MONITORING

The Monitoring module offers data in real time and history graphs (if this option has been enabled in the Report configuration module) regarding:

  • Hardware and high availability status,
  • The use of the firewall's system resources,
  • The level of use of network interfaces,
  • The level of use of QoS queues,
  • Hosts that have gone through the firewall,
  • Users authenticated on the firewall,
  • Connections made through the firewall,
  • The status of routers, SD-WAN routers and network gateways defined on the firewall,
  • The DHCP service,
  • SSL VPN tunnels set up,
  • IPsec VPN tunnels set up,
  • The firewall's whitelist/blacklists.
  • Captures of network traffic going through the firewall.

Such data is presented in the form of curves or tables. History curves offer four time scales: last hour, day, week or month. These time ranges are calculated in relation to the firewall’s date and time settings.

Private data

For the purpose of compliance with the European GDPR (General Data Protection Regulation), personal data (user name, source IP address, source name, source MAC address) is no longer displayed in logs and reports and have been replaced with the term "Anonymized".

To view such data, the administrator must then enable the "Logs: full access" privilege by clicking on "Logs: limited access" (upper banner of the web administration interface), then by entering an authorization code obtained from the administrator's supervisor (see the section Administrators > Ticket management). This code is valid for a limited period defined at the moment of its creation.

To release this privilege, the administrator must click on "Logs: full access" in the upper banner of the web administration interface, then click on "Release" in the dialog box that appears.

After a privilege is obtained or released, data must be refreshed.

Please note that every time a "Logs: full access" privilege is obtained or released, it will generate an entry in logs.

NOTE
For SN160(W), SN210(W), SN-S-Series-220, SN310, SN-S-Series-320 and SNi20 models, you can obtain the full feature by using an external storage medium such as an SD card (refer to the module Logs –Syslog). Only the SD format is compatible: Micro SD or Nano SD cards fitted with an adapter are not supported.

The table

Search This field allows looking for monitoring graphs or tables using keywords.

Tooltips

Scrolling the mouse over certain types of objects will display their properties in a tooltip. The advantage of this is that it reduces the number of columns to display in a table.

Whenever the administrator has full privileges to access all logs, the properties shown in the tooltip are the following:

Host or IP address

  • Name of the host if it has been defined in the objects database,
  • IP address of the host,
  • Host’s operating system (only the internal host),
  • Number of vulnerabilities detected for the host,
  • Host’s reputation score (only the internal host),
  • Country in which the host is located (only the external host),
  • Number of packets sent,
  • Number of packets received,
  • Outgoing bandwidth used,
  • Incoming bandwidth used,
  • Firewall interface through which this host is seen,
  • Host’s MAC address (only the internal host),

Affected tables :

  • Host monitoring: "Hosts" view, "Connections" view,
  • User monitoring: "Users" view, "Connections" view,
  • Connection monitoring.

Destination Port

  • Name of the object corresponding to the port,
  • Port number,
  • Protocol,
  • Comments defined in the port object.

Affected tables :

  • Host monitoring: "Hosts" view, "Connections" view,
  • User monitoring: "Connections" view,
  • Connection monitoring.

User

  • Description, if any,
  • Connection ID,
  • Domain (directory),
  • E-mail address,
  • Phone number,
  • IP address of the connecting host and name of the corresponding host object if it has been defined in the objects database.
  • Firewall interface through which this host is seen,
  • Incoming bandwidth used,
  • Outgoing bandwidth used.

Affected tables :

  • User monitoring: "Users" view,
  • Connection monitoring.

Interface

  • Last name,
  • Whether the interface is protected,
  • Bridge to which the interface may be attached,
  • Incoming bandwidth used,
  • Outgoing bandwidth used.

Affected tables :

  • Host monitoring: "Hosts" view,
  • User monitoring: "Connections" view,
  • Connection monitoring.