Connections
"Real time" table
This view shows all connections detected by the firewall. Every row represents a connection. The "Connections" view displays the following data:
Date |
Indicates the date and time of the object's connection. |
Connection | Connection ID |
Parent connection | Some protocols may generate "child" connections (e.g. FTP) and in this case, this column will list the parent connection ID. |
Protocol |
Communication protocol used for the connection. |
Ethernet protocol |
When the communication protocol is part of the following list:
|
User |
User logged on to the host (if any). |
Source |
IP address of the host at the source of the connection |
Source name | Name of the object (if any) corresponding to the source host. |
Source IP address (multi-homing) | IP address presented by the host initiating an SCTP connection. Reminder: an appliance that communicates in SCTP may have several IP addresses (multi-homing). |
Source MAC address |
MAC address of the object at the source of the connection |
Source port |
Number of the source port used for the connection |
Source Port Name | Name of the object corresponding to the source port |
Destination |
IP address of the host to which the connection was set up. |
Destination Name | Name of the object (if any) to which the connection was set up. |
Destination MAC address |
MAC address of the host to which the connection was set up. |
Destination IP address (multi-homing) | IP address of the destination host of an SCTP connection. Reminder: an appliance that communicates in SCTP may have several IP addresses (multi-homing). |
Destination Port |
Number of the destination port used for the connection. |
Dest. Port Name | Name of the object corresponding to the destination port |
Source interf. |
Name of the interface on the firewall on which the connection was set up. |
Dest. interf. |
Name of the destination interface used by the connection on the firewall. |
Average throughput | Average value of bandwidth used by the selected connection. |
Sent |
Number of bytes sent during the connection. |
Received |
Number of bytes received during the connection. |
Duration |
Connection time. |
Last used | Time elapsed since the last packet exchange for this connection. |
Router ID |
ID assigned by the firewall to the router used in the connection. |
Gateway name |
Name of the gateway (making up the router whose ID is specified in the previous column) that the connection uses. |
Status of the gateway | Current status of the gateway used for the connection. |
Rule type | Indicates whether it is a local, global or implicit rule. |
Rule |
ID name of the rule that allowed the connection. |
Status |
This parameter indicates the status of the configuration corresponding, for example, to its initiation, establishment or closure. |
Queue name | Name of the QoS queue used by the connection. |
Rule name | If a name has been given to the filter rule through which the connection passes, this name will appear in the column. |
IPS profile | Displays the number of the inspection profile called up by the rule that filtered the connection. |
Geolocation | Displays the flag corresponding to the destination country. |
Reputation category | Indicates the external host's reputation category if it has been classified. EXAMPLE |
Argument | Additional information for certain protocols (e.g., HTTP). |
Operation | Additional information for certain protocols (e.g., HTTP). |
Right-click menu
Right-clicking on the name or IP address of a source or destination host opens the following pop-up menus:
- Search for this value in logs,
- Show host details,
- Reset the reputation score,
- Add the host to the objects base and/or add it to a group.
Right-clicking on the name of the user opens the following pop-up menus:
- Search for this value in logs,
- Log off this user,
- Show host details
Right-clicking on the name of the source or destination opens the following pop-up menus:
- Search for this value in the "All logs" view,
- Show host details,
- Reset this object's reputation score,
- Blacklist this object (for 1 minute, 5 minutes, 30 minutes or 3 hours),
- Add the host to the objects base and/or add it to a group.
- Go to the corresponding security rule
Right-clicking on the name of the source or destination opens the following pop-up menus:
- Go to the corresponding security rule,
- Add the service to the objects base and/or add it to a group.
Right-clicking on the other columns will open the following pop-up menu:
- Go to the corresponding security rule
Possible actions
Several search criteria can be combined. All of these criteria have to be met in order to be displayed, as the search criteria are cumulative.
This combination of search criteria can then be saved as a “filter”. Filters will then be saved in memory and can be reset in the Preferences module of the administration interface.
(Filter drop-down menu) |
Select a filter to launch the corresponding search. The list will suggest filters that have been saved previously and predefined filters for certain views. Selecting the entry (New filter) allows the filter to be reinitialized by selecting the criteria selection. |
Filter | Click on this button to:
|
Reset | This button cancels the action of the filter currently in use. If it is a saved customized filter, this action will not delete the filter. |
Refresh | This button refreshes data shown on the screen. |
Export results | This button makes it possible to download a file in CSV containing information from the table. Once a filter is applied, all results matching this filter will be exported. |
Reset columns | This button makes it possible to reinitialize column width and display only columns suggested by default the first time the host monitoring window is opened. |
"FILTER ON" panel
You can add a criterion by dragging and dropping the value from the results field into the panel.