I am working with a Fortinet FG-60F firewall. It has 2 WAN sources and both have a maximum link speed of 100Mbps. Throughout the day, I am repeatedly getting downstream bandwidth spikes of 100Mbps+ on both WAN links:
Our usage is not much at all. When I check my Fortiview sources, the bandwidth consumed by individual IPs is not more than 10Mbps:
We are repeatedly getting connectivity issues and packet losses. Users are repeatedly losing their connections and pings are getting timed out.
Please guide how do I find out what is causing this or consuming the bandwidth.
EDIT: I was suggested to enable the DoS Policy and check the Anomaly logs. It was right. I instantly got Anomaly logs which showed UDP and ICMP Floods from reputed IPs (even 8.8.8.8). The problem is that the Destination IP in these floods is not mine. For e.g., my IP is 220.110.94.94. The destination IPs of these floods are 220.110.94.93 OR other IPs belonging to the the Data Centre / ISP.
I am unable to understand how I am getting these floods even though the destination IP is not mine. Even after changing my IPs to a different pool, these haven't stopped.