Configuring firewall to be able to ‘Web Categories’ in Reports and / or ‘Web Activity’ reports in CSC or CGMS Reporting/Analytics.
Capture Security center(CSC) generates report data based on the IPFIX packets/flows received from the firewall. Hence firewall needs to be configured for the corresponding flows.
Firewall should have license for CSCCSC Management and Reporting/CSC Analytics.
Firewall should have license for Comprehensive/Advanced Gateway Security Suite (CGSS/AGSS)
Steps to prepare the firewall for CSC Reporting and Analytics:
1) Login to the firewall, go to Manage | Security Services | Content Filter | Enable Content Filtering Service.
NOTE: This article illustrates the example with the CFS Default Policy and Action Objects, same is applicable for custom CFS Policies and Action Objects.
2) Go to Objects | Content Filter Objects | CFS Action Objects | Edit CFS Default Action and check "Enable Flow Reporting".
3) Go To Rules | Content Filter Policies. A minimum of one CFS Policy should be enabled here. You can have multiple CFS policies based on your requirement, make sure that we have all those required policies enabled and have the corresponding action object set for Flow Reporting.
Default CFS Policy:
With this configuration in place on the firewall, you will be able to view Web categories and Web Activity reports under CSC Reports/Analytics.
EXAMPLE: Here are the Sample Reports for Web Categories and Web Activities: