Network Security Management Reports and Analytics

Firewall View

This section describes the features available in the Firewall View.

Live Monitoring and Live Report

Live monitoring and live reporting features are organized under Overview. Live monitoring charts are based on Applications, Bandwidth, Packet rate, Packet size, Connection rate, Connection count, Multi-core monitor.

Live Monitor

Live Monitor provides a real-time view of the packets forwarded by the firewall and is visible when viewing from individual firewalls. When you select Group View or Global View in the Device Manager, the Live Monitor option is not shown. The Live Monitor is always running, but it shows only the current data. A background task is saving the data to a database. All data shown in Live Monitor is saved for historical reasons and you can find it in Live Reports.

The following charts are shown in Live Monitor:

  • APPLICATIONS - indicates applications that are flowing through the firewall in bits per second.
  • BANDWIDTH - indicates the bandwidth utilization in bits per second.
  • PACKET RATE - shows average packets per second.
  • PACKET SIZE - shows average packets size.
  • CONNECTION RATE - indicates the new connection rate in connections per second.
  • CONNECTION COUNT - shows the total number of active connections.
  • MULTI-CORE MONITOR - shows the CPU utilization per core.

Live Report

Live Report provides historical Live Monitor data. You can get Live Report for a specific time by adjusting the slider or entering a custom time. You can choose and visualize a real-time chart of any stored historic time data.

Mouse over a data point to see values at that instant. Select Start Time and End Time in the chart and click Refresh icon to get drill-down data for that particular time.

Reports and Analytics

The Summary reports provide various types of data being tracked for your security infrastructure. Think of these as executive summary reports that you can start with to check the general health for the topics listed. If an issue is reported, you can drill down from them.

At the top of the summary reports—no matter what topic you pick, you can customize and manage the reports displayed.

OptionDescription
Sliding barSlide left or right to select a predefined period for the reports to cover. The range is 1 hour to 365 days.
Custom optionDefine a custom period for the reports to cover. Select starting and ending dates and times for the custom period.
ByFilter data by any one of the parameters.
LimitNumber of connections.
Export

Provides three options:

  • Generate Flow Report PDF: Generates a PDF document of the flow reports being displayed. The file is stored at Scheduled Reports | Archive. The report may take several minutes to generate.
  • Download Capture Threat Assessment: opens as an html file.
  • Export Grid Data as CSV: Downloads as a csv file.
RefreshRefreshes to the latest data.
Column ConfigAdd or remove categories as columns in the table.
Vertical Ellipses icon

Provides two options:

  • Go to PDF Rules: Takes you to Scheduled Reports > Rules.
  • Go to PDF Archives: Takes you to Scheduled Reports > Archive.

NSM - Advanced

This section provides the options that are listed under NSM - Advanced screen. This screen is available for NSM Advance license where you can view the Tenant and Group level reporting.

Applications

The Applications summary page has three types of reports displayed by default: Applications, App Categories, and App Risks.

Users

This report provides data that relates to the users connected to the system. You can track user level transactions and activities by filtering on different drill-down options.

Viruses

This report tracks the viruses that have been detected. You can filter on connections they occurred on or by which viruses were blocked. Details are provided in the table. Click on HOME > Summary > OBSERVED THREATS to see the reports on virus, botnet, spyware, and intrusion.

Intrusions

The Intrusions summary has two types of reports (represented by the different tabs): Intrusions and Priority. The Intrusions report tracks the disturbances that have been detected. You can filter on connections that occurred on or by which intrusions were blocked. Details are provided in the table.

Spyware

This report tracks the spyware that has been detected. You can filter on connections they occurred on or by which spyware was blocked. Two summary reports are available and displayed by default: Spyware by Connections and Spyware by Blocked.

Web Categories

On the NSM system, the Web Categories summary has two types of reports. Web Categories and Websites. This report displays the number of connections based on web categories. You can filter on the categories in the View drop-down list. Details are provided in the table. Click on HOME > Network > Web Categories to see the web categories report. Two summary reports are available and displayed by default: Web Categories by Connections and Web Categories by Total Data Transferred.

Addresses

This report displays the number of connections based on IP address of the source. You can filter on the source type listed in the View drop-down list or on other options listed in the drop-down list. Details are provided in the table. Click on HOME > System > Network >TOP ADDRESSES BY SESSIONS to see the destination IP reports. Click the gear icon to filter data by data sent, data received, virus, intrusion, spyware, total data transferred and total blocked.

Locations

This report displays the top locations by connections and the top locations by total data transferred. The detailed summary includes the list of connections, total data transferred, data sent, and data received.

Blocked

This report tracks the number of blocked connections. The report shows, the number of connections blocked and percentage of them based on Firewall rule, Threat, and Botnet Filter.

Threats

This report tracks the number of connections with threats. The report shows the number of connections with threats and number of connections blocked. Click on HOME > System > Threat to see the threat summary of categories of threats. Two reports are available you can use the drop-down menu to get Threats by Connections and Threats by Blocked.

VPN Reports

VPN Report tracks the traffic flowing through a pair of firewalls to which you have established a VPN tunnel. For example, if you are working on a local system that is protected by a firewall and you want to access information from a system that is remotely located and is protected by another firewall, then you need to establish a Site-to-Site IPSec VPN Tunnel for this purpose. VPN report tracks this network traffic information that passes through the pair of local and remote firewalls.

The traffic generated by data flowing from local firewall is tracked through Source VPN report and the traffic generated by data flowing from remote firewall is tracked through Destination VPN report.

Navigating the VPN Reports

The Source and Destination VPN Reports can be accessed through the Firewall view for a specific firewall.

  1. Go to Firewalls > Inventory to view a list of all the firewall devices.

  2. Click on the Name of the firewall device for which you want to view the VPN reports. You will be directed to the Firewall View for the selected device.

  3. Click on Summary > Source VPN to view the Source VPN reports page.

    This reports page shows information such as source vpn name, connections and percentage. You can also find the data in the form of a Pie Chart as well as a Graph. The Time Range option lets you customize the time duration of the report to show data from the last hour to the last 365 days. You can also use the Custom button to customize the dates. The Refresh button is used to refresh the page.

    This page lets you view 2 sets of report at the same time which can be selected from a list of By Metrics:

    • Connections
    • Total Data Transferred
    • Total Connections Blocked
    • Intrusions
    • Virus
    • Spyware
    • Connections blocked by Botnet Filter
    • Connections blocked by Access Rule
    • Connections blocked by GeoIP Filter
    • Connections blocked by Threats
    • Connections blocked by CFS service
    • Connections blocked by App Rule
    • Data Sent
    • Data Received
  4. Click on Details, below each report, to go to the details page of the VPN report. You can also view the page by selecting Monitor view at the top of the page and navigating to Details > Source VPN.

    The top of the Details page shows a graphical representation of the selected By Metric data over a time period. You can change the information on the graph according to the above mentioned By Metric list by using the drop down button, at the top of the page. You can also hover above the graph to see more information.

    You have a Time Range option that lets you customize the time duration of the report. The Limit drop down is used to set the limit of the number of displayed firewall device. You can further filter the graph according to a specific time by using the Time Slider which is present above the graph.

    You can also click on Refresh button to refresh the information on the page and export the table in CSV format using the Export button.

    The bottom of the page has a table that shows information such as name of the source vpn, connections and total data transferred. The rest of the columns of the table can be selected from the Column Config button at the top of the page. The total information of each column can be seen at the extreme bottom of the page.

  5. Click on the Search icon next to the name of the firewall to see drill down to groups information.

    You can view and generate a similar report for the destination firewall by selecting the Destination VPN page under Summary.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.