It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Threat Scan Page

  • Last updated on

The Threat Scan page lists all threats detected by the Intrusion Prevention System (IPS), the Virus Scanner service, and Advanced Threat Protection (ATP). For information on these features, see: Application Control. To access the Threat Scan page, click the FIREWALL tab and select the Threat Scan icon.

threat_scan.png

The information on the Threat Scan page is listed according to the security features (e.g., IPS, ATP, Virus Scanner service etc...) that are enabled on the firewall.

The columns display the following details:

  • AID – The application ID.
  • Action – The action performed by the IPS engine.
  • Scan Type – The scan type.
  • Org – The origin of the session.
  • Application – The affected application.
  • Protocol – The protocol used by the session.
  • Application Context – The application context.
  • Risk/Severity – The event severity.
  • Threat Category – The event category.
  • Info – Additional information (for example: IPS Warning).
  • Rule – The affected firewall rule.
  • Affected Operating System – The affected system.
  • Count – Displays the count.
  • Last – The time (h/m/s) of the last access.
  • IP Proto – The IP protocol.
  • Port – The affected port.
  • Source – The affected source IP address.
  • Destination – The affected destination IP address.
  • User – The affected user.
  • Interface – The affected interface.
  • MAC – The MAC address of the affected system.
  • Src / Dst NAT – The source / destination NAT address.
  • Output-IF – The output interface.
  • OutRoute – The routing details.
  • Next Hop – The next hop address.
  • URL Category – The URL category.
  • Src / Dst Geo – Displays the source / destination geolocation.
  • Src / Dst Prefix – Displays the source / destination prefix.
  • More Info – Displays additional information.

Status Icons

The status of firewall connections is indicated by the following icons:

Icon

Description
allow.pngAllow
block.pngBlock
fail.pngFail (audit Log) Warning/Scan (History Threat Scan)
drop.pngDrop
select.pngBox Selected (audit Log)
ips_sev.pngIPS Severity
app1.pngThreat Type = App Ctrl
appctrl.pngThreat Type = Virus Scan
ips.pngThreat Type = IPS

Filter Options

Use the filtering functions on the Threat Scan page to display specific entries. 

h_filter.png

  1. Click the Filter icon on the top right of the ribbon bar. The Traffic Selection section opens on top of the list.
  2. Expand the Traffic Selection drop-down menu and select the required check boxes:  
    • Forward – The traffic on the Forwarding Firewall.
    • Loopback – The traffic over the loopback interface.
    • Local In – The incoming traffic on the box firewall.
    • Local Out – The outgoing traffic from the box firewall.
    • IPv6 – IPv6 traffic.
  3. To define filters for specific properties:
    1. Click the + icon.
    2. Select the required criteria.
    3. Select or enter the value in the blank field.

Managing Threats Information

To view detailed information for a threat entry, double-click it. The Session Details window displays the ID, action, source, scan type, and destination of the threat.

sessions.png

To add IPS Override entries, click the Add IPS Overrides icon next to the filter on the top right of the ribbon bar. Entries will be stored in the configuration.overrides_02.png

To access the IPS Overrides configuration, click Goto Configuration. For information on this feature, see: How to Manage Threats.