Users
"Real time" tab
This screen consists of 2 views:
- A view listing the users authenticated on the firewall.
- A view listing Connections, Vulnerabilities, Applications, Services and information regarding the selected user.
"Users" view
This view shows all the users authenticated on the firewall. Every row represents a user.
The "Users" view displays the following data:
Name | User name |
IP address | IP address of the host to which the user has logged on. |
Directory | Name of the LDAP directory used for authenticating the user. |
Group | List of groups to which the user belongs. |
Expiry date | Remaining authentication time for the user's session |
Auth. method | Method used for authenticating the user (e.g. SSL) |
One-time password | A green check means that the user used a TOTP. |
Multi-user | Indicates whether the host to which the user has logged on is a multi-user host (e.g. a TSE server). |
Administrator | Specifies whether the user has administration privileges on the firewall. |
Sponsor | Whenever the user logs on via the Sponsorship method, this column will indicate the name of the person who had validated the connection request. |
SSL VPN Portal | A green check in this checkbox means that the user is allowed to log on to the SSL VPN portal in order to access web servers. |
SSL VPN Portal (Java applet) | A green check in this checkbox means that the user is allowed to log on to the SSL VPN portal in order to access application servers via a Java applet. |
SSL VPN | A green check in this checkbox means that the user is allowed to set up SSL VPN tunnels using the SN SSL VPN Client. |
IPsec VPN | A green check in this checkbox means that the user is allowed to set up one or several IPsec VPN tunnels. |
Right-click menu
Right-clicking on the name of the user opens the following pop-up menus:
- Search for this value in logs,
- Log off this user,
- Show host details
Possible actions
Several search criteria can be combined. All of these criteria have to be met in order to be displayed, as the search criteria are cumulative.
This combination of search criteria can then be saved as a “filter”. Filters will then be saved in memory and can be reset in the Preferences module of the administration interface.
(Filter drop-down menu) | Select a filter to launch the corresponding search. The list will suggest filters that have been saved previously and predefined filters for certain views. Selecting the entry (New filter) allows the filter to be reinitialized by selecting the criteria selection. |
Filter | Click on this button to:
|
Reset | This button cancels the action of the filter currently in use. If it is a saved customized filter, this action will not delete the filter. |
Refresh | This button refreshes data shown on the screen. |
Export results | This button makes it possible to download a file in CSV containing information from the table. Once a filter is applied, all results matching this filter will be exported. |
Configure authentication | This link makes it possible to go directly to the authentication parameters (Configuration > Users > Authentication module). |
Reset columns | This button makes it possible to reinitialize column width and display only columns suggested by default the first time the host monitoring window is opened. |
"FILTER" panel
You can add a criterion by dragging and dropping the value from the results field into the panel.
"Connections" view
This view shows all connections detected by the firewall for a selected user. Every row represents a connection. The "Connections" view displays the following data:
Date | Indicates the date and time of the object's connection. |
Connection | Connection ID |
Parent connection | Some protocols may generate "child" connections (e.g. FTP) and in this case, this column will list the parent connection ID. |
Protocol | Communication protocol used for the connection. |
User | User logged on to the host (if any). |
Source | IP address of the host at the source of the connection |
Source name | Name of the object (if any) corresponding to the source host. |
Source MAC address | MAC address of the object at the source of the connection |
Source port | Number of the source port used for the connection |
Source Port Name | Name of the object corresponding to the source port |
Destination | IP address of the host to which the connection was set up. |
Destination Name | Name of the object (if any) to which the connection was set up. |
Destination Port | Number of the destination port used for the connection. |
Dest. Port Name | Name of the object corresponding to the destination port |
Source interf. | Name of the interface on the firewall on which the connection was set up. |
Dest. interf. | Name of the destination interface used by the connection on the firewall. |
Average throughput | Average value of bandwidth used by the selected connection. |
Sent | Number of bytes sent during the connection. |
Received | Number of bytes received during the connection. |
Duration | Connection time. |
Last used | Time elapsed since the last packet exchange for this connection. |
Router | ID assigned by the firewall to the router used by the connection |
Router name | Name of the router saved in the objects database used by the connection |
Rule type | Indicates whether it is a local, global or implicit rule. |
Rule | ID name of the rule that allowed the connection |
Status | This parameter indicates the status of the configuration corresponding, for example, to its initiation, establishment or closure. |
Queue name | Name of the QoS queue used by the connection. |
Rule name | If a name has been given to the filter rule through which the connection passes, this name will appear in the column. |
IPS profile | Displays the number of the inspection profile called up by the rule that filtered the connection. |
Geolocation | Displays the flag corresponding to the destination country. |
Reputation category | Indicates the external host's reputation category if it has been classified. EXAMPLE |
Argument | Additional information for certain protocols (e.g.: HTTP). |
Operation | Additional information for certain protocols (e.g.: HTTP). |
Right-click menu
Right-clicking on the name of the source or destination host opens the following pop-up menus:
- Go to the corresponding security rule
Possible actions
Several search criteria can be combined. All of these criteria have to be met in order to be displayed, as the search criteria are cumulative.
This combination of search criteria can then be saved as a “filter”. Filters will then be saved in memory and can be reset in the Preferences module of the administration interface.
(Filter drop-down menu) | Select a filter to launch the corresponding search. The list will suggest filters that have been saved previously and predefined filters for certain views. Selecting the entry (New filter) allows the filter to be reinitialized by selecting the criteria selection. |
Filter | Click on this button to:
|
Reset | This button cancels the action of the filter currently in use. If it is a saved customized filter, this action will not delete the filter. |
Refresh | This button refreshes data shown on the screen. |
Export results | This button makes it possible to download a file in CSV containing information from the table. Once a filter is applied, all results matching this filter will be exported. |
Reset columns | This button makes it possible to display only columns suggested by default when the host monitoring window is opened. |
"FILTER ON" panel
You can add a criterion by dragging and dropping the value from the results field into the panel.
"Vulnerabilities" view
This tab describes the vulnerabilities detected on the host on which the selected user is connected.
The "Vulnerabilities" view displays the following data:
ID | Vulnerability ID |
Name | Indicates the name of the vulnerability. |
Family | Number of hosts affected. |
Severity | Indicates the level of severity on the host(s) affected by the vulnerability. There are 4 levels of severity: "Low", "Moderate", "High", "Critical". |
Exploit | Access may be local or remote (via the network). It allows exploiting the vulnerability. |
Solution | Indicates whether a workaround exists. |
Level | The alarm level associated with the discovery of this vulnerability. |
Port | The network port on which the host is vulnerable (e.g. 80 for a vulnerable web server). |
Service | Indicates the name of the vulnerable program (e.g.: lighthttpd_1.4.28) |
Assigned | Indicates the date on which the vulnerability was detected on the host |
Details | Additional information about the vulnerability. |
Right-click menu
Right-clicking on the name of the vulnerability opens the following pop-up menus:
- Search for this value in logs,
- Add the host to the objects base and/or add it to a group.
"Application" view
This tab describes the applications detected on the host on which the selected user is connected.
The "Application" view displays the following data:
Product name | Name of the application. |
Family | Application family (e.g. Web client). |
Details | Full name of the application including its version number. |
Right-click menu
Right-clicking on the name of the product opens the following pop-up menus:
- Search for this value in logs,
- Add the host to the objects base and/or add it to a group.
"Services" view
This tab describes the services detected on the host on which the selected user is connected.
The "Services" view displays the following data:
Port | Indicates the port and protocol used by the service (e.g. 80/tcp). |
Service name | Indicates the name of the service (e.g.: lighthttpd) |
Service | Indicates the name of the service including its version number (e.g. lighthhtpd_1.4.28). |
Details | Additional information about the service detected. |
Family | Service family (e.g. Web server). |
"Information" view
This tab describes the information relating to the host on which the selected user is connected.
The "Information" view displays the following data:
ID | Unique identifier of the software program or operating system detected. |
Name | Name of the software program or operating system detected. |
Family | Family to which the detected software belongs (e.g. Operating System). |
Level | The alarm level associated with the discovery of this program. |
Assigned | Date and time the program or operating system was detected. |
Details | Name and version of the software program or operating system detected (e.g. Microsoft_Windows_Seven_SP1). |
Right-click menu
Right-clicking on the name of the product opens the following pop-up menus:
- Search for this value in logs,
- Add the host to the objects base and/or add it to a group.
“History” tab
In this tab, you will see history graphs showing the various authentication methods by type:
- Total,
- Captive portal,
- Console,
- IPsec,
- SSL VPN,
- TOTP,
- Web administration interface.
Possible operations
Time scale |
In this field, the time scale can be selected: last hour, views by day, last 7 days and last 30 days.
The button allows the displayed data to be refreshed. |
Display the | In a view by day, this field offers a calendar allowing you to select the date. |
Interactive features
- Clicking on an indicator listed in the legend shows/hides the corresponding data on the graph,
- When you scroll over a curve, the value of the indicator and corresponding time appear in a tooltip.
- Clicking on the button to the right of each graph will prepare graph data for printing. Comments can be added before you confirm printing (Print button).