Under the Live tab, you can view and filter real-time information for the traffic that passes through the Barracuda NG Firewall. You can also manage the traffic sessions. To access the Live page, open the FIREWALL tab and click the Live icon in the ribbon bar.
In this article:
Video
To get a feel for how to use the FIREWALL > Live page in NG Admin, watch the following video:
Viewing Session Details
On the Live page, the details for all sessions are listed. You can view additional information for a specific session by double-clicking an entry.
The following information is provided for each session:
| Info | Description |
|---|---|
| ID | The icons indicating the amount of traffic (Low to High...). The number provided is the unique access ID for the connection. |
| State | The connection status (one-way traffic; connection established (TCP); two-way traffic (all other); connection could not be established; closing connection). The icon next to the status symbol indicates the application policy. |
| IP Protocol | The protocol that is used. For example, TCP, UDP, or ICMP. |
| Application Context | The context of the affected application. |
| Application | The name of the affected application. |
| Content | The content of the affected application. |
| Rule | The name of the affected firewall rule. |
| Type | The origin, as specified by the following abbreviations:
|
| Interface | The affected interface. |
| Source | The source IP address. |
| Src. Port | The source port. |
| Destination | The destination IP address. |
| Port | The destination port (or internal ICMP ID). |
| User | The username of the affected user and group. |
| Bit/s | The bits per second (during the last second). |
| Idle | Time since the last data transfer. |
| Total | The total number of bytes that have been transferred over this connection. |
| In | The total number of bytes that have been transferred over this connection from the source. |
| Out | The total number of bytes that have been transferred over this connection to the source. |
| Start | Time since the connection was established. |
| SNAT | The source NAT address. |
| DNAT | The destination NAT address. |
| Output-IF | The outgoing interface. |
| Policy | The affected policy. For descriptions of the available policies, see the Policy Overview section. |
| QoS | QoS Band used by this session. |
| FWD Shape | The forward Traffic Shaping (IN/OUT). The shape connectors for ingress and egress shaping, respectively, in the forward direction. Ingress shaping takes place at the inbound interface. Egress shaping takes place at the outbound interface. |
| REV Shape | The reverse Traffic Shaping (IN/OUT). |
| Protocol | The affected protocol. |
| Status | The status of the connection. For descriptions of the available status types, see Status Overview. |
| Src. Geo | The geographic source of the active connection. |
| Dst. Geo | The geographic destination of the active connection. |
| TI ID | The transport rating setting (Bulk, Quality, or Fallback with IDs 0-7). For more information, see Traffic Shaping. |
| REV Shape | The shape connectors for ingress and egress shaping, respectively, in the reverse direction. Ingress shaping takes place at the outbound interface. Egress shaping takes place at the inbound interface. |
| URL Category | Category of the destination URL. |
The general status of firewall connections is indicated by the following icons:
New Icon | Old Icon | Description |
|---|---|---|
|  | Transfer Rate |
|  | UDP Session creating, connection not fully established (TCP) / one-way traffic (all other protocols) |
 |  | Connection established (TCP) - Two-way traffic (all other protocols) |
|  | UDP session failing |
|  | Session one-sided down |
|  | HA Synced Session |
|  | IPS Scan |
|  | App Scan |
 |  | Wan Optimization |
|  | Session State: ACPF Slot Deny |
Filter Options
You can filter the list of sessions by traffic type, status, and properties. The following filter settings are provided:
- Traffic Selection – From the Traffic Selection list, you can select the following options to filter for certain traffic types:
- Forward – Sessions handled by the Forwarding Firewall.
- Loopback – System internal data exchanged by the loopback interface.
- Local In – Incoming sessions handled by the box firewall.
- Local Out – Outgoing sessions handled by the box firewall.
- IPv4 – Show IPv4 sessions.
- IPv6 – Show IPv6 sessions.
- Status Selection – From the Status Selection list, you can select the following options to filter for certain traffic statuses:
- Closing – Closing connections.
- Established – Established connections.
- Failing – Failed connections.
- Pending – Connections that are currently being established.
+ – Clicking + allows specification of further filtering options, such as IP addresses, interfaces, and firewall rules.
Clicking the Open History with same filter icon on the top right of the ribbon bar above the filters allows you to switch to the History view but with the same filters applied. Clicking the Save and Restore Filter and Colum Settings icon in the ribbon bar will open a dropdown menu that lets you save, restore, or delete filter and column view settings.
Managing Sessions
You can control, copy, print, export, and organize the sessions that are listed on the Firewall > Live page. When you right-click a session, you are provided with the following options:
Work Processes
In the lower left of the Live page, you can view and control firewall-related processes and workers. To access the status, simply click >> Show Proc on the lower left of the window.
The entry Active displays the currently active worker processes. The feature Kill Selected is used for terminating single workers. The entry on the right of the Kill Selected button shows the status of the synchronization in case of active Transparent Failover (High Availability) and consists of the following possible states:
- Active Sync (UP) – shown on active HA partner; synchronization works.
- Active Sync (DOWN) – shown on active HA partner; sync would work, but Box Firewall is down.
- Passive Sync (UP) – shown on passive HA partner; synchronization works.
- Passive Sync (DOWN) – shown on passive HA partner; sync would work, but Box Firewall is down.
The window provides the following information about the processes:
- PID – System process ID.
- Connections – Number of connections handled by worker.
- bps – bytes per second (during the last second).
- Heartbeat – Time in seconds the process stopped to answer. Should never be more than 2.
- PID – System process ID; allows view on PID and fully extended description column.
- Description – Role description of worker.
Traffic Meter
A traffic meter is integrated on the lower right of the page. The firewall engine samples the amount of traffic over 10 seconds and the traffic meter shows it based on the traffic origin (Forward, Loopback, Local, Total). Traffic can be displayed as Bits/sec, Bytes/sec or Packets/sec.
The second available view is called TF Sync (click the Traffic dropdown arrow) and contains detailed information concerning the Transparent Failover function of an HA Forwarding Firewall. The pull-down menu for the statistics type (with the options Bits/sec, Bytes/sec and Packets/sec) has no function for this type of view. The display consists of the following entries:
- My Sync Addr – IP address and connection port for synchronisation of this box.
- Partner Sync Addr – IP address and connection port for synchronisation of the HA partner box.
- Synced Sessions – Number of sessions successfully synchronized.
- Pending Sessions – Number of pending sessions that are not synchronized.
Status Overview
This table provides descriptions of the possible statuses that are displayed in the Status column for each session on the Firewall > Live page:
Policy Overview
This table provides descriptions of the possible policies that you might see in the Policy column for each session on the Firewall > Live page: