Under the Live tab, you can view and filter real-time information for the traffic that passes through the Barracuda NG Firewall. You can also manage the traffic sessions. To access the Live page, open the FIREWALL tab and click the Live icon in the ribbon bar.
In this article:
Video
To get a feel for how to use the FIREWALL > Live page in NG Admin, watch the following video:
Viewing Session Details
On the Live page, the details for all sessions are listed. You can view additional information for a specific session by double-clicking an entry.
The following information is provided for each session:
Filter Options
You can filter the list of sessions by traffic type, status, and properties. The following filter settings are provided:
- Traffic Selection – From the Traffic Selection list, you can select the following options to filter for certain traffic types:
- Forward – Sessions handled by the Forwarding Firewall.
- Loopback – System internal data exchanged by the loopback interface.
- Local In – Incoming sessions handled by the box firewall.
- Local Out – Outgoing sessions handled by the box firewall.
- IPv4 – Show IPv4 sessions.
- IPv6 – Show IPv6 sessions.
- Status Selection – From the Status Selection list, you can select the following options to filter for certain traffic statuses:
- Closing – Closing connections.
- Established – Established connections.
- Failing – Failed connections.
- Pending – Connections that are currently being established.
+ – Clicking + allows specification of further filtering options, such as IP addresses, interfaces, and firewall rules.
Clicking the Open History with same filter icon on the top right of the ribbon bar above the filters allows you to switch to the History view but with the same filters applied. Clicking the Save and Restore Filter and Colum Settings icon in the ribbon bar will open a dropdown menu that lets you save, restore, or delete filter and column view settings.
Managing Sessions
You can control, copy, print, export, and organize the sessions that are listed on the Firewall > Live page. When you right-click a session, you are provided with the following options:
Work Processes
In the lower left of the Live page, you can view and control firewall-related processes and workers. To access the status, simply click >> Show Proc on the lower left of the window.
The entry Active displays the currently active worker processes. The feature Kill Selected is used for terminating single workers. The entry on the right of the Kill Selected button shows the status of the synchronization in case of active Transparent Failover (High Availability) and consists of the following possible states:
- Active Sync (UP) – shown on active HA partner; synchronization works.
- Active Sync (DOWN) – shown on active HA partner; sync would work, but Box Firewall is down.
- Passive Sync (UP) – shown on passive HA partner; synchronization works.
- Passive Sync (DOWN) – shown on passive HA partner; sync would work, but Box Firewall is down.
The window provides the following information about the processes:
- PID – System process ID.
- Connections – Number of connections handled by worker.
- bps – bytes per second (during the last second).
- Heartbeat – Time in seconds the process stopped to answer. Should never be more than 2.
- PID – System process ID; allows view on PID and fully extended description column.
- Description – Role description of worker.
Traffic Meter
A traffic meter is integrated on the lower right of the page. The firewall engine samples the amount of traffic over 10 seconds and the traffic meter shows it based on the traffic origin (Forward, Loopback, Local, Total). Traffic can be displayed as Bits/sec, Bytes/sec or Packets/sec.
The second available view is called TF Sync (click the Traffic dropdown arrow) and contains detailed information concerning the Transparent Failover function of an HA Forwarding Firewall. The pull-down menu for the statistics type (with the options Bits/sec, Bytes/sec and Packets/sec) has no function for this type of view. The display consists of the following entries:
- My Sync Addr – IP address and connection port for synchronisation of this box.
- Partner Sync Addr – IP address and connection port for synchronisation of the HA partner box.
- Synced Sessions – Number of sessions successfully synchronized.
- Pending Sessions – Number of pending sessions that are not synchronized.
Status Overview
This table provides descriptions of the possible statuses that are displayed in the Status column for each session on the Firewall > Live page:
Policy Overview
This table provides descriptions of the possible policies that you might see in the Policy column for each session on the Firewall > Live page: