en-US
search-icon

Cloud GMS Admin Guide

Flow Reporting

Introduction to Flow Reporting

This describes how to use SonicWall™ Cloud Global Management System (Cloud GMS) to configure flows on the full range of SonicWall platforms and includes the following:

SonicWall Cloud GMS Firewall Acquisition and Flow Reporting Setup

The following are the steps required to add a unit to SonicWall Cloud GMS. For best results, you should already be familiar with MySonicWall, GMS, and the Firewall UI.

To add a unit to Cloud GMS:
1
2
Enroll into Cloud GMS Tenancy.
3
Activate a Cloud GMS license for each firewall in MySonicWall.com.
4
Log in to your SonicOS firewall and configure the Cloud GMS Management settings so they point to Cloud GMS. You should reboot the firewall after configuring its settings.
5
Log in to Cloud GMS cloudgms.sonicwall.com
6
Add a unit to Cloud GMS using the “Add Unit” option and by following the prompts
7
Monitor the Status page to ensure unit acquisition
* 
NOTE: Cloud GMS makes changes to the following configuration locations so the firewall can be managed and still generate reports correctly.
Firewall > System > Administration > Enable Management Using GMS > Configure
Firewall > AppFlow > Flow Reporting > GMSFlow Server
Firewall > AppFlow > GMSFlow Server

Any changes to these settings could disrupt Cloud GMS’ management and report generation capability.

In addition to these settings, Cloud GMS creates a reporting tunnel between the firewall and Cloud GMS to send or transfer the reporting data securely with a prefix “SGMS-<fw serial number>”. Do not make any changes to this tunnel.

For additional configuration information, see the Configuration section of the Cloud GMS Getting Started Guide.

 

 

General Flow Reporting Status

This describes the general report flows on the full range of SonicWall platforms and includes the following:

General > Status

The General > Status dialog shows reporting configuration information such as: Firewall information, Flow Agents Assignment, the Data Retention Period, and other critical information such as disk storage allocation and flows collected.

Real-Time Menu

This describes how to use SonicWall™ Cloud Global Management System (Cloud GMS) to configure and monitor reporting flows and includes the following:

Real-time > Monitor

This report provides a real-time view of the packets forwarded by the firewall and displayed in the form of live charts. The charts are divided into three sections:

Application bandwidth - Indicates applications that are flowing through the firewall in bits per second.
Per Interface Data - Indicates the bandwidth utilization in bits per second, average packets per second, average packets size, and new connection rates in connections per second
Device data - CPU utilization per core. Total active connections

Data visible on this page is limited to a maximum of 10 minutes. Individual charts can be rearranged manually by dragging and dropping the graph window. Mouse over the data in the graphs and you can drill-down to Flow Reports. The appearance of the chart may be customized by using the Settings button. Mouse-over the information icon or question marks to see context-sensitive help. Collapse or expand individual charts using the + or - icon in the upper right of each chart. Show or hide legends by clicking the Legends button.

Real-Time > Report

This report provides historical views of the real-time monitor charts. You can choose and visualize real-time charts from any time period of recorded data using the Start and End boxes and clicking the Refresh icon. You can also choose either a specific time range in the past using the drop-down time menu or by way of a custom time by clicking a start and a stop time on the graph. You can also select the last few hours, days, weeks, or months using the drop-down menu.

Individual charts can be rearranged manually and you can drill-down to AppFlow reports, AppFlow sessions, or Flow Analytics/AppFlow monitor pages from specific charts. Hide legends by clicking the Legends button

 

Dashboard Menu

 

Topics:  

Dashboard > Applications

This page provides a concise view of the Top Ten reports available based on following attributes:

Top Applications based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, Botnet Blocks
Top Users based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, Botnet Blocks
Top Virus based on Sessions
Top Intrusions based on Sessions
Top Spyware based on Sessions
Top URL Ratings categories based on Sessions and Bytes
Top Initiator IP addresses based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, Botnet Blocks
Top Responder IP addresses based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, Botnet Blocks
Top Initiator Locations based on Sessions and Bytes
Top Responder Locations based on Sessions and Bytes
Top BWM Queues based on Queue type, Sessions and Bytes
Top Botnets based on Sessions and Bytes

You can choose and visualize this data from any given moment using the Start and End boxes and clicking the Refresh button. You can also choose either a specific time range in the past by indicating a Custom Range or by selecting a drop down menu selection for the last few hours, days, weeks, or months.

The Reports can be displayed in the following ways:

Table View -
Pie Chart View - Charts can be selected to either show total data or per entry. (For example, the Initiator IP tab by default shows the total sessions over time, total bytes over time, total intrusion over time, and so on.) You can also choose the same charts for individual IPs by selecting the Table view from the button bar at the top of the chart.

Drill-down options

To see additional data,
1
In the Top Apps response windows (shown in Pie Chart View), mouse-over any of the blue statistical data headings and click the heading of the data about which you would like additional drill-down information.

For the Table View, click the small magnifying glass.

2
Click the Reports icon in the pop-up dialog.

3
Click the Name, App name, Virus name, Intrusion name, or Spyware name to show additional details on the item.
4
Data can be sorted based on any column heading. Click the heading of the column you would like to sort. You can change the time period by clicking directly on the chart or by using the Start and End boxes and clicking the Refresh icon. You can also select an hourly, daily, weekly, or monthly range using the drop-down menu.

SWARM Report

A SWARM (SonicWall Application Risk Management Report) report is generated using the SonicFlow Report (SFR) data file.

This file can be exported by clicking “SWARM” in the top right corner of the following reports.

Flows > Dashboard Menu *

Flows > Reports Menu *

The Download Application Visualization Report dialog appears.

Click Download to receive the report of your network traffic between the dates you indicate.

Refer to the https://www.sonicwall.com/partners/swarm-report.aspx for detailed descriptions and steps on how to upload reporting data to MySonicWall.com and to produce a report in a PDF format.

 

Reports Menu

This provides a detailed view of reports that are similar to the Top Flow Dashboard reports described in Dashboard > Applications, but these reports are not limited to Top 10. You can get reports on the top 25, 50, 100, 150, 500, 1000, 5000, 10000, 25000, 50000, or unlimited incidents. In this section, you can sort the data displayed under any tab or column. Different tabs are provided to view individual data sets. You can also filter your data by configuring a text Filter String.

Reports > Applications

You can choose and visualize this data from any given moment (in the past) by clicking start and end points in the graph itself or by using the Start and End menus and clicking the Refresh icon. You can use the time drop-down menu to choose pre-configured hourly, daily, weekly, or monthly increments. You can also choose either a specific time range in the past by indicating a custom time or by selecting a moment from the last few hours, days, weeks, or months.

You can export all table reports into one file or download the currently active table into a single file, by clicking the Export icon.