It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Threat Scan Page

  • Last updated on

The Threat Scan page lists all threats detected by the Intrusion Prevention System (IPS), the Virus Scanner service, and Advanced Threat Protection (ATP). For information on these features, see: Application Control. To access the Threat Scan page, click the FIREWALL tab and select the Threat Scan icon.

threat_scan.png


The information on the Threat Scan page is listed according to the security features (e.g., IPS, ATP, Virus Scanner service etc...) that are enabled on the firewall.

The columns display the following details:

  • AID – The application ID.

  • Action – The action performed by the IPS engine.

  • Scan Type – The scan type.

  • Org – The origin of the session.

  • Application – The affected application.

  • Protocol – The protocol used by the session.

  • Application Context – The application context.

  • Risk/Severity – The event severity.

  • Threat Category – The event category.

  • Info – Additional information (for example: IPS Warning).

  • Rule – The affected firewall rule.

  • Affected Operating System – The affected system.

  • Count – Displays the count.

  • Last – The time (h/m/s) of the last access.

  • IP Proto – The IP protocol.

  • Port – The affected port.

  • Source – The affected source IP address.

  • Destination – The affected destination IP address.

  • User – The affected user.

  • Interface – The affected interface.

  • MAC – The MAC address of the affected system.

  • Src / Dst NAT – The source / destination NAT address.

  • Output-IF – The output interface.

  • OutRoute – The routing details.

  • Next Hop – The next hop address.

  • URL Category – The URL category.

  • Src / Dst Geo – Displays the source / destination geolocation.

  • Src / Dst Prefix – Displays the source / destination prefix.

  • More Info – Displays additional information.

Status Icons

The status of firewall connections is indicated by the following icons:

Icon

Description

allow.png

Allow

block.png

Block

fail.png

Fail (audit Log) Warning/Scan (History Threat Scan)

drop.png

Drop

select.png

Box Selected (audit Log)

ips_sev.png

IPS Severity

app1.png

Threat Type = App Ctrl

appctrl.png

Threat Type = Virus Scan

ips.png

Threat Type = IPS

Column Control

Each of the upper information category names prefixes a column as the column name in the Threat view. Such a collection of columns is derived from the Factory Default configuration setup and handled by Barracuda Firewall Admin as a directly related configuration setup after your first login to a specific firewall.

When you log out from the firewall, all changes made to the columns during the last session are automatically saved to this configuration and will be automatically reloaded when you log in back to your firewall again.

By that way, Barracuda Firewall Admin manages such all such setups for every administered firewall.

Handling of Individual Setups

By right-clicking on the name of a column, a pop-up menu is displayed with the list entry Column at the bottom. By selected this entry, another pop-up menu is displayed depending if your firewall is operating in Policy Profiles mode or not. At that point, you have the option to select from 5 entries by which you can control how Barracuda Firewall Admin handles the changes to the defaults and whether these defaults should be used by only a specific or by all firewalls

Non-Policy-Profile Mode

Policy-Profile-Mode

Live View

column_defaults_live_view_no_policies.png

column_defaults_live_view_for_policies.png

History View

column_defaults_history_view_no_policies.png

column_defaults_history_view_for_policies.png

Threat View

column_defaults_threat_view_no_policies.png

column_defaults_threat_view_for_policies.png

The common naming parts for all the upper 6 options with their meaning are:

  1. Restore Default Columns…: Restores the column setup from your last actively saved favorite setup. This configuration setup can be used on any firewall to which you connect with Barracuda Firewall Admin. Note that when you log out from a specific firewall while using this restored setup, this setup will be stored as your firewall related default setting and will be reloaded upon your next login on the same firewall.

  2. Save as Default Columns…: Saves the current selection of columns as your favorite setup. This setup can be used on any other firewall on demand by clicking Restore Default Columns… .

  3. Factory Default Columns: Restores the preset factory setup of columns to the view. This will overwrite your currently used setup and can not be undone!

  4. Optimize All Columns: Optimizes all columns to consume a minimum width within the view. This can cause an empty area to the right side of the view.

  5. Adjust All Columns: Adjusts all columns to fit into the total width of the visible view.

Filter Options

Use the filtering functions on the Threat Scan page to display specific entries. 

h_filter.png
  1. Click the Filter icon on the top right of the ribbon bar. The Traffic Selection section opens on top of the list.

  2. Expand the Traffic Selection drop-down menu and select the required check boxes:  

    • Forward – The traffic on the Forwarding Firewall.

    • Loopback – The traffic over the loopback interface.

    • Local In – The incoming traffic on the box firewall.

    • Local Out – The outgoing traffic from the box firewall.

    • IPv6 – IPv6 traffic.

  3. To define filters for specific properties:

    1. Click the + icon.

    2. Select the required criteria.

    3. Select or enter the value in the blank field.

Managing Threats Information

To view detailed information for a threat entry, double-click it. The Session Details window displays the ID, action, source, scan type, and destination of the threat.

sessions.png

To add IPS Override entries, click the Add IPS Overrides icon next to the filter on the top right of the ribbon bar. Entries will be stored in the configuration.overrides_02.png

To access the IPS Overrides configuration, click Goto Configuration. For information on this feature, see: How to Manage Threats.