Analytics On-Prem vs NSM Feature Matrix

Description

As part of the retirement of SonicWall Analytics (On-Prem), this guide helps you understand how core features carry forward into Network Security Manager (NSM). Use the Summary View for a quick overview of the primary feature mappings, and the Detailed View for a comprehensive, side-by-side comparison of all Analytics On-Prem capabilities within NSM.
Summary View:

Feature

Analytics - Flow

Analytics - Syslog

NSM - Reporting and Analytics

Architecture and Deployment options

 

Architecture

Legacy Architecture with limited scalability

Legacy Architecture with limited scalability

Micro Service based multi node scalable Architecture

Deployment options

On-premised deployment Only

On-premise deployment Only

On-premise and SaaS deployment

Zero Touch Provisioning

No

No

Yes

Multi Tenancy

No

No

Yes

HIgh Availability

No

No

On-premise (supported for firewall management), SaaS (99.999 % availability)

Supported Hypervisors

(for on-prem deployment)

ESXi, Hyper-V and Azure

ESXi, Hyper-V and Azure

ESXi, Hype-V, KVM, Azure

Firewall Log format

Flow or IPFIX

Syslog

Flow or IPFIX

Administration

 

Role Base Access Control (RBAC)

No

No

Yes

Multi-factor

Authentication (MFA)

No

No

Yes

Automation

 

REST API

No

No

Yes

Supported Firewall Models

 

Firewall Models

Gen 6 and Gen 7

Gen 6 and Gen7

Gen 6 (SaaS only, for reporting and analytics), Gen 7 and Gen 8 Firewalls

 

Feature

Analytics - Flow

Analytics - Syslog

NSM - Reporting and Analytics

Reports

 

 

Live Monitor

Available

Not Available

Available

Live Reports

Available

Not Available

Available

Tenant and Group Level Reports

Partial

Partial

Complete (All reports reports are available at tenant, group and firewall level)

Productivity

Dashboard and

Reports

Not Available

Not Available

Available

VPN Activity

Dashboard and

Reports

Not Available

Not Available

Available

Firewall Up Time Summary Report

Not Available

Available

Available

Firewall Interface Status Report

Not Available

Not Available

Available

Summary Report

Available

Available

Available

Detailed Reports

Available

Available

Available

Schedule Reports

Management - Available

CTA - Available

Traffic Reports - Available

Live Reports - Available

Management - Available

CTA - Not Available

Traffic Reports - Available

Live Report - Not Available

Management - Available

CTA - Available

Traffic Reports - Available

Live Report - Not Available

Custom Reports

Not Available

Available

(Based on filtering criteria of existing reports)

Available

(Extend reporting ability to create new reports )

Report Templates

Available

Available

Available

Capture ATP

Not Available

Available (per device)

Available (Firewall View)

 

Feature

Analytics - Flow

Analytics - Syslog

NSM - Reporting and Analytics

Analytics and Logs

 

 

 

Tenant and Group Level Analytics

Not Available

Not Available

Available

Analytics - log view

Available

Available

Available

Analytics - Group/list view

Available

Not Available

Available

Analytics - Graph View

Available

Not Available

Available

System Logs

Not Available

Available (Partial)

Available

Authenticaton Logs

Not Available

Not Available

Available

Attack Logs

Not Available

Not Available

Available

Change Logs

Not Available

Not Available

Available

Alerts and Notifications

 

 

 

Firewall Level

Reporting and

Analytics Alerts

Not Available

Not Available

Available

Centralized

Reporting

Dashboard

 

 

 

Dashboard

Partial (only firewall level)

Not Available

Tenant level dashboard

Licensing

 

 

 

License Model

License based on per day ingested log volume and storage capacity

Per firewall and firewall model based licensing

7 days reporting and analytics is available with APSS firewall security services license. Add-on license for 7 days (SaaS only), 30 days (SaaS only), 90 days (SaaS only) and 365 days of reporting and analytics

Firewall Management

Not Available

Not Available

Includes Comprehensive Firewall Management

 

Detailed View:

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and Analytics

Architecture and Deployment options

 

 

Architecture

Legacy Architecture with limited scalability

Legacy Architecture with limited scalability

Micro Service based multi node scalable Archietcture

Deployment options

On-premised deployment Only

On-premise deployement Only

On-premise and SaaS deployment

Supported

Hypervisors (for on-prem deployments)

ESXi, Hyper-V and Azure

ESXi, Hyper-V and Azure

ESXi, Hype-V, KVM, Azure

Zero Touch Provisioning

No

No

Yes

Multi Tenancy

No

No

Yes

High Availability

No

No

On-premise (supported for firewall

management), SaaS (99.999 %

availability)

Firewall Log format

Flow or IPFIX

Syslog

Flow or IPFIX

Administration

 

 

Role Base Access Control (RBAC)

No

No

Yes

Multi-factor

Authentication

(MFA)

No

No

Yes

Automation

 

 

REST API

No

No

Yes

Supported Firewall Models

 

 

Firewall Models

Gen 6 and Gen 7

Gen 6 and Gen7

Gen 6 (SaaS only, for reporting and analytics), Gen 7 and Gen 8 Firewalls

 

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and Analytics

Reports

Flow Analytics does not aggregate report data across group firewalls or tenants. It supports only firewall-level reports

Syslog Analytics supports report data aggregation across device groups only for selected reports

NSM supports aggregated summary and detail reports at the tenant and device group levels. All reports are available at the tenant, group, and firewall levels.

Application Report

Report Name - Application 

Report Data Aggregation -

Firewall Report

Report Columns - Name,

connections, threat blocked, total bytes, total blocked, virus, intrusions, spyware, botnet blocked, ACR blocked,Geo-IP blocked, CFS blocked, Data

Sent, Data Received, App

Rule Blocked, actions

Report Name - Application

Report Data Aggregation - Group

Report

Report Columns- Appliance Name, connections, transferred

Report Name - Application Data Usage

Report Data Aggregation - Firewall

Report

Report Columns - Application, Threat Level, Connection,  Transferred

Report Name - Application Detected

Report Data Aggregation - Firewall

Report

Report Columns - Application, Threat Level, Events

Report Name - Application Blocked

Report Data Aggregation - Firewall

Report

Report Columns - Application, Threat level, Events

Report Name - Application Categories

Report Data Aggregation - Firewall

Report

Report Columns - Application

Categories, Events, Transferred

Report Name - Application Initiator

Report Data Aggregation - Firewall

Report

Report Columns - Initiator IP, Initiator Host, User, Events, Transferred

Report Name - Application Timeline

Report Data Aggregation - Firewall

Report

Report Columns - Time, Events,

Transferred

Report Name - Application

Report Data Aggregation - Tenant,

Group, and Firewall

Report Columns - Application

Name, Connections, Percentage Detail Report Columns - Name,

connection, data transferred, total blocked, Virus, Intrusions, spyware, botnet blocked, ACR blocked, Geo IP

Blocked, CFS blocked, Data Send, Data Received, App rule blocked

Report Name - Applications

Categories

Report Data Aggregation - Tenant,

Group, and Firewall

Summary Report Column - App

Categories Name, Connections,

Percentage

Detail Report Columns - Name,

Connections, Total Data

Transferred, Total Blocked, Virus,

Intrusions, Spyware, Botnet Blocked,

ACR Blocked, Geo-IP Blocked,

Threats blocked, CFS Blocked, Data

Send, Data Received, App Rule

Blocked

Report Name - Applications Risk

Report Data Aggregation - Tenant,

Group, and Firewall

Summary Report Column - App

Risk Name, Connections,

Percentage

Detail Report Columns - Name,

Connections, Total Data

Transferred, Total Blocked, Virus,

Intrusions, Spyware, Botnet Blocked,

ACR Blocked, Geo-IP Blocked,

Threats blocked, CFS Blocked, Data

Send, Data Received, App Rule

Blocked

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and Analytics

Application Report

Report Name - Application 

Report Data Aggregation -

Firewall Report

Report Columns - Name,

connections, threat blocked, total bytes, total blocked, virus, intrusions, spyware, botnet blocked, ACR blocked,Geo-IP blocked, CFS blocked, Data

Sent, Data Received, App

Rule Blocked, actions

Report Name - Application

Report Data Aggregation - Group

Report

Report Columns- Appliance Name, connections, transferred

Report Name - Application Data Usage

Report Data Aggregation - Firewall

Report

Report Columns - Application, Threat Level, Connection,  Transferred

Report Name - Application Detected

Report Data Aggregation - Firewall

Report

Report Columns - Application, Threat Level, Events

Report Name - Application Blocked

Report Data Aggregation - Firewall

Report

Report Columns - Application, Threat level, Events

Report Name - Application Categories

Report Data Aggregation - Firewall

Report

Report Columns - Application

Categories, Events, Transferred

Report Name - Application Initiator

Report Data Aggregation - Firewall

Report

Report Columns - Initiator IP, Initiator Host, User, Events, Transferred

Report Name - Application Timeline

Report Data Aggregation - Firewall

Report

Report Columns - Time, Events,

Transferred

Report Name - Application

Signatures

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Column - App

Signature Name, Connections,

Percentage

Detail Report Columns - Name,

Connections, Total Data

Transferred, Total Blocked, Virus,

Intrusions, Spyware, Botnet Blocked,

ACR Blocked, Geo-IP Blocked,

Threats blocked, CFS Blocked, Data

Send, Data Received, App Rule Blocked

Report Name - Application

Technology

Report Data Aggregation - Tenant,

Group, and Firewall

Summary Report Column - App

Technology Name, Connections,

Percentage

Detail Report Columns - Name,

Connections, Total Data

Transferred, Total Blocked, Virus,

Intrusions, Spyware, Botnet Blocked,

ACR Blocked, Geo-IP Blocked,

Threats blocked, CFS Blocked, Data

Send, Data Received, App Rule Blocked

Report Name - App Class

Report Data Aggregation - Tenant,

Group, and Firewall

Summary Report Column - App

Class Name, Connection,

Percentage

Detail Report Columns - Name,

Connections, Total Data

Transferred, Total Blocked, Virus,

Intrusions, Spyware, Botnet Blocked,

ACR Blocked, Geo-IP Blocked,

Threats blocked, CFS Blocked, Data

Send, Data Received, App Rule

Blocked

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS -

Reporting and Analytics

Web

Activities

Report

Report Name - Web

Categories

Report Data

Aggregation - Firewall

Report

Report Columns Name, connections

Report Name - Web Activity Summary

Report Data Aggregation - Group Report

Report Columns - Appliance Name, Hits, Transferred

Report Name - Web Activity - Top Categories

Report Data Aggregation - Group and Firewall Report

Report Columns - Category, Browse Time, Hits, Transferred

Report Name - Web Activities - Category Details

Report Data Aggregation - Group Report

Report Columns - Category, Browse time, Hits, Transferred

Report Name - Websites

Report Data Aggregation - Firewall Report

Report Columns - Site IP, Site Name, Category, Browse Time, Hits, Transferred

Report Name - Initiators

Report Data Aggregation - Firewall Report

Report Columns - Initiator IP, Initiator Host, Initiator

MAC, Browse Time, Hits, Transferred

Report Name - Timeline

Report Data Aggregation - Firewall Report

Report Column - Time, Browse Time, Hits, Transferred

Report Name - Details

Report Data Aggregation - Firewall Report

Report Column - Time, Browse Time, Hits Transferred

Report Name - Web Categories

Report Data Aggregation Tenant, Group, and Firewall

Summary Report Columns -

Web Category Name,

Connections, Percentage

Detail Report Columns - name,

connections, total data transferred, total blocked, virus, intrusions, spyware, botnet blocked, ACR blocked, Geo-IP blocked, CFS blocked, Data sent,

Data received, App rule blocked,

Threats blocked

Report Name - Websites

Report Data Aggregation Tenant, Group, and Firewall

Summary Report Columns Website Name, Connection,

Percentage

Detail Report Columns - name,

connections, total data transferred, total blocked, virus, intrusions, spyware, botnet blocked, ACR blocked, Geo-IP blocked, CFS blocked, Data sent,

Data received, App rule blocked,

Threats blocked

Web Filter Report

Not Available

Report Name - Web Filter Summary

Report Data Aggregation - Group Report

Report Columns - Appliance Name, Attempts

Report Name - Web Filter Top Categories

Report Data Aggregation - Group, Firewall Report

Report Columns - Category, Hits

Report Name - Web Filter Category Details

Report Data Aggregation - Group Report

Report Columns - Category, Hits

Report Name - Websites

Report Data Aggregation - Firewall Report

Report Columns - Site IP, Site Name, Category,

Attempts

Report Name - Initiators

Report Data Aggregation - Firewall Report

Report Columns - Initiator IP, Initiator Host, User, Attempts

Report Name - Timeline

Report Data Aggregation - Firewall Report

Report Column - Time, Attempts

Available via custom report

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS -

Reporting and Analytics

VPN Usage Report

Not Available

Report Name - VPN Usage - Summary

Report Data Aggregation -Group Report

Report Column - Appliance Name, Connections, Transferred

Report Name - VPN Usage - Policies

Report Data Aggregation -Firewall Report

Report Column - VPN Policies, Connections, Transferred

Report Name - VPN Usage - Initiators

Report Data Aggregation -Firewall Report

Report Column - Initiator IP, Initiator Host,

User, Connections, Transferred

Report Name - VPN Usage - Services

Report Data Aggregation -Firewall Report

Report Column - Services, Connection, Transferred

Report Name - VPN Usage - Timeline

Report Data Aggregation -Firewall Report

Report Column - Time, Connection, Transferred

Report Name - Source VPN

Report Aggregation - Tenant, Group, and Firewall Report

Summary Report Columns -

Source VPN Name,

Connections, Percentages Detail Report Columns name, connections, total data transferred, total blocked, virus, intrusions, spyware, botnet blocked, ACR blocked, Geo-IP blocked, CFS blocked, Data sent, Data received, App rule blocked, Threats blocked

Report Name - Destination VPN

Report Aggregation - Tenant,

Group, and Firewall Report

Summary Report Columns -

Destination VPN Name,

Connections, Percentages Detail Report Columns name, connections, total data transferred, total blocked, virus, intrusions, spyware, botnet blocked, ACR blocked, Geo-IP blocked, CFS blocked, Data sent, Data received, App rule blocked, Threats blocked

Report Name -Threats

Report Data Aggregation -

Firewall Report

Report Columns - Name,

Detected, Blocked, Actions

Report Name - Threats - Summary

Report Data Aggregation -Group Report

Report Column - Appliance Name, Attempts

Report Name - Threats

Report Data Aggregation Tenant, Group, and Firewall

Report

Summary Report Column Threat Name, Connection,

Percentage

Detailed Report Column Name, Threat Type, Count,

Connections, Blocked

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS -

Reporting and Analytics

VPN Usage Report

Report Name - Viruses

Report Data Aggregation -

Firewall Report

Report Columns - Name,

Connection, Blocked, Actions

Report Name - Gateway Viruses - Summary

Report Data Aggregation -Group Report

Report Column - Appliance Name, Blocked Events

Report Name -Gateway Virus - Top Blocked

Report Data Aggregation -Group Report Report Column - Virus, Action, Event

Report Name - Gateway Virus - Blocked Details

Report Data Aggregation -Group Report Report Column - Virus, Action, Events

Report Name - Gateway Viruses - Blocked

Report Data Aggregation -Firewall Report Report Column - Virus, Action, Events

Report Name - Gateway Viruses- Targets

Report Data Aggregation -Firewall Report

Report Column - Target IP, Target Host, Events

Report Name - Gateway Viruses- Initiators

Report Data Aggregation -Firewall Report

Report Column - Initiator IP, Initiator Host, User, Events

Report Name - Gateway Viruses- Timeline

Report Data Aggregation -Firewall Report

Report Column - Time, Events

Report Name - Viruses

Report Data Aggregation Tenant, Group, and Firewall

Summary Report Columns -

Virus Name, Connections Detail Report Columns name, connections (count, percentage), blocked

Report Name - Viruses -

Family

Report Data Aggregation Tenant, Group, and Firewall

Summary Report Columns Virus Family Name,

Connections

Detail Report Columns name, connections (count, percentage), blocked

Report Name - Viruses  -

Category

Report Data Aggregation Tenant, Group, and Firewall

Summary Report Columns Virus Category Name,

Connections

Detail Report Columns name, connections (count, percentage), blocked

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and

Analytics

Intrusions Report

Report Name -

Intrusions

Report Data

Aggregation - Firewall

Report

Report Columns Name, Connection,

Blocked, Actions

Report Name - Intrusions - Top Detected

Report Data Aggregation -Group Report

Report Column - Intrusion Name, Events

Report Name -Intrusions - Detected Details

Report Data Aggregation -Group Report

Report Column - Intrusion Name, Events,

Target IP, Target Host, Initiator IP, Initiator Host, Events

Report Name - Intrusions - Detected

Report Data Aggregation -Firewall Report

Report Column - Intrusion, Priority Threat, Events

Report Name - Intrusions - Blocked

Report Data Aggregation -Firewall Report

Report Column - Intrusion, Priority Threat,

Events

Report Name - Intrusions- Targets

Report Data Aggregation -Firewall Report

Report Column - Target IP, Target Host, Events

Report Name - Intrusions- Initiators

Report Data Aggregation -Firewall Report

Report Column - Initiator IP, Initiator Host, User, Events

Report Name - Intrusions- Timeline

Report Data Aggregation -Firewall Report

Report Column - Time, Events

Report Name -Intrusions

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Columns - Name,

Connections

Detail Report Columns - name, connections (count, percentage), blocked

Report Name - Intrusions - Family

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Columns - Intrusions

Family Name, Connections

Detail Report Columns - name, connections (count, percentage), blocked

Report Name - Intrusions  - Category Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Columns - Intrusions

Category Name, Connections Detail Report Columns - name, connections (count, percentage), blocked

Report Name - Intrusions  - Priority Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Columns - Priority

Name, Connections

Detail Report Columns - name, connections (count, percentage), blocked

Report Name -

Spyware

Report Data

Aggregation - Firewall

Report

Report Columns Name, Connection,

Blocked, Actions

Report Name - Spyware - Detected

Report Data Aggregation -Firewall Report

Report Column - Spyware, Priority, Events

Report Name - Spyware - Blocked

Report Data Aggregation -Firewall Report

Report Column - Spyware, Priority Threat, Events

Report Name - Spyware- Targets

Report Data Aggregation -Firewall Report

Report Column - Target IP, Target Host, Events

Report Name - Spyware- Initiators

Report Data Aggregation -Firewall Report

Report Column - Initiator IP, Initiator Host, User, Events

Report Name - Spyware- Timeline

Report Data Aggregation -Firewall Report

Report Column - Time, Events

Report Name -Spyware

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Columns - Spyware

Name, Connections

Detail Report Columns - name, connections (count, percentage), blocked

Report Name - Spyware - Family

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Columns - Spyware

Family Name, Connections

Detail Report Columns - name, connections (count, percentage), blocked

Report Name - Spyware  - Category Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Columns - Spyware

Category Name, Connections Detail Report Columns - name, connections (count, percentage), blocked

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and

Analytics

 

Report Name - Botnet

Report Data

Aggregation - Firewall

Report

Report Columns Name, Connection,

Botnet Blocked,

Actions

Report Name - Botnet - Initiators

Report Data Aggregation -Firewall Report

Report Column - Initiator IP, Initiator Country, Initiator Host, Events

Report Name - Botnet - Responder

Report Data Aggregation -Firewall Report

Report Column - Target IP, Responder

Country, Target Host, Events

Report Name - Botnet- Attacks

Report Data Aggregation -Firewall Report

Report Column - Botnet IP, Threat, Severity,

Country, Active, URL, Events

Report Name - Botnet- Timeline

Report Data Aggregation -Firewall Report

Report Column - Time, Events

Report Name - Botnet

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Column - Botnet,

Blocked Connection

Detail Report Columns - Name,

Connections (count)

Attacks Report

Not Available

Report Name - Attacks - Attempts

Report Data Aggregation -Firewall Report

Report Column - Attack, Events

Report Name - Attacks - Targets

Report Data Aggregation -Firewall Report

Report Column - Target IP, Target Host, Target Mac, Events

Report Name - Attacks - Initiators

Report Data Aggregation -Firewall Report

Report Column - Initiator IP, Initiators Host,

Initiators Mac, Users, Events

Report Name - Attacks- Timeline

Report Data Aggregation -Firewall Report

Report Column - Time, Events

Report Name - Attacks

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Column - Name, Events

Detail Report Columns - Name, Events,

Received Bytes, Transferred Bytes,

Received Packets, Transferred Packets

Report Name - Flood Protection

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Column - Name, Events

Detail Report Columns - Name, Events,

Received Bytes, Transferred Bytes,

Received Packets, Transferred Packets

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and

Analytics

Sources Report

Report Name - Sources

Report Data Aggregation

- Firewall Report

Report Columns -

Name, Connection, Total

Bytes, Total Blocked,

Virus, Intrustion,

Spyware, Botnet

Blocked, ACR blocked,

Geo-IP blocked, Actions

Not Available

Report Name - Sources

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Column - Source Name,

Connections

Detail Report Columns - Name,

Connections, Total Data Transferred, Total

Blocked, Virus, Intrusions, Spyware, Botnet Blocked, ACR Blocked, Geo-IP Blocked,

Threats blocked, CFS Blocked, Data Send,

Data Received, App Rule Blocked

Source Location Report

Report Name - Source

Locations

Report Data

Aggregation - Firewall

Report

Report Columns -

Name, Connection, Total

Bytes, Data Sent, Data

Received, Geo-IP

Blocked, Actions

Report Name - Geo-IP - Initiator Countries

Report Data Aggregation -Firewall Report

Report Column - Initiator Country, Events

Report Name - Source Locations

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Column - Source Location,

Connections

Detail Report Columns - Name,

Connections, Data Sent, Data Received, Blocked

Destinations Report

Report Name Destinations

Report Data Aggregation

- Firewall Report

Report Columns -

Name, Connection, Total

Bytes, Total Blocked,

Virus, Intrustion,

Spyware, Botnet

Blocked, ACR blocked,

Geo-IP blocked, Actions

Not Available

Report Name - Destinations

Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Column - Responder IPs,

Connections

Detail Report Columns - Name,

Connections, Total Data Transferred, Total

Blocked, Virus, Intrusions, Spyware, Botnet

Blocked, ACR Blocked, Geo-IP Blocked,

Threats blocked, CFS Blocked, Data Send,

Data Received, App Rule Blocked

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and

Analytics

Destination

Location

Report

Report Name -

Destination Locations

Report Data

Aggregation - Firewall

Report

Report Columns Name, Connection,

Total Bytes, Data Sent,

Data Received, Geo-IP

Blocked, Actions

Report Name - Geo-IP - Responder

Countries

Report Data Aggregation -Firewall Report

Report Column - Responder Country, Events

Report Name - Destination Locations Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Column - Responder

Location Name, Connections

Detail Report Columns - Name,

Connection, Data Sent, Data Received, Blocked

BW Queue Report

Report Name - BW

Queues

Report Data

Aggregation - Firewall

Report

Report Columns Name(inbound realtime, outbound realtime, Connections, Total Bytes, Data sent,

Data Received, Actions

Not Available

Not Planned

Blocked Report

Report Name -

Destination Locations

Report Data

Aggregation - Firewall

Report

Report Columns Name, Connection,

Action

Not Available

Report Name - Destination Locations Report Data Aggregation - Tenant, Group, and Firewall

Summary Report Column - Blocked Name,

Connections

Detail Report Columns - Name,

Connections

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and

Analytics

Data Usage Report

Not Available

Report Name - Data Usage - Summary

Report Data Aggregation -Group Report

Report Column - Appliance Name, Connections, Transferred

Report Name - Data Usage - Initiators

Report Data Aggregation -Firewall

Report

Report Column - Initiator IP, Initiator

Host, Initiator MAC, User, Connections, Transferred

Report Name - Data Usage - Responder

Report Data Aggregation -Firewall Report

Report Column - Responder IP,

Responder Host, Responder MAC, Connections, Transferred

Report Name - Data Usage- Services

Report Data Aggregation -Firewall

Report

Report Column - Service, Connections, Transferred

In Roadmap

Users Report

Report Name - Users

Report Data

Aggregation - Firewall

Report

Report Columns Name, Connection,

Total Bytes, Total

Blocked, Virus,

Intrusions, Spyware,

Botnet Blocked, ACR

Blocked, Geo-IP

Blocked, Actions

Not Available

Report Name - Users

Report Data Aggregation - Tenant, Group, and

Firewall

Summary Report Column - User,

Connections, Percentage

Detail Report Columns - Name, Connections,

Total Data Transferred, Total Blocked, Virus,

Intrusions, Spyware, Botnet Blocked, ACR

Blocked, Geo-IP Blocked, Threats blocked, CFS

Blocked, Data Send, Data Received, App Rule Blocked

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and

Analytics

Authentication Report

Not Available

Report Name - User Logins

Report Data Aggregation -Firewall Report

Report Column - Time, Initiator IP, User,

Initiator Host, Initiator MAC, Duration,

Service, Message

Report Name - Admin Logins

Report Data Aggregation -Firewall Report

Report Column - Time, Initiator IP, User,

Initiator Host, Initiator MAC, Duration,

Service, Message

Report Name - Failed Logins

Report Data Aggregation -Firewall Report Report Column - Time, Initiator IP, User,

Initiator Host, Initiator MAC, Duration,

Service, Message

Report Name - User Logins

Report Data Aggregation -Tenant, Group, and Firewall

Report Column - Time, Firewall Name,

Event ID, Event Name, Initiator IP, Initiator

Host, Initiator MAC, Destination MAC,

Initiator Port, Destination Port, Initiator

Zone, Destination Zone, User, Initiator

Interface, Destination Interface, Session

Time, Service, Country Name, Message

Report Name - Admin Logins

Report Data Aggregation -Tenant, Group, and Firewall

Report Column - Time, Firewall Name,

Event ID, Event Name, Initiator IP, Initiator

Host, Initiator MAC, Destination MAC,

Initiator Port, Destination Port, Initiator

Zone, Destination Zone, User, Initiator

Interface, Destination Interface, Session

Time, Service, Country Name, Message

Report Name - Failed Logins

Report Data Aggregation -Tenant, Group, and Firewall

Report Column - Time, Firewall Name,

Event ID, Event Name, Initiator IP, Initiator

Host, Initiator MAC, Destination MAC,

Initiator Port, Destination Port, Initiator

Zone, Destination Zone, User, Initiator

Interface, Destination Interface, Session

Time, Service, Country Name, Message

Firewall

Up/Down

Status Report

Not Available

Report Name - Firewall Up/Down Status

Report Data Aggregation -Firewall Report

Report Column - Time, Up time, Down time,

Up Time Percentage

Report Name - Uptime Report

Report Data Aggregation -Tenant, Group and Firewall

Report Column - Time, Up Time %, Up

Time, Down Time

Productivity Report

Not Available

Not Available

Report Name - Productivity

Report Data Aggregation - Tenant, Group, and Firewall

Reports -

1 )Productivity Dashboard

2)Users - User name, Total Connections,

Blocked Connections, Total Browsing Time,

Data Transferred, Actions

3)Websites - Website Name, Web Category,

Productivity Category, Total Connections,

Blocked Connections, Total Browsing Time,

Data Transferred, Threats, CFS Policy Type,

Actions

4)Web Categories - Web Category Name,

Productivity Category, Total Connections,

Blocked Connections, Total Browsing Time,

Data Transferred, Threats, CFS Policy Type, Actions

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and

Analytics

VPN Activity Reports

Not Available

Not Available

Report Name - VPN Activity Report Report Data Aggregation - Tenant, Group, and Firewall

Reports -

1 )VPN Activity Dashboard - Summary,

Trend of Remote Access VPN Connections, Top VPN Users by Session Count, Sessions by Duration, Sessions by Connection Type 2)Users- User Name, Event Count, Session

Count, Min Session time, Max Session

Time, Average Session Time

3)VPN Logs - Event Time, Firewall Name,

User Name, Connection Type, Session Time

Live Reports

Report Name - Live

Monitor

Report Data

Aggregation - Firewall

Report

Report Columns -

Applications,

Bandwidth, Packet

Rate, Packet Size,

Connection Rate,

Connection Count, Multi-Core Monitor

Report Name - Live

Report

Report Data

Aggregation - Firewall

Report

Report Columns -

Applications,

Bandwidth, Packet

Rate, Packet Size,

Connection Rate,

Connection Count,

Multi-Core Monitor

Not Available

Report Name - Live Monitor

Report Data Aggregation - Firewall

Reports -

1 )System Monitor - Multi-Core Monitor,

Applications, Active Connection Count

  1. Multi-Core - Multi-Core Monitor
  2. Application Bandwidth - Applications
  3. Interface Usage - Bandwidth, Packet

Rate, Packet Size

  1. Connection Usage - New Connection

Rate, Active Connection Count

Report Name - Live Report

Report Data Aggregation - Firewall

Reports -

1 )System Monitor - Multi-Core Monitor,

Applications, Active Connection Count

  1. Multi-Core - Multi-Core Monitor
  2. Application Bandwidth - Applications
  3. Interface Usage - Bandwidth, Packet

Rate, Packet Size

  1. Connection Usage - New Connection

Rate, Active Connection Count

  1. Data Usage - Data Usage (aggregated across interfaces or specific interface)

Interface Up Time Report

Not Available

Not Available

Report Name - Interface Uptime Report Report Data Aggregation - Firewall and across all interfaces

Report Columns - Time, Uptime (%), Up

Time, Down Time

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and

Analytics

Analytics and logs

 

 

Analytics

1 )Analytics based on session logs 2) Aggregation Firewall level only 3) Analytics view type tabular view, graph view

2) Group by Applications, Web

Activities, Sources,

Destinations, Threats,

Devices, BWM, Blocked

Not Available

1 )Analytics based on session logs

  1. Aggregation - Tenant, Group, and firewall level
  2. Analytics view type - tabular view, graph view

2) Group by - Applications, Web Activities,

Users, Sources, Destinations, Threats,

Devices, VPN, Blocked

Logs

1) Session logs

1) Traffic Session logs

NSM has several types of available logs such as 1 )System Logs

2)Authentication Logs

3)Change Logs

4)Attack Logs

5)Firewall Auditing Logs (not saved in NSM)

Schedule Reports

 

 

Schedule Report

Reports available for schedule runs

1)All reports that are available in the user interface

2)CTA Report

Report Language -

English

Report Format - PDF

Reports available for schedule runs

1)All reports that are available in the user interface

2) Custom Report

Report Language - English, Japanese,

Chinese (Simplified and Traditional)

Report Format - PDF, XML

Reports available for schedule runs

1)All reports that are available in the user interface

2)CTA Report

3)Web Activity Report

4)Change Report

5)Management  (license subscription,

Inventory) Report 6)Custom Report

Report Language - English

Report Format - PDF

Report Templates

 

 

Report

Templates

User Defined Report Templates

User Defined Report Templates

Pre-defined Report Templates (PCI, SOX, HIPAA)

User Defined Report Templates

Alerts and Notifications

 

 

Alerts and Notifications

Alert based on

1)Network Usage

2)Threat

3)Web Activities

4)Geo-location

Not Available

Alert based on

1)Network Usage

2)Threat

3)Web Activities

4)Geo-location

5)System Events

Custom Report

 

 

Custom Report

Not Available

Available (Based on filtering criteria of existing reports)

Available (Extend reporting ability to create new reports )

Centralized

Reporting

Dashboard

 

 

 

Dashboard

Not Available

Not Available

Tenant level dashboard

 

Feature

Analytics - Flow

Analytics - Syslog

NSM on-prem or SaaS - Reporting and

Analytics

Licensing

 

 

 

License Model

License based on per day ingested log volume and storage capacity

Per firewall and firewall model based licensing

NSM on-prem and SaaS 7 days advanced reporting and analytics licenses are bundled with Firewall security services bundle (APSS). Additional days of reporting and analytics are available as add-ons: -30 days (SaaS only), 90 days (SaaS only), and 365 days of reporting and analytics. All NSM licenses are available individually as well

Firewall

Management

Not Available

Not Available

Includes Comprehensive Firewall Management

 

Related Articles

  • Analytics On-Prem End of Life and NSM Transition FAQ
    Read More
  • NSM On-Prem: Backups over SCP to Windows OpenSSH Server
    Read More
  • On-Prem NSM - how to increase disk size on ESXi
    Read More

Categories

Management and Reporting
On-Prem Analytics
not finding your answers?
Ask the Community