en-US
search-icon

Email Security 9.0 Admin Guide

Reports and Monitoring

SonicWall Email Security allows you to view system status and data through the Reports & Monitoring screen. The Reports & Monitoring is comprised of four key segments:

Monitoring, which provides MTA status and monitoring
Reports, which provides many reports Email Security monitoring and tracking
DMARC Reporting, which provides DMARC reports and custom filtering.
Scheduled Reports, which describes how to schedule and customize reports

Monitoring

You can view statistics for the Email Security system or the mail transfer agent (MTA). You can also monitor the flow of email traffic passing through the Email Security system in real time. For a description of how to view and manage the various reports as well as the different monitoring methods available in Email Security, see the following sections:

Viewing and Managing the Monitoring Reports

Most of the reports shown in the Monitoring section can all be customized and the data managed in similar ways.

Customizing Data Table Formats

Most of the tables in the Reports & Monitoring can be customized by selecting which columns of data to show and what columns to omit.

To define the columns of data to display:
1
Go to any heading in a table and click on the down arrow to see the drop box.
2
Navigate to Columns to see what columns of data are available for that table.
3
Check the box by those columns you want to appear and uncheck the boxes you want to hide. The table reconfigures itself in response to each action.

Sorting

The columns in the data table can be sorted in sorted in ascending or descending order.

To sort a column:
1
Click in a the column you want to sort. A small arrowhead appears in the column. The arrowhead points up to indicate ascending order and down to indicate descending order.
2
Click in the column again to change the direction of the arrowhead. The data refreshes immediately to reflect the choice you made.

In the drop down menus for the column headings, you can also chose Sort Ascending or Sort Descending.

Search Filters

Search filters have been integrated into the reporting tool so you can show just part of the data. Filters can be applied to multiple columns, but not all columns have the option to be filtered. The filtering is performed directly on the data that's displayed.

To filter data in a column:
1
Select the down arrow next to the column title.
2
Highlight the Filter option.
3
Depending on the options provided, do one of the following:
Type in a string of text to filter on.
Choose one or more filters from a list of pre-populated options.

The results of any filtering are immediately shown in the data table.

System Status

The Monitoring > System Status window shows the live status of the Email Security system, including Remote Analyzers if you have a Split configuration. It also shows the status of connections with other systems that Email Security needs to communicate with. A green check icon indicates the system is functioning as expected, while a red X icon indicates the system is not. Click on the refresh button at anytime to refresh the data.

The lower part of the System Status table (the Control Center Status table in a Split configuration) shows system statistics, including the disk space used by the Junk Box, free disk space on the data drive, and free disk space on the install drive.

In a Split configuration, a subset of system status data is shown for the Remote Analyzers. You can see remaining hard disk space, replication status, replication queue size, and last time synchronized.

 
* 
NOTE: The System Status view cannot be customized or reconfigured.

MTA Status

The Monitoring > MTA Status page displays detailed status of the mail transfer agent (MTA) if any paths have been configured to act as MTAs. At the top of the page, the Total Messages in MTA Queues is shown as a link.

To see MTA Queue Detailed Info:
1
Click on the link for Total Message in MTA Queues. The MTA Queue Detailed Info displays.
2
Click on the Deliver All Queued Messages button if you want the MTA to attempt delivery right away.

This attempt may take a minute or so to complete, and it may not succeed for all messages. A delivery attempt temporarily empties the message queue, and undeliverable messages will eventually reappear in the queue.

3
Click the Refresh button if you want to see updated status.

The contents of the message queues change continually as messages pass through the MTA. The email messages displayed in this window represent the contents of the queue at a moment in time. Clicking the Refresh button cause the window to take another snapshot of the message queue. Refreshing the contents of the window does not affect mail flow.

MTA Totals by Host

The MTA Totals by Host section displays additional information about message totals sorted by host.

 

Host

This column shows the host names.

Service Status

MTA service on this device is on (green check icon) or off (red X icon)

Messages delivered in last hour

This column shows the number of messages delivered by the MTA in the last hour.

Messages in all queues

This column shows the sum of the messages in the queues of all the MTAs. If service status is off, it shows N/A.

Message recipients in all queues

This column shows the number of messages recipients in the queues of all the MTAs. Click on Show Detail to go to the MTA queue Detailed Info page. If service status is off, it shows N/A.

MTA Status on Inbound/Outbound Paths

If one or more paths are configured to act as MTAs, these two sections provide additional information about these paths. The columns and the values they represent are the same for each table:

 

Host

This column shows the host names.

(src/listen/dest))

src is the source IP contacting path; the IP address of a machine that is allowed to connect to and relay email through this path.

listen is the IP address and port on which this path listens for connections.

dest is the destination to which this path routes email.

Number of message recipients in queue

This column lists the number of messages in the queue if the path is an MTA. If it is a proxy, messages are not queued and this column will indicate N/A.

To see details about the messages in a queue, click the Show Details link for that queue. To see details for messages on a particular server, you must log in to the SonicWall appliance on that server.

Real-Time System Monitor

The Reports & Monitoring > Monitoring > Real-Time System Monitor page provides real-time information on the flow of email passing through the SonicWall Email Security system. The Message Throughput History graph shows the number of emails processed by this server per second. The Message Bandwidth History graph shows the total bandwidth used for email in bytes per second. The bandwidth is the sum of the sizes of all the messages passing through this SonicWall Email Security server per second.

Reports

Email Security provides a series of charts that summarizes data and system status so it can be viewed at a glance. Navigation and Data Customizing describes how to set up the displays and use the buttons.

The charts and data tables display statistics for the last 24 hours and are updated hourly. Similar reports can be grouped into collections based on the organization provided by Email Security, shown below, or you can put any report into any collection.

 
* 
NOTE: When you first log into Email Security, the default view is Reports & Monitoring > Reports > Dashboard.

Navigation and Data Customizing

On each of the views under Reports & Monitoring > Reports, buttons and tabs can be used to navigate the charts, customize the appearance, or manage the data.

Navigating

Use the following buttons to navigate the report collections:

 

Add Charts

Allows you to add charts to be displayed. Click on the down arrow to select the report category, and then click on the report name you want to add.

Save View

Saves the view after you configured or made adjustments to your settings.

Reset to Default View

Resets the report view to the default settings.

Customize

Opens Custom Reports page so you can define the parameters for any report displayed.

1
Select the report to customize.
2
Specify the date range for the report.
3
List the results in units of hours, days, weeks or months.
4
Specify which domains’ email is included in this report. Separate domains with a comma. If left blank, the report sows email sent to all domains.
5
Select delivery method. Choose Display to show data on the dashboard. Choose Email to send the report to someone and provide the email address for the report recipient.
6
If you selected Email to, provide the following information in the text fields:
Name from which report is sent
Email address from which report is sent
Subject
7
Select Generate This Report.

Refresh Reports

Refreshes the data in the charts.

Configuring Chart Formats

Each chart has options you can select to customize the presentation of the reports being displayed. Use the tabs across the top of the chart to set the format and contents as described below.

 

Chart arrangement:

Each of the charts can be moved up and down or left and right in the display. Simply drag-and-drop the chart wherever you want it.

Data style:

Select the data format you want. Each style is represented by a tab across the top of the chart.

Some data can be presented in Stacked Chart, Line Chart, or Table form.
Some data can only be presented in Bar Chart or Table form.

Time style:

Select one of the following tabs:

Hourly
Daily
Monthly

Zoom/undo zoom:

To zoom in on a segment of data in the chart, draw a box around the segment and the display adjusts to show only that portion of data.

Undo Zoom resets the normal view.

Miscellaneous buttons:

(You may need to scroll to the right at the top of each chart to see these tabs and buttons.)

 

The download arrow allow you to download the chart in PDF, JPEG, or CVS formats.

The double arrow head allows you to minimize the chart when arrows are pointing up and opens the chart when the arrows are pointing down.

The close (X) button closes the chart window and removes it from that view.

Managing Data

Some charts display several types of data in a single view. You can customize what data shows in the charts. Click on an item listed in the legend. That item becomes grayed out and the data is removed from the display. To restore that item to the chart or table, click on the grayed out item and the data is returned.

By default, Email Security retains 366 days of reporting information in the database. You can change this setting in System > Advanced and scroll to Other Settings. Set the number of days you want to retain report data in the appropriate field. Data is deleted when older the number you set. Lowering this number means less disk space is used, but you do not retain report data older than the number of days specified. If your organization's email volume is very high, you may want to consider lowering this number.

Dashboard

Reports & Monitoring > Reports > Dashboard summarizes Email Security at a glance. These charts are updated hourly and display the statistics for the last 24 hours. Click the Refresh Reports button to update the data in the reports with the most current data. Refer to Dashboard Reports for a description of the pre-defined reports that can be added to the dashboard.

 

Dashboard Reports

Report Name

Description

Inbound Good vs Junk

Displays the number of good messages versus junk messages received in an hour in inbound email traffic. Junk is comprised of spam, likely spam, phishing, likely phishing, viruses, likely viruses, policy events, directory harvest attacks (DHA), and rejected connections (CM). Rejected connections are those deliberately dropped by Email Security because of greylisting, IP reputation, and other features provided on the Connection Management page.

Inbound vs Outbound Email

Displays the number of inbound email messages compared to the number of outbound email messages. This chart is displayed only if the Outbound Module is licensed.

Junk Email Breakdown

Displays Junk email broken down into the following categories:

Spam (Spam and Likely Spam)
Phishing (Phishing and Likely Phishing)
Virus (Virus and Likely Virus)
Policy
Directory Harvest Attacks (DHA)
Connection Management (CM)
NOTE: The Junk Email Breakdown chart displays only those categories of junk email that are filtered by your organization.

Outbound Good vs. Junk

Displays the total number of outbound messages processed by Email Security along with the total number of junk messages and good messages.

Spam Caught

Displays the number of email messages that are definitely Spam compared to the number that are Likely Spam.

System Load Average (15 min)

Displays the system load as sampled every fifteen minutes. This chart increments in thousands of messages. Use this chart to judge your peak system load, and your loads through the day. If you are viewing a Remote Analyzer, this is one of the available charts.

System % Processor Time (15 min)

Displays what percentage of the processor is used, as sampled every fifteen minutes. This chart increments in processor percentage. Use this chart to judge whether you have sufficient processor power for your needs. If you are viewing a Remote Analyzer, this is one of the available charts.

Top Connecting IP Addresses

Displays what percentage of the processor is used, as sampled every fifteen minutes. This chart increments in processor percentage. Use this chart to judge whether you have sufficient processor power for your needs. If you are viewing a Remote Analyzer, this is one of the available charts.

Top Outbound Email Senders

Displays what percentage of the processor is used, as sampled every fifteen minutes. This chart increments in processor percentage. Use this chart to judge whether you have sufficient processor power for your needs. If you are viewing a Remote Analyzer, this is one of the available charts.

Top Spam Recipients

Displays the volume of spam received by the top 12 recipients in your organization.

Total Files Scanned

Shows the total number of files scanned each hour.

Anti-Spam Reports

Email Security provides the following reports specific to the category of Anti-Spam:

 

Anti-Spam Reports

Report Name

Description

Spam Caught

The Spam Caught report displays the number of messages filtered by SonicWall Email Security that are definitely Spam compared to the amount that are Likely Spam. This report also gives a percentage breakdown.

Top Spam Domains

The Top Spam Domains report presents the domains or IP addresses that send the most spam to your organization.

NOTE: This report only contains useful information if your Email Security server is running as “first touch.” If your server is not first touch, the IP addresses displayed are those of the server that routes mail to the Email Security server.

Top Spam Recipients

The Top Spam Recipients report lists the email addresses in your organization that receive the most spam.

Anti-Phishing Reports

Phishing messages are an especially pernicious form of fraud that use email with fraudulent content to steal consumers’ personal identity data and financial account credentials. This report displays the number of messages that were identified as Phishing Attacks and Likely Phishing Attacks.

Anti-Virus Reports

The Anti-Virus Report allows you to view the number of viruses detected by the SonicWall Email Security. Refer to Anti-Virus Reports for a description of pre-defined tables.

 

Anti-Virus Reports

Report Name

Description

Inbound Viruses Caught

The Inbound Viruses Caught report displays the number of viruses caught in inbound email traffic. The default is the Daily view.

Top Inbound Viruses

The Top Inbound Viruses report lists the names of the viruses that have been detected most often in inbound email traffic sent through Email Security and the amount of times each virus has been detected. The default is the Monthly view

Outbound Viruses Caught

The Outbound Viruses Caught report displays the number of viruses caught in outbound email traffic. The default is he Daily view.

Top Outbound Viruses

The Top Outbound Viruses report lists the names of the viruses that have been detected most often in outbound email traffic sent through Email Security and the amount of times each virus has been detected. The default is the Monthly view.

Anti-Spoof Reports

The Anti-Spoof Reports provide summary and details reports on the types of anti-spoof messages detected. Anti-Spoof Reports provides details on each report.

 

Anti-Spoof Reports

Report Name

Description

Likely Spoof Messages

Displays the total number of Likely Spoof messages caught in inbound email traffic.

Likely Spoof Message Breakdown

Shows the breakdown of the Likely Spoof messages according the categories used to detected them in the inbound email traffic.

SPF Breakdown

Shows the breakdown of Likely Spoof message that were detected using SPF parameters.

DKIM Breakdown

Shows the breakdown of Likely Spoof message that were detected using DKIM parameters.

DMARC Breakdown

Shows the breakdown of Likely Spoof message that were detected using SPF and DMARC parameters.

Capture ATP Reports

The Capture ATP Reports provides about the quantity and types of files scanned.

 

Capture ATP Reports

Report Name

Descriptions

Total Files Scanned

Shows the total number of files scanned each hour.

File Type Scanned

Shows how many of each type of file was scanned. Data is either shown in a pie chart or a table.

Malicious File Type

Shows how many of each kind of malicious file was scanned. Data is either shown in a pie chart or a table.

Encryption Service Reports

Encryption Service Reports show only one report: Outbound vs. Encrypted Email. This report displays the total number of outbound messages as compared to the number of messages sent as [SECURE] through the encryption service.

Policy Management Reports

Policy Management Reports group the reports that are relevant to policy filters in Email Security. Policy Management Reports describes each reports function.

 

Policy Management Reports

Report Name

Description

Inbound Policies Filtered

Displays the total number of inbound email messages that Email Security has filtered based on your configured policies.

Top Inbound Policies

Displays the policy filter names that are triggered most often in inbound email traffic.

Outbound Policies Filtered

Displays the total number of outbound messages that Email Security has filtered based on your configured policies.

Top Outbound Policies

Displays the policy filter names that are triggered most often in outbound email traffic.

Compliance Reports

The Compliance Reports groups various reports that are relevant to compliance in Email Security. Compliance Reports provides a description of each one.

 

Compliance Reports

Report Name

Description

Inbound Messages Decrypted

Displays the number of inbound messages decrypted relative to time.

Inbound Messages Archived

Displays the total number of inbound messages that were archived relative to time.

Top Inbound Approval Boxes

Lists the approval boxes in which inbound email messages sent through Email Security are stored most often. This report also displays the amount of messages that are stored in each approval box.

Outbound Messages Encrypted

Displays the number of outbound messages encrypted relative to time.

Outbound Messages Archived

Displays the total number of outbound messages that were archived relative to time.

Top Outbound Approval Boxes

Lists the approval boxes in which outbound email messages sent through Email Security are stored most often. This report also displays the amount of messages that are stored in each approval box.

Directory Protection

SonicWall Email Security provides protection against directory attacks. The directory protection reports described in Directory Protection Reports give more information on the directory attacks targeted towards your organization.

 

Directory Protection Reports

Report Name

Description

Number of Directory Harvest Attacks

Displays the number of messages with invalid email addresses that were sent to your organization. If this number is large, your organization may be experiencing one or more Directory Harvest Attacks in which spammers try to harvest a list of all your email addresses. The default is the Daily view.

Top DHA Sending Domains

Shows the IP addresses from which the most frequent Directory Harvest Attacks originate and the number of invalid recipient addresses in those attacks. The default is the Monthly view.

 

Connection Management Reports

Email Security provides connection management to reduce the traffic your system must analyze and automatically rejects connections from bad IP addresses. The pre-configured reports grouped in Connection Management Reports shows comparisons of the data processed through the connection management features.

 

Connections Management Reports

Report Name

Description

Allowed vs Blocked Connections

Reports the number of SMTP connections that were allowed versus those that were blocked, deferred, or throttled as a result of the Connection Management settings. The default is the Daily view.

Blocked Connections Breakdown

Categorizes the SMTP connections that have been acted upon as a result of the Connection Management settings. The categories are:

REPTN (Grid Network IP Reputation)
Blocked
Deferred
Greylisted
TCNXN (throttled based on connection)
TMSGS (throttled based on message)
TRCPT (throttled based on recipient commands)

The default is Daily view.

Greylisted Connections

Displays the number of SMTP connections that were blocked due to the Greylisting component of your Connection Management settings versus the number of connections that were later retired and allowed. The default is Daily view.

Top Spam Countries

Lists the countries that the most spam comes from and the volume of connections for each.

Performance Metrics

The Reports & Monitoring > Reports > Performance Metrics page provides real-time system information on the SonicWall Email Security system. Performance monitoring allows administrators to monitor various metrics over a selectable period of time (Last Hour, 1 Day, or 7 Days). The charts and data can be downloaded for sharing.

The various system performance reports are described in Performance Metrics Reports. The reports are listed in the order that they appear on the drop down menu.

 

Performance Metrics Reports

Report Name

Description

% Processor Time

The percentage of elapsed time that all process threads used to execute instructions.

Handle Count

The total number of handles this process currently has open. This number is the sum of the handles currently open by each thread in this process.

Private Bytes (kB)

Private Bytes is the current size, in kilobytes, of memory that this process has allocated which cannot be shared with other processes.

Thread Count

The number of threads currently active in this process. Every running process has at least one thread.

Virtual Bytes (kB)

The current size, in kilobytes, of the virtual address space the process is using. Use of virtual address space does not imply corresponding use of either disk or main memory pages. Virtual space is finite, and the process can limit its ability to load libraries.

% Disk Time

The percentage of elapsed time that the selected disk drive was busy servicing read or write requests.

% IO Wait Time

The percentage of elapsed time that all processes are in a wait state before starting the next action.

% Idle Time

The percentage of elapsed time that all processes are sitting in a state of idle and experiencing no amount of performance load.

Available Byte (kB)

The amount of physical memory available to processes running on the computer. This is calculated by adding the amount of space on the Zeroed, Free, and Standby memory lists.

Avg Load 1 min

The average system load, over time, measured in 1 minute intervals.

Avg Load 15 min

The average system load, over time, measured in 15 minute intervals.

Avg Load 5 min

The average system load, over time, measured in 5 minute intervals.

Avg Disk Bytes/Transfer

The time, in seconds, of the average disk transfer. The default is shown as a stacked line chart over time.

Avg Disk Queue Length

The average number of read and write requests queued for the selected disk during the sample interval. The default is shown as a stacked line chart over time.

Buffer Bytes (kB)

The amount of memory available for buffering before data transfer.

Cache Bytes (kB)

The sum of the Memory\\System Cache Resident Bytes, Memory\\System Driver Resident Bytes, Memory\\System Code Resident Bytes, and Memory\\Pool Paged Resident Bytes counters. The default is shown as a stacked line chart over time.

Committed Bytes (kB)

The amount of committed virtual memory. Committed memory is the physical memory which has space reserved on the disk paging file(s). Each physical drive can have one or more paging files.

Connection Failures

The number of times TCP connections have made a direct transition to the CLOSED state from the SYN-SENT state or the SYN-RCVD state, plus the number of times TCP connections have made a direct transition to the LISTEN state from the SYN-RCVD state.

Connections Established

The number of TCP connections for which the current state is either ESTABLISHED or CLOSE-WAIT.

Connections Reset

The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state.

Install Dir Free Space

The amount of free space available in the Install directory.

Segment Retransmitted/sec

The rate at which segments are retransmitted, that is, segments transmitted containing one or more previously transmitted bytes.

Segments/sec

The rate at which TCP segments are sent or received using the TCP protocol.

Swap Available Bytes (kB)

The amount of space that is available for swap space.

Queue Size

The number of message waiting in MTA queue. For this statistic to have a value, Email Security should have been set up in MTA (i.e., SmartHost) mode.

User Statistics

The User Statistics are presented as a function of the number of users per domain or organization. With it, you can determine if all these users are license compliant. The following views are available for selection:

Domain Person vs. Group Email Addresses
Domain Primary vs. Alias Email Addresses
Organization Person vs. Group Email Addresses
Organization Primary vs. Alias Emails Addresses

DMARC Reporting

In the Reports & Monitoring > DMARC Reporting section, you can define DMARC reports by either date range or filer. You can also configure known networks for filtering DMARC reports.

DMARC Reports

When the Email Security Mail Server plays the role as email sender and RUA receiver, it extracts and aggregates daily RUA files from the email receiver and from RUA providers, such as Google, Yahoo, etc. The DMARC Reporting Scheduler then imports the RUA files hourly into its database.

 
* 
NOTE: To receive reports, configure RUA address under the Anti-Spoofing command. Refer to Anti-Spoofing for more information.
To generate a DMARC report:
1
Navigate to Reports & Monitoring > DMARC Reports > DMARC Reports.
2
Choose a Date Range using one of the following methods:
Select Last and choose a pre-defined option from the drop down menu. Choices range from 1 to 21 days.
Select Start Date and enter a Start date and End date from the pop up calendars.
3
Choose the filters for the report. You can select available filters from the Apply Filters drop down menu or you can build a new filter by selecting Filter. Refer to New Filters for more information about building a new filter.
4
Select the report type from the Select Report drop down menu. The options include:
DMARC Statistic Report (Graphic Chart)
DMARC Master Detail Report
Source IP Aggregation Report
Source IP and Known Network Aggregation Report
Provider Aggregation Report
Source IP and Provider Aggregation Report
5
Click on the Generate button to generate the report. Reports are shown in a window below the 'Set Filters' section.
6
Click Download PDF to download a PDF report once the HTML report is generated. The PDF report name includes the Report Name and a time stamp.

All reports can be rendered in HTML format and downloadable PDF file. (HTML reports allow you to mouse over 'Alignment' value to see alignment reason description.)

 
* 
NOTE: You should enter the IP addresses of 'my server' on the 'Configure Known Networks' page before users (admin or manager role) view DMARC Reports because it retrieves reports data associated with those IP addresses by default.

The statistics report displays either horizontally or vertically, depending on the date range. If days of selected date range are less than 15 days, three (3) bar charts will be horizontally display. If the date range is greater than 15 days, the bar charts display vertically. For tabulated reports, scrolling the mouse over the 'Alignment' value displays the Alignment Reason. For example, if the 'Alignment' is 'No', moving the mouse over this 'No' makes the Title Box show: “No DKIM and SPF is passed, On SPF Relaxed, SPF Organization Domain(sina.com) Not Matched From Header Domain(sonicwall.com)” This informational message can be useful for DMARC troubleshooting.

New Filters

You can define a new filter to use for the DMARC reports. This filter then becomes an option for filtering the DMARC Report database.

To build a new filter:
1
Navigate to Reports & Monitoring > DMARC Reports > DMARC Reports.
2
Click on the Filter button to create a new filter. (If a filter already exists, clicking this button allows you to edit the filter.) The Set Filter page opens.
3
Define the parameters of the filters using the conditions provided.
a
Select one of the Condition Names from the left.
b
Select the operator for how the data isacted upon. For example, you might chose between include and exclude or mathematical operators like == (equals) and != (not equals).
c
In the right column, Select or Input Values. Values are automatically provided for some Condition Names, but you need to type in the values you want if none are provided.
d
Click OK to exit the Set Filter pages.
4
Click Save to save the newly configured settings.

Other buttons are available to help you manage the filters. They include:

 

Clear

Clears all settings of the current filter.

Delete

Deletes a selected filter.

Bullet icons

Represents a filter condition. Click the icon to open the Set Filter dialog box, or click the small 'x' icon to delete the condition from the filter.

Configure Known Networks

Configure Known Networks is a specific filter for DMARC reports. The Add button allows you to create new server groups by adding IP addresses and associating them to a Server Group Label you define. The Server Group Labels my servers and external trusted servers can be edited, but you are not allowed to delete them. They are system defined and are typically used as follows:

 

my servers

Usually made up of the list of company-owned IP addresses

external trusted servers

Lists the IP addresses of company-trusted external servers and customers

To add a Server Group Label:
1
Navigate to Reports & Monitoring > DMARC Reports > Configure Known Networks.
2
Select Add.
3
Type the label name in Server Group label field.
4
Enter the IP addresses of the servers you want to include in that group. If listing multiple servers, put each on a separate line.
5
Select Add to save the group.
To edit a Server Group Label:
1
Select Edit on the line next to the group label you want to edit.
2
Edit or remove the IP addresses that you want to change.
3
Select Add to save the changes.
To delete a Server Group Label:
1
Select Delete on the line next to the group label you want to remove.
2
Click Yes to confirm that you want to delete that Server Group Label.
To export the Known Networks file:
1
Click on Export. The file is downloaded locally.
To import the Known Networks file:
1
Set up the file prior to importing it.

Email Security only supports importing XML files. If starting new, use the following template as a sample to create the file correctly. The sample is also listed in the help file by navigating through these steps: Reports & Monitoring > DMARC Reports >Configure Known Networks > Export > Help

 
* 
NOTE: “my servers” and “external trusted servers” are required even there are no IP data for them.

-------------------------------------------XML sample data------------------------------------------------------

<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<known_networks date="20140224232207" lastupdatedby="xxxxx" writeversion="1">

<known_network name="my servers">
<ipaddress>204.14.232.70</ipaddress>
<ipaddress>209.167.231.144</ipaddress>
</known_network>

<known_network name="external trusted servers">
<ipaddress>204.14.232.70/24</ipaddress>
<ipaddress>209.167.231.144</ipaddress>
</known_network>

<known_network name="saiyer server">
<ipaddress>10.20.202.12</ipaddress>
<ipaddress>209.85.220.175</ipaddress>
<ipaddress>216.82.243.196</ipaddress>
</known_network>

<known_network name="bhuvan server">
<ipaddress>10.223.232.43</ipaddress>
<ipaddress>195.229.241.85</ipaddress>
<ipaddress>2001:558:fe14:43:76:96:62:16</ipaddress>
<ipaddress>209.167.231.144</ipaddress>
<ipaddress>209.167.231.144/24</ipaddress>
<ipaddress>67.115.118.12</ipaddress>
<ipaddress>67.115.118.12/24</ipaddress>
<ipaddress>67.115.118.12/32</ipaddress>
</known_network>

<known_network name="jzhang servers">
<ipaddress>10.202.202.43</ipaddress>
<ipaddress>195.229.241.85</ipaddress>
<ipaddress>2001:558:fe14:43:76:96:62:16</ipaddress>
<ipaddress>209.167.231.144/24</ipaddress>
<ipaddress>67.115.118.12</ipaddress>
<ipaddress>67.115.118.12/32</ipaddress>
</known_network>
</known_networks>

--------------------------------------XML sample data---------------------------------------------------------

2
Navigate to Reports & Monitoring > DMARC Reports >Configure Known Networks.
3
Select Import.
4
Select one of the following modes:
Merge mode only imports the data that differs from the current data.
Overwrite mode replaces the current data with the data in the importing XML files. You will be asked to confirm that you want to overwrite current data.
5
Select Browse... and navigate to the new XML file you want to import.
6
Click on Import.

Scheduled Reports

Email Security allows you to schedule email delivery of reports. You can choose the type of report, a time span the data covers, the list of recipients, and so forth.

Data in scheduled reports is displayed in the time zone of the server on which Email Security stores email data (either an All in One or a Control Center), just like the reports in the Reports & Monitoring section. Scheduled report emails are sent according to the time zone on that system as well.

To add a a scheduled report:
1
Select the Add New Scheduled Report button. A dialog window displays where you can specify the following settings:
2
Select Which report from the drop down list.
3
Select Frequency of report email from the drop down list. Options range from 1 Day to 30 Days.
4
For Time of day to send report, select one of the following options:
Any time of day
Within an hour of [choose time from drop down menu].
5
For Day of week to send report, select one of the following:
Any day of the week
Send report on [choose day from drop down menu].
6
Select Language of report email.
7
Select Report has data for the last [choose time period from drop down menu]. Options range from 1 Day to 180 Days.
8
For Report lists results by, choose for the results to be listed by the Hour or by the Day.
9
Choose the Report Format: JPEG, CSV, or PDF.
10
Type the Name from which report is sent.
11
Type in the Email Address From Which Report is Sent.
12
Type in the email addresses for the Recipients of Report Email. Separate multiple email addresses with a comma.
13
Type in the domains for the field Reports shows email sent to these domains. Separate multiple domains with a comma. If left blank, the report will show email sent to all domains.
14
Specify the Report Name.
15
Select Save Scheduled Report when finished.