Firewall Analyzer - Inventory - Devices

     

    The Devices tab shows the devices that have been added to the firewall Analyzer. It also shows the activity status of the added firewall devices. Apart from this it shows the vendor name, the type and status of the firewall device. By default, the devices are listed in table view, click on the view menu to change to list view. The Devices can also be searched for using the search menu.

    The following data is shown in the device tab.

    Name Name of the device.
    License If the licence is managed or unmanaged.
    IP Address The IP address in which the device is configured. 
    Type The type of network security device.
    Vendor The type of vendor.
    Uplink Speed The Uplink speed of the device.
    Downlink Speed The downlink speed of the device.
    Intranet Setting. Provides information on if or not the Intranet is configured.
    SNMP Provides information on If or not the SNMP is configured.

    On clicking on any one of the devices, a short summary for that live traffic is shown. 

    Create a new alarm profile by clicking on the "Create Alarm Profile" menu. 

    Create a new report profile by clicking on the "Create Report Profile" menu.  

    Delete the device using the "delete" button. 

    The menu button (Three dots) is found on the top right corner. On clicking the same you get the following options:

    1. Edit Devices - Where you can edit display name, uplink speed and downlink speed
    2. Unmanage - Unmanage/manage a firewall.
    3. Device rule - Edit the device rule.
    4. SNMP Settings - Edit the SNMP Settings.
    5. Intranet settings - Edit the intranet settings.
    6. Exclude Host -  Exclude a host
    7. Availability Alert - Create an availability alert.

    The short summary gives details on the traffic going through that device, both Traffic In and Traffic Out. On expanding the short summary, you get access to in depth reports which has the following graphs.

    1. Summary- This provides the summary of the firewall device.

    By default, the Uplink and Downlink speed will be shown as 1 Mbps, the same can be edited by using menu icon. Click on Edit Devices - Where you can edit the uplink speed and downlink speed. 

    Device rule - Edit the device rule.

    SNMP Settings - Edit the SNMP Settings.

    Intranet settings - Edit the intranet settings.

    Exclude Host -  Exclude a host

    2. Bandwidth- The traffic in and out of the firewall devices.

    On clicking on the bandwidth report, a detailed bandwidth report "Inbound Traffic Conversations" is shown with the following fields.

    Source The source IP
    User User triggering the inbound traffic
    Destination The destination IP
    Time Time stamp of when the traffic originated
    Rule number The rule used to access the IP
    Protocol The protocol used to access the IP
    Severity The severity of the inbound traffic
    Duration The duration of the traffic
    Bytes The number of bytes consumed

    3. Top 10- Gives the Top 10 host IP, Destination IP, Protocol groups, Internal server, external sites and conversations.

    On clicking the individual host, you get a further drill down on the individual host.

    1. Top Protocol Groups
    2. Top Destinations
    3. Top URLs Allowed 
    4. Top URLs Blocked 
    5. Rules Triggered

    On clicking the individual destination, you get a further drill down on the individual destination.

    1. Top Hosts
    2. Top Protocol Groups
    3. Top conversations 
    4. Top URLs
    5. Top URLs Blocked

    On clicking the individual protocol group, you get a further drill down on the individual protocol group.

    1. Top Protocols
    2. Top Hosts
    3. Top Destinations
    4. Top Conversations
    5. Traffic Distribution - Working Hours
    6. Traffic Distribution - Non Working Hour

    On clicking the individual external site, you get a further drill down on the individual external site.

    1. Top Hosts
    2. Top Protocol Groups
    3. Top conversations 
    4. Top URLs
    5. Top URLs Blocked

    4. Sites- Gives the list and traffic of allowed sites accessed and denied sites attempted.

    5. Apps- The applications which run via the devices are shown in the graph. We also show the application based on category.

    On clicking on the individual application we get a drill down on the following

    1. Top Hosts
    2. Top Protocols
    3. Top Users 
    4. Top Conversations

    On clicking on the individual application category we get a drill down on the following

    1. Top Applications
    2. Top Hosts
    3. Top Users 
    4. Top Conversations

     

    Refer the Firewall Analyzer Supported Devices page for the list of devices for which Application Report is supported.

     

     

    6. Rules- Gives the usage trend of Firewall rules, top allowed rules and top denied rules triggered.

    On clicking on the individual top allowed and denied rules, we get a drill down on the following:

    1. Rule Usage Trend
    2. Rule Usage
    3. Rule Description

    7. Security- Gives an overview of security stats, top attacks, top virus attacks, top denied host IP, top denied destination IP and denied user logon.

    On clicking on the individual Attack and Virus we get a drill down on the following

    Host The Host IP of the attack/virus
    Destination The destination IP of the attack/virus
    Protocol The protocol used to attack
    Severity The severity of the attack/virus
    Hits The number of hits
    Subtype The subtype of the attack/virus
    Status The Status of the attack/virus

    8.VPN- The VPNs connecting via the device.

    inventory-devices8