FortiAIOps disk image manually in the Proxmox shell to create the VM.
./deploy_pmx -n <name> -v <volume> -b <bridge> [-i <vmid>] [-c <cores>] [-m
<memory>]
where
<name>is the name of the VM, for example, fortiaiops.
<volume> is the target storage ID, for example, local-lvm.
<bridge> is the network bridge to use, for example, vmbr0.
<vmid> is the ID assigned to the new VM; the default is to use the next available free ID.
<cores> is the number of CPU cores to allocate; the default is 8.
<memory> is the amount of RAM to allocate (in MB); the default is 32768 MB.

FortiAIOps 2.1.0 User Guide 35

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

4. The VM is now deployed.

5. Configure the FortiAIOps static IP address on starting the VM.

Post-installation Tasks

Perform the following steps to access FortiAIOps after successful installation.

1. Turn on the newly created VM, if it is not already ON. In the virtual machine console, log in as an admin
user with the username admin. A password is not required
2. Login as FortiAIOps administrator with username admin. Configure the password after the first login.
Note: By default, there is no password for logging into the CLI mode for the first time. However, you are
prompted to change the password after logging in. The default login credentials (username/password) for
the GUI are admin/admin. Configuring the CLI password does not modify the GUI password.
3. Ensure that the IP address is configured properly. Run the get system interface command to view
the dynamically assigned IP address. Run config router static command to assign a static
IP address.

Accessing FortiAIOps

After successfully generating a new password and configuring a static IP address for the FortiAIOps server, you
can access the FortiAIOps application portal for management operations and to monitor your network. Open a
compatible web browser and enter the https://<fortiaiops_server_IP> URL, where <fortiaiops_server_IP> is the
configured static IP address. The default username/password is admin/admin; you are prompted to change the
password after the first login.

FortiAIOps 2.1.0 User Guide 36

Fortinet Inc.
Deploying FortiAIOps on VM Platforms

Upgrading FortiAIOps

You can upgrade FortiAIOps via the GUI and the CLI.
l Upgrade via GUI - Navigate to System > Upgrade to upgrade FortiAIOps. See Upgrade.
l Upgrade via CLI - Run the following command to upgrade FortiAIOps.
execute restore image ftp <path to upgrade file><upgrade file name> <IP
address> <username> <password>

FortiAIOps 2.1.0 User Guide 37

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

Deploying FortiAIOps on Public Cloud Platforms

FortiAIOps can now be deployed on the following public Cloud platforms.

l Microsoft Azure
l Google Cloud Platform
l Amazon Web Services (AWS)
l Oracle Cloud Infrastructure (OCI)

Microsoft Azure

Perform the following steps to deploy FortiAIOps on Microsoft Azure. For more information on the Azure portal
configurations, see the Azure documentation.
1. Download the file FAO_VM64_AZURE-v2.0.1-[build0xxx]-FORTINET.out.azure.zip from Fortinet and
extract it to obtain the file FAO_VM64_AZURE-v2.0.1-[build0xxx]-FORTINETout.vhd.
2. Upload the extracted VHD file on to the Azure portal using the following procedure.
l Create a new Resource Group or use an existing one from the portal. See Manage Azure Resource
Group.

l Create a new Storage account or use an existing one from the portal. See Create a storage account.

FortiAIOps 2.1.0 User Guide 38

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

l In the Storage account, select a Container or create a new one to upload the VHD file. See Create a
container.

l When uploading the VHD file, select the Blob type as Page blob.

l After the upload, verify that the file is listed in the Containers page.

FortiAIOps 2.1.0 User Guide 39

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

3. Create a managed image from the uploaded VHD file. Navigate to Images > Create an image in the Azure
portal and configure the following settings.
l Select a Resource group.
l Enter a Name for the image.
l Select the applicable Region from the list.
l Set the OS type to Linux.
l Set the VM generation to Gen 1.

4. Browse and select the uploaded VHD file in the Storage blob.
Note: It is not required to add data disk in this step, the data disk addition is required when the virtual
machine is created.
5. Click Review + create to create an image.
6. Create a virtual machine from the managed image that you just created. Select Virtual machines >
Create Azure virtual machine on portal.

FortiAIOps 2.1.0 User Guide 40

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

l Select a Resource group.

l Enter a Name for the virtual machine.
l Select the applicable Region from the list.

7. Click See all images to browse and select the image that was generated in the previous step.
8. Click See all sizes to select a virtual machine size.
Note: It is recommended to select VM size as 4 vCPU and 32 GB RAM, and the Local storage as 0.

FortiAIOps 2.1.0 User Guide 41

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

9. Configure network inbound port rules to allow SSH access in the field Select inbound ports.

10. Click Next: Disks and configure disk data as is depicted in the following image.
Note: The recommended minimum data disk size is 128GB.

FortiAIOps 2.1.0 User Guide 42

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

FortiAIOps 2.1.0 User Guide 43

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

11. Click Next: Networking to configure the network settings.

12. Select the available Virtual network and the Public IP of the deploying machine.
13. Review the configurations under the tabs, Management, Monitoring, and Advanced.
14. Click Next: Tags and add the required tags.
15. Click Next: Review + create and click Create only if the virtual machine validation is passed, as depicted
in the following image.

FortiAIOps 2.1.0 User Guide 44

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

16. Connect the virtual machine in one for the following methods.
l Connect via Serial Console - Select the running virtual machine and then select Serial console in the
menu.

l Connect via SSH - Obtain the public IP address of the virtual machine and use SSH to connect to the
virtual machine.
ssh admin@<public_IP>

FortiAIOps 2.1.0 User Guide 45

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

Post-installation Tasks

l The public IP address of the virtual machine is available in the Overview page of the virtual machine.

l Create the inbound port rules as depicted in the following image, in the Network settings of the virtual
machine, to enable all FortiAIOps functionality.

Note: Do not change the corresponding IP mode setting from the FortiAIOps GUI or CLI; modify all network
from the Azure portal only.

Google Cloud Platform

Perform the following steps to deploy FortiAIOps on Google Cloud.

1. Download the file FAO_VM64_GCP-v2.0.1-[build0xxx]-FORTINET.out.gcp.zip from Fortinet and extract it
to obtain FAO_VM64_GCP-v2.0.1-[build0xxx]-FORTINET.out.gcp.tar.gz.
2. Install and setup gsutil to access Cloud storage from the CLI using HTTPS. To install gsutil, see Install
gsutil.
3. Alternatively, run the following command to download the Linux 64-bit archive file.
curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-
cloud-cli-389.0.0-linux-x86_64.tar.gz
4. Extract the contents of the file to any location on your file system (preferably your Home directory). To
replace an existing installation, remove the existing google-cloud-sdk directory and then extract the archive
to the same location - tar -xf google-cloud-cli-389.0.0-linux-x86.tar.gz.

FortiAIOps 2.1.0 User Guide 46

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

5. Run the ./google-cloud-sdk/install.sh script (from the root of the folder you extracted the file to).
6. Run ./google-cloud-sdk/bin/gcloud init to initialize GCP CLI.
7. Upload the file FAO_VM64_GCP-v2.0.1-[build0xxx]-FORTINET.out.gcp.tar.gz to the Cloud storage bucket
in the GCP CLI.
./google-cloud-sdk/bin/gsutil FAO_VM64_GCP-v2.0.1-[build0xxx]-
FORTINET.out.gcp.tar.gz gs://my-some-bucket
8. Run the following script to create a secure boot image.
# bash -x import2gcpimg.sh AIOPSBuild FAO_VM64_GCP-v2.0.1-devbuild0448-
FORTINET.out.gcp.tar.gz aiops-gcp.
where, IMAGE_NAME =[FortiAIOps build], SOURCE_FILE= [FortiAIOps image file name, and BUCKET_
NAME =aiops-gcp.
Note: Make sure to create a storage bucket in the GCP GUI where the FortiAIOps image files are
uploaded.

9. In the GCP portal, navigate to Compute Engine > Images and select the uploaded FortiAIOps image file.
10. Click Create instance and update the following configurations. For more information, see Create a VM.
l Enter a Name for the instance.
l Select the applicable Region from the list.

FortiAIOps 2.1.0 User Guide 47

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

l In the Machine configuration, configure the E2 Standard with 4 VCPUs and 16 GB memory.

Note: It is recommended to use a minimum of 4 CPUs and a memory of 16 GB with the Intel Broadwell
CPU platform.

11. Enable Allow HTTPS traffic for web access in Firewall.

12. Click Advanced options to configure networking, disk and security parameters for the instance.
l Set the Network interface card to VirtIO .
l Select the Virtual Private Cloud (VPC) in the Network interfaces.
Note:Ensure that you create VPC networks to use as network interfaces for your instance, and provide

FortiAIOps 2.1.0 User Guide 48

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

the IP address from specified subnets. To create and use a VPC network, see Create and manage
VPC networks.

l Select other network parameters such as IP stack, primary Internal IPv4 address, and external IPv4
address as depicted in this image.
Note: You can select the external IPv4 address as Ephermal (automatic /dynamic or static IP address.
). To create external IPv4 addresses for GCP, see Reserve a static external IP address.

13. Add another hard disk. In the Create an instance page, select Add New Disk and configure the following.
l Enter a disk Name.
l Set the Disk source type to Blank disk.
l Set the Disk type to Standard persistent disk.
l Set the disk Size to 100 GB

FortiAIOps 2.1.0 User Guide 49

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

Note: The minimum recommended disk size is 100 GB.

14. Click Save.

15. In the Security section, enable secure boot as depicted in the following image.

16. Click Create to complete installation. The newly created instance is listed in the VM instances page.
Select the instance and verify that the instance is running with the recommended CPU and machine
configurations.

FortiAIOps 2.1.0 User Guide 50

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

17. After successful installation, enable the serial console.

l Select the instance in the VM instances page.

l Click Edit to enable the following TCP and UDP ports.

l 514:514/udp
l 514:514/tcp
l 4013:4013/udp
l 4013:4013/tcp
l 443:443/tcp

FortiAIOps 2.1.0 User Guide 51

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

l 80:80/tcp

Note: Ensure that all required TCP and UDP ports are enabled.
18. Connect the VM instance and login.
l To connect via the Compute Engine console, click VM Instances and select the VM instance that you
want to connect to. Click Connect to Serial Console. See Connect to the Serial Console. In the
console interface, login with the user name admin. A password in not required.

l To connect via the SSH, obtain the public IP address from the VM Instances interface and connect via
SSH. The get system interface command displays the internal IP address assigned to the

FortiAIOps 2.1.0 User Guide 52

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

instance.

You can use the external IP address to access the FortiAIOps GUI, https: <external_IP_address>.

Amazon Web Services (AWS)

Perform the following steps to deploy FortiAIOps on AWS.

1. Download the file FAO_VM64_AWS-v2.0.1-[build01xx]-FORTINET.out.aws.zip from Fortinet
2. Install or gain access to the AWS CLI. See Get started with the AWS CLI.
3. Configure the AWS CLI as per your access requirements. These are some sample values that you must
replace with the relevant ones.
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: YEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json
4. Create vmimport role and attach the policy to the IAM user. This operation requires IAM permissions.cat
<<EOF > trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
EOF

aws iam create-role --role-name vmimport --assume-role-policy-document

FortiAIOps 2.1.0 User Guide 53

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

file://trust-policy.json
a. Create a policy for the Amazon S3 bucket and attach it to the AWS IAM user.

cat <<EOF > role-policy.json

{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource":[
"arn:aws:s3:::$s3BacketName",
"arn:aws:s3:::$s3BacketName/*"
]
},
{
"Effect":"Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource":"*"
}
]
}
EOF

aws iam put-role-policy --role-name vmimport --policy-name vmimport --

policy-document file://role-policy.json
For more information, see Importing a VM as an Image.
5. Enable Amazon EC2 Full Access and Amazon S3 Full Access permissions.
a. Add permission for create inline policy in Permission policies. Enable write access (CreateRole) and
user permission management (PutRolePolicy). Select Any as the policy name in resource selection.

FortiAIOps 2.1.0 User Guide 54

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

b. For user security credentials, create an access key (CLI) and download the CSV.

c. If you run the import2awsimg.sh manually, then un-comment the line 209 in Creare_vmimport_
role_and_policy.

6. Extract the file FAO_VM64_AWS-v2.0.1-[build01xx]-FORTINET.out.aws.zip. Post extraction, you have the

VHD file and the import script.
a. VHD - FAO_VM64_AWS-v2.0.1-[build01xx]-FORTINET.out.vhd
b. Import script - import2awsimg.sh
7. Run the import2awsimg.sh script to import the VM.
bash –x import2awsimg.sh <imported_image_file> <s3_bucket_name>

FortiAIOps 2.1.0 User Guide 55

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

Note:
l To import the VM, you must have read & write permissions to the Amazon bucket, EC2 Snapshot, and
image creation, and import permissions.
l Some AWS regions use /dev/xvda as the root device name instead of /dev/sda1 If you are
importing an image into a region that uses /dev/xvda, update the script by replacing all instances of
/dev/sda1 with /dev/xvda. For example, modify the block_device_mappings.json section of
the import2awsimg.sh by replacing /dev/sda1 with /dev/xvda.
8. Launch an instance from the Amazon Machine Images (AMI). Select Images > AMI in the EC2 service
interface and select the image that you just imported. Click Launch instance from AMI.

9. Add Name and tags for the instance, select the Instance type, set the Key pair, and configure the
Network settings based on your requirement. Select the required hard disk size in Configure storage.
The default size of disk storage 2 is10 GB, modify the size as per your requirement. Click Launch
instance.

FortiAIOps 2.1.0 User Guide 56

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

10. Obtain the public IP address of the instance from the EC2 service interface and connect via a private key
using SSH.

FortiAIOps 2.1.0 User Guide 57

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

Oracle Cloud Infrastructure (OCI)

Perform the following steps to deploy FortiAIOps on OCI, for more information, see OCI Documentation.
1. Obtain the file FAO_VM64_OCI-v2.1.0-[build0xxx].out.oci.zip from Fortinet.
2. To create a Bucket in OCI, log in to your OCI account and navigate to the Object Storage & Archive
Storage > Buckets > Create Bucket in the OCI portal.
3. Enter a unique name for your Bucket and select the relevant Compartment.

FortiAIOps 2.1.0 User Guide 58

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

4. Click Create or Confirm.

5. Extract the file FAO_VM64_OCI-v2.1.0-[build0xxx].out.oci.zip to obtain FAO_VM64_OCI-v2.1.0-

[build0xxx].vmdk. Upload the .vmdk file in the bucket.

FortiAIOps 2.1.0 User Guide 59

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

6. Select Custom Images and import the image; select the uploaded VMDK file in Object Name.

7. Search for the Block Volume Service and create block volume with 500 GB using the Custom option.
8. Navigate to Compute Service in the OCI portal and create an instance with the uploaded custom image.

9. Click Create instance and select the required Image and Shape Series. Set the number of CPUs to 4 and
RAM to 32 GB, as per your requirements. Wait for the import process to complete. This may take 6-10
minutes (approximately).
Wait for the import process to complete. This may take 6-10 minutes (approximately).

FortiAIOps 2.1.0 User Guide 60

Fortinet Inc.
Deploying FortiAIOps on Public Cloud Platforms

10. Save any private keys or SSH keys that you may need to access the instance.
11. After creating an instance, navigate to Attached block volumes and select the block volume created
earlier. The recommended attachment type is Paravirtualized.

12. Reboot the instance after attaching the volume.

FortiAIOps 2.1.0 User Guide 61

Fortinet Inc.
Deploying FortiAIOps on Hardware Platforms

Deploying FortiAIOps on Hardware Platforms

FortiAIOps can be deployed on the following hardware platform:

l FortiAIOps 500G (FAO-500G)

Deploying FortiAIOps 500G (FAO-500G)

The FAO-500G hardware platform comes with FortiAIOps pre-installed. Perform the following steps to deploy
and configure the device.
l Initial Configuration
l Accessing the GUI

Initial Configuration

After setting up and mounting the appliance on the rack, connect to the FortiAIOps 500G CLI using the console
port and perform the following steps. See, FortiAIOps 500G Quick Start Guide.
1. On the console Log in as an admin user with the username admin. A password is not required. You will be
prompted to configure a new password after the initial login.

This CLI password is separate from the GUI password. The default GUI credentials
are admin/admin.

2. Verify the dynamically assigned IP address using the command: get system interface
3. Configure a static IP address (recommended) using the command: config system interface

For a complete list of supported CLI commands, see Command Line Interface (CLI) Reference.

Accessing the GUI

After completing the initial CLI configuration, you can access the FortiAIOps GUI.
1. Open a web browser and enter the following URL.
https://<fortiaiops_server_IP>
Replace <fortiaiops_server_IP> with the static IP address you configured.
2. Log in using the default GUI credentials.
admin/admin

FortiAIOps 2.1.0 User Guide 62

Fortinet Inc.
Command Line Interface (CLI) Reference

Command Line Interface (CLI) Reference

The following commands are supported for FortiAIOps.

l Configuration Commands
l Show Commands
l Diagnostic Commands
l Management Commands
l System Information

Configuration Commands

The following commands are available to configure FortiAIOps.

Command Parameters Description

config system edit <interface port> Edit the interface port
interface and enter the port
setting mode in the
CLI.
? Displays the various
parameters available
for this command.
abort Aborts the port setting
mode and exits.
next Returns to the
interface
configuration mode.
set mode <static|DHCP> Configure the port IP
address mode; static
or DHCP.
set ip <IP/netmask> Configure the port IP
address (static).
set allowaccess <ssh|https|http|ping> Configure the admin
access type; SSH,
THHP, HTTPS, Ping,
or SNMP.
get Obtain the system
information.
show Displays the current
interface
configuration details.

FortiAIOps 2.1.0 User Guide 63

Fortinet Inc.
Command Line Interface (CLI) Reference

Command Parameters Description

end Exit the port
configuration mode;
the configuration
changes then take
effect.
config system admin Configures admin
users.
edit admin - Edit
admin user details.
set password - Set
the admin user
password.
dns Configures DNS and
enters the DNS
configuration mode.
set primary -
Configures the
primary DNS server.
global Configures global
settings and enters
the global
configuration mode.
interface Configures the
system interface.
ntp Configures system
NTP information.
l set ntpsync -

Enable/disable
the system time
by synchronizing
with the NTP
server.
l set
ntpserver -
Configure the IP
address or
hostname of the
NTP servers (up
to 10).

FortiAIOps 2.1.0 User Guide 64

Fortinet Inc.
Command Line Interface (CLI) Reference

Command Parameters Description

lldp-transmission LLDP is enabled by
default on all
interfaces, global and
per interface settings.
Run the following
commands to
manage LLDP.
config system
global
set lldp-
transmission
enable
<enable LLDP>
disable
<disable LLDP>

Show Commands

The following commands can be used for viewing configuration information.

Command Parameters Description

show Displays bootstrap
configuration.
show full-configuration Displays all configuration
(includes defaults).

Diagnostic Commands

The following commands are used to diagnose and troubleshoot issues.

Command Parameters Description

diagnose ? Displays the various
parameters available for this
command.
hardware ? Displays the various
parameters available for this
command.
hardware deviceinfo disk Displays information of all
disks.
hardware deviceinfo nic Display the available list of
NICs.

FortiAIOps 2.1.0 User Guide 65

Fortinet Inc.
Command Line Interface (CLI) Reference

Command Parameters Description

hardware deviceinfo <nic Displays information of a
name> specific NIC.
hardware deviceinfo tpm Displays Trusted Platform
Module (TPM) module
information.
hardware lspci Displays the PCI parameters.
hardware lspci tree Displays PCI bus tree.
hardware lspci verbose Displays detailed information
about all devices.
hardware sysinfo ? Displays the various
parameters available for this
command.
hardware sysinfo cpu Displays detailed information
for all installed CPU(s).
hardware sysinfo interrupts Displays details of system
interruptions.
hardware sysinfo iomem Displays the memory map of
I/O ports.
hardware sysinfo ioports Display the address list of I/O
ports.
hardware sysinfo memory Displays the system memory
details.
hardware sysinfo mtrr Displays the memory type
range register.
hardware sysinfo slab Displays the memory allocation
information.
diagnose system top all Displays the top threads
information.
top cpu Displays processes with the
highest CPU usage at the top of
the list.
load Displays system uptime and
load information.
process <cpu | mem> <num> Displays the processes sorted
by specified criteria (default 10
processes).

FortiAIOps 2.1.0 User Guide 66

Fortinet Inc.
Command Line Interface (CLI) Reference

Command Parameters Description

fsck harddisk Check and repair the file
system, then reboot the
system.
raid hwinfo Displays raid controller
information.
raid hwinfodetail Displays detailed raid controller
information.
raid migrate Migrate to a new disk.
raid rebuild Rebuild the existing disk.
disk attributes Displays vendor specific Self-
Monitoring, Analysis, and
Reporting Technology
(SMART) attributes.
disk errors Displays SMART error logs.
disk health Displays SMART health status.
disk info Displays SMART information.

Management Commands

The following enable some management and other operations in FortiAIOps.

Command Parameters Description

execute ? Displays the various
parameters available for this
command.
date <YYYY-MM-DD> Set the date in the YYYY-MM-
DD format.
time <HH:MM:SS> Set the time in the HH:MM:SS
format.
factoryreset reboot Reset to the factory default
settings and reboot the
system.
factoryreset shutdown Reset to the factory default
settings and shutdown the
system.
formatlogdisk Format the log disk.
ping <destination> Ping the host name or IPv4
address.

FortiAIOps 2.1.0 User Guide 67

Fortinet Inc.
Command Line Interface (CLI) Reference

Command Parameters Description

traceroute <destination> Traceroute of the host name or
IPV4 address.
reboot Reboot the system.
shutdown Shut down the device.
backup config ftp <path> Creates a remote backup of
<server fqdn|ipaddr>[:port] the configuration file from an
[ftp_user] [ftp_passwd] FTP server.
backup config tftp <filename> Creates a remote backup of
<server fqdn|ipaddr> the configuration file from a
TFTP server.
restore image ftp <filename Restores the firmware image
string> <ftp server>[:port] from an FTP server using
[ftp_user] [ftp_passwd] specific details.
restore image tftp <filename Restores the firmware image
string> <tftp server> from a TFTP server.
dns-no-domain The DNS No Domain events
are disabled in FortiAIOps, by
default. Run the following
commands to enable these
events.
execute dns-no-domain
disable <disable
the events>
enable <enable the
events>
status <show the
current setting>

sensor list Displays sensor list and status

from IPMI.
format disk 0 Create RAID 0 and format
disk.
format disk 1 Create RAID 1 and format
disk.
format disk 5 Create RAID 5 and format
disk.
format disk 10 Create RAID 10 and format
disk.

System Information

The following commands information related to the system configurations.

FortiAIOps 2.1.0 User Guide 68

Fortinet Inc.
Command Line Interface (CLI) Reference

Command Parameters Description

get system ? Displays the various
parameters available for this
command.
status Displays system status, such
as, version, serial number,
BIOS details, time stamp,
hostname, and so on.
admin Displays the configuration
details of the admin users.
admin <username> Displays the configuration
details of a specific admin
user.
dns Displays the DNS
configuration.
global Displays the configuration
details of global attributes.
interface Displays the interface details,
status, and IP address.
interface <port> Displays the port details,
status, and IP address.
ntp Displays the configuration
details and status of NTP
server.

FortiAIOps 2.1.0 User Guide 69

Fortinet Inc.
Dashboard

Dashboard

The FortiAIOps dashboard provides a graphical overview of network elements, resource usage, AI insights, and
Service Assurance.
l Summary
l AI Insights
l Service Assurance

Summary

This dashboard provides visual summarization of key system information, network elements, and resource
usage. The interactive graphs and charts allow you to navigate into detailed views of network statistics for
analytical and monitoring purpose.

FortiAIOps 2.1.0 User Guide 70

Fortinet Inc.
Dashboard

The data on this dashboard is automatically refreshed every 60 seconds; the following options are available to
manage the auto-refresh feature for this page.

l
Click to manually refresh data.
l
Click to pause the auto-refresh.
l
Click to resume the auto-refresh.

Use the Add Widget option to manage the widgets displayed on the dashboard; you can choose to add or
remove the widgets.

FortiAIOps 2.1.0 User Guide 71

Fortinet Inc.
Dashboard

The following widgets provide network data on this dashboard.

l System Information - This widget provides generic information about the FortiAIOps such as the host
name, firmware version, system ID, current system time, uptime, and the IP address.
l System Resource Summary - This widget provides an overview of the current system resource usage for
FortiAIOps. The statistics include the total available and used disk space (HDD and SSD), the number of
CPU cores used and the average usage, and total available and used memory. Click on the trends icon to
view the resource usage summary; filter data based on the selected duration or customized time slot. You
can select a time window or define a Custom range. The custom range allows the selection of a minimum
of 1 day and the maximum is the duration of log retention configured in System > Settings. The minimum,
maximum, and average values are displayed when a time interval of more than 6 hours is selected.
l Wireless Clients - Displays the total number of connected clients with their Band categorization of
2.4GHz, 5GHz, and 6GHz. This panel also provides representation for clients based on the OS Type. Click
on the chart to navigate to Wireless > Clients.
l Wired Clients - Displays the total number of connected clients with their status.
l WIDS Events – Displays the real-time wireless WIDS events and categorizes them based on the severity
level as, Information, Debug, Notice, Warning, Error, Critical, Emergency, and Alert. You can select the
period to view the data (10 or 30 minutes, 1 or 12 hours, or 1 day).
l FortiGates - Displays the total number of FortiGate controllers in your network and their status
(Online/Offline). Click on the chart to navigate to Inventory > Managed FortiGates.
l FortiGates CPU Usage and FortiGates Memory Usage - Displays the real-time FotiGate CPU and
memory usage at a given time and categorizes it as Low, Medium, High, and Critical. You can select the
period to view the resource usage (10 or 30 minutes, 1 or 12 hours, or 1 day). Click on the graph to view the
details.

FortiAIOps 2.1.0 User Guide 72

Fortinet Inc.
Dashboard

l Access Points CPU and Memory Usage – Displays the real-time FortiAP CPU and memory usage at a
given time and categorizes it as Low, Medium, High, and Critical. You can select the period to view the
resource usage (10 or 30 minutes, 1 or 12 hours, or 1 day). Click on the memory and CPU graphs to view
the details, as depicted in the following image.

l High Latency FortiGates - This widget displays the FortiGates with high latency determined based on the
timed out API request. Hover over the graph to view the number of FortiGates with high latency at a given
period of time and click on the graph to view the details of the FortiGates. You can select the period to view
the FortiGates (10 or 30 minutes, 1 or 12 hours, or 1 day).

Select a particular FortiGate and click View stats to view the details of the timed out APIs.

l FortiGate Events - Displays the FortiGate events at a given time and categorizes them based on the
severity level as, Information, Debug, Notice, Warning, Error, Critical, Emergency, and Alert. You can
select the period to view the data (10 or 30 minutes, 1 or 12 hours, or 1 day).

FortiAIOps 2.1.0 User Guide 73

Fortinet Inc.
Dashboard

l Access Points - Displays the total number of access points in your network and their status (Online,
Offine, Waiting for Authorization, or Unknown). Click on the chart to navigate to Wireless > Access
Points.
l FortiSwitches - Displays the total number of FortiSwitches in your network and their status (Online, Offine,
Waiting for Authorization, or Unknown). Click on the chart to navigate to Switch > FortiSwitch.
l FortiSwitches Events - Displays the FortiSwitch events at a given time and categorizes them based on
the severity level as Information, Debug, Notice, Warning, Error, Critical, Emergency, and Alert. You can
select the period to view the data (10 or 30 minutes, 1 or 12 hours, or 1 day).
l Rogue APs - Displays the total number of rogue access points detected in your network. Click on the chart
to navigate to Wireless > Rogue APs.

AI Insights

The AI insights dashboard present data in various panels that is displayed in a series of charts and graphs, that
you can filter based on time duration. Navigate to Dashboard > AI Insights.

Clicking on the statistics of each of the panels in the dashboard displays detailed data graphically and in a
tabular format. The data displayed in tabular format is filterable based on the columns, you can group data by a
specific column or filter data for specific values. This is an example.

FortiAIOps 2.1.0 User Guide 74

Fortinet Inc.
Dashboard

Dashboard data is refreshed at a configurable interval. Use the Add Widget option to manage the widgets
displayed on the dashboard; you can choose to add or remove the widgets.

l Summary
l Impacted Clients Trend on page 76
l Overall Network Health
l Top 3 Impacted Apps
l Top 5 Problematic Devices
l Wireless
l WAN
l Switching

FortiAIOps 2.1.0 User Guide 75

Fortinet Inc.
Dashboard

Summary

The Summary panel displays data in charts and statistics for the total number of connected and impacted
clients for switching, wireless, and WAN. FortiAIOps displays the connected and impacted client count during
the selected duration in the dashboard. Clicking on the donut chart for the connected clients or the statistics for
the impacted clients in this panel, re-directs you to the Impacted Devices page.

Impacted Clients Trend

The Impacted Clients Trend panel displays data trends for the total number of impacted clients for switching,
wireless, and WAN, over a period of time.

Click on any given time interval for the impacted clients to view the Impacted Clients page. This page displays
details of the various devices in your network that are associated with impacted clients. The following image
depicts an example of the impacted WAN clients.

FortiAIOps 2.1.0 User Guide 76

Fortinet Inc.
Dashboard

The data is displayed in the following three panels. For more information on the data and fields displayed on this
page, see Impacted Devices.
l FortiGates - Displays the number of deployed FortiGate controllers with impacted wireless, switching, and
WAN clients.
l Access Points/ Switches/ Interfaces/FortiExtenders - Displays the number of devices, that is, APs,
interfaces, FortiExtenders, and switches with impacted clients.
l Clients - Displays the number of impacted clients for the wireless, switching, and WAN.

Overall Network Health

This panel displays the overall client count trends and health status of all wireless, switching, and WAN clients
connected to your network, at specific intervals of 15 minutes. You can view the total number of clients in your
network and the number of impacted clients at a given point in time.

Hover over the line to view the total number of clients and the line to view the number of impacted clients. In
this example, at 03.30 hours, a total of 145 clients were present in the network of which 32 clients are impacted.

FortiAIOps 2.1.0 User Guide 77

Fortinet Inc.
Dashboard

Click on any given time interval for total clients to view the Connected Clients panel. The data displayed in
tabular format in all the monitor dashboard pages is filterable based on columns, you can group data by a
specific column or filter data for specific values.

Click the AP Name to view the FortiAP details and the operational status of the radios.

Click on any given time interval for total clients to view the Overall Network Health panel. This page displays
details of the various devices in your network that are associated with impacted clients. The number of devices
are listed for each category, you can click on any of these or click on the respective section in the donut chart to
view details. The data is displayed in the following three panels. Refer to Impacted Devices for more
descriptions.

FortiGates - Displays the number of deployed FortiGate controllers with impacted wireless, switching, and
WAN clients.
l Access Points/ Switches/ Interfaces/FortiExtenders - Displays the number of devices, that is, APs,
interfaces, FortiExtenders, and switches with impacted clients.
l Clients - Displays the number of impacted clients for the wireless, switching, and WAN.
Click on the impacted SLA to view the device topology.

FortiAIOps 2.1.0 User Guide 78

Fortinet Inc.
Dashboard

Top 3 Impacted Apps

This panel displays the 3 conference applications running on client devices that are most impacted. These
applications are Microsoft Teams calls, Google Meet, Zoom, WhatsApp audio and video call, and Apple
FaceTime. To view the details, click on the bar in the chart or on the name of the application displayed in the
panel.

The applications are classified as impacted based on the downtime it experiences during various sessions in
the selected time period. You can view the downtime for the latest session and the number of sessions.
Furthermore, click on the number of sessions to view the downtime and other details for each session.

Note: For accurate applications related data in this panel, renew the FortiGuard license for general updates,
including application control signatures for application detection.

Top 5 Problematic Devices

This panel displays the 5 devices with the highest number of impacted clients. The devices displayed here can
be FortiAPs, FortiSwitches, FortiExtenders, and/or interfaces. The device name and the number of associated
clients that are impacted are displayed in descending order.

Click on the device name to view details.

FortiAIOps 2.1.0 User Guide 79

Fortinet Inc.
Dashboard

Wireless

The Wireless panel displays the details of impacted SLAs with the associated device and client details. The
Clients view displays the impacted client count and the Devices view displays the impacted AP count.

SLAs, Topology, and Logs

The impacted SLAs are detected and reported by FortiAIOps with device and client details. The issues reported
are categorized based on classifiers and sub-classifiers, with suggested remedial measures to curtail the SLA
breaches and enhance network performance. The data displayed in this panel is for the time period set in the
dashboard. If you select the Devices view in the Wireless panel and click on any SLA in the impacted SLAs list
or click on the bar in the chart, the impacted devices details such as, AP name, AP serial number, AP IP
address, AP status (online/offline) and state, FortiGate host name and serial number, and classifier and sub-
classifier are displayed.

FortiAIOps 2.1.0 User Guide 80

Fortinet Inc.
Dashboard

If you select the Clients view in the Wireless panel and click on any SLA in the impacted SLAs list or click on
the bar in the chart, the impacted client details, such as, MAC address, hostname, associated SSID and
channels, the AP name, IP address, and serial numbers, the associated FortiGate hostname and serial number,
and the classifier and sub-classifers are displayed.

Select any row and click View Topology to view a simplified topology with a visualization/illustration of the
physical placement of devices, such as, FortiGates, FortiSwitches, and FortiAPs connected to each other in
your network. This hierarchical pattern is representational; you cannot modify the placement of devices on this
page. The topology displays the impacted devices, categorized based on their SLAs, classifiers, and sub-
classifiers. The details of the topologies are described for each SLA in the following sections. You can toggle
between different impacted SLAs on this page and filter data based on the impacted classifier and sub-
classifier.
l Throughput
l Connection Failure
l Time to Connect
l Coverage
l Roaming
l AP Health and Uptime

FortiAIOps 2.1.0 User Guide 81

Fortinet Inc.
Dashboard

Throughput

This SLA monitors your network for low throughput conditions and reports clients/devices based on dynamically
configured threshold breaches.

The Details table displays information such as the impacted radios for the reported classifiers and sub-
classifiers, issue description and the suggested remediation measure, and so on are displayed. Right-click on
the header of the table to select the columns that you wish to view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

Classifiers The classifier of the issue reported for the SLA.

Sub Classifiers The sub-classifier of the issue for the reported classifier.

Impacted Client Count The number of impacted clients.

Issue Cause List Detailed cause of the SLA breach that impacted the client/AP/FortiGate.

Remedies The suggested remedies to resolve the issue.

Radio The AP radio that the client associated with.

Access Point The AP name that the client associated with.

AP Serial Number The AP serial number that the client associated with.

Bandwidth Rx The Rx data throughput of the impacted AP.

Bandwidth Tx The Tx data throughput of the impacted AP.

FortiGate Hostname The hostname of the FortiGate associated with the AP/impacted client.

FortiGate Serial The serial number of the associated FortiGate.

Radio Type The impacted radio and band information.

Radio Impacted Minutes The duration (in minutes) that the radio was impacted for.

FortiAIOps 2.1.0 User Guide 82

Fortinet Inc.
Dashboard

In the impacted details displayed, select a specific row of throughput failure and click View Details. You can
view details of the impacted AP and issue diagnostics. You can view throughput logs related to Diagnostics
with the issue description and the suggested remediation, AP Stats with the associated AP radio details, AP
Logs with the time of the throughput failure event and the associated AP details, Switch Info with the switch
port details connected to the AP, WIFI Clients with details of the impacted clients and a list of all WiFi clients,
Interfering APs with the BSSID and the signal strength of the interfering APs.

Logs Description

Diagnostics This tab provides detailed cause of the SLA breach that impacted the
client/AP/FortiGate. FortiAIOps also suggests the remedy to resolve the
issue.

AP Stats This tab displays the details of the AP radio that the client associated with
and the WAN status details of the AP.

FortiAIOps 2.1.0 User Guide 83

Fortinet Inc.
Dashboard

Logs Description

AP Logs This tab provides the AP event logs generated from FortiGate.

Switch Info This tab displays the configuration details of the switch port connected to
the AP.

Neighbour APs This tab displays details of the detected neighbour APs by the client, for
distant client & coverage hole issues.

WIFI Clients This tab provides details of the impacted clients and also lists all the clients
associated with the AP.

Interfering APs This tab displays details of the interfering APs in your network.

FortiAIOps 2.1.0 User Guide 84

Fortinet Inc.
Dashboard

Logs Description

Connection Failure

Displays the failed/unsuccessful client connections based on different stages of connection to a network. For
example, association failures due to low RSSI, authentication failures due to unreachable RADIUS server,
DHCP failure due to a DHCP server process crash, or DNS failure due to an invalid DNS domain.

The Details table displays details such as the client MAC address, the associated AP serial number and the
SSID, the issue classifier/category and the sub-classifier, the issue description and the suggested remediation
measure, and so on are displayed. Right-click on the header of the table to select the columns that you wish to
view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

MAC Address The MAC address of the impacted client device.

Hostname The name of the device as configured by the user. If the name is not
configured or available, then MAC address is displayed.

Access Point The name of the AP that the impacted client associated with.

SSID The SSID that the impacted client is associated with.

Classifier The classifier of the issue reported for the SLA.

Sub Classifier The sub-classifier of the issue for the reported classifier.

Issue Cause List The detailed causes of the SLA breach that impacted the
client/AP/FortiGate.

FortiAIOps 2.1.0 User Guide 85

Fortinet Inc.
Dashboard

Attribute Description

Remedies The suggested remedies to resolve the issue.

AP Serial Number The AP serial number that the client associated with.

FortiGate Hostname The hostname of the FortiGate associated with the AP/impacted client.

FortiGate Serial The serial number of the associated FortiGate.

User Name The impacted client user name.

Select a specific client and click View Logs. You can view Client Details such as the client device name, the
name of the AP it is associated with and the time of association, associated SSID, and operational details such
as the channel and the MIMO mode. The client Status such as the associated bandwidth (2.5GHZ/5GHZ),
signal strength (RSSI), signal noise, rate of transmission discard and rate of transmission retry between the
client and the AP. The Client Logs display the time stamp of each action and action classification as notice,
warning, etc., and the action details and the associated channel.

Time to Connect

Displays the details of clients that breach the SLA threshold values for these stages of connection,
Association, Authentication, DHCP, and DNS. The actual value of time taken and the configured Time to

FortiAIOps 2.1.0 User Guide 86

Fortinet Inc.
Dashboard

Connect threshold values (static/dynamic) are compared. For SLA configurations, see Time To Connect.

The Details table displays details such as the client MAC address, the associated AP serial number and the
SSID, the issue classifier/category and the sub-classifier, the issue description and the suggested remediation
measure, and so on are displayed. Right-click on the header of the table to select the columns that you wish to
view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

MAC Address The MAC address of the impacted client device.

Hostname The name of the device as configured by the user. If the name is not
configured or available, then MAC address is displayed.

SSID The SSID that the impacted client is associated with.

Classifier The classifier of the issue reported for the SLA.

Sub Classifier The sub-classifier of the issue for the reported classifier.

Signal Strength The signal strength of the client at the time of impact.

Issue Cause List The detailed causes of the SLA breach that impacted the
client/AP/FortiGate.

Remedies The suggested remedies to resolve the issue.

Access Point The name of the access point that the client associated with.

AP Serial Number The AP serial number that the client associated with.

FortiGate Hostname The hostname of the FortiGate associated with the AP/impacted client.

FortiGate Serial The serial number of the associated FortiGate.

User Name The impacted client user name.

Association Delay The association delay measured in milliseconds.

Association Time The total time taken by the client for association.

FortiAIOps 2.1.0 User Guide 87

Fortinet Inc.
Dashboard

Attribute Description

Authentication Delay The authentication delay measured in milliseconds.

Authentication Time The total time taken by the client for authentication.

DNS Delay The DNS delay measured in milliseconds.

DNS Time The total time taken by the client to resolve the DNS request.

DHCP Delay The DHCP delay measured in milliseconds.

DHCP Time The total time taken by a client to receive a DHCP address.

Select a specific row and click View Logs to view the raw logs associated with the impacted client. You can
view Client Details such as the client device name, the name of the AP it is associated with and the time of
association, associated SSID, and operational details such as the channel and the MIMO mode. The client
Status such as the associated bandwidth (2.5GHZ/5GHZ), signal strength (RSSI), signal noise, rate of
transmission discard and rate of transmission retry between the client and the AP. The Client Logs display the
time stamp of each action and action classification as notice, warning, etc., and the action details and the
associated channel.

FortiAIOps 2.1.0 User Guide 88

Fortinet Inc.
Dashboard

Coverage

This SLA monitors your network for coverage issues and reports clients/devices based on dynamically
configured threshold breaches.

The Details table displays issue details such as the radio type, Tx power, neighbour AP count, the issue
classifier/category and the sub-classifier, the issue description and the suggested remediation measure, and so
on are displayed. Right-click on the header of the table to select the columns that you wish to view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

Access Point The name of the FortiAP.

Classifiers The classifiers of the issue reported for the SLA.

Sub Classifiers The sub-classifiers of the issue for the reported classifier.

Issue Cause List The detailed causes of the SLA breach that impacted the
client/AP/FortiGate.

Remedies The suggested remedies to resolve the issue.

Radio ID The AP radio that the client associated with.

Radio Type The impacted radio and band information associated with the client.

Radio Impacted Minutes The duration of time (in minutes) that the Radio was impacted.

AP Serial Number The AP serial number that the client associated with.

TX Power The Tx power of the AP at the time of impact.

FortiGate Hostname The hostname of the FortiGate associated with the AP/impacted client.

FortiGate Serial The serial number of the associated FortiGate.

Radio Type The impacted radio and band associated with the client.

Channel The channel at which the client connected.

FortiAIOps 2.1.0 User Guide 89

Fortinet Inc.
Dashboard

Attribute Description

Impacted Client Count The number of impacted clients.

Interfering AP The list of interfering APs in the network.

To view the logs, select a specific row of an AP event and click View Logs. You can view coverage logs related
to Diagnostics with the issue description and the suggested remediation, AP Stats with the associated AP
radio details, AP Logs with the time of the throughput failure event and the associated AP details, Switch Info
with the switch port details connected to the AP, WIFI Clients with details of the impacted clients and a list of all
WiFi clients, Interfering APs with the BSSID and the signal strength of the interfering APs.

Logs Description

Diagnostics This tab provides detailed cause of the SLA breach that impacted the
client/AP/FortiGate. FortiAIOps also suggests the remedy to resolve the
issue.

FortiAIOps 2.1.0 User Guide 90

Fortinet Inc.
Dashboard

Logs Description

AP Stats This tab displays the details of the AP radio that the client associated with
and the WAN status details of the AP.

AP Logs This tab provides the AP event logs generated from FortiGate.

WIFI Clients This tab provides details of the impacted clients and also lists all the clients
associated with the AP.

Interfering APs This tab displays details of the interfering APs in your network.

Roaming

Slow roaming clients are detected based on the variation of the classifier threshold values set by the users or
calculated dynamically by FortiAIOps. The parameters to identify slow roaming clients are Fast BSS
Transition Roams, PMK Cache, and Opportunistic Key Caching Roams. Any breach in the threshold
values are detected and reported. For SLA configurations, see Roaming.
The Details table displays details such as the client MAC address, the associated AP serial number and the
SSID, the issue classifier/category and the sub-classifier, the issue description and the suggested remediation
measure, and so on. Right-click on the header of the table to select the columns that you wish to view.

FortiAIOps 2.1.0 User Guide 91

Fortinet Inc.
Dashboard

Attribute Description

Date/Time The date and time of the impact as per your timezone.

MAC Address The MAC address of the impacted client device.

Device The name of the device as configured by the user. If the name is not
configured or available, then MAC address is displayed.

SSID The SSID that the impacted client is associated with.

Classifier The classifier of the issue reported for the SLA.

Sub Classifier The sub-classifier of the issue for the reported classifier.

Roaming Delay The delay (latency) in client roaming (milliseconds) in case of threshold
breach.

Roaming Time The duration of time the client was roaming the network.

Radio ID The AP radio that the client associated with.

Radio Type The impacted radio and band information.

AP Serial Number The AP serial number that the client associated with.

Channel The channel at which the AP/client were operating.

Issue Cause List detailed cause of the SLA breach that impacted the client/AP/FortiGate.

Remedies The suggested remedies to resolve the issue.

Access Point The name of the access point.

To view the logs, select a specific row of an AP event and click View Logs. You can view client details such as
Diagnostics with the issue description and the suggested remediation, AP Stats with the associated AP radio
details, and Client Logs with details of the impacted clients.

Logs Description

Diagnostics This tab provides detailed cause of the SLA breach that impacted the client.
FortiAIOps also suggests the remedy to resolve the issue.

AP Stats This tab displays the details of the AP radio that the client associated with.

FortiAIOps 2.1.0 User Guide 92

Fortinet Inc.
Dashboard

Logs Description

Client Logs This tab provides client event logs.

In the various throughput logs displayed, you can right-click on the table header to select the details you want to
view.

AP Health and Uptime

Displays the AP health based on the configured AP health threshold values and the AP down status due to
AP/FortiGate reboot, disabled switch port etc. For SLA configurations, see Device Health.

The Details table displays issue details such as the issue classifier/category and the sub-classifier, the issue
description and the suggested remediation measure, and so on. Right-click on the header of the table to select
the columns that you wish to view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

FortiSwitch Name The name of the switch associated with the impacted AP/client.

Issue Cause List The detailed causes of the SLA breach that impacted the
client/AP/FortiGate.

Remedies The suggested remedies to resolve the issue.

Classifier The classifier of the issue reported for the SLA.

FortiAIOps 2.1.0 User Guide 93

Fortinet Inc.
Dashboard

Attribute Description

Sub Classifier The sub-classifier of the issue for the reported classifier.

AP Serial Number The AP serial number that the client associated with.

FortiGate Hostname The hostname of the FortiGate associated with the AP/impacted client.

FortiGate Serial Number The serial number of the associated FortiGate.

FortiSwitch Serial Number The serial number of the switch associated with the impacted AP/client.

In the AP events displayed, select an event and click View Logs.

Logs Description

Diagnostics This tab provides detailed cause of the SLA breach that impacted the
client/AP/FortiGate. FortiAIOps also suggests the remedy to resolve the
issue.

AP Stats This tab displays the details of the AP radio that the client associated with
and the WAN status details of the AP.

Logs l For the AP down/FortiSwitch health events, triggered due to

FortiSwitch related failure, the FortiSwitch status and logs are
displayed.
l For AP health related events like poor CPU and memory, the AP status
and logs are displayed.
l For AP down events triggered due to FortiAP/FortiGate failure, the AP
status and logs, and FortiGate logs are displayed.

FortiAIOps 2.1.0 User Guide 94

Fortinet Inc.
Dashboard

Logs Description

WIFI Clients This tab provides details of the impacted clients and also lists all the clients
associated with the AP.

Interfering APs This tab displays details of the interfering APs in your network.

Select any impacted client and click Show AP details to view the detailed AP logs.

FortiAIOps 2.1.0 User Guide 95

Fortinet Inc.
Dashboard

Select any of the tabs to view the data described in this table.

Logs Description

Diagnostics This tab provides detailed cause of the SLA breach that impacted the
client/AP/FortiGate. FortiAIOps also suggests the remedy to resolve the
issue.

AP Stats This tab displays the details of the AP radio that the client associated with
and the WAN status details of the AP.

Interfering APs This tab displays details of the interfering APs in your network.

Logs This tab provides the AP event logs generated from FortiGate.

WAN

The WAN panel displays the performance SLA metrics to monitor WAN member interface link quality and to
detect failures and FortiExtender health data, along with the impacted client details. Any client that breaches the
configured SLA thresholds are reported. In each SLA panel, you can select Clients to view the impacted client
count or click Devices to view the impacted interface count.

FortiAIOps 2.1.0 User Guide 96

Fortinet Inc.
Dashboard

Topology and Logs

You can click on the impacted SLA listed in the panel to view the Performance or FortiExtender Health
impacted interface and client details. The issues reported are categorized based on classifiers and sub-
classifiers, with suggested remedial measures. The data displayed in this panel is for the time period set in the
dashboard.

Performance SLA

If you select the Devices view in the WAN panel and click on the Performance SLA in the impacted SLAs list or
click on the bar in the chart, the impacted interfaces' details such as, destination interface, the associated
FortiGate host name, IP address, and serial number, FortiSwitch serial number, and classifier and sub-classifier
are displayed.

If you select the Clients view in the WAN panel and click on the Performance SLA in the impacted SLAs list or
click on the bar in the chart, the impacted client details, such as, MAC address, the AP name and serial
numbers, the associated FortiGate hostname and serial number, FortiSwitch name and serial number,
destination interface, and the classifier and sub-classifers are displayed.

FortiAIOps 2.1.0 User Guide 97

Fortinet Inc.
Dashboard

Select a row and click View Topology. The Details table displays the following information.

Right-click on the header of the table to select the columns that you wish to view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

Access Point The name of the associated AP.

FortiGate Serial Number The serial number of the associated FortiGate.

FortiSwitch Name The name of the associated FortiSwitch.

FortiSwitch Serial Number The serial number of the associated FortiSwitch.

AP Serial Number The serial number of the associated AP.

MAC Address The MAC address of the impacted client device.

Hostname The name of the device as configured by the user. If the name is not
configured or available, then MAC address is displayed.

Issue Cause List The detailed causes of the SLA breach that impacted the

FortiAIOps 2.1.0 User Guide 98

Fortinet Inc.
Dashboard

Attribute Description

client/AP/FortiGate.

Remedies The suggested remedies to resolve the issue.

Classifier The classifier of the issue reported for the SLA.

Sub Classifier The sub-classifier of the issue for the reported classifier.

Health Check The performance SLA check configured in FortiGate.

Source Interface The source interface name.

Destination Interface The destination interface name.

Jitter The amount of jitter (milliseconds) reported for the client.

Packet Loss The percentage of packet loss reported for the client.

Latency The amount of latency (milliseconds) reported for the client.

FortiGate Hostname The hostname of the FortiGate associated with the AP/impacted client.

Breach Summary The WAN SLA threshold that was breached.

Client Type The client type that is impacted, wireless or wired.

FortiExtender Health SLA

If you select the Devices view in the WAN panel and click on the FortiExtender Health SLA in the impacted
SLAs list or click on the bar in the chart, the impacted interfaces' details such as, destination interface, AP serial
number, the associated FortiGate host name, IP address, and serial number, FortiSwitch serial number,
FortiExtender name and serial number, and classifier and sub-classifier are displayed.

If you select the Clients view in the WAN panel and click on the FortiExtender Health SLA in the impacted SLAs
list or click on the bar in the chart, the impacted client details, such as, MAC address, the AP name and serial
number, the associated FortiGate hostname and serial number, FortiSwitch name and serial number,
FortiExtender name and serial number, destination interface, and the classifier and sub-classifers are
displayed.

FortiAIOps 2.1.0 User Guide 99

Fortinet Inc.
Dashboard

Select a row and click View Topology. The Details table displays the following information.

Right-click on the header of the table to select the following columns that you wish to view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

FortiGate Serial Number The serial number of the associated FortiGate.

AP Serial The serial number of the associated AP.

Access Point The name of the associated AP.

MAC Address The MAC address of the impacted client device.

Hostname The name of the device as configured by the user. If the name is not
configured or available, then MAC address is displayed.

Issue Cause List The detailed cause of the SLA breach that impacted the
client/AP/FortiGate/FortiExtender.

Remedies The suggested remedies to resolve the issue.

Classifier The classifier of the issue reported for the SLA.

FortiAIOps 2.1.0 User Guide 100

Fortinet Inc.
Dashboard

Attribute Description

Sub Classifier The sub-classifier of the issue for the reported classifier.

Source and Destination The WAN interface name.

Interface

FortiSwitch Serial Number The serial number of the impacted switch.

FortiSwitch Name The name of the impacted switch.

FortiExtender Serial The serial number of the impacted FortiExtender.

Number

FortiExtender Name The name of the impacted FortiExtender.

FortiGate Hostname The hostname of the FortiGate with which the impacted FortiExtender is
associated.

Client Type The client type that is impacted, wireless or wired.

Select a particular client and click View Logs, to view the impacted client logs.

Switching

The Switching panel displays the total number of impacted clients and SLA data. Select Devices to view the
impacted switch count or click Clients to view the impacted client count.
Notes:
l Ensure that all L2 security features, such as, BPDU guard, loop guard, DHCP snooping, root guard are
enabled on the switch port to detect STP and DHCP failures.
l DHCP failures are reported only for DHCP configurations in the FortiSwitch, such as, DHCP client blocked,
DHCP lease full.

FortiAIOps 2.1.0 User Guide 101

Fortinet Inc.
Dashboard

SLAs, Topology and Logs

The following SLAs are detected and reported by FortiAIOps for switching. The issues reported are categorized
based on classifiers and sub-classifiers, with suggested remedial measures to curtail the SLA breaches and
enhance network performance.
l Throughput
l Network
l Switch Connection Failure
l Switch Health and Uptime

Throughput

Displays potential low throughput conditions, in this page you can view the details of the throughput SLA.

The Throughput table displays information such as the client MAC address, the associated FortiSwitch details,
and port details for the reported classifiers and sub classifiers, issue description and the suggested remediation
measure, and so on are displayed. Right-click on the header of the table to select the columns that you wish to
view.

FortiAIOps 2.1.0 User Guide 102

Fortinet Inc.
Dashboard

Attribute Description

MAC Address The MAC address of the impacted client device.

FortiGate Hostname The hostname of the FortiGate associated with the FortiSwitch/impacted
client.

FortiSwitch Name The name of the FortiSwitch that the impacted client associated with.

Classifier The classifier of the issue reported for the SLA.

Sub Classifier The sub-classifier of the issue for the reported classifier.

Connecting From The IP address of the FortiSwitch.

FortiGate Serial Number The serial number of the FortiGate associated with the
FortiSwitch/impacted client.

FortiSwitch Serial Number The serial number of the FortiSwitch associated with the
FortiSwitch/impacted client.

OS Version The OS version of the FortiSwitch.

Port Name The FortiSwitch port details.

Status The status of the FortiSwitch (online/offline).

State The state of the FortiSwitch (authorized/unauthorized).

Select a row and click View Topology. The Details table displays the following information.

Right-click on the header of the table to select the columns that you wish to view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

FortiSwitch Name The name of the impacted switch.

FortiAIOps 2.1.0 User Guide 103

Fortinet Inc.
Dashboard

Attribute Description

Client MAC Address The MAC address of the impacted client device.

Hostname The name of the device as configured by the user. If the name is not
configured or available, then MAC address is displayed.

Issue Cause List Detailed cause of the SLA breach that impacted the client/switch.

Remedies The suggested remedy to resolve the issue.

Classifier The classifier of the issue reported for the SLA.

Sub Classifier The sub-classifier of the issue for the reported classifier.

FortiGate Hostname The hostname of the FortiGate associated with the impacted client.

FortiGate Serial Number The serial number of the FortiGate associated with the impacted client.

FortiSwitch Serial Number The serial number of the impacted switch.

Port Name The FortiSwitch port details.

To view the Switch logs, select a specific row of a Throughput event and click View Logs. You can view Switch
details and diagnostics with the issue description and the suggested remediation, along with the FortiSwitch
port statistics.

FortiAIOps 2.1.0 User Guide 104

Fortinet Inc.
Dashboard

Network

Displays potential network disruptions that may lead to poor connectivity, in this page you can view the details of
the Network SLA.
Note: The broadcast/multicast storm rate threshold is set to 500 packets per second, storm conditions are
reported when this condition is detected. The storm conditions are detected based on this threshold, even if a
different storm control policy is configured in FortiGate.

The Network table displays information such as the client MAC address and the associated FortiSwitch details
for the reported classifiers and sub classifiers, issue description and the suggested remediation measure, and
so on are displayed. Right-click on the header of the table to select the columns that you wish to view.

Attribute Description

MAC Address The MAC address of the impacted client device.

FortiGate Hostname The hostname of the FortiGate associated with the FortiSwitch/impacted
client.

FortiSwitch Name The name of the FortiSwitch that the impacted client associated with.

FortiAIOps 2.1.0 User Guide 105

Fortinet Inc.
Dashboard

Attribute Description

Classifier The classifier of the issue reported for the SLA.

Sub Classifier The sub-classifier of the issue for the reported classifier.

Connecting From The IP address of the FortiSwitch.

FortiGate Serial Number The serial number of the FortiGate associated with the
FortiSwitch/impacted client.

FortiSwitch Serial Number The serial number of the FortiSwitch associated with the
FortiSwitch/impacted client.

OS Version The OS version of the FortiSwitch.

Port Name The FortiSwitch port details.

Status The status of the FortiSwitch (online/offline).

State The state of the FortiSwitch (authorized/unauthorized).

Select a row and click View Topology. The Details table displays the following information.

Right-click on the header of the table to select the columns that you wish to view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

FortiSwitch Name The name of the impacted switch.

Client MAC Address The MAC address of the impacted client device.

Hostname The name of the device as configured by the user. If the name is not
configured or available, then MAC address is displayed.

Issue Cause List Detailed cause of the SLA breach that impacted the client/switch.

Remedies The suggested remedy to resolve the issue.

Classifier The classifier of the issue reported for the SLA.

FortiAIOps 2.1.0 User Guide 106

Fortinet Inc.
Dashboard

Attribute Description

Sub Classifier The sub-classifier of the issue for the reported classifier.

FortiGate Hostname The hostname of the FortiGate associated with the impacted client.

FortiGate Serial Number The serial number of the FortiGate associated with the impacted client.

FortiSwitch Serial Number The serial number of the impacted switch.

Port Name The FortiSwitch port details.

To view the Switch logs, select a specific row of Network SLA event and click View Logs. You can view Switch
details and diagnostics with the issue description and the suggested remediation, along with the FortiSwitch
port statistics.

FortiAIOps 2.1.0 User Guide 107

Fortinet Inc.
Dashboard

Switch Health and Uptime

Displays the switch health based on the configured switch health threshold values and the status of the switch
(Up/Down). The associated impacted FortiGate controller, switch, and client count are displayed in a collapsible
topology. If you select the Devices view in the Switching panel and click on the SLA in the impacted SLAs list or
click on the bar in the chart, the impacted switches' details such as, OS version, the associated FortiGate host
name and serial number, FortiSwitch name and serial number, FortiSwitch state and status, and classifier and
sub-classifier are displayed.

If you select the Clients view in the Switching panel and click on the SLA in the impacted SLAs list or click on
the bar in the chart, the impacted client details, such as, MAC address, OS version, the associated FortiGate
host name and serial number, FortiSwitch name and serial number, FortiSwitch state and status, and classifier
and sub-classifier are displayed.

FortiAIOps 2.1.0 User Guide 108

Fortinet Inc.
Dashboard

Select a row and click View Topology. The Details table displays the following information.

Right-click on the header of the table to select the following columns that you wish to view.

Attribute Description

Date/Time The date and time of the impact as per your timezone.

FortiSwitch Name The name of the impacted switch.

Client MAC Address The MAC address of the impacted client device.

Hostname The name of the device as configured by the user. If the name is not
configured or available, then MAC address is displayed.

Issue Cause List Detailed cause of the SLA breach that impacted the client/switch.

Remedies The suggested remedy to resolve the issue.

Classifier The classifier of the issue reported for the SLA.

Sub Classifier The sub-classifier of the issue for the reported classifier.

FortiGate Hostname The hostname of the FortiGate associated with the impacted client.

FortiAIOps 2.1.0 User Guide 109

Fortinet Inc.
Dashboard

Attribute Description

FortiGate Serial Number The serial number of the FortiGate associated with the impacted client.

FortiSwitch Serial Number The serial number of the impacted switch.

Select a particular switch and click View Logs, the issue diagnostics and the suggested remedy are displayed.

The Logs tab displays the time stamp of each action, the type of action such as notice, warning, etc., and the
impact details are displayed. Different data tabs are displayed based on the selected issue/failure.

Switch Connection Failure

Displays the failed/unsuccessful client connections based on authentication events such as MAC authentication
and 801x authentication and MAC learning limit.

Select a row and click View Topology. The Details table displays the following information.
Right-click on the header of the table to select the columns that you wish to view.

FortiAIOps 2.1.0 User Guide 110

Fortinet Inc.
Dashboard

Attribute Description

Date/Time The date and time of the impact as per your timezone.

FortiSwitch Name The name of the impacted switch.

Client MAC Address The MAC address of the impacted client device.

Hostname The name of the device as configured by the user. If the name is not
configured or available, then MAC address is displayed.

Issue Cause List Detailed cause of the SLA breach that impacted the client/switch.

Remedies The suggested remedy to resolve the issue.

Classifier The classifier of the issue reported for the SLA.

Sub Classifier The sub-classifier of the issue for the reported classifier.

FortiGate Hostname The hostname of the FortiGate associated with the impacted client.

FortiGate Serial Number The serial number of the FortiGate associated with the impacted client.

FortiSwitch Serial Number The serial number of the impacted switch.

Select a particular switch and click View Logs, the issue diagnostics and the suggested remedy are displayed.

The Logs tab displays the time stamp of each action, the type of action such as notice, warning, etc., and the
impact details are displayed. Different data tabs are displayed based on the selected issue/failure.

FortiAIOps 2.1.0 User Guide 111

Fortinet Inc.
Dashboard

Service Assurance

The Service Assurance dashboard for FortiAIOps is designed to provide comprehensive insights and
monitoring of network performance. It consists of various widgets that offer visual representations and
classifications of different metrics.

The data on this dashboard is based on scheduled test results and is automatically refreshed every 60 seconds;
the following options are available to manage the auto-refresh feature for this page.

l
Click to manually refresh data.
l
Click to pause the auto-refresh.
l
Click to resume the auto-refresh.

The dashboard provides an option to select the duration of the data displayed. You can choose between 1 day,
1 week, 1 hour, and 10 minutes.
Use the Add Widget option to manage the widgets displayed on the dashboard; you can choose to add or
remove the widgets.

FortiAIOps 2.1.0 User Guide 112

Fortinet Inc.
Dashboard

The following widgets provide network data on this dashboard.

l Throughput - This widget displays the measured throughput results of your network. Throughput refers to
the amount of data transferred through the network over a given time period. It presents the data in the form
of a bar chart, indicating the performance levels as Good, Fair, or Bad. Click on the charts to view additional
information.

Right-click on the header of the table to select the columns that you wish to view.

Attribute Description

Test Name The name of the associated test.

Test Type The type of test, throughput or connectivity.

AP Name The name of the access point used during the test.

SSID The SSID associated with the network.

Radio ID The associated radio ID .

Band The frequency band utilized, 2.5 GHz or 5 GHz.

Serial Number The serial number of the associated FortiGate.

Baseline Name The name of associated baseline.

Channel The channel number utilized.

Status The status of the test, Good, Fair, or Bad.

Start Time The timestamp indicating when the test was initiated.

FortiAIOps 2.1.0 User Guide 113

Fortinet Inc.
Dashboard

Attribute Description

Packet Loss The amount of data lost during transmission, expressed as a percentage.

Throughput The measured network throughput, indicating the amount of data transferred.

l Connectivity - This widget displays the measured Connectivity results using a bar chart and classifies the
results as Good, Fair, or Bad. Connectivity refers to the ability of devices to establish and maintain a
connection to the network.Click on the charts to view additional information.

l RF Health - This widget displays the radio frequency (RF) health based on the Service Assurance
Manager (SAM) Connectivity and Throughput test results for each RF Band(2.4GHz/ 5GHz). Click on the
charts to view additional information.

l Top 5 APs by Failure - This widget displays a sorted list of Access Points (APs) based on the highest
number of bad results. Click on the charts to view additional information.

l Top 5 SSIDs by Failure - This widget displays a sorted list of SSIDs based on the highest number of bad
results. Click on the charts to view additional information.

l Channel Health - This widget displays the overall health of the network channels based on the SAM
Connectivity and Throughput test results. Click on the charts to view additional information.

FortiAIOps 2.1.0 User Guide 114

Fortinet Inc.
AI Insights

AI Insights

This section describes the FortiAIOps AI enabled data insights of your network and SLA configurations.
l Impacted SLA
l Impacted Devices
l Network Benchmarks

Impacted SLA

This page displays the impacted wireless, switching, and WAN clients, categorized based on their SLAs,
classifiers, and sub-classifiers. Select any SLA and the associated classifier and sub-classifier charts are
displayed. You can filter and view the SLAs as per any of these categories. In each impacted SLA panel for
wireless, switching, and WAN, you can select Clients to view the impacted client count or click Devices to view
the impacted device count. Navigate to AI Insights > Impacted SLA.

Wireless

The wireless SLA data is reported based on the classifiers and sub-classifiers displayed in this panel. The SLA
data tables lists the client MAC address and hostname, FortiGate hostname and serial number, AP name,
IP address, and serial number, classifier and sub-classifier, the associated SSID, and the operating channel.
Select any row and click on View topology to view the impacted SLA details.

Switching

The switching SLA data is reported based on the classifiers and sub-classifiers listed displayed in this panel.
The SLA data tables lists the client MAC address and hostname, FortiGate hostname and serial number,
FortiSwitch name, serial number, and OS version, classifier and sub-classifier, FortiSwitch state and status
(online/offline). Select any row and click on View topology to view the impacted SLA details.

FortiAIOps 2.1.0 User Guide 115

Fortinet Inc.
AI Insights

WAN

The WAN SLA data is reported based on the classifiers and sub-classifiers displayed in this panel. The SLA
data tables lists the client MAC address and hostname, FortiGate hostname and serial number, FortiSwitch
name and serial number, AP name and serial number, classifier and sub-classifier, and the destination
interface. Select any row and click on View topology to view the impacted SLA details.

Select any device listed in the tables and click on View Topology for topology and other details. For details on
the SLAs, topology, and logs, see section AI Insights.

Impacted Devices

This page displays details of the various devices in your network that are associated with impacted clients, that
include the wireless, switching, and WAN clients. You can view and analyze the SLA data based on the device
type. The data is displayed in the following three panels. The number of devices are listed for each category,
you can click on any of these or click on the respective section in the donut chart to view details. Navigate to AI
Insights > Impacted Devices.

FortiAIOps 2.1.0 User Guide 116

Fortinet Inc.
AI Insights

FortiGates

Displays the number of deployed FortiGate controllers with impacted wireless, switching, and WAN clients.
The following example displays the FortiGates-Wireless SLA with information such as FortiGate host name,
serial number, and IP address, and lists the impacted APs, clients, and SLAs. Select any row and click on the
impacted SLA name to view the topology. Data is displayed for FortiGate wireless clients based on the selected
SLA breaches only.

The following example displays the FortiGates-WAN SLA with information such as FortiGate host name, serial
number, and IP address, and lists the impacted APs, clients, SLAs, switches, and interfaces. Select any row
and click on the impacted SLA name to view the topology.

The following example displays the FortiGates-Switching SLA with information such as FortiGate host name,
serial number, and IP address, and lists the impacted clients, SLAs, and switches. Select any row and click on
the impacted SLA name to view the topology.

Access Points/ Switches/ Interfaces/FortiExtenders

Displays the number of devices, that is, APs, interfaces, FortiExtenders, and switches with impacted clients.
The following example displays the Access Points with information such as AP name, serial number, and IP
address, FortiGate host name and IP address, and lists the impacted clients and SLAs. Select any row and click
on the impacted SLA name to view the topology.

FortiAIOps 2.1.0 User Guide 117

Fortinet Inc.
AI Insights

The following example displays the Interfaces with information such as the interface, FortiGate host name,
serial number, and IP address, and lists the impacted clients and SLAs. Select any row and click on the
impacted SLA name to view the topology.

The following example displays the Switches with information such as the switch host name, IP address, OS
version, and serial number, FortiGate host name, serial number, and IP address, and lists the impacted clients
and SLAs along with the status and state of the switch. Select any row and click on the impacted SLA name to
view the topology.

The following example displays the FortiExtenders with information such as the interface, FortiGate host name,
and FortiExtender name, and lists the impacted clients and SLAs. Select any row and click on the impacted SLA
name to view the topology.

Clients

Displays the number of impacted clients for the wireless, switching, and WAN.
The following example displays the Wireless Clients with information such as the FortiGate host name, serial
number, and IP address, AP name and IP address, client MAC address, and the impacted SLAs. Select any row
and click on the impacted SLA name to view the topology.

FortiAIOps 2.1.0 User Guide 118

Fortinet Inc.
AI Insights

The following example displays the WAN Clients with information such as the FortiGate host name, serial
number, and IP address, AP name, IP address, and serial number, switch name, IP address, and serial number,
client MAC address, interface details, and the impacted SLAs. Select any row and click on the impacted SLA
name to view the topology.

The following example displays the Switching Clients with information such as the FortiGate host name, serial
number, and IP address, switch name, IP address, OS version, state, and status, client MAC address, and the
impacted SLAs. Select any row and click on the impacted SLA name to view the topology.

Network Benchmarks

This section explains how to configure SLA metrics to define values to match network deployment and required
thresholds. Navigate to AI Insights > SLA configuration.
l SD-WAN
l Wireless
l Device Health

SD-WAN

The SD-WAN SLA monitors and measures the health of links that are connected to SD-WAN member
interfaces based on the latency, jitter, and packet loss metrics. This enables the selection of an optimal link for

FortiAIOps 2.1.0 User Guide 119

Fortinet Inc.
AI Insights

traffic routing, that prevents traffic from being sent to broken links and getting lost. Thereby, enhancing network
performance and reliability.
The SD-WAN page provides detailed link quality measurements with advanced AI insights, to forecast potential
issues in the SD-WAN links. It summarizes the overall network health and provides performance data in terms
of statistics and trends of latency, jitter, and packet loss metrics.
FortiAIOps base-lines the acceptable link performance of the deployed network to detect and report anomalies
in case of SLA breaches. The range and baseline of performance metrics is identified based on historical data,
to forecast and report any deviations. This ability of FortiAIOps to forecast the performance of the network,
prepares you to effectively handle performance issues that might affect the network health.
FortiAIOps monitors and forecasts latency, jitter, and packet loss for the upcoming week based on available
SLAs. It monitors the real time performance of the network to report any changes in the SD-WAN link
performance.
l Pre-requisites
l Recommendations

Pre-requisites

The SD-WAN SLA monitors and measures the health of links that are connected to SD-WAN members based
on SLA log messages (pass and fail), to predict the performance. Configure the SD-WAN health check in
FortiGate as shown in the following example.
config system sdwan

config health-check
edit "<Health Check Name>"
set sla-fail-log-period 60
set sla-pass-log-period 60
For more details, see Link Health Monitor.

Recommendations

Fortinet recommends the following for best usage of the FortiAIOps capabilities.
l Use a time interval of 60 seconds for sla-fail-log-period and sla-pass-log-period for high
accuracy.
l Enable ntp sync for accurate SD-WAN forecast and anomaly detection.
Navigate to AI Insights > SD-WAN and select the FortiGate, corresponding health check, and the interface that
you want to analyze.
l Configure Baselines
l Performance Summary
l Health Check Trends
l Anomalies

FortiAIOps 2.1.0 User Guide 120

Fortinet Inc.
AI Insights

Configure Baselines

Performance SLA baselines are used as the benchmark to analyze the network, forecast its performance, and
detect anomalies. You can enable static or dynamic thresholds for assessing the performance of the SD-WAN
links. Click Manage Baselines.

l Static Baseline - These baselines are SLA targets configured in FortiGate or FortiAIOps default
thresholds, for jitter, packet loss, and latency. If the SLA targets are not specified in FortiGate, then the
following default baselines are used for all the 3 metrics.
l Latency - 100 ms
l Jitter - 30 ms
l Packet Loss - 1 %
Dynamic Baseline - These baseline values are calculated using real-time data from the previous week
and are updated dynamically, every week, for jitter, packet loss, and latency. This is the default baseline
mode.
Note: Fortinet recommends to use SLA targets for the Performance SLA, when static mode is used. The SLA
targets are a set of constraints that are used in SD-WAN rules to control the paths that traffic takes. The
constraints are configured using the FortiGate GUI and CLI. For more information, see Link health monitor.

Performance Summary

The Performance Summary panel provides the statistics for the WAN interface's performance based on the
jitter, packet loss, and latency metrics. The events reported are categorized as good, fair, and bad, based on the
metric performance with respect to the configured or calculated thresholds. This shows overall summary of the
performance metrics, availability of network, and issues for the selected interval. Hover the cursor over the chart
to see the break-up of the statistics.

FortiAIOps 2.1.0 User Guide 121

Fortinet Inc.
AI Insights

To learn more about the SD-WAN interface performance prediction based on the FortiAI insights, click Show
FortiAI Insights.

FortiAIOps 2.1.0 User Guide 122

Fortinet Inc.
AI Insights

Health Check Trends

The health check graphs display the performance trends for packet loss, latency, and jitter against the
predicted/forecasted values, with the anomalies for the selected interface. A comparative view between the
following statistics is offered.
Note: The trends displayed are on an hourly basis.

l Forecast - This is indicative of the range predicted by FortiAIOps based on historical statistics.
l Observed Data - This is the range of real time statistics observed in a given hour.
l Anomaly - Anomalies are reported when FortiAIOps observes a deviation in the data exceeding the usual
variation in the network, or exceeds the static/dynamic baselines.
l Static Threshold - Static SLA baselines are SLA targets that are configured in FortiGate or FortiAIOps
default thresholds.
Hover the cursor over the graph to view the statistics for each performance metric. Clicking on anomaly point in
the trend graph displays the details.

FortiAIOps 2.1.0 User Guide 123

Fortinet Inc.
AI Insights

l Insights - This provides the impact analysis for the anomaly that includes the performance summary
categorizing the events as good, bad, and fair, the statistics for the impacted clients and the duration of the
impact. FortiAIOps lists the cause of the anomaly with the recommended action. The incident timeline
provides statistics for when the metric exceeds the threshold values and the observed variation thresholds.

l General Information - This provides general information about the detected anomaly such as, the
duration, the FortiGate host name, interface, configured health check, and so on.

Anomalies

As mentioned earlier, anomalies are reported when a High Variation in performance is detected as compared
to the usual variations in the network or when the performance exceeds the configured Upper Threshold for
static or dynamic baselines. The details of these anomalies is displayed in the trend graphs, offering an in-depth
analysis of the overall health of the jitter, latency, and packet loss metrics.

FortiAIOps 2.1.0 User Guide 124

Fortinet Inc.
AI Insights

Using the anomaly charts, you can view the total number of anomalies classified into high variation, SLA down,
and above expected thresholds for the selected duration. Click on the icon for additional information.
l Latency/Jitter/Packet Loss Threshold - Anomaly observed due to data exceeding the expected
threshold.
l Variation Threshold - Anomaly observed due to variation exceeding the expected variation.
l SLA Down - Anomaly observed due to performance SLA being down.

FortiAIOps 2.1.0 User Guide 125

Fortinet Inc.
AI Insights

Wireless

You can configure the following wireless SLAs in this page.

l Time To Connect
l Roaming

Time To Connect

You can configure static thresholds or enable FortiAIOps to compute them dynamically. Based on the
configured thresholds, the variations in the time to connect are recorded for each phase, and the statistics are
displayed in the AI Insights tab.

Dynamic Baselines

You are required to provide the following information for threshold/baseline configuration.

FortiAIOps 2.1.0 User Guide 126

Fortinet Inc.
AI Insights

l Scope - Select the scope to calculate the thresholds which could either be per Device Group, per
FortiGate, or per AP.
l Time Selection - Set the time range/duration for which FortiAIOps analysis client data to derive the
thresholds.
l Schedule Baselines Computation - Set the time when FortiAIOps calculates the baselines and applies
them to your network to obtain and report the relevant SLAs.
l Repeat Cycle - Configure the repetition of the above configurations, that is, the phase of analyzing client
activity and the calculation/application of the algorithms.
The baseline values calculated by FortiAIOps are displayed in the table. You can re-compute specific baseline
values.

Static Threshold

Configure the time (milliseconds) for the following stages of client connection to a network.

FortiAIOps 2.1.0 User Guide 127

Fortinet Inc.
AI Insights

l Association - The time taken by a client to successfully associate.

l Authentication - The time taken by associated clients to authenticate.
l DHCP - The time taken by successfully associated and authenticated clients to receive a valid DHCP
address.
l DNS - The time taken by successfully associated, authenticated, and received a DHCP address clients to
resolve their first DNS request.
Notes:
l The default value for these parameters is 300 milliseconds and the valid range is 1 - 1000000 milliseconds.
l DNS is not supported.

Roaming

You can configure static thresholds or enable FortiAIOps to compute them dynamically. Based on the
configured thresholds, the variations in the time to connect are recorded for each phase, and the statistics are
displayed in the AI Insights tab.

Dynamic Baselines

You are required to provide the following information for threshold/baseline configuration.

FortiAIOps 2.1.0 User Guide 128

Fortinet Inc.
AI Insights

l Scope - Select the scope to calculate the thresholds which could either be per Device Group, per
FortiGate, per AP, or per SSID.
l Time Selection - Set the time range/duration for which FortiAIOps analysis client data to derive the
thresholds.
l Schedule Baselines Computation - Set the time when FortiAIOps calculates the baselines and applies
them to your network to obtain and report the relevant SLAs.
l Repeat Cycle - Configure the repetition of the above configurations, that is, the phase of analyzing client
activity and the calculation/application of the algorithms.
The baseline values calculated by FortiAIOps are displayed in the table. You can re-compute specific baseline
values.

Static Threshold

For static threshold configuration to enable faster roaming, configure the following parameters.

FortiAIOps 2.1.0 User Guide 129

Fortinet Inc.
AI Insights

l Fast BSS Transition Roams(11r) - This is implemented as part of the 802.11r standard and enables fast
roaming of wireless clients by pre-authenticating them with several APs in the network; this pre-
authentication is done prior to when the client begins roaming. This feature allows immediate BSS
transitions between APs and curtails the latency caused by deferred data connectivity, often experienced
when a client has to transition from one BSS to another while roaming in a multi-AP deployment. The
default roaming time value is 55 ms and the valid range is 1 - 600000 ms.
Note: To use this feature of FortiAIOps, ensure that the wireless client supports 802.11r standard enable
802.11r roaming on the SSID using the set fast-bss-transition CLI commands on FortiGate.
l PMK Cache Roams – The Pairwise Master Key (PMK) caching enables a wireless client to re-associate
with an AP without re-authenticating. When a wireless client associates with an AP through the 802.1x
authentication process, a master key negotiated with the AP is stored in a cache. When the client roams to
different APs and then wants to re-associate with this AP again, then the already cached PMK is used for
authentication. This significantly reduces the authentication time as the client-AP are not required to go
through the entire 802.1x authentication process again, ensuring minimal latency in data connectivity
during roaming. The default roaming time value is 100 ms and the valid range is 1 - 600000 ms.
l Opportunistic Key Caching Roams (okc) – This feature enables swift roaming of wireless clients to APs
that it has never associated with earlier, without any requisite pre-authentication. When an AP successfully
completes the 802.1x authentication and associates with a wireless client, it stores a unique PMK
associated with that client. This per client PMK is advertised to and stored by all the APs in that particular
network. When a client roams, it associates with a new AP based on this cached PMK, without any pre-
authentication. This reduces the latency caused during roaming by eliminating the re-authentication
process. The default roaming time value is 100 ms and the valid range is 1 - 600000 ms.
FortiAIOps dynamically determines the optimal roaming time for each type of roaming for a specific AP-Client
environment using machine learning algorithms.

FortiAIOps 2.1.0 User Guide 130

Fortinet Inc.
AI Insights

Device Health

Configure AP, switch, and FortiExtender health SLA threshold values. The AP health is displayed in the AP
Health and Uptime SLA of the Wireless section, the switch health is displayed in the Switch Health and Uptime
SLA of the Switching section, and the FortiExtender health is displayed in the FortiExtender Health SLA of the
WAN section.
Navigate to AI Insights > SLA configuration > Device Health to configure the following parameters.
l CPU usage
l Memory usage

FortiAIOps 2.1.0 User Guide 131

Fortinet Inc.
AI Insights

l Temperature

The default value for the CPU and memory parameters is 80% and the default value for the temperature is 45
degree Celsius.

FortiAIOps 2.1.0 User Guide 132

Fortinet Inc.
Inventory

Inventory

This section describes adding the FortiGate controllers to FortiAIOps, grouping them, and the management
operations on the added controllers.
l Adding and Managing FortiGates
l Device Groups
l VDOM Support

Adding and Managing FortiGates

This page provides a graphical representation of the FortiGate controllers deployed in your network. You can
view and monitor the current status of the FortiGate controllers, the various FortiGate models in use, and the OS
versions. The table beneath the charts provides the details of all FortiGate controllers; click on specific areas of
the chart to filter data displayed in the table.

You can perform the following operations on this page.

l Adding a FortiGate
l Importing and Exporting FortiGates
l Managing FortiGates

Adding a FortiGate

The communication between the FortiAIOps application and FortiGate is secured by SSL/TLS encryption.
Therefore, FortiAIOps can successfully discover a FortiGate only if a valid certificate is installed in FortiGate.
However, FortiAIOps can also discover FortiGates with a default certificate over a trusted connection. If a 3rd
party certificate is installed in FortiGate for HTTPS/web server then the corresponding CA certificate should be

FortiAIOps 2.1.0 User Guide 133

Fortinet Inc.
Inventory

Installed in FortiAIOps for successful discovery. For more information see Certificates and FortiGate
Certificates.
The managed FortiGate IP address/FQDN configured in FortiAIOps must match the Subject Alternative Name
(SAN) in the FortiGate certificate, else, the FortiGate discovery fails.
l If the FortiGate IP address is configured in FortiAIOps then the SAN attribute in the certificate should be the
FortiGate IP address.
l If the FortiGate FQDN is configured in FortiAIOps then the SAN attribute is the certificate should be the
FortiGate FQDN.
l If the FortiGate IP address or FQDN are configured in FortiAIOps then the SAN attribute in the certificate
should include both the FortiGate IP address and FQDN.
Notes:
l FortiGate discovery fails if a certificate is from an unknown authority. Ensure to install specific CA certificate
of FortiGate in FortiAIOps.
l If a new certificate is installed in a managed FortiGate then Fortinet recommends to re-add the FortiGate in
FortiAIOps.
l For self-signed CA certificates generated in FortiGate, valid CA certificate should be installed in
FortiAIOps.
l To use a Let's Encrypt certificate, ensure to download and install the CA certificate of Let's Encrypt in
FortiAIOps. For more information see Automated Certificate Management Environment (ACME).
To manually add a FortiGate controller, click Add and provide the following details.

1. Select Standalone or HA Cluster if the FortiGate is an HA cluster.

2. Enter the IP Address or FQDN of the controller and an optional Description.
Note: If a 3rd party certificate is used by FortiGate then ensure to install a valid CA certificate in FortiAIOps.
3. Enter the Username and Password for the controller.
4. Select the Device Group. Controllers in the selected device group are added.

FortiAIOps 2.1.0 User Guide 134

Fortinet Inc.
Inventory

5. Specify the HTTPS port. The default is 443.

6. Specify the Timeout duration (milliseconds), that is, the maximum time allowed to establish a connection
with FortiGate and obtain a response. The default value is 3000 milliseconds.
The added FortiGate controller is now listed.

Importing and Exporting FortiGates

You can import details of FortiGate controllers from a .csv file to add them. Enter the details in the format
depicted in the image here.

You can download a sample template for populating the FortiGate details, from the Actions drop-down menu.

Select Import to upload the FortiGate configuration file.

You can export the configurations of all the existing FortiGate controllers added to FortiAIOps, in a .csv format.
Click Export All and the file with details of the added FortiGate controllers is downloaded to your machine.
Note: The HA cluster addition does not work using the Import option.

Managing FortiGates

This page provides analytical information related to the performance of various elements and processes in your
network. The data is visually represented with interactive options to drill-down and filter specific information.
This enables monitoring, diagnostic, and troubleshooting operations for connectivity issues, data usage, and
enhancing performance.

FortiAIOps 2.1.0 User Guide 135

Fortinet Inc.
Inventory

You can perform the following operations on a FortiGate controller listed on this page.
l Reboot - Select a FortiGate controller to reboot and click Reboot.
l CLI - Select a FortiGate controller and select CLI to access the CLI interface.
l Edit and Delete - Select a FortiGate controller and click Edit (to update configuration) or Delete (to
remove the FortiGate).
l View Details - Select a FortiGate for Diagnostics and tools. This pane displays details about the
selected FortiGate and also provides diagnostic tools for your network.

To view details of the HA cluster, click on the icon in the FortiGate Name column.

FortiAIOps 2.1.0 User Guide 136

Fortinet Inc.
Inventory

Performance

This tab displays the performance data for your network based on various parameters. You can filter the trends
based on the selected duration or customized time slot; select a time window or define a Custom range. The
custom range allows the selection of a minimum of 1 day and the maximum is the duration of log retention
configured in System > Settings. The data in this tab is automatically refreshed every 60 seconds; the
following options are available to manage the auto-refresh feature for this page.

l
Click to manually refresh data.
l
Click to pause the auto-refresh.
l Click to resume the auto-refresh.

Performance is displayed for the following.

l Environmental
l Wireless
l Clients

Environmental

This tab displays resource usage such as, the maximum CPU and memory usage levels, and the maximum
number of sessions at a given time.

Hover over each of these graphs to view the current statistics and click on any of these graphs to view details.

FortiAIOps 2.1.0 User Guide 137

Fortinet Inc.
Inventory

Wireless

Displays detailed information about the health of the wireless connections in the network, such as, loss%, SNR,
channel utilization %, number of stations, status of the FortiAPs, low signal stations, the average throughput at a
given time, and the number of rogue APs at a given time.

Hover over each of these graphs to view the current statistics and click on any of these graphs to view details.

FortiAIOps 2.1.0 User Guide 138

Fortinet Inc.
Inventory

Clients

This tab displays information about the clients connected to the network, such as, throughput, Loss (%), Retries
(%), and SNR (dB) and throughput.

Hover over each of these graphs to view the current statistics and click on any of these graphs to view details.

Channel Summary

This page provides granular insights into the performance of each channel with detailed statistics and trends.
For more information, see Channel Summary.

FortiAPs

This tab displays details about the selected access point with their status and details. To view the details, select
an access point and click View Details. For more information on the diagnostic options and details see Access
Points.

Clients

This tab displays the clients currently connected to the selected access point along with their details. To view
the details, select a client and click View Details. For more information on the diagnostic options and details
see Clients on page 160.

FortiAIOps 2.1.0 User Guide 139

Fortinet Inc.
Inventory

FortiSwitch

This tab displays a graphical snapshot of the FortiSwitch activity such as, the total number of FortiSwitches,
their status (online/offline), and the deployed model details. To view the details, select a FortiSwitch and click
View Details. For more information on the diagnostic options and details see FortiSwitch.

Logs

This tab displays the detailed FortiGate event logs and each event is assigned a severity, that is depicted with a
color code. Hover over the color bar in the Level column to view the severity.

l Emergency, Critical (red)

l Alert (orange)
l Error, Warning (blue)
l Notice, Information, Debug (green)
Select an event row and click Details to view the detailed log information.

l General - Generic information about the log event such as, the date and time of event logging, the
associated virtual domain, and the log description.
l Source - The details of the associated access point such as the MAC address, interface, and SSID.

FortiAIOps 2.1.0 User Guide 140

Fortinet Inc.
Inventory

l Action - The reason for the log event generation.

l Security - The severity of the log event, the configured security mode, and the encryption type.
l Event - The serial number of the access point and the generated log message.
l Other - Generic information such as the log event time stamp, the timezone, log type, and so on.

Tools

FortiAIOps provides various utilities that you can run on the FortiAP for Connectivity Analysis, Network
Analysis, and Enhanced Troubleshooting.
l Packet Capture
l ARP Table
l Routing Table
l DHCP
l DNS Lookup
l Reverse DNS Lookup
l Web CLI
l TAC Report
l Process Monitor

Packet Capture

You can use the packet capture tool to select a packet and view its header and payload information in real-time.
Once completed, packets can be filtered by various fields or through the search bar. The capture can be saved
as a PCAP file that you can use with a third-party application, such as Wireshark, for further analysis.

FortiAIOps 2.1.0 User Guide 141

Fortinet Inc.
Inventory

Click Run and select the Interface and the Maximum captured packets (default is 10). You can enable filters,
for a Basic filter, provide the Host, Port, and Protocol Number and for an Advanced filter, enter a string, such
as src host 172.16.200.254 and dst host 172.16.200.1 and dst port 443. Click Start capture.

ARP Table

The ARP Table records the discovered MAC address - IP address pairs of devices connected to a network and
the interface details. Each connected device has its own ARP table that stores the MAC-IP address pairs that
the device has communicated with. Click Run to view the ARP table.

Routing Table

You can view the routing table on the FortiGate, including all static and dynamic routing protocols.

FortiAIOps 2.1.0 User Guide 142

Fortinet Inc.
Inventory

DHCP

The DHCP monitor shows all the addresses leased out by FortiGate's DHCP servers.

DNS Lookup

Enter the domain name (FQDN) to view the IP addresses associated with it.

FortiAIOps 2.1.0 User Guide 143

Fortinet Inc.
Inventory

Reverse DNS Lookup

Enter the IP address to view the domain name (FQDN) associated with it.

Web CLI

Access the FortiGate's command line interface.

FortiAIOps 2.1.0 User Guide 144

Fortinet Inc.
Inventory

TAC Report

The Technical Assistance Center (TAC) report runs an exhaustive series of diagnostic commands for
troubleshooting network issues. You are required to download the generated report (.txt) to view it; click
Download report.

Process Monitor

The process monitor displays running processes with their CPU and memory usage levels. You can sort, filter,
and terminate processes within the process monitor pane.

FortiAIOps 2.1.0 User Guide 145

Fortinet Inc.
Inventory

Select a process to perform any of the following operations.

l Kill Process - The standard kill option that produces one line in the crash log (diagnose debug crashlog
read).
l Force Kill - The equivalent to diagnose sys kill 9 <pid>. This can be viewed in the crash log.
l Kill & Trace - The equivalent to diagnose sys kill 11 <pid>. This generates a longer crash log and
backtrace. A crash log is displayed afterwards.
For more information on the FortiGate commands and related information, see FortiGate documentation.

Device Groups

You can group FortiGate controllers for ease of management. Each controller can belong to only one group; if a
controller is added to a second group, it is automatically removed from the previous group. Device groups allow
administrators to manage devices in a certain way, such as, provide specific access to a set of devices. The
admin user have access to all the device groups and devices within them. System administrators and users
assigned the super user role can only create and configure device groups.

If you do not set up device groups, all controllers remain assigned to the Default device group.
1. Navigate to Device Groups and click Add.
2. Provide a unique Device Group Name and an optional Description.
3. A list of controllers managed by FortiAIOps is displayed. Select from the listed controllers and click Create.
The controllers are added to the device group.

FortiAIOps 2.1.0 User Guide 146

Fortinet Inc.
Inventory

You can switch the device group from the bar on the top-right of the GUI; click Device Group and select the
available group. To add a FortiGate controller to an existing device group or move a FortiGate to a different
group, select the device group where you want to add/move the FortiGate to and click Edit. The FortiGate
controllers are listed, select the FortiGate you want to add to this group and click Update.

VDOM Support

VDOMs are used to divide a FortiGate into two or more virtual units that function independently. VDOMs can
provide separate security policies and, in NAT mode, completely separate configurations for routing and VPN
services for each connected network. When a FortiGate is in multi-VDOM mode, a VDOM can be configured as
an Admin, Traffic, or LAN extension type VDOM. For more information to add a VDOM, see Virtual Domains.

Adding/Managing VDOMs in FortiAIOps

To add and manage FortiGate VDOMs in FortiAIOps, note the following.

l Add the FortiGates using the root VDOM IP address/hostname.
l The FortiAPs, FortiSwitches, and client information displayed in FortiAIOps dashboards is retrieved from all
the VDOMs.
The VDOM information is displayed in the following pages of the FortiAIOps GUI. You can view VDOM
information in the VDOM column.
l Wireless > Access Points

l Wireless > Clients

FortiAIOps 2.1.0 User Guide 147

Fortinet Inc.
Inventory

l Switch > FortiSwitch

l Switch > FortiSwitch Clients

The following limitations apply on VDOM usage in this release of FortiAIOps.

l Monitoring and managing individual VDOMs is not supported currently; hence, data from all VDOMs is
displayed in FortiAIOps.
l Moving a FortiGate between device groups moves all the VDOMs.
l The AI Insights dashboards do not display VDOM separation.

FortiAIOps 2.1.0 User Guide 148

Fortinet Inc.
Wireless

Wireless

The Wireless section of the FortiAIOps provides a comprehensive set of tools for managing and monitoring
wireless networks.
l Access Points
l Clients
l Channel Summary
l Applications
l Location Services Monitor
l Heat Maps
l Rogue APs
l Map Management

Access Points

The Access Points page displays essential information about the APs in use and consists of two views - AP and
Radio view. To switch between the AP and Radio views, select the desired view from the dropdown menu
located at the middle of the Access Points page. By default, the AP is displayed when the page loads.

l AP
l Radio
l Diagnostics and Tools

AP

The AP view displays information related to the Access Point and consists of three widgets - FortiAP status,
Channel Utilization, and FortiAP model.

FortiAIOps 2.1.0 User Guide 149

Fortinet Inc.
Wireless

FortiAP Status

The FortiAP Status widget provides information about the status of each AP listed on the page. It displays the
current status of the AP, which can be either Online, Offline or Unauthorized.

Band

The band widget provides the number of channels for the 2.4GHz, 5GHz and 6GHz bands. Hovering over the
chart displays the number of APs in that band and the percentage of the total channels that they comprise of.

FortiAP Model

The FortiAP Model widget displays the model number of each AP listed on the page. It provides information
about the hardware model of the AP and its associated count. This widget is useful for identifying the different
models of APs being used in the network.
Note: Click the donut chart in the widgets, to filter the AP table. To reset the filter, click the widget name.
The APs are listed with their relevant details, including the AP name, FortiGate, FortiAP status, SSID , channel,
clients, OS version, FortiAP profile and license. To view detailed information about an AP, select the desired AP
from the list and click View Details. See, Diagnostics and Tools.
Right-click on the header of the table to select the desired columns to add to the table, and then click Apply to
update the table with the selected columns.

To reset the table to its default state, click Reset button. Click Best Fit Columns to automatically adjust the
column width to fit the data displayed in the table.
To filter the AP list based on the column data, click the filter icon in the column header next to the title, select the
value to be filtered and click Apply.
Type in the search term in the search bar located at the top of the AP list. The search term can be a specific AP
name, client name, or any other relevant information.
Click the plus icon located to the left of the search bar to perform a more specific search based on a particular
column. Select the desired column, and then enter the search term to narrow down the search results to specific
criteria.

FortiAIOps 2.1.0 User Guide 150

Fortinet Inc.
Wireless

Radio

The Radio view displays information related to the radios in the AP and consists of three widgets - Status, Type
and Channel.

Status

The Status widget displays the current status of each radio, either Online or Offline.

Type

The Type widget displays the type of each radio, such as 802.11a/n/ac or 802.11b/g/n, 802.11ax, 802.11ax-6G,
or unknown. This information is useful for identifying the capabilities and features of each radio within the AP.

Channel

The Channel widget displays the channel being used by each radio. This information is important for optimizing
the network's performance and minimizing interference between radios within the AP.
The radios are listed with their relevant details, including the AP name,AP serial number, FortiGate, FortiAP
status, SSID , channel, No of clients, FortiAP profile, Band , Type, Radio ID, AP mode, Channel Utilization and
license.
To view detailed information about an AP, select the desired AP from the list and click View Details. See,
Diagnostics and Tools.
Right-click on the header of the table to select the desired columns to add to the table, and then click Apply to
update the table with the selected columns.

FortiAIOps 2.1.0 User Guide 151

Fortinet Inc.
Wireless

To reset the table to its default state, click Reset button. Click Best Fit Columns to automatically adjust the
column width to fit the data displayed in the table.
To filter the AP list based on the column data, click the filter icon in the column header next to the title, select the
value to be filtered and click Apply.
Type in the search term in the search bar located at the top of the AP list. The search term can be a specific AP
name, client name, or any other relevant information.
Click the plus icon located to the left of the search bar to perform a more specific search based on a particular
column. Select the desired column, and then enter the search term to narrow down the search results to specific
criteria.

Access Points Diagnostics and Tools

The Diagnostics and Tools pane displays the details about the selected Access Point/Radio and allows you to
run diagnostic tests.
l Performance
l Channel Summary
l Clients
l Interfering SSIDs
l Logs
l Spectrum Analysis
l VLAN Probe

Performance

The performance tab displays trends for the FortiAP health, wireless, and wired clients for selected interval.You
can filter the trends based on the selected duration or customized time slot; select a time window or define a
custom range. The custom range allows the selection of a minimum of 1 day and the maximum is the duration of
log retention configured in System > Settings. The minimum, maximum, and average values are displayed
when a time interval of more than 6 hours is selected.

AP Health

This tab monitors and displays the CPU and memory usage by the FortiAP over the selected time interval. At
any given point in time, you can view the maximum, minimum, and average CPU and memory usage. This tab
also displays the operating temperature of the FortiAP collected by various sensors. The temperatures recorded
by all sensors are displayed.

FortiAIOps 2.1.0 User Guide 152

Fortinet Inc.
Wireless

Wireless

It includes charts for clients, bandwidth, channel utilization, transmission discard, retries, and noise levels on the
respective radio interface. The default interval is 10 minutes and can it be changed according to your
requirements.

The minimum, maximum, and average values are displayed in the Bandwidth, Transmission and Noise
panels when the selected time interval is more than 6 hours, as depicted in the following image.

FortiAIOps 2.1.0 User Guide 153

Fortinet Inc.
Wireless

Click on the graphs for a specific time to view details. The following image depicts the details displayed for an
interval of less than 6 hours.

The following image depicts the details displayed for an interval of more than 6 hours.

Wired

The LAN port statistics are now displayed for access points. You can view the traffic coming into a LAN port and
the traffic leaving it at a given point in time. Also, the error statistics for both incoming and outgoing traffic is
displayed.
Note: The LAN port status is not displayed for FAP-421E and FAP-423E.

FortiAIOps 2.1.0 User Guide 154

Fortinet Inc.
Wireless

Clients

The Clients tab helps you monitor your network, based on the retries percentage, SNR, and client distribution.
This data is displayed per OS for the selected time interval.

l Retries
l SNR
l Clients

Retries

The statistics for retries are categorized as good, fair, and poor based on the following criteria.
l Good - Retries are less than 30%
l Fair - Retries are between 31% - 70%
l Poor - Retries are more than 70%

SNR

The statistics for SNR are categorized as good, fair, and poor based on the following criteria.
l Good – SNR is equal to or greater than 25 dB
l Fair – SNR between 15 and 24 dB

FortiAIOps 2.1.0 User Guide 155

Fortinet Inc.
Wireless

l Poor – SNR is less than 15 dB

Clients

This panel provides the total number of clients and also the number of clients associated with each OS type.
Hover over the graph or the OS name to view details.
To view details for each of the 3 panels, click on the retries and SNR graphs, or on the OS name to view details.
The Details page displays data such as, the host name, access point and radio details, associated SSID, OS
type, throughput, noise, retries, and so on.

Channel Summary

This page provides granular insights into the performance of each channel with detailed statistics and trends.
For more information, see Channel Summary.

Clients

The Clients tab displays a list of clients currently connected to the selected AP, along with details such as the
client MAC address, FortiGate and IP Address, FortiAP name , associated SSID, user name , operating channel
and the radio details, Tx and Rx bandwidth, signal strength and noise, VLAN ID, RF band, the wireless
standard, and the time of association. This information is useful for identifying any clients that may be
experiencing connectivity issues or data usage problems. To view detailed information of a client, select the
client and click View details.

FortiAIOps 2.1.0 User Guide 156

Fortinet Inc.
Wireless

Interfering SSIDs

The Interfering SSIDs tab displays the details of interfering SSIDs associated with an AP; the interfering SSID
page displays the associated SSID, related AP BSSID, operating channel, signal strength and the radio details
are displayed in the AP dashboard. To view the interfering SSID details, ensure that the AP radio is using Radio
Resource Provisioning or a WIDS profile in FortiGate (Managed FortiAP Profile).

Logs

The Logs tab provides detailed logs of events related to the selected AP/Radio. To view detailed information,
select log and click Details.

Spectrum Analysis

Spectrum Analysis tab provides visual spectrum analysis capabilities that scan radios for RF channel conditions
and sources of interference which can potentially impact WLAN efficiency. Based on the spectrum analysis
data, corrective measures such as determining optimal channel planning, debugging client related connectivity
issues and automatic transmit power settings are initiated. This facilitates quality wireless service levels by
ensuring the optimal usage of the channels considering the information provided by the FortiAIOps spectrum
analyser. Both 802.11 and non-802.11 sources of interference can be detected and analyzed by the spectrum
analyzer.
Notes:
l Spectrum analysis is supported for all channels when the radio is in the dedicated monitor mode, and for
selected channels when the radio is in the AP mode.
l FortiAP supports spectrum analysis and is online.
Select the channels to be scanned and configure the scan duration, the spectrum analysis is performed on 2.4
GHz, 5 GHz, and 6 GHZ frequency bands. The spectrum analyzer result displays widgets with the type of
interference, signal strength, impacted channels, and wireless spectrum current utilization, start and end time
and duration of the interference. It classifies wireless & non-wireless interferences to easy identification of the
source.

FortiAIOps 2.1.0 User Guide 157

Fortinet Inc.
Wireless

l You can select the AP, Radio, and Channels to be scanned for interferences.
l The Scan Duration can be set to 1, 5, 30, or 60 minutes.
l The Sampling Interval and the number of Spectrogram Samples cannot be modified.
Select Start and the GUI periodically polls the spectrum analysis data based on the fixed sampling interval of
1000 milliseconds. Data is visualized as 4 charts representing signal interference marking the noise levels for
each channel, signal interference spectrogram representing 60 samples for different channels at specific time
intervals, the duty cycle charts marking the extent to which a non-WiFi device/neighbouring AP is interfering,
and the duty cycle spectrogram representing 60 such duty samples for each channel over a period of time.
The tabular data for non-WiFi interference displays the time and frequency of last detection and any of the
following type of devices causing the interference.
l Microwave ovens
l Video bridges
l Wi-Fi, DSSS cordless phones
l Bluetooth, FHSS cordless phones
The tabular data for WiFi interference displays the online neighbouring AP's BSSID, SSID, maximum signal
strength, and channel and time of last detection.

FortiAIOps 2.1.0 User Guide 158

Fortinet Inc.
Wireless

VLAN Probe

VLAN probe tab enables FortiAPs to probe connected VLANs and subnets. It sends DHCP probes from the
FortiAP’s Ethernet interface to specific VLANs on the wired interface and returns information on their availability
and subnet details. This helps diagnose and troubleshoot WiFi deployment issues.
l Probe Retries – Configure the number of retries before timeout. The valid range is 1 to 10 with a default
value of 6.
l Timeout – Configure the timeout for the VLAN probe. The valid range is 1 – 60 seconds with a default
value of 10 seconds.
l VLAN Range – Select the range of VLANs to probe. The valid range is 1 - 4094.
Select Start to initiate VLAN probe as per configurations.

FortiAIOps 2.1.0 User Guide 159

Fortinet Inc.
Wireless

Clients

The Clients page provides information about the clients connected to the wireless network and consists of three
widgets - signal strength, band, and technology.
l You can filter the wireless client data for a selected duration or a customized time slot.The Custom range
allows the selection of a minimum of 1 hour and maximum of 1 week, the option of Now displays data for
the last 1 minute.
l You can export data in a .csv file, click on the export icon on these pages.

Signal Strength

The signal strength widget provides information about the strength of the signal between each client and the
access point. It displays the signal strength in dBm, which is a measure of signal power. A higher dBm value
indicates a stronger signal, while a lower dBm value indicates a weaker signal.

Band

The band widget displays the band that each client is connected to. It indicates whether the client is connected
to the 2.4 GHz, 5 GHz or 6 GHz band.

FortiAIOps 2.1.0 User Guide 160

Fortinet Inc.
Wireless

Technology

The technology widget displays the technology that each client is using to connect to the wireless network. It
indicates whether the client is using 802.11a/b/g/n or 802.11ac technology.
The clients are listed with their relevant details, including the MAC address, FortiGate, IP address, FortiAP,
SSID, channel, bandwidth, and signal strength. To view detailed information about a client, select the desired
client from the list and click View Details. See, Clients Diagnostics and Tools.

You can export data in a .csv file, click on the export icon on these pages - .

Right-click on the header of the table to select the desired columns to add to the table, and then click Apply to
update the table with the selected columns.

Clients Diagnostics and Tools

The Diagnostics and Tools pane displays the details about the selected Client and allows you to run diagnostic
tests.
l Performance
l Applications
l Destinations
l Policies
l Logs

FortiAIOps 2.1.0 User Guide 161

Fortinet Inc.
Wireless

Performance

The Performance tab displays information about the client's performance, including data charts for bandwidth,
signal strength, and transmission discards and retries. You can filter the trends based on the selected duration
or customized time slot; select a time window or define a Custom range. The custom range allows the selection
of a minimum of 1 day and the maximum is the duration of log retention configured in System > Settings.

Applications

The Applications tab displays a list of applications in use by the selected client, along with details such as the
application name, category, risk, data usage, session and bandwidth details.

FortiAIOps 2.1.0 User Guide 162

Fortinet Inc.
Wireless

Destinations

The Destinations tab displays a list of network destinations accessed by the selected client, along with details
such as the destination IP address, application name, data usage, session and bandwidth details.

Policies

The Policies tab displays information about any policies applied to the selected client, such as policy name,
policy type, source interface, destination interface, data usage, session and bandwidth details.

Logs

The Logs tab displays detailed logs of events related to the selected client, allowing you to troubleshoot any
issues. To view detailed information, select log and click Details.

FortiAIOps 2.1.0 User Guide 163

Fortinet Inc.
Wireless

Channel Summary

This page provides granular insights into the performance of each channel with key insights into critical
statistics, that are key in determining the health of your wireless network. This facilitates effective resolution of
any potential network stability issues due to the operating channel. FortiAIOps retrieves and aggregates all
channel related statistics from the FortiAPs operating in your network and multiple radios operating on various
channels.
Note: All data and trends displayed on this page are for the last 1 minute.

FortiAIOps 2.1.0 User Guide 164

Fortinet Inc.
Wireless

You can filter based on specific deployment locations such as Site, Building, and Floor.

Band

This chart provides channel count based on RF bands of 5 GHz, 2.4 GHz, and 6 GHz. The total number of
channels for each band are displayed along with what percentage of the total channels used by the wireless
network they comprise of. Click on any band to filter channel details and view them in the table below the charts.

Average Utilization Severity

This chart provides the channel count based on the average utilization severity over the last 60 seconds.
FortiAIOps automatically categorizes the channels as Good or Poor, and Fair. The total number of channels for
each severity are displayed along with what percentage of the total channels used by the wireless network they
comprise of. Click on any severity to filter channel details and view them in the table below the charts.

Average Interfering SSID Severity

This chart provides the channel count based on the average interfering SSID severity over the last 60 seconds.
FortiAIOps automatically categorizes the channels as Good or Poor, and Fair. The total number of channels for
each severity are displayed along with what percentage of the total channels used by the wireless network they
comprise of. Click on any severity to filter channel details and view them in the table below the charts.
The channel data in the tabular format categorizes channels based on the RF band. To view radio level details
for a particular channel number, select it and click View details.

Field Description

FortiGate Name and AP The names of the FortiGate controller and FortiAP associated with the
Name selected channel.

Radio The radio operating on the selected channel.

Channel Utilization Total channel utilization (in percentage) per radio.

Clients The number of clients connected per radio.

Throughput The total throughput of traffic passing per radio.

Utilization Severity The average utilization severity of the selected channel.

FortiAIOps 2.1.0 User Guide 165

Fortinet Inc.
Wireless

Field Description

Interfering SSID Severity The average interfering SSID severity of the selected channel.

SSIDs The SSIDs associated with the radio.

Noise Level The noise level detected by the by the radio.

Health Assessment FortiAIOps evaluates a assigns the health status of each radio.

To view trends and patterns to assess the performance of specific channels, select a channel and click Trends.
You can view a graphical representation of the channel statistics over a period of time. These trends can be
filtered for the last 10 minutes, 1 hour, or 12 hours. Hover over the charts or click on a them to view the related
statistics at a specific time. For example, the following image depicts a maximum channel utilization of 95% with
the time stamp, clicking on this point provides similar data in a tabular format. You can filter the trends based on
the selected duration or customized time slot; select a time window or define a Custom range. The custom
range allows the selection of a minimum of 1 day and the maximum is the duration of log retention configured in
System > Settings. The minimum, maximum, and average values are displayed when a time interval of more
than 6 hours is selected.

Applications

The Applications page provides information about the applications used by clients on the wireless network. This
page consists of three widgets - Apps by usage, Apps by risk, and Users by usage.

FortiAIOps 2.1.0 User Guide 166

Fortinet Inc.
Wireless

Apps by usage

The Apps by Usage widget displays a list of applications in use on the network, sorted by the amount of data
each application is using.

Click on the trends icon to view the application usage trends. You can filter the trends based on the
selected duration or customized time slot; select a time window or define a Custom range. The custom range
allows the selection of a minimum of 1 day and the maximum is the duration of log retention configured in
System > Settings.

FortiAIOps 2.1.0 User Guide 167

Fortinet Inc.
Wireless

Apps by risk

The Apps by Risk widget displays a list of applications in use on the network, sorted by their risk level.

User by usage

The User by usage widget displays a list of clients on the network, sorted by the amount of data each client is
using.

Click on the trends icon to view the application user trends. You can filter the trends based on the selected
duration or customized time slot; select a time window or define a Custom range. The custom range allows the
selection of a minimum of 1 day and the maximum is the duration of log retention configured in System >
Settings.

Location Services Monitor

The Location Services Monitor page plots the current location of all stations and rogue APs on the floor map
imported into FortiAIOps. FortiAIOps plots the current location based on the location feed received from
FortiGates (which are in turn connected to APs) and does not display the movement of the stations.
You can filter and view device locations based on the site, building, and floor. The following filters can be
applied.

FortiAIOps 2.1.0 User Guide 168

Fortinet Inc.
Wireless

l Device Type
l Wireless Type
l OS Type
l Station/BLE MAC
l Accuracy
l Rogue MAC
You can set the Floor Visibility and magnify the floor view.

Select Rogue AP as the Device Type, to view the rouge AP location.

FortiAIOps 2.1.0 User Guide 169

Fortinet Inc.
Wireless

Select Wireless Station as the Device Type, to view the stations location.

Click Connected Stations toggle to switch to Connected & Discovered Stations view.

Heat Maps

The heat map allows you to verify the coverage and performance of your WLAN APs. You can also use the
maps to visually locate APs sending alarms. Use the map editor to set up your site maps.
l In the Network Heat Maps screen, select a Location from the menu on the left to see the corresponding
map.
l Hover the mouse pointer over the objects on the screen to see details. For example, for this throughput
map, by hovering the mouse pointer on an AP icon displays the Name, model, Mac Address, status of the
AP and throughput value. If you change the Heat Map Type, be sure to click Refresh icon.
l In the Network Heat Maps screen select a floor. The following five types of heat maps can be viewed.

Throughput Heat Map

Throughput maps display the AP throughput over the represented area. The APs on the map are differentiated
by using different colors to represent the corresponding AP throughput value.

FortiAIOps 2.1.0 User Guide 170

Fortinet Inc.
Wireless

Hover over AP to view the AP information including name, AP model, MAC address, AP status, and throughput
in Kbps.

To view AP and Station details in any of the heat maps, right-click an AP icon and click Show Details
l AP Details: AP ID, AP Name, AP MAC Address, AP IP Address, Controller, Total Stations.
l Station Details: MAC Address, IP Address, Last Known Association, User Name, Throughput, Loss%,
RSSI, Airtime Utilization, L2 State, L3 State.
l To view Station Trend Dashboard, click MAC Address.
The filtering option comprises of All, 2.4 GHz [default], 5 GHz, 6 GHz and selected channels within the three
bands.

FortiAIOps 2.1.0 User Guide 171

Fortinet Inc.
Wireless

Loss Heat Map

Loss maps show the AP loss over the represented area. The APs on the map are differentiated by using
different colors to represent the corresponding AP Loss% value.
Hover over AP to view the AP information including name, AP model, MAC address, AP status, and loss %.
Right click on AP icon and click Show Details to view detailed information.

FortiAIOps 2.1.0 User Guide 172

Fortinet Inc.
Wireless

Channel Utilization Heat Map

The Channel Utilization maps differentiate APs on the map by using different colors for the regions around APs
corresponding to the AP channel utilization value.
Hover over AP to view the AP information including name, AP model, MAC address, AP status, and channel
utilization (%). Right click on AP icon and click Show Details to view detailed information.

Number of Stations Heat Map

The Number of Stations Heat Map, represents the low signals over the area represented by the map. The
Number of Stations maps differentiate APs on the map by using different colors for the regions around APs
corresponding to the number of stations per AP.
Hover over AP to view the AP information including name, AP model, MAC address, AP status, and number of
stations.

FortiAIOps 2.1.0 User Guide 173

Fortinet Inc.
Wireless

Signal Strength Heat Map

Signal strength heat map provides a distribution of signal quality over the floor map. The signal strength is
represented in dBm and is divided into color buckets. The Signal Strength maps display the availability of signal
over the area represented by the map. Select different cut-off values to view the signal coverage.
Note: The signal strength heat map allows you to view the signals of all the APs on the floor. Due to this, the
FortiAIOps displays heat map for all APs irrespective of whether the logged in user has scope for those APs or
not. This enables you to capture accurate signal value for all APs located on the floor.
Hover over AP to view the AP information including name, AP model, MAC address, AP status, and signal
strength.

FortiAIOps 2.1.0 User Guide 174

Fortinet Inc.
Wireless

With signal strength heat map having smooth transition in colors, the color at a given point may not exactly
match with the bucket colors. For such cases, it should be interpreted as a value that is greater/lower than the
nearest bucket color.
Coverage Cut Off: Coverage cutoff [default being none] can be used to see the signal coverage region within
the cutoff value specified. The cutoff range is from -42dBM to -90dBM.
To view the signal strength heat map of a floor, follow these steps:
l Ensure that the APs are placed accurately through the map management feature.
l Click on Heat maps and select the desired floor.
l Select the RF band or relevant channel from the menu.
l Choose a cutoff of interest.
l Click on the Refresh icon.

Rogue APs

The Rogue APs page provides detailed information about rogue access points (APs) on the wireless network
and consists of three widgets - Interfering APs, SSID, and Vendor Info.

FortiAIOps 2.1.0 User Guide 175

Fortinet Inc.
Wireless

Interfering APs

The Interfering APs widget displays the number of rogue APs detected by each managed FortiAP unit or
FortiWiFi local radio.

SSID

The SSID widget displays the number of SSID names detected as rogue APs.

Vendor Info

The Vendor Info widget displays the vendor information for each rogue AP detected on the network.
The Rogue AP list provides detailed information about each rogue AP detected on the network, including the
MAC address, SSID, state, signal interference, and vendor information.

Map Management

Map management allows you to create visual representations of your access points (APs) to accurately
represent the physical layout of a site. For best results, create separate maps for each floor in multi-level
buildings, and use accurate architectural drawings as a basis for your images. Crop each floor map to remove
extra space and save it as a PNG, JPEG, BMP, or GIF file no larger than 2MB before adding it to FortiAIOps.
Note: Provide a unique name to the site/building/floor plan. Do not use the same name across different device
groups.
To set up a working map, you'll need to complete several tasks:
l Import a graphic map of the floor. See Importing a Map Image.
l Add a new site to FortiAIOps. See Add a Campus, Building, and Floor to the Map.
l Add a building.
l Add a floor.
l Place AP icons on the map to represent the WLAN network topology. See Add APs, Floor APs, and Landmarks to Maps.
l View the map. See Viewing Maps.

Importing a Map Image

Follow these steps to import a topology map:

FortiAIOps 2.1.0 User Guide 176

Fortinet Inc.
Wireless

1. Navigate to Wireless > Map Management.

2. Select a floor.
3. Click Change Image in the Floor Map section.
4. Select Image Type as Floor and Operation as Upload. Select the Image File by using the browse tab and
click on Upload.
Next, add controllers and APs to the map.

Importing a Floor Map

FortiAIOps supports importing a floor map plan created on and exported from the FortiPlanner. Once the floor
plan is created in the FortiPlanner, select Export in the project menu. The floor map to be imported is a .zip file.
Note:Only exported .zip files from the FortiPlanner can be imported. Contact the Customer Support to obtain
the relevant version of the FortiPlanner. For more information on creating floor plans on the FortiPlanner, see
the FortiPlanner User Guide.
1. Navigate to Wireless>Map Management page.
2. Click Import, the Import Map Plan screen is displayed.

3. Browse to the .zip file on your system and click Next. A summary of map information is displayed.
4. Map the unassigned APs and click Finish.
5. The planner for each site is displayed. On the Map Management screen, you can add and delete floors in
the map and manage the APs on each floor of the site.
In case of errors importing the map, click View Latest Import Planner logs, to view the error logs.
You can perform the following operations on each floor:
l Add APs - Select the APs to be added to the floor map.
l Floor APs - Select the APs to be deleted from the floor map.
l Landmarks - Add or delete landmarks on the floor map.
l Change Image - Upload a new image or delete an existing image from the floor map.
Click Save to save changes to the map

Adding a Site, Building, and Floor to the Map

To create a new location (site, building, floor) in the enterprise, follow these steps:
1. Navigate to Wireless > Map Management page. All current maps are displayed on the Map Management
page.
2. To add a new site, click on the Site Details section and then click on Add. A new site can only be added to
the top level, Enterprise, which is the default.

FortiAIOps 2.1.0 User Guide 177

Fortinet Inc.
Wireless

3. Provide a name, description, and sort order for the site.

4. Click Save Changes.
5. In the left pane, double-click on the name of the new site you just created.
6. Click on the Buildings icon. In the Building Details pop-up, click Add.

7. Provide a name, description, and sort order for the building.

8. Click Save Changes.
9. In the left pane, double-click on the name of the new building you just created.
10. In the Floor Details section, click Add.

11. Provide a floor name, length, width, metric, and sort order for the floor.
12. Click Save Changes.

Adding APs, Floor APs, and Landmarks to Maps

To create the network map of your site, follow these steps:

1. Once a map image has been imported, add the APs to the map as close as possible to their actual physical
location.
2. Select a floor by its heading in the left column to see a map of the floor. If the floor does not have a
corresponding map, complete the steps to Import a Map Image.
3. Optionally, alter the map using the options Show Map and Show Scale in the Image Map section.
4. Click Add APs and select the APs to add from the drop-down list on the AP selection pop-up, then click
Save. Drag the selected APs into position on the map.

FortiAIOps 2.1.0 User Guide 178

Fortinet Inc.
Wireless

5. To add landmarks to the map, click Landmarks > Add.

6. Once you have finished making changes, click Save Changes.

Editing AP Details

To edit the details of an access point (AP), follow these steps:

1. In the Map Management screen, click APs to display the AP list.
2. Select the AP you want to edit by clicking on its icon on the map or by selecting it from the AP list.
3. Click Edit to open the AP details window.
4. Edit the required fields, such as the AP name or its location coordinates.
5. Click Save to save the changes made to the AP details.
6. Click Cancel to discard any changes and close the AP details window.

Viewing Maps

You can view the placement of APs on a map or view Heat Maps that show the following five attributes of those
APs:
l Throughput
l Loss
l Channel Utilization
l Number of Stations
l Signal Strength
Heat map coloring depends on the distance between APs and selected attribute (throughput, loss, channel
utilization, or stations) for all the APs on the floor. If there is only one AP on the floor, the entire floor will show the
same coverage. See Heat Maps.
To view maps and heat maps, follow these steps:

FortiAIOps 2.1.0 User Guide 179

Fortinet Inc.
Wireless

1. Click on Wireless > Heat Maps.

2. Select a floor to display the map.
3. Optionally, alter the map using the options Floor Visibility or Show Heat Map.
4. To limit the map, click Select Channels, select channels, and then click Save Changes.
5. After any changes, click on the Refresh icon.

RF Planner

The RF planner is a tool that enables you to plan for new access points, areas, and obstacles (walls, shafts,
etc.). It allows you to place APs and draw walls or columns in both View and Edit modes.

To use the RF planner, follow these steps:

1. Navigate to Map Management > RF Planner.
2. Add the required access points to the floor map and generate a heat map to predict the expected signal
strength throughout the coverage area.
3. Adjust the placement of your APs based on the predicted signal strength and try out different placements
for the APs before installing them.
4. Draw a floor plan of the coverage area and place the APs on your floor plan.
5. Run heat maps to predict the signal strength.

View Mode: In View mode, the floor map displays the coverage pattern, data rate, channel, and signal strength
of the access points. You can select the 2.4GHz, 5GHz, or 6GHz frequency to view the access point details.
Edit Mode: In Edit mode, you can add or edit new access points. To do this, drag the required access point from
the "Add APs" panel and place it on the floor map. Right-click on an access point and edit its configuration, such
as the access point transmission power in dBm, channel, orientation, placement direction (in angles), ceiling,
wall, and desk.
To draw walls and columns on the floor map, use the provided widgets. Select the required widget and draw the
wall or column on the map. A column is a closed drawing with four walls, while a wall is demarcated as lines.

FortiAIOps 2.1.0 User Guide 180

Fortinet Inc.
Wireless

Right-click on the created walls and columns to specify the composition or material used to construct them.
Each material has a different attenuation value.

FortiAIOps 2.1.0 User Guide 181

Fortinet Inc.
Switch

Switch

This section describes the FortiSwitch statistics and the FortiSwitch client details.
l FortiSwitch
l FortiSwitch Clients

FortiSwitch

You can monitor the FortiSwitches in your network that are in the purview of FortiAIOps. This page displays a
graphical snapshot of the FortiSwitch activity such as, the total number of FortiSwitches, their status
(online/offline/unauthorized), and the deployed model details.

Diagnostics and Tools

To view the FortiSwitch statistics and diagnostics in detail, select a row and click View Details. The Status
including the FortiSwitch face plate, hardware summary, general status and statistics, and configuration details
is displayed.

l Ports
l Cable Test
l Logs
l Statistics
l Clients

FortiAIOps 2.1.0 User Guide 182

Fortinet Inc.
Switch

Ports

This tab displays each port details of the specific FortiSwitch unit.

Each entry in the port list displays the following information.

Parameter Description

Port The name of the port (red for port down, green for port up)

Trunk The associated trunk that the port is a member of.

Mode The configured access mode of the port.

Port Policy The configured port policy.

Enabled Features The features enabled on the port.

Native VLAN The native VLAN assigned to the port.

Allowed VLANs The allowed VLANs set for the port.

Dynamic VLAN The dynamic VLAN assigned to the port.

DHCP Snooping The status of DHCP snooping status

Transceiver The transceiver information.

Description The port description

LLDP Profile The associated LLDP profile.

Loop Guard The status of the Loop Guard (enabled/disabled)

QoS Policy The assigned QoS policy.

Security Policy The assigned security policy.

STP The status of STP (enabled/disabled).

STP BPDU The status of STP BPDU Guard (enabled/disabled).

STP Root Guard The status of STP Root Guard (enabled/disabled).

Cable Test

This is a diagnostic and troubleshooting tool to check the state of cables between the FortiSwitch and the
devices connected to its physical ports. This tool does not work on fiber ports and on very short or very long
cables (more than 100 meters).

FortiAIOps 2.1.0 User Guide 183

Fortinet Inc.
Switch

All available external physical ports of the FortiSwitch are displayed. Select one or more ports and click
Diagnose.

Note: Running the cable diagnostic test on a port disables it briefly. The network traffic is affected for a few
seconds.

Logs

This tab displays the FortiSwitch log messages and the associated details.

Each log entry displays the following information.

Parameter Description

Date/Time The Date/time of log event generation.

Level The log severity level.

l Emergency, Critical (red)

l Alert (orange)
l Error, Warning (blue)
l Notice, Information, Debug (green)

Message The event log message that is generated.

Log Description The description of the event log.

FortiGate Serial Number The serial number of the associated FortiGate controller.

FortiSwitch Serial Number The serial number of the associated FortiSwitch.

Relative Date/Time The time lapsed since the event log was generated.

Source The event source IP/MAC address.

Select a log message and click Details to view specific related information. This view provides the following
information.

FortiAIOps 2.1.0 User Guide 184

Fortinet Inc.
Switch

l General - Generic information about the log event such as, the date and time of event logging, the
associated virtual domain, and the log description.
l Source - The details of the user.
l Message - The generated log message.
l Security - The severity level of the log event.
l Cellular - The serial number of the FortiSwitch.
l Other - Generic information such as the log event time stamp, the timezone, log type, and so on.

Statistics

This tab displays the FortiSwitch and the associated port statistics.

The Ports view provides the following information.

Parameter Description

TX Bytes The transmitted bytes.

TX Packets The transmitted packets.

TX Unicast The transmitted unicast packets.

TX Multicast The transmitted multicast packets.

TX Broadcast The transmitted broadcast packets.

TX Errors The errors in transmitted packets.

TX Drops The dropped packets in transmitted packets.

TX Oversize The oversized packets in transmitted packets.

FortiAIOps 2.1.0 User Guide 185

Fortinet Inc.
Switch

Parameter Description

RX Bytes The received bytes.

RX Packets The received packets.

RX Unicast The received unicast packets.

RX Broadcast The received broadcast packets.

RX Errors The errors in received packets.

RX Drops The dropped packets in received packets.

RX Oversize The oversized packets in received packets.

Undersize The number of undersized packets.

Fragments The number of fragments.

Jabbers The number of jabbers.

Collisions The number of packet collisions.

CRC Alignments The number of CRC/alignment errors.

L3 Packets The number of layer-3 packets.

Select a particular port and click View Trends to view a graphical representation of the trends in FortiSwitch
statistics over a period of time. You can filter the trends based on the selected duration or customized time slot;
select a time window or define a Custom range not exceeding 6 months. The minimum, maximum, and
average values are displayed when a time interval of more than 6 hours is selected.

FortiAIOps 2.1.0 User Guide 186

Fortinet Inc.
Switch

The Switch view provides a graphical representation of the trends in FortiSwitch statistics over a period of time.
You can filter the trends based on the selected duration or customized time slot; select a time window or define
a Custom range not exceeding 6 months. The minimum, maximum, and average values are displayed when a
time interval of more than 6 hours is selected.

FortiAIOps 2.1.0 User Guide 187

Fortinet Inc.
Switch

Clients

This tab displays the details of the FortiSwitch clients. The following information is displayed.

Parameter Description

Device The client device name.

Port The associated port details.

VLAN The associated VLAN details.

Software OS The client device software OS.

Hardware The client device hardware details.

FortiSwitch Clients

You can monitor the FortiSwitch clients associated with the FortiSwitches deployed in your network. This page
displays a graphical snapshot of client activity such as, the total number of FortiSwitch clients, their status
(online/offline), the client device details, and the associated VLANs. Hovering over the charts provides specific
statistics and clicking on a specific area on the chart filters the data displayed on this page.
l You can filter the switching client data for a selected duration or a customized time slot. The Custom range
allows the selection of a minimum of 1 hour and maximum of 1 week, the option of Now displays data for
the last 1 minute.
l You can export data in a .csv file, click on the export icon on these pages.

FortiAIOps 2.1.0 User Guide 188

Fortinet Inc.
Switch

The table beneath the chart displays the client details.

Parameter Description

Device The name of the client device.

FortiSwitch The host name or serial number of the FortiSwitch that the client is
associated with.

Port The associated port details of the FortiSwitch unit.

VLAN The type of the VLAN.

Software OS The software OS used by the client device.

Hardware The hardware used by the client device.

Status The status of the client (online/offline).

Last Seen The time that the client was last seen online.

IP Address The IP address of the client.

EMS Serial Number The FortiClient EMS serial number.

EMS Tenant ID The FortiClient EMS tenant ID.

Endpoint Tags The endpoint (client) tags monitored by FortiGate.

FortiAIOps 2.1.0 User Guide 189

Fortinet Inc.
Security Fabric

Security Fabric

The Security Fabric page represents the topology, that illustrates the logical placement of the wireless service
and the physical placement of hardware devices. The hardware devices include FortiGates, APs, and wireless
clients in your network.
Note: The physical and logical topologies provide wireless client information.
l Physical Topology
l Logical Topology

Physical Topology

The physical topology provides a visualization/illustration of the physical placement of devices, such as,
FortiGate controllers, APs, and clients connected to each radio in your network, in an hierarchical pattern. The
physical topology is representational; you cannot modify the placement of devices on this page.
You can filter and view selective devices in the topology chart, the filter options available are FortiGate
controllers (Devices), FortiAPs (APs), and device OS. You can also enable viewing of online devices only, in
the topology (Show online devices). To apply the filter settings, click Apply Filter.

The devices/OS set in the applied filters are also displayed at the top of the topology page, hover over each of
these to view the complete list.

The collapsible/expandable hierarchy of devices in the physical topology is FortiGate~ FortiAP ~ radio ~
client; each of the devices displayed is click-able to display the next level of hierarchy.

FortiAIOps 2.1.0 User Guide 190

Fortinet Inc.
Security Fabric

Hover over the device name to obtain additional information. The status of the FortiGate controllers and APs is
marked using a color legend.
l Green: Online and active
l Red: Offline

Logical Topology

The logical topology provides a visualization/illustration of the logical placement of the configured wireless
service, the associated ESS pushed through the wireless service, VLAN (if applicable), and the stations
connected to each ESS in a hierarchical pattern. The logical topology is representational; you cannot perform
any operations on this page.
You can filter and view selective entities, the filter options available are ESS and VLANs. To apply the filter
setttings, click Apply Filter.

The ESS and VLANs set in the applied filters are also displayed at the top of the topology page, hover over each
of these to view the complete list.

The collapsible/expandable hierarchy of entities in the logical topology is wireless service ~ ESS ~ VLAN ~
client; each of the entities displayed is click-able to display the next level of hierarchy.

Note: The physical and logical network topology views differ based on the browser.

FortiAIOps 2.1.0 User Guide 191

Fortinet Inc.
Logs and Reports

Logs and Reports

This section describes the WiFi and FortiSwitch event logs and the generation of the FortiAIOps reports.
l Event Logs
l Local Logs
l Reports

Event Logs

The FortiAIOps provides a robust logging environment that enables you to monitor, store, and report WiFi
events and FortiSwitch events. The Summary tab displays the top five most frequent events in each type of
event log along with the severity level and the total count. A line chart displays aggregated events by each
severity level. Clicking on a peak in the line chart displays the specific event count for the selected severity level.
Clicking on any event type title opens the Details page for that event type filtered by the selected time span. You
can select the time frame to view the logs from the top-right corner of the GUI.

FortiAIOps 2.1.0 User Guide 192

Fortinet Inc.
Logs and Reports

The Details tab displays individual, detailed log views for event type. By default, all event details are displayed
on this page, you can filter the WiFi Events or FortiSwitch Events data on this page.

The following log details are displayed for each event.

FortiAIOps 2.1.0 User Guide 193

Fortinet Inc.
Logs and Reports

Parameter Description

Date/Time The Date/time of log event generation.

Level The log severity level.

l Emergency, Critical (red)

l Alert (orange)
l Error, Warning (blue)
l Notice, Information, Debug (green)

Action The action leading to the event generation.

Message The event log message that is generated.

SSID The SSID that the client connected to.

Station MAC The client MAC address.

Log ID A unique identifier assigned to the event log.

FortiGate Serial Number The serial number of the associated FortiGate controller.

AP Serial Number The serial number of the access point that the client associated with.

Relative Date/Time The time lapsed since the event log was generated.

Channel The channel associated with the access point.

FortiSwitch Serial Number The serial number of the associated FortiSwitch.

Log Description The description of the event log.

Source The event source IP/MAC address.

User The user name/details.

Select a log message and click Details to view specific related information. This view provides the following
information.

l General - Generic information about the log event such as, the date and time of event logging, the
associated virtual domain, and the log description.
l Source - The details of the log event source such as, MAC address, interface, SSID, and user details.
l Action - The action leading to the event log and the reason.

FortiAIOps 2.1.0 User Guide 194

Fortinet Inc.
Logs and Reports

l Security - The severity of the log event, the configured security mode, and the encryption type.
l Cellular - The serial number of the associated access point.
l Event - The serial number of the access point and the generated log message.
l Other - Generic information such as the log event time stamp, the timezone, log type, and so on.\
Click on a specific FortiSwitch event to view the details.

Local Logs

The local logs that provide key insights into the system, configuration, reports, license, SAM, and mail events.
Navigate to Logs & Reports > Local Logs and select the time interval to access the logs for. The Summary
tab displays the top five most frequent events in each type of event log along with the severity level and the total
count. A line chart displays aggregated events by each severity level. Clicking on a peak in the line chart
displays the specific event count for the selected severity level.

The Details page for that event type filtered by the selected time span. You can select the time frame to view the
logs from the top-right corner of the GUI.

FortiAIOps 2.1.0 User Guide 195

Fortinet Inc.
Logs and Reports

Reports

You can create and view multiple report categories and types on FortiAIOps. Each report displays specific data
based on the configurations and can be viewed or downloaded in multiple formats.
l Creating Reports
l Viewing Reports
l Scheduled Reports
l PCI Reports

Creating Reports

FortiAIOps allows you to define new reports and generate one-time reports. You can select and combine
multiple report categories and the subsequent report types (maximum 5) to generate a single report instead of
generating multiple reports for each category. These are saved as Report Templates and can be scheduled
similar to other reports.

Basic Information

This section allows you to choose a Category of report, Report Type, provide a Name and Report Title.

The following categories of reports are supported.

l Station Reports
l AP Reports
l Inventory Reports
l Service Reports
l Application Visibility Reports

Station Reports

The following types of station reports are supported.

Category Description

Station RF and Channel Provides the station RF and channel distribution based on the OUI
Distribution (Organizationally Unique Identifier). A graphical summary of the stations
distributed by RF type, stations distributed across 2.4GHz and 5GHz bands
and station density on each channel over time is displayed. The following
details are displayed.
l Graphs - The graphs are of the following types.

FortiAIOps 2.1.0 User Guide 196

Fortinet Inc.
Logs and Reports

Category Description
l Station Density on each Channel Over Time - This graph displays
the station density on each of the channels over time plotted
against the time in weeks.
l Station Distribution Across 2.4 GHz, 5GHz, and 6GHz Bands -
This graph displays the station distribution based on the 2.4GHz,
5GHz, and 6GHz.
l Station Distribution by RF Type - This graph displays the station
distribution based on the RF Type.
l Station RF and Channel Distribution Details - This section provides
each station's OUI, Date/Time (GMT), Station MAC, RF Type, AP
Name, AP Radio, SSID and Channel.

Station Session Details Provides the average station session trend details. A graphical summary of
the station session trend details of throughput, loss, airtime utilization and
noise for a connected station is displayed. The following details are
displayed.
l Graphs - The three types of Station Session Details graphs are

displayed as follows.
l Trend On Throughput - This graph displays the trend of
Throughput for the selected station.
l Trend On Loss - This graph displays the trend of Loss for the
selected station.
l Trend On Airtime Utilization - This graph displays the trend of
Airtime Utilization for the selected station.
l Station Session Details - This section provides each station's
Date/Time, IP4 Address, IP6 Address, Controller, AP ID, SSID, User,
Throughput (Kbps), Loss%, Airtime Utilization% and AP Name.

Top Stations The Top Stations report type generates reports for the busiest stations
based on the Throughput and Airtime Utilization. This report type generates
the top N stations based on the number of bytes transferred and received
and total Rx/Tx. The information includes each station's Station Mac,
Controller, AP Id, SSID, Throughput (Kbps) and Date/Time (GMT).

Unique Stations Provides the unique station details based on all stations connected to a
network within the reporting interval. A graphical summary of the stations
distributed by RF type, stations distributed across 2.4GHz, 5GHz, and
6GHz bands, stations distributed by OUI, stations distributed by device
type, and stations distributed by OS type is displayed. The Unique Station
reports are available to all groups and list stations connected to network
during last 24 hours. The following details are displayed.
l Summary - This section provides the total number of Unique Stations.

l Graphs - The graphs are of the following types.

l Finger Print OS Distribution - This graph displays the station
distribution based on the OS Type.
l Finger Print Device Distribution - This graph displays the station

FortiAIOps 2.1.0 User Guide 197

Fortinet Inc.
Logs and Reports

Category Description

distribution based on the Device Type.

l OUI Distribution - This graph displays the station distribution
based on the OUI.
l Station Distribution - This graph displays the station distribution
based on the RF Type.
l Unique Station Details - This section provides the station's OUI,
Date/Time (CST), Station MAC, User, IPv4 Address, IPv6 Address, RF
Type, SSID, Device Type, OS Type and Floor.

EAP-AKA Error The EAP-AKA Error type generates a report with details of EAP-AKA errors
associated with specific ESSIDs and on specific stations connected to
network within the reporting interval. The following details are displayed.
l User selected Top 5 EAP-AKA Errors - The top 5 most common EAP-

AKA errors with the number of stations the errors were reported on and
the number of EAP authentication failures for each station.
l User selected Top 5 Station by Errors - The top 5 stations (MAC
addresses) with highest EAP-AKA errors reported and the number of
EAP authentication failures for each station.
l EAP-AKA Errors - The list of EAP-AKA errors within the reporting
interval. The details displayed are, date and time of the error,
associated controller, access point, station MAC address, and the
ESSID, and the error description/reason.

AP Reports

The following types of AP reports are supported.

Category Description

Rogue Details The Rogue Details report type generates the report on the individual rogue.
It displays the rogue mobility trend. The trend is plotted against time and
APs detecting the rogue. The data displayed is a Max of hourly data
sample. The following details are displayed.
l Summary - This section provides the details of the selected rogue

l Rogue Mobility Trend graph - Trend is plotted against AP which

detects rogues with high strength and its time as samples.
l Rogue Details - This section provides details about the APs detecting
the rogue along with Date/Time, Controller, AP Detecting Rogue, AP
Location, SSID, Channel and RSSI.

Rogue Summary Summarizes the rogue device information on the trend of the number of
rogues reported on a per controller basis, per hour. The rogue APs and
rogue station count is displayed. A graphical summary of the trend on rogue
AP, trend on rogue station, and trend on controllers is displayed. The
following details are displayed.
l Summary - This section provides the details of the total number of

rogues.

FortiAIOps 2.1.0 User Guide 198

Fortinet Inc.
Logs and Reports

Category Description
l Graph - The graphs are of the following types.
l Rogue Trend By Type - The two types of Rogue Trend By Type
graphs are displayed as follows.
l Trend on Rogue Station - This graph displays the trend type
based on the number of rogue Stations.
l Trend On Rogue AP - This graph displays the trend type
based on the number of rogue APs.
l Rogue Trend By Controllers - This graph displays the top 10
controllers with the highest number of rogues.
l New Rogues Detected During Reporting Interval - This section
provides the details of the new rogues detected during reporting
interval. The details are Date/Time, Controller, AP Detecting Rogue,
AP Location, Rogue MAC, Rogue Type and Channel RSSI.

Top Radio The Top Radio report type generates a report displaying all the Top N
Radios based on Station Count, Throughput, and High Loss. The top radio
report type displays the AP Name, Radio, Controller Name, AP Location,
Station and Date/Time (GMT).

Inventory Reports

The following types of inventory reports are supported.

Category Description

Access Points Inventory This report type generates the AP inventory summary reports for any
access points that are accessible. The following details are displayed.
l Summary - This section provides the total number of Access Points.

l AP Model Distribution graph - This provides the pictorial representation

of the distribution of Access Points.
l AP Inventory Summary - This section provides the details of Access
Point Inventory. The details are Name, Mac address, Model, Software
Version, IP Address, Controller, Availability State, Connectivity
Preference and Floor.

Controller Inventory Lists and tracks all the controllers, with its model and software versions on
the network.
l Summary - This section provides the total number of Controllers.

l Graph - The graphs are of the following types.

l Controller Software Version Distribution - This graph displays the
Controllers based on the controller software version distribution.
l Controller Model Distribution - This graph displays the Controllers
based on the controller model distribution.
l Controller Inventory Summary - This section provides the details of
Controller Inventory. The details are Hostname, IP Address, Mac
address, Node Name, Software Version, Model, Description,
Availability State, Management State and Location.

FortiAIOps 2.1.0 User Guide 199

Fortinet Inc.
Logs and Reports

Category Description

Device Availability Lists all the controllers and access points with its availability, uptime and
down time of each of them. This report generates the report for each
Controller and AP. It displays the Device Name, UP Duration, Down
Duration time and Availability(%) for the AP and Controller.

Service Reports

The following types of service reports are supported.

Category Description

Service Usage Summary Provides the service usage summary based on the ESSIDs. A graphical
summary of the top SSIDs based on throughput and number of stations is
displayed.
l Graph - The graphs are of the following types.

l Top SSIDs Based on Throughput - This graph displays the top

SSIDs based on the throughput.
l Top SSIDs Based on Number Stations - This graph displays the
top SSIDs based on number of stations.
l Network Usage Summary - The Network Usage Summary displays the
ESSID, Average Station Count, Max Station Count, Time When Max
Station Occurred, Total Unique Stations and Maximum Throughput are
displayed.

Service Usage Trend Provides the service usage trends based on the ESSIDs. A graphical
summary of the top SSIDs based on throughput and number of stations is
displayed.
l Server Usage Trend graphs - These are displayed with a trend of Max,

Minimum and Average stations connected and stations throughput on

hourly basis during reporting interval. This is a graphical report
represented with a line chart having two lines, one for Max and second
one for Average station count.
l Service Usage Trend Details - The service usage trend report type
displays Date/Time (GMT), Max Stations Connected, Min Stations
Connected, Avg Stations Connected and Throughput (Kbps).

Application Visibility Reports

The application visibility reports provide the following information.

Category Description

Application Visibility This report provides the top 10 applications and the top 10 users in your
network which allows you to monitor application usage.
l Top 10 applications graph - For each application, it provides total

number of connected users, ESSIDs and traffic utilization.

l Top 10 users graph - For each of the user, it displays the client MAC

FortiAIOps 2.1.0 User Guide 200

Fortinet Inc.
Logs and Reports

Category Description

address, applications connected by the client, ESSIDs and traffic

utilization.

Scope

This section allows you to define the scope of a report by performing the device selection followed by the service
(SSID) selection.

Update the following fields as per your requirement.

l Default - By choosing default, report is generated for all the controllers mapped to the FortiAIOps.
l Devices - Select one of multiple FortiGate controllers.
l AP - Select one or multiple access points.

Reporting Interval

These fields depict the time period to be covered by the selected report. These fields are supported for most
report types. When these fields do not appear, the report considers the current status. Select the Schedule
option of the Recurrence section, the following options in the Reporting Interval section is enabled.

l Last one day - The last one day's report is generated.

l Last one week - The last one week's report is generated.
l Last one month - The last one month's report is generated.

FortiAIOps 2.1.0 User Guide 201

Fortinet Inc.
Logs and Reports

Recurrence

This section allows you to select the time of report recurrence. Select the Schedule option and the following get
enabled.

l One Time - Instant report is generated for the selected reporting interval.
l Schedule - This option allows you to define a specific time for report creation. These schedule fields
establish the time that a report runs, independent of the Scope and Reporting Interval.
l Daily - This option allows you to generate daily reports.
l Weekly - This option allows you to generate weekly reports, select this option followed by selecting the day
of the report generation from the Every drop-down list.
l Monthly - This option allows you to generate monthly reports, select this option and enter the day of month;
1-31 is the valid range.

Report Generation Options

You can save the generated reports in any of the following formats and email the generated reports to the
specified address.

l File Format - Choose one of the following formats.

l HTML - Select the HTML option to export and save the report to HTML format. The generated report is
saved with the naming convention, <report type>_report_datetime.html.
l PDF - Select the PDF option to export and save the report to PDF format. The generated report is
saved with the naming convention, <report type>_report_datetime.pdf.
l CSV - Select the CSV option to export and save the report to CSV format. The generated report is
saved with the naming convention, <report type>_report_datetime.csv.
l Limit Report Size To - This option is applicable only to the Top Stations, Top Radio, Device Availability,
and Application Visibility reports. The maximum report size for the Application Visibility report is 100.

FortiAIOps 2.1.0 User Guide 202

Fortinet Inc.
Logs and Reports

Viewing Reports

This screen displays a list of all the reports that are generated. These reports can be generated in HTML, CSV,
or PDF format. They can be viewed, printed or saved locally.

Scheduled Reports

This page displays a list of current running reports and reports scheduled to run in the future. In case of
recurring reports, the next run time is displayed. To create a new report, click Add.

PCI Reports

You can validate FortiAIOps against specific PCI requirement compliance. To run a compliance test, enable
Run PCI Test. Select the tests to validate FortiAIOps and click Run Test.

After the test is successfully completed, the page is refreshed to show the list of PCI requirements that are
validated. The validation results are marked with green ticks if they are fully validated and in red if the
compliance is not validated or fails. Click Download PDF Report to get a copy of the validation results in PDF
format.

FortiAIOps 2.1.0 User Guide 203

Fortinet Inc.
Logs and Reports

FortiAIOps 2.1.0 User Guide 204

Fortinet Inc.
System

System

The System section includes several pages that offer valuable insights into various aspects of system
management, such as users, user groups, backup and restore, maintenance, licensing, and location services.
l User Management
l Backup and Restore
l Settings
l Upgrade
l Licensing
l FortiGuard
l Location Services
l Network
l Certificates

User Management

The User Management in the System allows you to view the users and configure user groups and provide the
access permissions.
l Users
l User Groups

Users

The FortiAIOps allows administrators to create users, who will subsequently be available in the FortiAIOps
application.
User permissions are indirectly assigned through their membership in user groups. By default, all users are
members of the Default user group. The admin user and all device groups are automatically members of the
Super User user group, and cannot be moved to any other user group. All users must belong to at least one user
group. It is recommended to assign both the device group and users to the user group upon its creation to
ensure that users have access to the assigned device group. If a user is removed from a user group, they will be
moved to the Default user group.
Note: User Management configuration can only be performed by users with the System Administrator and
Super User roles.

FortiAIOps 2.1.0 User Guide 205

Fortinet Inc.
System

l Adding a New User

l Editing User Information
l Activating/Deactivating User

Adding a New User

Perform the following steps to add a new user:

l Click +Add User.
l Enter the user information including full name, username and password.
l Specify the role. FortiAIOps supports Guest, Standard_User and Super_User roles.

User Role Access Level

Guest Read only access to all features in the system.

Standard_User Read/Write privilege to all configurations and features except system settings .

Super_User/ System Read/Write access across system. All super users will have access to all
Administrator device groups, all devices, all system settings.

l Click Save.
Notes:
l Once you have created users in FortiAIOps, it is necessary to refresh the FortiAIOps application portal in
order for the users list to be updated and displayed in the User Groups page.
l The super user or system administrator can provide device group access to a user by choosing the device
group and the users in the user group option in FortiAIOps application portal. See User Groups.
l The user list for the FortiAIOps CLI and GUI are different.

Editing User Information

Select a user and click Edit to modify user information. This includes changing the user's full name, role or
password.

Activating/Deactivating User

Select a user and click Activate/Deactivate to enable or disable the user's ability to log in or access the system.
Deactivated user accounts can be reactivated at any time.

User Groups

The FortiAIOps access assigned to a user group determines what users in that user group can do.

Adding a User Group

To add a user group, perform the following steps:

FortiAIOps 2.1.0 User Guide 206

Fortinet Inc.
System

1. Navigate to User Groups.

2. Click + Add.
3. Enter a name and description.
4. Select the Device Group that the users should be part of.
5. Select the Users from the list to be added.
6. Click Create.

To edit an user group, select an existing user group from the list and click Edit.
To delete an user group, select the user group and click Delete.

Backup and Restore

The Backup and Restore page provides valuable tools for managing and maintaining backups of the FortiAIOps
configuration and data. This page includes options for taking, uploading, restoring, downloading, and deleting
backups.
Note: This release supports the backup and restore function only for FortiAIOps configuration. CLI
configurations are saved using the execute backup config command and it does not include any
FortiAIOps specific configurations.

Take Backup

The Take Backup function allows you to take a backup of the FortiAIOps configuration and data. This
information can be saved as a file(.tar) and used to restore the configuration and settings at a later time.

FortiAIOps 2.1.0 User Guide 207

Fortinet Inc.
System

To perform the backup operation, perform the following steps:

1. Navigate to System>Backup and Restore.
2. Click + Take Backup.
3. Select Backup Option, either Configuration only. Backing up only the configuration includes information
like maps, controller details, and AP details except statistics data.
4. Select the Backup Type, either Disable Backup, Backup now or Schedule for later.
5. If schedule for later is selected, select backup schedule, day, hour and number of backups to preserve.
6. Click Save.

Upload

To upload an existing backup file, perform the following steps:

1. Navigate to System>Backup and Restore
2. Click Upload.
3. Browse and select the backup file (.tar) file.
4. Click Upload.

Restore

To restore a backup, select the a backup from the list and click Restore.
Notes:
l When restoring a backup file on a different FortiAIOps machine, it is necessary to configure the latest
FortiAIOps IP address in the FortiGate syslog settings.
l Admin credentials are retained after restoring the backup file.

FortiAIOps 2.1.0 User Guide 208

Fortinet Inc.
System

Download

To download a backup file to your local machine, select the backup file from the list and click Download.

Delete

To delete a backup file, select the backup file from the list and click Delete.

Upgrade

Navigate to System > Upgrade to upload the FortiAIOps image file and upgrade FortiAIOps.

FortiAIOps 2.1.0 User Guide 209

Fortinet Inc.
System

1. Browse to the image file or drag and drop it in the upgrade window. Click Upload.
2. After successfully uploading the file, click Upgrade Now to upgrade FortiAIOps to the uploaded version.

You can also chose to cancel an ongoing upload or delete the uploaded file. To download the log file with the
upgrade status, click Download log file.

Settings

This page provides the following network and server maintenance parameters to be configured.
l Network Settings
l Statistics
l Administration Settings
l OUI Update
l General Logs
l Mail Server

Network Settings

This section allows you to configure various system settings. Click icon to edit the system settings.

The Hostname displays the hostname of the system currently in use.

FortiAIOps 2.1.0 User Guide 210

Fortinet Inc.
System

The System Time displays the current system time. This setting allows you to select timezone, set time and
configure NTP server.

Notes:
l Both FortiAIOPs and FortiGate must be synchronized with an NTP server.
l Reboot the system (execute reboot command) after the NTP and timezone settings are configured.

Statistics

This section allows you to configure data retention period in FortiAIOps. All monitoring data is stored based on
dynamically allocated or manually configured duration.
l Auto config duration to keep Statistics data - This feature allows FortiAIOps to dynamically configure
the statistics retention period based on daily data accumulation and the available space for maximum data
storage. This is enabled by default for a period of 3 weeks, but based on daily monitoring of the data
accumulation and available space, FortiAIOps automatically adjusts the statistics retention period.
l Duration to keep statistics data - Manually configure the weeks or months to retain and preserve the
statistics data. The permissible range is 1 to 3 weeks or 1 to 6 months. The statistics data older than the
time period specified in this field from the current date, is automatically deleted from the FortiAIOps server.
If the duration configured here requires more than the available space for statistics retention, then
FortiAIOps throws an error.

Notes:
l You are allowed to configuring the statistics retention duration manually only based on the available disk
space.
l The AI Insight statistics are stored for a maximum period of 1 week.

FortiAIOps 2.1.0 User Guide 211

Fortinet Inc.
System

l Post-upgrade, the configured Duration to Keep Statistics Data is retained with Auto config duration to
keep Statistics data enabled. Based on daily analysis, FortiAIOps configures the statistics retention
period automatically.

Administration Settings

You can select and apply a certificate that is generated/imported in System > Certificates and click Apply
Certificate.

OUI Update

This section allows you to view and manage the OUI details.
l Last update time - Displays the date and time of the OUI details updated the last time.
l Parsing status - Displays the status of parsing.
l Automatically update every week - This option when enabled, will allow the system to automatically
update the OUI details every week.
l Upload OUI File - To upload OUI file, click Choose File, browse and select the OUI file, and click Upload.

General Logs

You can now configure forwarding FortiAIOps local logs to a remote machine. Enable Syslog logging and
enter the IP address/FQDN of remote machine where logs are to be stored.

Note: If the configured syslog server IP address/FQDN is incorrect or not reachable, then the syslog messages
are not logged.

Mail Server

You can configure the SMTP server to receive email notifications for report generation.

FortiAIOps 2.1.0 User Guide 212

Fortinet Inc.
System

Configure the following SMTP server settings.

l Use default - If enabled, the current configurations are used as the default for all SMTP server
communication.
l Send Emails from - Enter the email address to trigger the email notifications from.
l SMTP Server - Enter the IP address or the hostname of the SMTP server.
l SMTP Encryption - Select the security mode as SSL or TLS. Select None to not use any encryption.
l SMTP Port - Enter the port number used to connect to the SMTP server.
l SMTP Authentication - Select the authentication via Login and enter the SMTP Username and SMTP
Password. Select None to not use any authentication for the SMTP server.

Licensing

The licensing page displays the license information including the current license status, expiration date, and the
number of Monitoring, Analytics and SD WAN licenses.
l Monitoring - displays the number of license consumed for monitoring and the number of switches or APs
that are unlicensed. The doughnut chart shows the count of FortiGates that are licensed, partially licensed
and unlicensed. Click on the filters to view license information in detail. For monitoring license, the
consumption is based on the number of switches or APs added.
l Analytics - displays the number of license consumed for analytics and the number of switches or APs that
are unlicensed. The doughnut chart shows the count of FortiGates that are licensed, partially licensed and
unlicensed. Click on the filters to view license information in detail. For analytics license, the consumption is
based on the number of switches or APs added.
l SD WAN - displays the number of license consumed for SD WAN and the number of FortiGates that are
unlicensed. The doughnut chart shows the count of FortiGates that are licensed and unlicensed. Click on
the filters to view license information in detail. For SD WAN license, the consumption is based on the
number of FortiGates added.
Notes:

FortiAIOps 2.1.0 User Guide 213

Fortinet Inc.
System

l If you buy additional licenses or extend the existing ones through FortiCare, the expiration date displayed
will show the nearest expiry and will not include the newly added license. To see the accurate license
details, please check FortiCare portal.
l To purchase a co-term license or add any required extra devices to current licenses, please contact your
distributor or Fortinet renewal team.

FortiGuard

You can enable automatic updates for the FortiGuard Distribution Network (FDN) license, for accurate license
data synchronization. Navigate to System > FortiGuard and enable Scheduled Automatic updates.
FortiAIOps displays the time for the next scheduled update, if you require an immediate update, click Update
License and Definitions Now.
After successfully obtaining the license file from Fortinet, you can upload it on this page. Click Upload License
File.

Location Services

Enable location service on this page and configure the following the FortiAP Profile in your FortiGate. To
configure the location services, you should perform all necessary configurations within FortiGate. However, the

FortiAIOps 2.1.0 User Guide 214

Fortinet Inc.
System

location service status can be enabled or disabled within FortiAIOps.

To configure the WIDS profile for the AP radio, follow these steps:
1. Navigate to Location Based Services > FortiAIOps.
2. In the Project Name field, enter FortiAIOps.
3. In the Password field, enter the secret key displayed in System>Location Services.
4. In the FortiAIOps server IP field, enter the FortiAIOps IP address.
5. In the FortiAIOps server Port field, enter 4013.
6. Enable the Report Rogue APs option.
7. Configure the Report transmit frequency (seconds) as desired.

Note: that a minimum of 3 APs must be placed on the map for the locationing service to detect them.

For information on the FortiGate configuration, see the Configuration Guide.

Network

You can configure FortiAIOps with 4 active physical interfaces for VM deployments. The administrators can
configure access protocols like HTTP, HTTPS, and so on, on a per interface basis. Navigate to System >
Network.

FortiAIOps 2.1.0 User Guide 215

Fortinet Inc.
System

Select a port and click Edit to modify the following settings as required.
l Mode - Configure the port IP address mode; Static or DHCP.
l IP Address & Netmask - Enter the IPv4 address and netmask associated with this interface.
l AllowAccess - Select the allowed administrative access protocols from the following.
l SSH
l HTTP
l HTTPS
l Ping
l SNMP
l Telnet
Click Update.
In the Static Routes tab, you can create a default route to your network gateway on the interface that connects
to the gateway. You can create, edit, or delete routes as required.

l Device - Select the network interface that connects to the gateway.

l Destination - The destination IP address and netmask for this route.
l Gateway - Enter the IP address of the next hop router to which this route directs traffic
You can configure the DNS server settings. Enter the IP addresses for the Primary DNS Server and
Secondary DNS Server.

Certificates

The Certificates page allows you to manage both local and CA certificates. Certificates provide security
assurance validated by a Certificate Authority (CA).
l Local Certificates
l CA Certificates

FortiAIOps 2.1.0 User Guide 216

Fortinet Inc.
System

Local Certificates

The Local Certificates section allows you to install certificate key pair by uploading a zip file containing a
certificate and a private key file. The supported zip file formats include .tar, .tar.gz, tgz, zip, tar.xz, and .xz. Also
you can generate a Certificate Signing Request (CSR).
Server certificates are generated based on a specific CSR. The CSR is a request sent from an applicant to a CA
in order to apply for a digital identity certificate. When a CSR is generated, the associated private key to sign
and/or encrypt connections is also generated. Click on the Generate CSR button and fill in the required
information to generate a CSR for your certificate. In the Certificate Signing Request window, enter the
following.
l Certificate Type - The type of the certificate, either CA signed or self signed.
l Certificate Name - A name for the certificate.
l Common Name - The FQDN or IP address of the server.
l Organization - The name of your establishment or organization.
l Locality - The city or area where your organization is located.
l State or Province - The state or province of the above mentioned area.
l Key Size - Either 2048 or 4096.
l Subject Alternative Name (SAN) - It is mandatory to provide SAN.
l Optionally, you can enter the Organization Unit and the Country.
l Click Generate.

CA Certificates

The CA Certificates section allows you to install and manage your CA certificate. To install a CA certificate, click
Install CA Certificate and upload your CA certificate (.pem or .cer file). You can view details, download, or
delete selected CA certificate after installation.
Notes:

FortiAIOps 2.1.0 User Guide 217

Fortinet Inc.
System

l To upload certificates, the Root CA, server certificate, and key file must be bundled together and uploaded
in any of the supported formats.
l Certificates can only be uploaded in PEM or CER formats. Other formats are not supported. If the
certificate is in any other format, such as P12 or PFX, it must be converted to a supported format before
uploading.
l When using CA2, the intermediate and root CA content must be combined into a single text file (.pem file).
This is necessary because only three files can be included in the bundle uploaded: Root CA, server
certificate, and key file.
l To access FortiAIOps using a custom domain name, you must install the required CA and Server
certificates for the domain configured on FortiAIOps.

FortiAIOps 2.1.0 User Guide 218

Fortinet Inc.
Service Assurance

Service Assurance

Service Assurance Manager (SAM) is a predictive diagnostic software with trouble-prevention capability. It
diagnosis the health of the wireless network and reports the issue before the users are impacted. The
FortiAIOps infrastructure is used to perform on-demand end-to-end system tests. The SAM mode is activated in
FortiAP during SAM tests. In this mode, FortiAP radios operate as a client and perform tests against another
AP. Once baseline network performance is established, any schedule tests that deviate from the
baseline/threshold are marked based on the SAM test values. Multiple tests can be configured with SAM.
l Connectivity tests to measure packet loss
l Throughput tests to measure performance
The tests can be configured to run on a WPA2 PSK SSIDs available in the FortiGate. SSIDs can only be
configured in FortiGate.
Notes:
l The SAM is supported only for the following.
l F-series, G-series, and K-series FortiAPs. Currently only radio 1 (2.4GHz) and radio 2 (5GHz) are
supported for SAM operations.
l Bridge mode SSIDs
l WPA2 PSK security mode
l Radios in AP mode.
l SAM tests are not supported on radio 3 of the K-series and G-series FortiAP models.
l While running SAM tests, FortiAIOps modifies the FortiAP Profile that is configured on the Access Point in
FortiGate. As a result, the CAPWAP on the FortiAP is restarted.
l Creating a SAM test causes the following changes to your WLAN network, and these changes impact the
clients connected to the FortiAP.
l New FortiAP profiles are created to run the SAM tests.
l Schedule and baseline tests are run immediately.
l Trends
l Results
l Baseline
l Schedule

Trends

The Trends page in the Service Assurance section of FortiAIOps provides a comprehensive overview of
network test performance. You can analyze the total number of tests performed, their categorization as Good,
Fair, or Bad, and gain insights into interface-specific data such as Interface IDs and Maximum Packet Loss
values.
The bar chart classifies the total number of tests performed into three categories: Good, Fair, and Bad. This
classification allows you to quickly assess the overall performance of the network based on the test results.

FortiAIOps 2.1.0 User Guide 219

Fortinet Inc.
Service Assurance

Each bar represents a specific time period, enabling you to identify trends and patterns in test performance over
time.
If the connectivity test type is selected, the Trends page presents a table with the Interface ID and the
Maximum Packet Loss for each interface.

If the throughput test type is selected, the Trends page displays a table with the Interface ID and the Maximum
Throughput for each interface.

To filter the results in the bar chart, click the desired Interface ID.

Trend Filters

The Trends page offers various filters to refine the displayed data and narrow down the analysis. The available
filters include:
l Select Device - Select a specific device from the available options to filter the test results associated with
that device.
l Test Type - Choose between the Connectivity or Throughput test types to filter the relevant test results.
l Test Name - Select a specific test name to filter the test results associated with that particular test.
l Start Date and End Date - Specify a start date and end date to filter the test results within a specific time
range.

FortiAIOps 2.1.0 User Guide 220

Fortinet Inc.
Service Assurance

Results

Results page provides a comprehensive overview of the Connectivity/ Throughput test results, including
completed tests and tests in progress.

Completed Tests

The Completed Tests panel displays a list of tests that have been completed. It includes the following
information for each test:
l Test Name - The name of the test performed.
l SSID - The SSID associated with the test, indicating the network or wireless access point being tested.
l Test Type - The type of test conducted, such as Connectivity or Throughput.
l Device Name - The name of the device used to perform the test, allowing users to track the source of the
test data.
l End Time - The timestamp indicating when the test was completed.
l Result - The result field represents the outcome of the test. It is color-coded and displays the number of
results categorized as Good(Green), Bad(Red), Fair(Orange), or Unknown(Blue). Click on the test results

FortiAIOps 2.1.0 User Guide 221

Fortinet Inc.
Service Assurance

to view more detailed information.

l Bad Results - The number of bad results.

l Device IP Address - IP address of the device.
l Device Serial - The serial number of the device.
l Fair Results - The number of fair results.
l Good Results - The number of good results.
l Start Time - The timestamp indicating when the test was started.
l Unknown Results - The number of unknown results.

Tests in Progress

The Tests in Progress panel provides users with a list of tests that are currently in progress or scheduled. It
includes the following information for each test:
l Test Name - The name of the test performed.
l SSID - The SSID associated with the test, indicating the network or wireless access point being tested.
l Test Type - The type of test conducted, such as Connectivity or Throughput.
l Sweep Mode - The sweep mode configured for the test, either recursive or baseline.
l Device Name - The name of the device designated to perform the test.
l State - The current state of the test.

Baseline

Baselines serve as reference points for evaluating the health and performance of the wireless network.
Baselines play an important role in detecting deviations from expected network behavior. SAM allows for the
configuration of multiple tests, including connectivity tests to measure packet loss and throughput tests to
assess overall performance.

FortiAIOps 2.1.0 User Guide 222

Fortinet Inc.
Service Assurance

Add a Baseline

You have two options to execute the baseline tests.

l Configured Test: This option allows you to create a baseline test by providing theoretical values.
l Measured Test: This option allows you to create a baseline test by providing the actual baseline values. It
is important to run a measured baseline when the wireless network is operating either normally or under
optimal conditions, as it is used to evaluate subsequent tests.

Connectivity Baseline

To create a connectivity baseline, perform the following steps:

1. Navigate to Service Assurance>Baseline.
2. Click + Add.

FortiAIOps 2.1.0 User Guide 223

Fortinet Inc.
Service Assurance

3. Provide the following details:

Field Description

Name Name for the baseline.

Test Type Select Connectivity as Test Type to measure packet loss.

Device Select the device.

AP Radios Select AP radios.

Baseline Type Select baseline type, Configured or Measured.

SSID Enter SSID name. SSID must be configured on a neighboring AP in FortiGate.

Pre-shared Key 1. Enter the pre-shared key for the SSID.

Packet Loss(%) 1. Enter packet loss value in %.

Note: Packet Loss(%) field is displayed only when Configured is selected as
baseline type.

2.

Ping Server Enter IP address or FQDN of the ping server to perform connectivity tests.

FortiAIOps 2.1.0 User Guide 224

Fortinet Inc.
Service Assurance

4. Click Add.

Throughput Baseline

To create a throughput baseline, perform the following steps:

1. Navigate to Service Assurance>Baseline.
2. Click + Add.
3. Provide the following details:

Field Description

Name Name for the baseline.

Test Type Select Throughput as test type to measure performance.

Note: Ensure that the network should have Iperf server running iperf3 traffic.

Device Select the device.

AP Radios Select AP radios.

Baseline Type Select baseline type, Configured or Measured.

SSID Enter SSID name. SSID must be configured on a neighboring AP in FortiGate.

Pre-shared Key 1. Enter the pre-shared key for the SSID.

Protocol Select the protocol, TCP or UDP.

FortiAIOps 2.1.0 User Guide 225

Fortinet Inc.
Service Assurance

Field Description

iPerf Server Enter iPerf server details. iPerf server generates TCP and UDP data streams which
can be used to measure throughput.

Port Enter the port number.

Throughput 1. Enter throughput value in MB/s.

(MB/s) Note: Throughput(MB/s) field is displayed only when Configured is selected as
baseline type.

2.

FortiAIOps 2.1.0 User Guide 226

Fortinet Inc.
Service Assurance

4. Click Add.

To view the detailed information of a baseline, navigate to Service Assurance > Baseline, select the desired
baseline from the list and click View Details.

To delete a baseline, navigate to Service Assurance > Baseline, select the desired baseline from the list and
click Delete.

FortiAIOps 2.1.0 User Guide 227

Fortinet Inc.
Service Assurance

Schedule

The tests are the central activity of the SAM application that is dealt the most. A baseline test is performed
occasionally, but the scheduled tests and their results are monitored constantly.
Scheduled tests are measured against a baseline test for Connectivity and Throughput using the configurations
provided while creating the test. Only APs and SSIDs within the baseline test is measured in subsequent tests.

Add a Scheduled Test

To add a Scheduled Test, follow these steps:

1. Navigate to Service Assurance>Schedule.
2. Click + Add.
3. Provide the following details:
a. Enter a name for the test.
b. Select Test Type, either Connectivity or Throughput.
Note: Based on the test type selection the advanced options filed changes.
c. Select a device.
d. Select a Baseline test.
e. Select Interval. Instant option enables to run the scheduled test once, immediately after it is saved.
Continuous option enables to execute the scheduled test continuously till you disable the test.
4. Configure Advance Options:
l If Connectivity is selected as Test Type, you can configure the following fields:

Field Description

Packet Loss Good Threshold Type a value for Packet Loss Good Threshold. If the measured packet
loss is above this threshold and baseline, the test result is classified as
Bad. If it falls between the threshold and the baseline, it is considered
Fair, while values below the threshold and baseline are categorized as
Good.

FortiAIOps 2.1.0 User Guide 228

Fortinet Inc.
Service Assurance

l If Throughput is selected as Test Type , you can configure the following fields:

Field Description

Protocol Select TCP or UDP.

FortiAIOps 2.1.0 User Guide 229

Fortinet Inc.
Service Assurance

Field Description

Throughput Type a value for the Throughput Good Threshold in MB/s. If the measured throughput is
Good above this threshold, the test result is classified as Good. If it falls between the threshold and
Threshold the baseline, it is considered Fair, while values below the threshold are categorized as Bad.
(MB/s)

To delete a schedule, select a schedule from the list and click Delete.
To start a scheduled test, click start test icon under Actions field. To stop a running scheduled test, click stop
test icon under Actions field.

FortiAIOps 2.1.0 User Guide 230

Fortinet Inc.
 www.fortinet.com

Copyright© 2025 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein
may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were
attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance
results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract,
signed by Fortinet’s Chief Legal Officer, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change,
modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.