The dynamic area: widgets
In this area, you will be able to view certain updates on your firewall such as the latest alarms raised or the expiry dates of your licenses.
13 windows are shown, each with a toolbar at the top right corner, including the full dashboard module.
The possible actions that can be performed with these tools are:
Represented by the icon , this tool allows adding a column to the dashboard module and enlarging the window for widgets.
Represented by the icon , this tool allows deleting a column from the dashboard module and minimizing the window for widgets.
Represented by the icon , this tool allows closing your widget.
Represented by the icon , this tool allows you to refresh the data on the dashboard or the widget concerned.
Represented by the icon , this tool opens the module associated with the widget you are browsing and as such, closes the dashboard.
Represented by the icon , this tool allows you to select the Components you wish to display on the dashboard, through a series of checkboxes.
You can also configure the Update frequency of the widgets:
“Manual only” (you will need to click on the “Refresh” () icon systematically) , “Every minute” or “Every 5 minutes”.
|Add to favorites||
Represented by the icon , this tool allows you to add the Dashboard module to “My favorites” in the directory on the left (see section The module configuration menu).
This window displays the model of your Stormshield Network multifunction firewall as well as the number of interfaces available on it (32 maximum).
The interface(s) used appear(s) in green. When the bypass mechanism is enabled (industrial firewalls only) and has been activated, the first two interfaces of the firewall will be represented as follows:
A tooltip containing information about each interface is available.
The following information is given:
Name of the interface used ( “in”, “out” or “dmz”), accompanied by its IP address and subnet mask.
The number of Accepted, Blocked, Fragmented, TCP, UDP and ICMP packets.
|Blocked||The number of packets blocked coming from this interface.|
The total and individual breakdown of TCP, UDP and ICMP packets received.
The total and individual breakdown of TCP, UDP and ICMP packets sent.
|Current incoming throughput||
Current incoming throughput
|Current outgoing throughput||Current outgoing throughput|
|xx mode activated||This value is only available for industrial firewalls and is only shown when bypass has been enabled and the "Safety" operating mode has been selected. The possible values are "Safety mode enabled" (bypass not activated) or "Bypass mode enabled" (bypass activated).|
This window contains the list of the last 50 alarms raised by the firewall.
Date and time of the last alarms raised, arranged from the most recent to least recent.
When an alarm is raised, the packet that set off the alarm will be subject to
the action configured. The actions are “Block” or “Pass”.
3 levels of priority are possible and can be configured in the module Application Protection > Applications and Protections.
IP address that raised the alarm.
For the purpose of compliance with the European GDPR (General Data Protection Regulation), IP addresses are now replaced with the term "Anonymized". To view them, you will need to obtain the "Full access to logs (private data)" privilege by clicking on Full access to logs and refreshing the data in the widget.
Address of the intended destination before the alarm was raised.
Comment associated with the selected alarm.Examples of possible messages
“Invalid ICMP message (no TCP/UDPlinked entry)” (minor priority).
“IP address spoofing (type=1)” (major priority).
When the row of the alarm is selected, the following buttons will appear:
This button shows the alarms in the Applications and Protections module. The Advanced column in the selected row will offer the Modify button, which allows sending an e-mail when an alarm is raised, quarantining the host that caused the alarm to be raised or capturing the blocked packet.
Select the desired alarm and click on this link, which will take you to a help page relating to the message (see above).
This section of the dashboard will contain a button allowing you to “Clear screen”, or delete information logs.
This window provides a graphic view of hardware resources relating to your firewall.
Percentage of space used for the firewall’s logs.
Percentage of your processor’s use.
Temperature of your appliance. This information is not available on virtual machines.
Memory used by your appliance:
Host: percentage of memory allocated by hosts (bytes).
Fragmented: percentage of memory allocated by fragments (or folders that are too big and fragmented – in bytes).
Connection: percentage of memory allocated for various connections (bytes).
ICMP: percentage of memory allocated for ICMP (bytes).
Logs: percentage of memory used for DataTracking.
Dynamic: memory in which a computer puts its data while they are processed.
The graph that used to display the dynamic memory consumed now displays the highest value between the dynamic memory and memory allocated to processes. This explains why the value is higher than those of earlier versions.
The widget offers a view of Licenses of warranty and options by expiry date.
Those options are : Update (firmware), Contextual protection signatures, Vulnerability Manager, ClamAV Antivirus, Kaspersky Antivirus, Stormshield Network URL databases, Extended Web Control URL databases, Antispam DNS blacklists (RBL), Antispam: heuristic engine, License expiry.
This window sets out the various hardware data of your appliance.
Presence or absence of a USB key on the system (secure configuration for the module System > Maintenance).
|SD Card||Presence or absence of an SD card for storing logs that would allow reports and monitoring curves to be generated.|
|3G/4G modem||Presence or absence of a 3G/4G modem.|
On industrial firewalls, indicate the mode selected for hardware bypass (for further information on how bypass works, please refer to the section General configuration tab in the Configuration module. The value of this field may be one of the following: "Security", "Safety", "Bypass" (the bypass mechanism is activated" or "Not detected" (default value for non-industrial firewalls).
When the mouse is rolled over this row, details of the bypass status will be displayed (SystemOff, JustOn, RunTime, RunTimeWatchdogTimer).
Status of the internal disk. An alarm will appear if the disk is defective. Scrolling over this row with a mouse will display the list of tests performed and their results.
|Removable disk||Status of the removable disk if the firewall has one. An alarm will appear if the disk is defective. Scrolling over this row with a mouse will display the list of tests performed and their results.|
Status of the RAID (redundant set of independent or low-value hard disks) and of its disks, if the option is available on the hardware.
An alarm will appear if a disk is defective or missing.
Status of the power supply modules if the firewall has any. The value of this field may be one of the following: “Power on”, “Power off” or “Not detected” (missing or defective module).
This window shows the data essential to the configuration of your firewall.
This box shows available update version and warnings that the administration interface has raised concerning the firewall’s configuration.
This entry indicates whether a new version of the firmware is available. If this is the case, a link bearing the name of the available version will allow the user to download it. To install it, go to the Maintenance module, System update tab.
|Release Notes||When a new firmware version is available, this link will enable the user to download the version release notes applicable to the firmware version offered for download.|
This box appears only on Elastic Virtual Appliance (EVA) models.
|Model||This entry specifies whether it is an EVA firewall with a standard license or a firewall with a Pay As You Go license model.|
|Model being used||This entry specifies the virtual machine model applied (EVA1, EVA2, EVA3, EVA4 or EVAU).|
|Limits applied||This entry specifies the amount of memory and the number of virtual processors (vCPU) currently allocated to the EVA.|
|Maximum limits||This entry specifies the amount of memory and the maximum number of virtual processors (vCPU) that can be allocated to this EVA model.|
Pay As You Go
This box appears only on Elastic Virtual Appliances (EVA) that run on a Pay As You Go license model (billed according to usage).
This license model can be used:
- On a standalone basis if you are managing your virtual firewall within your Mystormshield private-access area,
- Through an approved partner who then manages your virtual firewall in his own Mystormshield private-access area.
|Virtual machine enrollment||
This entry specifies whether the virtual firewall has logged on correctly to the Pay As You Go cloud service in order to retrieve its identity, certificate and license.
|Expiry date||Date on which the Pay As You Go license ends.|
Whenever the machine is managed in standalone mode, this web code allows you to register it in your Mystormshield private-access area.
|Client ID||This entry may display an optional login chosen when the installation image was imported, or when the partner created this image in order to identify the owner of the EVA.|
Your Stormshield Network Firewall’s reference.
Date and time in real time.
Absence or presence of a backup partition on your system (cf Menu System>Maintenance module >Configuration tab).
Duration for which the firewall has been running uninterrupted.
|Stormshield Network Activity Reports||
Status of report generation.
Profile applied for the filter and NAT policy. A “Collapse/Expand” button has been added for filter rules.
Status of the VPN on your network.
Status of the dynamic DNS client.
This component shows the new signatures installed on the appliance via Active Update that allow raising Applications alarms.
List of the various services available on the appliance.
Duration for which the service has been running uninterrupted.
Status of the service.
|Name of the object||
Name of the listed module.
Whether the module is up to date.
Date and time of the last update.
|Name of the object||
Name of the in, out or dmz interface.
This may be a physical interface (ethernet), VLAN, or modem (dialup)
IP address and subnet mask of the interface.
Incoming traffic in KB.
Outgoing traffic in KB.
Disabled interfaces are displayed in the Dashboard.
|Status||Indicates whether high availability has been enabled, and if this is not the case, whether it has been reinitialized.|
|Configuration||Indicates whether both firewalls in the cluster have a synchronized configuration.|
|Last synchronization||Date on which the configuration was last synchronized.|
|Last switch||Date on which both members of the cluster changed statuses (active/passive)|
|Serial number||Shows the serial numbers of both members of the cluster.|
|Status||Indicates the status of each member of the cluster (Active or Passive)|
|License||Specifies the type of high availability license of each member of the cluster (e.g.: Master).|
|Quality||Indicates the quality of the link between members of the cluster.|
|Version||Firmware version of each member of the cluster.|
Additional information can be displayed such as Authentication certificate not defined when both firewalls in the cluster do not present the same certificate.
Stormshield Management Center
If you have installed the Stormshield Management Center centralized administration server, this panel will allow you to display the characteristics of the firewall's connection to the SMC server.
If you have logged on via the web administration interface to a firewall attached to an SMC server, "Managed by SMC - Emergency mode" will be displayed in the upper panel. By default, the account used only has read-only access privileges.
You are strongly advised against directly modifying the configuration of a firewall administered by an SMC server, except in an emergency (SMC server uncontactable, for example).
This is because any changes made directly to the configuration via the web administration interface on a firewall attached to an SMC server may be overwritten when a new configuration is sent from the SMC server.
|Status of the service||Indicates the status of the connection between the firewall and the SMC server.|
|IP address||IP address of the SMC server.|
|Logged on/ Logged off since||Specifies the time/date from which the firewall has been logged on to or logged off from the SMC server.|
|Last deployment number||Indicates the number of the last deployment carried out by the SMC server on the firewall.|
|Last configuration update||Indicates the last date on which the configuration was sent from the SMC server to the firewall.|
If your firewall has the sandboxing option, this panel will allow you to show the status of the connection to the service as well as the latest scan statistics.
|Status of the service||
Indicates the status of the connection between the firewall and the Stormshield sandboxing servers.
The various possible values are:
|Criticality of the last malicious file detected||This indicator will only be displayed when a file scanned by sandboxing has been deemed malicious. It will then be presented in the form of a score ranging from the detection threshold of a malicious file (set by default to 80) to 100.|
|Nature of the last malicious file detected||This indicator will only be displayed when a file scanned by sandboxing has been deemed malicious. In this case, it will set out the nature of the malware (e.g.: "variant of Win32/SNS.Test").|
|Last malicious file detected on||This indicator will only be displayed when a file scanned by sandboxing has been deemed malicious. In this case, it will set out the date and time the malware was detected (format: YYYY-MM-DD HH:MM:SS).|