Firewall, Proxy Server Interface based Live Traffic Reports - Enterprise Edition

---

The Live Traffic provide a live visual representation of the traffic load across network links. Graphs are similar to that of MRTG, with the aim of providing a simple way to see exactly how much inbound and outbound traffic was generated for each device.

• Live Reports of Each Firewall Device
• Live Reports of Each Proxy Device

Note:

SNMP base Live report graphs are not available for virtual Firewalls (vdom).

Configure SNMP protocol settings for your Firewall device

The procedure to configure the SNMP protocol settings of Firewall devices in the Firewall Analyzer is given below:

• Click Interface/Zone Reports > Click Configure SNMP protocol for Live reports. "Try now." link. Add Live Settings page appears.
• In that, the devices are listed in the Device Name drop down list. Select the device as required.
• Below the Device Name, the IP Address of the selected device will appear.
• Select the SNMP Version V1 or V2 or V3 using the respective radio button

• Version 1 (V1):
  • Enter the SNMP Community of the device in the text box
  • Enter the SNMP Port of the device in the text box

• Version 2 (V2):
  • Enter the SNMP Community of the device in the text box
  • Enter the SNMP Port of the device in the text box 

• Version 3 (V3):
  • Enter the SNMP Community of the device in the text box
  • Enter the SNMP Port of the device in the text box
  • Enter the User Name of the device in the text box
  • Enter the Context Name of the device in the text box
  • Authentication:
    • Select the Protocol for authentication from the drop down list (MD5, SHA).
    • Enter the Password for authentication in the text box
  • Encryption:
    • Select the Protocol for encryption from the drop down list (DES, AES).
    • Enter the Password for encryption in the text box

• Select the reports in the Select Reports section. In that section, the Report Name and Protocol are listed.
• Select Interface Live Report using the check box. Select the Protocol for the report. On selecting the Interface Live Report, Interval field will appear with the drop down list. You can select 1 minute or 5 minutes or 10 minutes granularity in Live reports by choosing appropriate interval.
• Select Live VPN Users report using the check box. Select the Protocol for the report. This report will be listed only if the device has the provision to get the Live VPN Users using SNMP protocol. Otherwise, this report option will not be there.
• The Apply to other similar devices section, contains list of devices of the same vendor type as the selected device with the check boxes to select, along with Select All devices option. If you want to apply the same credentials (Community, Port, etc.,) to other similar firewalls, please select them.
• Click Save button to save the configuration and Cancel button to cancel the operation. Upon saving the form, the details are stored in the database and a sample SNMP query is made to test connection. If the SNMP credentials are not valid, you can skip saving the Live Settings.

Note:

If SNMP query is not successful, error message will be displayed on top of the page. Upon error, ensure the credentials provided are correct. Also ensure you have provided Management access through the source interface for SNMP protocol.

Once the 'Live Settings' is added successfully, the Edit | Disable | Delete SNMP options are displayed to respective devices in Interface Live Reports Dashboard. The Live Reports and Interface Live Reports are populated with SNMP data.

Using the SNMP parameters configured, all the devices will be queried to get interface details. To configure/enable SNMP protocol in individual Firewall devices, refer the respective device configuration documents. Fortigate, Netscreen, Cisco PIX, Cisco ASA, Cisco Firewalls using ASDM tool

Once the SNMP settings is done for Live Reports, we skip the syslog data and use SNMP data for Live Reports. To switch to syslog option either disabling or deleting the SNMP settings. You could find this option to the right of device name in Interface/Zone Live Reports dashboard.

Live Reports of Each Firewall Device

On the top right side of the Report screen, there will be two combo boxes. They are:

• Refresh
• Export as

Refresh

The Refresh combo box lets to enable or disable refreshing of the Live reports and lets you to choose the refreshing interval of the Live reports. There will be three field values for filtering. They are:

• Never Refresh
• Refresh Every 1 Min
• Refresh Every 5 Min
• Refresh Every 10 Min

Export as

The Export as combo box lets you choose the format of the reports for export. There will be two formats for exporting. They are:

• PDF
• CSV

Click on the PDF to export this report to PDF. Click on the CSV to export this report to CSV format (comma separated values).

Click the Live Reports link present inside the list of reports for a device, to see the live reports for that device alone, over all the time periods described above.

The graphs for each device shows the minimum, maximum, and average amount of incoming and outgoing traffic through that device, over several time periods. Traffic is broken down into the last day, last week, last month, and last year, with an average granularity of 5 minutes, 30 minutes, 2 hours, and 1 day respectively.

The incoming and outgoing bandwidth can be viewed in Kbps/Mbps/Gbps.

Drill down from each of the graphs in the live report to see the following details: 

Graph	Description
Inbound/Outbound Traffic Conversations	The inbound/outbound conversations for all hosts across this device. This data is available only for the last day's traffic over a 5-minute average granularity.
Top Hosts	The top hosts contributing to inbound/outbound traffic across this device. Drill down from this graph to see the corresponding conversations for each host, during the selected time period.
Top Protocol Groups	The top protocol groups used in inbound/outbound traffic across this device. Drill down from this graph to see the corresponding conversations using each protocol group, during the selected time period.
Top Users	The top users contributing to inbound/outbound traffic across this device. Drill down from this graph to see the corresponding conversations for each user, during the selected time period.

Live traffic for the 24 hour period can be zoomed to 12 hour and 6 hour periods.

Note:

Live Reports will not be available for devices whose logs do not contain the "duration" field. For example: WatchGuard, SonicWall, Astaro, IP Filter Linux Firewall, etc...

Live Reports of Each Proxy Device

On the top right side of the Report screen, there will be two combo boxes. They are:

• Refresh
• Export as

Refresh

The Refresh combo box lets to enable or disable refreshing of the Live reports and lets you to choose the refreshing interval of the Live reports. There will be three field values for filtering. They are:

• Never Refresh
• Refresh Every 1 Min
• Refresh Every 5 Min
• Refresh Every 10 Min

Export as

The Export as combo box lets you choose the format of the reports for export. There will be two formats for exporting. They are:

• PDF
• CSV

Click on the PDF to export this report to PDF. Click on the CSV to export this report to CSV format (comma separated values).

Click the Live Reports link present inside the list of reports for a device, to see the live reports for that device alone, over specific time periods.

The graphs for each device shows the minimum, maximum, and average amount of outgoing traffic through that device, over several time periods. Traffic is broken down into the last day, last week, last month, and last year, with an average granularity of 5 minutes, 30 minutes, 2 hours, and 1 day respectively. Live traffic for the 24 hour period can be zoomed to 12 hour and 6 hour periods.

The outgoing bandwidth can be viewed in Kbps/Mbps/Gbps.

Note:

Live Reports will not be available for devices whose logs do not contain the "duration" field.