We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

Live Page

  • Last updated on

Under the Live tab, you can view and filter real-time information for the traffic that passes through the Barracuda NG Firewall. You can also manage the traffic sessions. To access the Live page, open the FIREWALL tab and click the Live icon in the ribbon bar.

In this article:

 

Video

To get a feel for how to use the FIREWALL > Live page in NG Admin, watch the following video:

Viewing Session Details

On the Live page, the details for all sessions are listed. You can view additional information for a specific session by double-clicking an entry.

fw_live.png

The following information is provided for each session:

InfoDescription
IDThe icons indicating the amount of traffic (Low to High...). The number provided is the unique access ID for the connection.
StateThe connection status (one-way traffic; connection established (TCP); two-way traffic (all other); connection could not be established; closing connection). The icon next to the status symbol indicates the application policy.
IP ProtocolThe protocol that is used. For example, TCP, UDP, or ICMP.
Application ContextThe context of the affected application.
ApplicationThe name of the affected application.
ContentThe content of the affected application.
RuleThe name of the affected firewall rule.
Type

The origin, as specified by the following abbreviations:

  • LIN – Local In. The incoming traffic on the box firewall.
  • LOUT – Local Out. The outgoing traffic from the box firewall.
  • LB – Loopback. The traffic via the loopback interface.
  • FWD – Forwarding. The outbound traffic via the Forwarding Firewall.
  • IFWD – Inbound Forwarding. The inbound traffic to the firewall.
  • PXY – Proxy. The outbound traffic via the proxy.
  • IPXY – Inbound Proxy. The inbound traffic via the proxy.
  • TAP – Transparent Application Proxying. The traffic via stream forwarding. 
InterfaceThe affected interface.
SourceThe source IP address.
Src. PortThe source port.
DestinationThe destination IP address.
PortThe destination port (or internal ICMP ID).
UserThe username of the affected user and group.
Bit/sThe bits per second (during the last second).
IdleTime since the last data transfer.
TotalThe total number of bytes that have been transferred over this connection.
InThe total number of bytes that have been transferred over this connection from the source.
OutThe total number of bytes that have been transferred over this connection to the source.
StartTime since the connection was established.
SNATThe source NAT address.
DNATThe destination NAT address.
Output-IFThe outgoing interface.
Policy

The affected policy. For descriptions of the available policies, see the Policy Overview section.

QoSQoS Band used by this session.
FWD ShapeThe forward Traffic Shaping (IN/OUT). The shape connectors for ingress and egress shaping, respectively, in the forward direction. Ingress shaping takes place at the inbound interface. Egress shaping takes place at the outbound interface.
REV ShapeThe reverse Traffic Shaping (IN/OUT).
ProtocolThe affected protocol.
StatusThe status of the connection. For descriptions of the available status types, see Status Overview.
Src. GeoThe geographic source of the active connection.
Dst. GeoThe geographic destination of the active connection.
TI IDThe transport rating setting (Bulk, Quality, or Fallback with IDs 0-7). For more information, see Traffic Shaping.
REV Shape

The shape connectors for ingress and egress shaping, respectively, in the reverse direction. Ingress shaping takes place at the outbound interface. Egress shaping takes place at the inbound interface.

URL CategoryCategory of the destination URL.

The general status of firewall connections is indicated by the following icons:

New Icon

Old Icon

Description

transfer.png

transfer_old.png

Transfer Rate

tcp3.png

udp1_old.png

UDP Session creating, connection not fully established (TCP) / one-way traffic (all other protocols)

udp1.pngudp2_old.png

Connection established (TCP) - Two-way traffic (all other protocols)

udp3.png

udp3_old.png

UDP session failing

udp4.png

udp4_old.png

Session one-sided down

hasync.png

hasync_old.png

HA Synced Session

ips.png

ips_old.png

IPS Scan

app.png

app_old.png

App Scan

wanopt.pngwanopt_old.png

Wan Optimization

slot_deny.png

slot_deny_old.png

Session State: ACPF Slot Deny

Filter Options

You can filter the list of sessions by traffic type, status, and properties. The following filter settings are provided:

  • Traffic Selection – From the Traffic Selection list, you can select the following options to filter for certain traffic types:
    • Forward  Sessions handled by the Forwarding Firewall.
    • Loopback  System internal data exchanged by the loopback interface.
    • Local In  Incoming sessions handled by the box firewall.
    • Local Out  Outgoing sessions handled by the box firewall.
    • IPv4 – Show IPv4 sessions.
    • IPv6   Show IPv6 sessions.
  • Status Selection  From the Status Selection list, you can select the following options to filter for certain traffic statuses:
    • Closing – Closing connections.
    • Established – Established connections.
    • Failing  Failed connections.
    • Pending – Connections that are currently being established.
  • + – Clicking + allows specification of further filtering options, such as IP addresses, interfaces, and firewall rules.

    When you configure these additional filter settings, you can use wildcard characters (*?; !*?). For example, you can enter !Amazon* to exclude all entries starting with Amazon or enter Y*|A* to include all entries starting with Y or A.

Clicking the Open History with same filter icon on the top right of the ribbon bar above the filters allows you to switch to the History view but with the same filters applied. Clicking the Save and Restore Filter and Colum Settings icon in the ribbon bar will open a dropdown menu that lets you save, restore, or delete filter and column view settings.

Managing Sessions

You can control, copy, print, export, and organize the sessions that are listed on the Firewall > Live page. When you right-click a session, you are provided with the following options:

OptionDescription
Terminate SessionEnds the session.
Abort Session (No TCP RST)Ends the session without a TCP request.
Change QoS / Reverse QoSLets you change the QoS Band. For more information, see Traffic Shaping.
Toggle TraceTracing is no longer supported in firmware version 6.1.0 or higher.
Change TI SettingsLets you change the Traffic Intelligent settings. For more information, see Traffic Intelligence.
Show Session DetailsDisplays the session details.
Save Traffic Selection PolicySaves the traffic selection policy.
Find Opens the search window at the top of the list.
Select / Deselect AllSelects or deselects all of the sessions.
Copy <...> to ClipboardCopies the selected entry to the clipboard.
Copy List to ClipboardCopies the list to the clipboard.
Copy selected to ClipboardCopies the selected row to the clipboard.
Export to FileExports the selected entry to a text file.
Print ListPrints the Firewall Live view.
Group by InterfaceGroups access cache entries by their interface.
ColumnsLets you select the columns to hide or show. The following options are also provided:
  • Default Columns – Offers the standard view.
  • Optimize All Columns – Adjusts the column size for best display.
  • Adjust All Columns – Displays all columns that are selected.

Work Processes

In the lower left of the Live page, you can view and control firewall-related processes and workers. To access the status, simply click >> Show Proc on the lower left of the window.

The entry Active displays the currently active worker processes. The feature Kill Selected is used for terminating single workers. The entry on the right of the Kill Selected button shows the status of the synchronization in case of active Transparent Failover (High Availability) and consists of the following possible states: 

  • Active Sync (UP) – shown on active HA partner; synchronization works.
  • Active Sync (DOWN) – shown on active HA partner; sync would work, but Box Firewall is down.
  • Passive Sync (UP) – shown on passive HA partner; synchronization works.
  • Passive Sync (DOWN) – shown on passive HA partner; sync would work, but Box Firewall is down.

The window provides the following information about the processes: 

  • PID – System process ID.
  • Connections – Number of connections handled by worker.
  • bps – bytes per second (during the last second).
  • Heartbeat – Time in seconds the process stopped to answer. Should never be more than 2.
  • PID  System process ID; allows view on PID and fully extended description column.
  • Description – Role description of worker.

Traffic Meter

A traffic meter is integrated on the lower right of the page. The firewall engine samples the amount of traffic over 10 seconds and the traffic meter shows it based on the traffic origin (Forward, Loopback, Local, Total). Traffic can be displayed as Bits/sec, Bytes/sec or Packets/sec.

The second available view is called TF Sync (click the Traffic dropdown arrow) and contains detailed information concerning the Transparent Failover function of an HA Forwarding Firewall. The pull-down menu for the statistics type (with the options Bits/secBytes/sec and Packets/sec) has no function for this type of view. The display consists of the following entries: 

  • My Sync Addr – IP address and connection port for synchronisation of this box.
  • Partner Sync Addr – IP address and connection port for synchronisation of the HA partner box.
  • Synced Sessions – Number of sessions successfully synchronized.
  • Pending Sessions – Number of pending sessions that are not synchronized.

Status Overview

This table provides descriptions of the possible statuses that are displayed in the Status column for each session on the Firewall > Live page:

Status NameOriginDescription
FWD-NEW 

TCP Packet Forwarding Outbound

The session is validated by the firewall rule set. Traffic has not been forwarded yet.

FWD-FSYN-RCV 

TCP Packet Forwarding Outbound

The initial SYN packet received from the session source was forwarded.

FWD-RSYN-RSV

TCP Packet Forwarding Outbound

The session destination answered the SYN with a SYN/ACK packet.

FWD-EST 

TCP Packet Forwarding Outbound

The SYN/ACK packet was acknowledged by the session source. The TCP session is established.

FWD-RET 

TCP Packet Forwarding Outbound

Either source or destination are retransmitting packets. The connection might be dysfunctional.

FWD-FFIN-RCV 

TCP Packet Forwarding Outbound

The session source sent a FIN datagram to terminate the session.

FWD-RLACK 

TCP Packet Forwarding Outbound

The session destination answered the FIN packet with a FIN reply and awaits the last acknowledgement for this packet.

FWD-RFIN-RCV 

TCP Packet Forwarding Outbound

The session destination sent a FIN datagram to terminate the session.

FWD-FLACK 

TCP Packet Forwarding Outbound

The session source answered the FIN packet with a FIN reply and awaits the last acknowledgement for this packet.

FWD-WAIT 

TCP Packet Forwarding Outbound

The session was reset by one of the two participants by sending a RST packet. During a wait period of five seconds, all packets belonging to the session will be discarded.

FWD-TERM 

TCP Packet Forwarding Outbound

The session is terminated and will be removed from the session list.

IFWD-NEW 

TCP Packet Forwarding Inbound

The session is validated by the firewall rule set. Traffic has not been forwarded yet.

IFWD-SYN-SND 

TCP Packet Forwarding Inbound

A SYN packet was sent to the destination initiating the session. Note that the session with the source is already established.

IFWD-EST 

TCP Packet Forwarding Inbound

The destination replied to the SYN with a SYN/ACK. The session is established.

IFWD-RET 

TCP Packet Forwarding Inbound

Either source or destination are retransmitting packets. The connection might be dysfunctional.

IFWD-FFIN-RCV 

TCP Packet Forwarding Inbound

The session source sent a FIN datagram to terminate the session.

IFWD-RLACK 

TCP Packet Forwarding Inbound

The session destination answered the FIN packet with a FIN reply and awaits the last acknowledgement for this packet.

IFWD-RFIN-RCV 

TCP Packet Forwarding Inbound

The session destination sent a FIN datagram to terminate the session.

IFWD-FLACK 

TCP Packet Forwarding Inbound

The session source answered the FIN packet with a FIN reply and awaits the last acknowledgement for this packet.

IFWD-WAIT 

TCP Packet Forwarding Inbound

The session was reset by one of the two participants by sending a RST packet. During a wait period of five seconds, all packets belonging to the session will be discarded.

IFWD-TERM 

TCP Packet Forwarding Inbound

The session is terminated and will be removed from the session list.

PXY-NEW 

TCP Stream Forwarding Outbound

The session is validated by the firewall rule set. Traffic has not been forwarded yet.

PXY-CONN 

TCP Stream Forwarding Outbound

A socket connection to the destination is being established.

PXY-ACC 

TCP Stream Forwarding Outbound

A socket connection to the source is being accepted.

PXY-EST 

TCP Stream Forwarding Outbound

Two established TCP socket connections to the source and destination exist.

PXY-SRC-CLO 

TCP Stream Forwarding Outbound

The socket to the source is closed or is in the closing process.

PXY-DST-CLO 

TCP Stream Forwarding Outbound

The socket to the destination is closed or is in the closing process.

PXY-SD-CLO 

TCP Stream Forwarding Outbound

The source and the destination socket are closed or in the closing process.

PXY-TERM 

TCP Stream Forwarding Outbound

The session is terminated and will be removed from the session list.

IPXY-NEW 

TCP Stream Forwarding Inbound

The session is validated by the firewall rule set. Traffic has not been forwarded yet.

IPXY-ACC 

TCP Stream Forwarding Inbound

A socket connection to the source is being accepted.

IPXY-CONN 

TCP Stream Forwarding Inbound

A socket connection to the destination is being established.

IPXY-EST 

TCP Stream Forwarding Inbound

Two established TCP socket connections to the source and destination exist.

IPXY-SRC-CLO 

TCP Stream Forwarding Inbound

The socket to the source is closed or is in the closing process.

IPXY-DST-CLO 

TCP Stream Forwarding Inbound

The socket to the destination is closed or is in the closing process.

IPXY-SD-CLO 

TCP Stream Forwarding Inbound

The source and the destination socket are closed or in the closing process

IPXY-TERM 

TCP Stream Forwarding Inbound

The session is terminated and will be removed from the session list.

UDP-NEW 

UDP Forwarding

The session is validated by the firewall rule set. Traffic has not been forwarded yet.

UDP-RECV 

UDP Forwarding

Traffic has been received from the source and was forwarded to the destination.

UDP-REPL 

UDP Forwarding

The destination replied to the traffic sent by the source.

UDP-SENT 

UDP Forwarding

The source transmitted more traffic after receiving a reply from the destination.

UDP-FAIL 

UDP Forwarding

The destination or a network component on the path to the destination sent an ICMP indicating that the request cannot be fulfilled.

ECHO-NEW 

ECHO Forwarding

The session is validated by the firewall rule set. Traffic has not been forwarded yet.

ECHO-RECV 

ECHO Forwarding

Traffic has been received from the source and forwarded to the destination.

ECHO-REPL 

ECHO Forwarding

The destination replied to the traffic sent by the source.

ECHO-SENT 

ECHO Forwarding

The source sent more traffic after receiving a reply from the destination.

ECHO-FAIL 

ECHO Forwarding

The destination or a network component on the path to the destination sent an ICMP indicating that the request cannot be fulfilled.

OTHER-NEW 

OTHER Protocols Forwarding

The session is validated by the firewall rule set. Traffic has not been forwarded yet.

OTHER-RECV 

OTHER Protocols Forwarding

Traffic has been received from the source and forwarded to the destination.

OTHER-REPL 

OTHER Protocols Forwarding

The destination replied to the traffic sent by the source.

OTHER-SENT 

OTHER Protocols Forwarding

The source sent more traffic after receiving a reply from the destination.

OTHER-FAIL 

OTHER Protocols Forwarding

The destination or a network component on the path to the destination sent an ICMP indicating that the request cannot be fulfilled.

LOC-NEW 

Local TCP Traffic

A local TCP session was granted by the local rule set.

LOC-EST 

Local TCP Traffic

The local TCP session is fully established.

LOC-SYN-SND 

Local TCP Traffic

A Local-Out TCP session is initiated by sending a SYN packet.

LOC-SYN-RCV 

Local TCP Traffic

A Local-In TCP session is initiated by receiving a SYN packet.

LOC-FIN-WAIT1 

Local TCP Traffic

An established local TCP session started the closing process by sending a FIN packet.

LOC-FIN-WAIT2 

Local TCP Traffic

A local TCP session in the FIN-WAIT1 state received an ACK for the FIN packet.

LOC-TIME-WAIT 

Local TCP Traffic

A local TCP session in the FIN-WAIT1 or in the FIN-WAIT2 state received a FIN packet.

LOC-CLOSE 

Local TCP Traffic

An established local TCP session is closed.

LOC-CLOSE-WAIT

Local TCP Traffic

An established local TCP session received a FIN packet.

LOC-LAST-ACK 

Local TCP Traffic

Application holding an established TCP socket responded to a received FIN by closing the socket. A FIN is sent in return.

LOC-LISTEN Local TCP Traffic

A local socket awaits connection request (SYN packets).

LOC-CLOSING Local TCP Traffic

A local socket in the FIN_WAIT1 state received a FIN packet.

LOC-FINISH Local TCP Traffic

A local TCP socket was removed from the internal socket list.

Policy Overview

This table provides descriptions of the possible policies that you might see in the Policy column for each session on the Firewall > Live page:

PolicyDescription
NO_MATCH_IIFThe received packet (Forward Direction) must NOT match initial input interface.
NO_MATCH_OIFThe received packet (Reverse Direction) must NOT match initial output interface.
INBOUNDThe Inbound Accept Policy is used.
FWD_FILTERThe content filter is applied for forward traffic.
REV_FILTERThe content filter is applied for reverse traffic.
TRACEThe session is traced.
NOTIFY_CONECTThe Firewall Service is notified about successful or failing TCP establishment. These notifications are required for multiple redirection status.
Source-Based NATThe bind IP address is determined by the routing table.
NOLOGLog file entries are not generated by the session.
NOSTATStatistics are not generated by the session.
NOCACHEAn access cache entry is not generated by the session.
NONAGLEThe Nagle algorithm is turned OFF.
LOG_STATEEvery state change of this session is logged.
OWN_LOGThe session will log to the firewall rule log file.
SRVSTATThe session resolves service object names when generating statistics.
DYNAMIC_PORTThe session is dynamically NAT'd. The outgoing source port will differ from the original client port.
NOSYNCThe session is not synchronized for transparent failover.
CLEAR_ECNThe session clears any ECN bits in the IP header.
Last updated on