Dashboard

Introduction

Description: fleche The Dashboard menu allows displaying on a single screen all the useful information concerning real-time monitoring.

It basically picks out useful information from some of the menus in the Stormshield Network Real-Time Monitor tree and adds on other additional information. The data displayed in this window are:

  • System information
  • Memory
  • Temperature
  • CPU
  • Hardware
  • Active network policies
  • Alarms
  • Vulnerabilities
  • VPN tunnels
  • Active Update
  • Logs
  • Services
  • HTTP Cache
  • Interfaces.
  • Top 5 interfaces for incoming throughput
  • Top 5 interfaces for outgoing throughput
  • Top 5 hosts for incoming throughput
  • Top 5 hosts for outgoing throughput

 

Description: fleche Checkboxes allow showing or hiding details of each category of information. The status of each checkbox (enabled/disabled) is remembered in order to display the dashboard with the same layout the next time SN Real-Time Monitor is started.

 

Figure 27: Dashboard

Selecting a product

When clicking in the Dashboard menu, a product selection window may appear if the Stormshield Network Real-Time Monitor is connected to several firewalls.

Description: C:\Documentations\Modifications\Guide\RealTimeMonitor\Images-FR\Figure29.png

Figure 28: Selecting a firewall

Description: 1 If the list of firewalls is long, look for the desired firewall using the Search field.

Description: C:\Users\virginie.ragons\MyCloud\Graphisme\Applications\UserGuide\d2h\medias\ButtonsAndIcons\2.png Select the firewall.

Description: 3 Click on OK. The Dashboard of the desired firewall will appear.

System information

Firewall name

Name given to the product when it was registered in the address book.

Firmware on active partition

Version of the active partition’s firmware.

Active Partition

Partition on which the firewall was booted.

Firmware on passive partition

Version of the passive partition’s firmware.

Model

Firewall’s model number.

Serial number

Firewall’s serial number.

Date-time

Current date and time.

Uptime

Amount of time that the firewall has been running since the last startup.

Memory

This refers to the use (in percentage) of memory reserved for storing information (buffer). The buffer is linked to the stateful module and corresponds to the context being saved.

Protected host

Protected host stack

Fragmented

Fragmented packets

Connections

All TCP/IP connections.

ICMP

ICMP requests (ping, trace route, etc.).

Data tracking

Memory used for monitoring connections.

Dynamic

Percentage of ASQ memory being used.

Buffer sizes vary according to product type and product version.

Cleaning algorithms optimize the operation of “Hosts”, “Fragmented”, “ICMP” and “Connections” buffers. Entries in the “Fragmented” and “ICMP” buffers are initialized at fixed intervals (each entry has a limited lifetime: TTL).

This illustrates part of the firewall’s activity. A high percentage may mean the firewall is overloaded or that an attack has been launched.

CPU

DEFINITION
Better known as a “processor”, this is the internal firewall resource that performs the necessary calculations.

User:

CPU time allocated to the management of user processes.

Kernel:

CPU time that the kernel consumes

Interruption:

CPU time allocated for interruptions.

Temperature

This graph displays the temperature of the appliance in degrees Celsius (°C). This information is not available on virtual machines. For multi-core processors, the value displayed is the average of all the CPUs.

Hardware

DEFINITION OF “HIGH AVAILABILITY”

A specific architecture in which a backup firewall takes over when the “main” firewall breaks down while in use. This switch takes place seamlessly.

If high availability has been activated, an additional section will provide you with the information regarding high availability (status of firewalls, licenses, synchronization).

Click on the descriptive phrase in the “Hardware” zone in order to display the Hardware menu and to obtain information on high availability and the status of the firewall’s components (S.M.A.R.T. peripherals, RAID volumes where possible, disks and power supply units).

If the backup firewall is not available, information on the active firewall can be viewed.

 

Description: C:\Documentations\Modifications\Guide\RealTimeMonitor\Images-FR\Tableau-Bord-Haute-Dispo.png

Figure 29: Hardware

Active network policies

This view indicates whether slots are active. If so, the name of the activated rule is indicated. The rules mentioned here are:

Global filter rules

Name of the activated global filter policy.

Filter rule

Name of the activated filter policy.

VPN rule

Name of the activated VPN rule.

Translation rule

Name of the activated translation policy.

URL filter rule

Name of the activated URL filter rule.

REMARK
<None> means that no policy has been activated for the rule that contains this indication.

Alarms

This view indicates the number of major and minor alarms during the past 15 minutes that the product has been connected. The maximum value indicated is 100 even if the number of alarms exceeds this value.

To view the alarms, click on either link of your choice – the Events menu will appear and will set out the list of alarms according to the selected criticality.

Vulnerabilities

This view indicates the number of vulnerabilities for a specific level. The 4 levels of vulnerability are: Critical, High, Moderate and Low.

To view a list of vulnerabilities, click on one of the levels, and the menu Vulnerability management will appear (Cf. section Vulnerability Manager).

VPN tunnels

This view indicates the number of configured VPN tunnels. To view a list of configured VPN tunnels, click on the link – the VPN Tunnels menu will appear.

Active Update

This view indicates the status of updates that have been performed (success or failure) as well as the last time the “Active Update” module had been launched (date and time). To view a list of updates and their status, click on the link – the Active Update menu will appear.

Logs

This window indicates whether there are problems with the logs. To view a graph that represents the current size of the log file in real time (Alarms, Authentication, Connections, Filters, Monitor, Plugins, POP3, Vulnerability Manager, Administration, SMTP, System, IPSec VPN, Web, SSL VPN) in relation to the space allocated to each log type on the firewall, click on the link. The Logs menu will appear.

Services

This zone indicates whether there are problems with the services. To view a list of services and their status (Enabled/Disabled), click on the link – the Services menu will appear.

Cache proxy

These 3 pie charts represent the use of the HTTP cache when it has been enabled in the filter rules:

  • The first graph compares the number of cached requests and the number of requests that were not saved in memory.
  • The second graph compares the amount of cached data and the amount of data not saved in memory.
  • The third graph represents the distribution of cached data on the hard disk, data cached in RAM and data not saved in memory.

Interfaces

This zone indicates whether there are problems with the interfaces. To view information on bandwidth, connections and throughput, click on the link. The Interfaces menu will appear.

Top 5 interfaces for incoming throughput

This zone displays the list of the 5 interfaces that have registered the most incoming throughput. Click on any one of the interfaces to display the Throughput tab graph in the Interfaces menu.

Top 5 interfaces for outgoing throughput

This zone displays the list of the 5 interfaces that have registered the most outgoing throughput. Click on any one of the interfaces to display the Throughput tab graph in the Interfaces menu.

Top 5 hosts for incoming throughput

This zone displays the list of the 5 hosts that have registered the most incoming throughput. Click on any one of the interfaces to display the Throughput tab graph in the Interfaces menu.

Top 5 hosts for outgoing throughput

This zone displays the list of the 5 hosts that have registered the most outgoing throughput. Click on any one of the interfaces to display the Throughput tab graph in the Interfaces menu.

Stormshield Management Center

When the firewall is managed from Stormshield Management Center, this view will show several indicators relating to the connection to the SMC server and the version of the configuration currently deployed on the appliance:

Status of the connection

Indicates whether the connection between the firewall and the Synapse server has been established (Connected / Disconnected).

IP address

IP address of the Synapse server

Logged on/ Logged off since

Specifies the time/date from which the firewall has been logged on to or logged off from the Synapse server.

Deployment version

Indicates the number of the last configuration deployment carried out by the Synapse server on the firewall.

Last configuration update

Indicates the last date on which the configuration was sent by the Synapse server to the firewall.