The dynamic area: widgets

In this area, you will be able to view certain updates on your firewall such as the latest alarms raised or the various health indicators.

Network

This window shows the number of interfaces available on the firewall (maximum 32).

The interface(s) used appear(s) in green. When the bypass mechanism is enabled (industrial firewalls only) and has been activated, the first two interfaces of the firewall will be represented as follows:

A tooltip containing information about each interface is available.

The following information is given:

Name

Name of the in, out or dmz interface used.

Address IP address(es) and subnet mask.
Network packets

The number of Accepted, Blocked, Fragmented, TCP, UDP and ICMP packets.

Blocked The number of packets blocked coming from this interface.
Traffic received

The total and individual breakdown of TCP, UDP and ICMP packets received.

Traffic sent

The total and individual breakdown of TCP, UDP and ICMP packets sent.

Current incoming throughput

Current incoming throughput

Current outgoing throughput Current outgoing throughput
Safety/Bypass mode activated This value is only available for industrial firewalls and is only shown when bypass has been enabled and the "Safety" operating mode has been selected. The possible values are "Safety mode enabled" (bypass not activated) or "Bypass mode enabled" (bypass activated).

Protections

This window contains the list of the latest alarms or system events raised by the firewall.

Date

Date and time of the last alarms raised, arranged from the most recent to least recent.

Message

Comment associated with the selected alarm.

Examples of possible messages

“Invalid ICMP message (no TCP/UDP linked entry)” (minor priority).

“IP address spoofing (type=1)” (major priority).

Action

When an alarm is raised, the packet that set off the alarm will be subject to

the action configured. The actions are “Block” or “Pass”.

ID Unique alarm ID
Priority

3 levels of priority are possible and can be configured in the module Application Protection > Applications and Protections.

Source interface Interface on which packets that set off the alarm arrived
Source port Source port of packets that set off the alarm
Source

IP address that raised the alarm.

For the purpose of compliance with the European GDPR (General Data Protection Regulation), IP addresses are now replaced with the term "Anonymized". To view them, you will need to obtain the "Full access to logs (private data)" privilege by clicking on Logs: restricted access and refreshing the data in the widget.

Destination Port Destination port of packets that set off the alarm
Destination

Address of the destination host of the packet that set off the alarm.

Right-clicking on the line of an alarm or system event opens access to its configuration or help page:

Go to alarm configuration

This button shows the alarms in the Applications and Protections module. The Advanced column in the selected row includes the Configurebutton, which makes it possible to send an e-mail when an alarm is raised, quarantining the host that caused the alarm to be raised or capturing the blocked packet.

Go to system event configuration

This button shows the system event in the Notifications > System events module.

The Advanced column in the selected row includes the Configurebutton, which makes it possible to send an e-mail when an alarm is raised, quarantining the host that caused the alarm to be raised or capturing the blocked packet.

Open help to see details on this alarm

Select the desired alarm and click on this link, which will take you to a help page relating to the message (see above).

Properties

This window displays information relating to your firewall model and firmware version installed on your firewall or firewall cluster.

Name

Name given to the firewall (Configuration > General configuration tab).

This name is the firewall's serial number by default.

Model Physical firewall model (e.g.: SN 210).
EVA model

This field appears only for virtual firewalls.

It indicates the virtual firewall model corresponding to the physical resources allocated to the machine (EVA1, EVA2, EVA3, EVA4 or EVAU).

EVA memory capacity

This field appears only for virtual firewalls.

This entry specifies the amount of memory currently allocated to the virtual machine.

The minimum and maximum memory values that apply to this model are also indicated in brackets.

Number of CPUs on the EVA

This field appears only for virtual firewalls.

This entry specifies the number of virtual processors (vCPU) currently allocated to the virtual machine.

The minimum and maximum numbers of virtual processors that apply to this model are also indicated in brackets.

Serial number

Your Stormshield Network firewall’s reference.

Version Firmware version installed on the active partition of the firewall.
Version (passive firewall)

This field appears only when HA is enabled.

Firmware version installed on the passive partition of the firewall.

Uptime

Duration for which the firewall has been running uninterrupted.

Date

Firewall date and time in real time.

Maintenance expiry date Date on which maintenance of the firewall ends.
Maintenance expiry date (passive firewall)

This field appears only when HA is enabled.

Date on which maintenance of the passive firewall ends.

Messages

This window lists system-related warnings and alerts.

Health indicators

This window shows the status of the firewall's hardware resources. These statuses are color-coded:

  • Gray: the module is not available, installed or enabled on your firewall,
  • Green: the health indicators of the module are optimal,
  • Orange: the value(s) of one or several indicators in the module require(s) your attention,
  • Red: the value(s) of one or several health indicators in the module is/are critical.

Click on a health indicator to go directly to the corresponding monitoring or configuration module.

The indicators taken into account for each health indicator are:

HA link Status of the link dedicated to HA.
Power supply

Status of the power supply modules if the firewall has any. The value of this field may be one of the following: “Power on”, “Power off” or “Not detected” (missing or defective module).

Fan Status of the fan if the firewall has one.
CPU

Percentage of your processor’s use.

Memory

Status of memory used by the firewall. Various types of memory are analyzed:

  • Host: percentage of memory allocated to processing a host.
  • Fragmented: Percentage of memory allocated to processing fragmented packets.
  • Connection: Percentage of memory allocated to processing connections.
  • ICMP: percentage of memory allocated for ICMP.
  • Logs: percentage of memory used for data tracking.
  • Dynamic: percentage of dynamic memory on the intrusion prevention engine.
Disk Status of the firewall’s internal storage medium.
RAID Status of data redundancy between the firewall's physical disks.
Temperature

Temperature of the firewall

This indicator is not available on virtual machines.

Certificate

Validity of certificates and CRLs:

  • Certificate expiring in fewer than 30 days,
  • Certificate with a validity period in the future,
  • Certificate expired,
  • Certificate revoked,
  • CRL of a CA that has exceeded half of its lifetime or which will be reaching it in fewer than 5 days,
  • CRL of an expired CA.

Services

This window shows the status of some services on the firewall. The color of the icon indicates the status of the service:

  • Gray: service not available or not enabled on the firewall,
  • Green: service running normally,
  • Orange: the status of the service requires your attention,
  • Red: the status of the service is critical,

The indicators taken into account for each health indicator are:

Active Update

Date on which the Active Update module was updated.

Management Center Status of the connection between the firewall and the Stormshield Management Center server.
Sandboxing Status of the connection to sandboxing servers
Cloud backup

Status of the connection to the Cloud Backup infrastructure when automatic backups are enabled.

Antivirus

Date on which antivirus definitions were updated.

Reports

Activation status of reports

Activation status of history graphs

Syslog server

Status of the connection to syslog servers configured on the firewall.

If no syslog servers are configured, click on this service to go to the corresponding configuration module (Configuration > Notifications Syslog tab).

SSO Agent

Status of the connection to SSO agents configured on the firewall.

If no SSO agents are configured, click on this service to go to the corresponding configuration module (Configuration > Users > AuthenticationAvailable methods tab).

Pay As You Go

This box appears only on Elastic Virtual Appliances (EVA) that run on a Pay As You Go license model (billed according to usage).

This license model can be used:

  • On a standalone basis if you are managing your virtual firewall within your Mystormshield private-access area,
  • Through an approved partner who then manages your virtual firewall in his own Mystormshield private-access area.
Virtual machine enrollment

This entry specifies whether the virtual firewall has logged on correctly to the Pay As You Go cloud service in order to retrieve its identity, certificate and license.

Expiry date Date on which the Pay As You Go license ends.
Web code

Whenever the machine is managed in standalone mode, this web code allows you to register it in your Mystormshield private-access area.

Client ID This entry may display an optional login chosen when the installation image was imported, or when the partner created this image to identify the owner of the EVA.