Home » Firewall Reports » Firewall Rules Report

Firewall Rules Report


 

The Firewall Rules Report shows the top firewall rules triggered on this firewall, grouped by different categories.

 

On the top right side of the Report screen, there will be three combo boxes. They are:

  • Top 5
  • Filter by
  • Export as

Top 5

 

The Top 5 combo box lets you choose the level of detail in the reports. By default, the top five values are shown. To show more than 15 values, the report uses only tables. There is an option to display the Graph only.

  • Top 5 (graph & table)
  • Top 10 (graph & table)
  • Top 15 (table only)
  • Top 20 (table only)
  • Top 25 (table only)
  • Graph only

Below each graph click the Hide Table link to hide the table. Click the Show Table link to see the table again.

 

Filter by

 

The Filter by combo box lets you choose the field of filter in the reports. There will be three field values for filtering. They are:

  • Source
  • Destination
  • Protocol
  • Summary

Export as

 

The Export as combo box lets you choose the format of the reports for export. There will be two formats for exporting. They are:

  • PDF
  • CSV

Click on the PDF to export this report to PDF. Click on the CSV to export this report to CSV format (comma separated values).

 

The Top Used Rules table shows the used Firewall rules and number of log counts that have triggered the firewall rules. The table shows the Rule Number or ID of the used rule, and the Count of log entries that have triggered the paritcular rule. Drill down from the rule to see the hosts, protocols, user, status, message, total bytes consumed by the rules and count that triggered the firewall rule. The drilled down report also displays the total bytes consumed by the rules.

 

The Top Unused Rules table shows the Firewall rules that have not triggered. The table shows the Rule Number or ID of the unused rule. Drill down from the rule to see the description of the unused rule.

 

Top Unused ACEs

In the case of Cisco devices, the table shows the unused ACL and the exact unused ACEs. Drill down from the ACL to see the description of the unused ACEs.

The Top Rules - Protocol Group Based graph shows the top protocol groups that have triggered firewall rules. The table below the graph shows the protocol group, the rule triggered, and the number of hits. Drill down from this graph to see the top hosts, the top protocols and the top conversations that triggered the firewall rule in that protocol group.

 

The Top Rules - Host Based graph shows the top hosts that have triggered firewall rules. The table below the graph shows the host, the rule triggered, the number of hits. Drill down from this graph to see the top destinations accessed, the top protocols and the top conversations for each host that triggered the firewall rule.

 

The Top Rules - Destination Based graph shows the top destinations for which firewall rules have been triggered. The table below the graph shows the destination host name or IP address, the rule triggered, and the number of hits. Drill down from this graph to see the top hosts, the top protocols and the top conversations that triggered the firewall rule.

 

The Top Rules table shows the overall top firewall rules that have been triggered across this firewall. The table below the graph shows the rule triggered, and the number of hits. Drill down from this graph to see the top hosts, the top protocols and the top conversations that triggered the firewall rule.

Copyright © 2014, ZOHO Corp. All Rights Reserved.
ManageEngine