The dynamic area: widgets

In this area, you will be able to view certain updates on your firewall such as the latest alarms raised or the expiry dates of your licenses.

13 windows are shown, each with a toolbar at the top right corner, including the full dashboard module.

The possible actions that can be performed with these tools are:

Enlarge

Represented by the icon , this tool allows adding a column to the dashboard module and enlarging the window for widgets.

Reduce

Represented by the icon , this tool allows deleting a column from the dashboard module and minimizing the window for widgets.

Close

Represented by the icon , this tool allows closing your widget.

Refresh

Represented by the icon , this tool allows you to refresh the data on the dashboard or the widget concerned.

Open

Represented by the icon , this tool opens the module associated with the widget you are browsing and as such, closes the dashboard.

Dashboard configuration

Represented by the icon , this tool allows you to select the Components you wish to display on the dashboard, through a series of checkboxes.

 

You can also configure the Update frequency of the widgets:

“Manual only” (you will need to click on the “Refresh” () icon systematically) , “Every minute” or “Every 5 minutes”.

Add to favorites

Represented by the icon , this tool allows you to add the Dashboard module to “My favorites” in the directory on the left (see section The module configuration menu).

Network

This window displays the model of your Stormshield Network multifunction firewall as well as the number of interfaces available on it (32 maximum).

The interface(s) used appear(s) in green. When the bypass mechanism is enabled (industrial firewalls only) and has been activated, the first two interfaces of the firewall will be represented as follows:

A tooltip containing information about each interface is available.

The following information is given:

Name

Name of the interface used ( “in”, “out” or “dmz”), accompanied by its IP address and subnet mask.

Network packets

The number of Accepted, Blocked, Fragmented, TCP, UDP and ICMP packets.

Blocked The number of packets blocked coming from this interface.
Traffic received

The total and individual breakdown of TCP, UDP and ICMP packets received.

Traffic sent

The total and individual breakdown of TCP, UDP and ICMP packets sent.

Current incoming throughput

Current incoming throughput

Current outgoing throughput Current outgoing throughput
xx mode activated This value is only available for industrial firewalls and is only shown when bypass has been enabled and the "Safety" operating mode has been selected. The possible values are "Safety mode enabled" (bypass not activated) or "Bypass mode enabled" (bypass activated).

Alarms

This window contains the list of the last 50 alarms raised by the firewall.

Date

Date and time of the last alarms raised, arranged from the most recent to least recent.

Action

When an alarm is raised, the packet that set off the alarm will be subject to

the action configured. The actions are “Block” or “Pass”.

Priority

3 levels of priority are possible and can be configured in the module Application Protection > Applications and Protections.

Source

IP address that raised the alarm.

For the purpose of compliance with the European GDPR (General Data Protection Regulation), IP addresses are now replaced with the term "Anonymized". To view them, you will need to obtain the "Full access to logs (private data)" privilege by clicking on Full access to logs (private data) and refreshing the data in the widget.

Destination

Address of the intended destination before the alarm was raised.

Message

Comment associated with the selected alarm.

Examples of possible messages

“Invalid ICMP message (no TCP/UDPlinked entry)” (minor priority).

“IP address spoofing (type=1)” (major priority).

When the row of the alarm is selected, the following buttons will appear:

Configure

This button shows the alarms in the Applications and Protections module. The Advanced column in the selected row will offer the Modify button, which allows sending an e-mail when an alarm is raised, quarantining the host that caused the alarm to be raised or capturing the blocked packet.

Online help

Select the desired alarm and click on this link, which will take you to a help page relating to the message (see above).


This section of the dashboard will contain a button allowing you to “Clear screen”, or delete information logs.

Resources

This window provides a graphic view of hardware resources relating to your firewall.

Space used

Percentage of space used for the firewall’s logs.

CPU

Percentage of your processor’s use.

Temperature

Temperature of your appliance. This information is not available on virtual machines.

Memory

Memory used by your appliance:

Host: percentage of memory allocated by hosts (bytes).

Fragmented: percentage of memory allocated by fragments (or folders that are too big and fragmented – in bytes).

Connection: percentage of memory allocated for various connections (bytes).

ICMP: percentage of memory allocated for ICMP (bytes).

Logs: percentage of memory used for DataTracking.

Dynamic: memory in which a computer puts its data while they are processed.

NOTE

The graph that used to display the dynamic memory consumed now displays the highest value between the dynamic memory and memory allocated to processes. This explains why the value is higher than those of earlier versions.

License

The widget offers a view of Licenses of warranty and options by expiry date.

Those options are : Update (firmware), Contextual protection signatures, Vulnerability Manager, ClamAV Antivirus, Kaspersky Antivirus, Stormshield Network URL databases, Extended Web Control URL databases, Antispam DNS blacklists (RBL), Antispam: heuristic engine, License expiry.

Hardware

This window sets out the various hardware data of your appliance.

USB key

Presence or absence of a USB key on the system (secure configuration for the module System > Maintenance).

SD Card Presence or absence of an SD card for storing logs that would allow reports and monitoring curves to be generated.
3G/4G modem Presence or absence of a 3G/4G modem.
Operating mode

On industrial firewalls, indicate the mode selected for hardware bypass (for further information on how bypass works, please refer to the section General configuration tab in the Configuration module. The value of this field may be one of the following: "Security", "Safety", "Bypass" (the bypass mechanism is activated" or "Not detected" (default value for non-industrial firewalls).

 

When the mouse is rolled over this row, details of the bypass status will be displayed (SystemOff, JustOn, RunTime, RunTimeWatchdogTimer).

Internal disk

Status of the internal disk. An alarm will appear if the disk is defective. Scrolling over this row with a mouse will display the list of tests performed and their results.

Removable disk Status of the removable disk if the firewall has one. An alarm will appear if the disk is defective. Scrolling over this row with a mouse will display the list of tests performed and their results.
RAID

Status of the RAID (redundant set of independent or low-value hard disks) and of its disks, if the option is available on the hardware.

 

An alarm will appear if a disk is defective or missing.

Power supply

Status of the power supply modules if the firewall has any. The value of this field may be one of the following: “Power on”, “Power off” or “Not detected” (missing or defective module).

Properties

This window shows the data essential to the configuration of your firewall.

Warning

This box shows available update version and warnings that the administration interface has raised concerning the firewall’s configuration.

Update Available

This entry indicates whether a new version of the firmware is available. If this is the case, a link bearing the name of the available version will allow the user to download it. To install it, go to the Maintenance module, System update tab.

Release Notes When a new firmware version is available, this link will enable the user to download the version release notes applicable to the firmware version offered for download.

Properties

Serial number

Your Stormshield Network Firewall’s reference.

Date

Date and time in real time.

Backup partition

Absence or presence of a backup partition on your system (cf Menu System>Maintenance module >Configuration tab).

Uptime

Duration for which the firewall has been running uninterrupted.

Stormshield Network Activity Reports

Enables the generation of reports.

Policy

Filtering

Profile applied for the filter and NAT policy. A “Collapse/Expand” button has been added for filter rules.

VPN

Status of the VPN on your network.

Dynamic DNS

Status of the dynamic DNS client.

New applications

This component shows the new signatures installed on the appliance via Active Update that allow raising Applications alarms.

Services

Services

List of the various services available on the appliance.

Uptime

Duration for which the service has been running uninterrupted.

Load

Status of the service.

Active Update

Name of the object

Name of the listed module.

State

Whether the module is up to date.

Last update

Date and time of the last update.

Interfaces

Name of the object

Name of the in, out or dmz interface.

Type

This may be a physical interface (ethernet), VLAN, or modem (dialup)

Address

IP address and subnet mask of the interface.

Incoming throughput

Incoming traffic in KB.

Outgoing throughput

Outgoing traffic in KB.


Disabled interfaces are displayed in the Dashboard.

High availability

Status Indicates whether high availability has been enabled, and if this is not the case, whether it has been reinitialized.
Configuration Indicates whether both firewalls in the cluster have a synchronized configuration.
Last synchronization Date on which the configuration was last synchronized.
Last switch Date on which both members of the cluster changed statuses (active/passive)
Serial number Shows the serial numbers of both members of the cluster.
Status Indicates the status of each member of the cluster (Active or Passive)
License Specifies the type of high availability license of each member of the cluster (e.g.: Master).
Quality Indicates the quality of the link between members of the cluster.
Version Firmware version of each member of the cluster.

Additional information can be displayed such as Authentication certificate not defined when both firewalls in the cluster do not present the same certificate.

Stormshield Management Center

If you have installed the Stormshield Management Center centralized administration server, this panel will allow you to display the characteristics of the firewall's connection to the SMC server.

IMPORTANT

If you have logged on via the web administration interface to a firewall attached to an SMC server, "Managed by SMC - Emergency mode" will be displayed in the upper panel. By default, the account used only has read-only access privileges.

You are strongly advised against directly modifying the configuration of a firewall administered by an SMC server, except in an emergency (SMC server uncontactable, for example).

This is because any changes made directly to the configuration via the web administration interface on a firewall attached to an SMC server may be overwritten when a new configuration is sent from the SMC server.

 

Status of the service Indicates the status of the connection between the firewall and the SMC server.
IP Address IP address of the SMC server.
Logged on/ Logged off since Specifies the time/date from which the firewall has been logged on to or logged off from the SMC server.
Last deployment number Indicates the number of the last deployment carried out by the SMC server on the firewall.
Last configuration update Indicates the last date on which the configuration was sent from the SMC server to the firewall.

Sandboxing

If your firewall has the sandboxing option, this panel will allow you to show the status of the connection to the service as well as the latest scan statistics.

Status of the service

Indicates the status of the connection between the firewall and the Stormshield sandboxing servers.

The various possible values are:

  • Connected: the firewall has a Sandboxing license and the analysis infrastructure in the cloud is contactable.
  • Unreachable: the firewall has a Sandboxing license but the analysis infrastructure in the cloud is uncontactable.
  • Restricted access: the firewall has a sandboxing license, the analysis infrastructure in the cloud is contactable, the quota for the number of files that the firewall can send has not been exceeded, but a rather large number of submitted files has been analyzed with a low priority.
  • Connected, submitted file quota exceeded: the firewall has a sandboxing license, the analysis infrastructure in the cloud is contactable, but the quota for the number of files that the firewall can send has recently been exceeded. Files beyond this quota will be analyzed with a low priority.
  • Connected, submitted file quota unknown: the firewall has a sandboxing license, the analysis infrastructure in the cloud is contactable, but the quota for the number of files that the firewall can send cannot be determined.
  • Restricted access, submitted file quota exceeded: the firewall has a sandboxing license, the analysis infrastructure in the cloud is contactable, the quota for the number of files that the firewall can send has recently been exceeded, and a rather large number of submitted files has been analyzed with a low priority.
  • Restricted access, submitted file quota unknown: the firewall has a sandboxing license, the analysis infrastructure in the cloud is contactable, the quota for the number of files that can be sent cannot be determined, and a rather large number of submitted files has been analyzed with a low priority.
Criticality of the last malicious file detected This indicator will only be displayed when a file scanned by sandboxing has been deemed malicious. It will then be presented in the form of a score ranging from the detection threshold of a malicious file (set by default to 80) to 100.
Nature of the last malicious file detected This indicator will only be displayed when a file scanned by sandboxing has been deemed malicious. In this case, it will set out the nature of the malware (e.g.: "variant of Win32/SNS.Test").
Last malicious file detected on This indicator will only be displayed when a file scanned by sandboxing has been deemed malicious. In this case, it will set out the date and time the malware was detected (format: YYYY-MM-DD HH:MM:SS).