The Threat Scan page lists all threats that are detected by the Intrusion Prevention System (IPS), the Virus Scanner service, and Advanced Threat Detection (ATD). For information on these features, see: Application Control 2.0. To access the Threat Scan page, open the FIREWALL tab and select the Threat Scan icon.
The information on the Threat Scan page is listed according to the security features (e.g., IPS, ATD, Virus Scanner service etc...) that are enabled on the Barracuda NG Firewall. The columns display the following details:
- AID – Displays the application ID.
- Action – The action performed by the IPS engine.
- Scan Type – The scan type.
- Org – The origin of the session.
- Scan Result – The scan result.
- IPS Severity – The event severity.
- IPS Category – The event category.
- Ref/CVE – Displays the reference.
- Info – Additional information (for example: IPS Warning).
- Rule – The affected firewall rule.
- Affected Operating System – The affected system.
- Count – Displays the count.
- Last – The last access time (h/m/s).
- IP Proto – The IP protocol.
- Port – The affected port.
- Service – The affected service.
- Source – Displays the affected source IP address.
- Destination – Displays the affected destination IP address.
- User – The affected user.
- Interface – The affected interface.
- MAC – The MAC address of the affected system.
- Src / Dst NAT – Displays the source / destination NAT address.
- Output-IF – The output Interface.
- OutRoute – Displays the routing details.
- Next Hop – Displays the next hop address.
- IPS Rule Id – The ID of the IPS rule.
- URL Category – Displays the URL category.
The status of firewall connections is indicated by the following icons:
|Fail (audit Log) Warning/Scan (History Threat Scan)|
|Box Selected (audit Log)|
|Threat Type = App Ctrl|
|Threat Type = Virus Scan|
|Threat Type = IPS|
Available Filter Options
To create a filter, click the arrow icon next to the Traffic Selection section to expand the dropdown list and select the required checkboxes:
- Forward – Displays the traffic on the Forwarding Firewall.
- Loopback – Traffic over the loopback interface.
- Local In – Displays the incoming traffic on the box firewall.
- Local Out – Displays the outgoing traffic from the box firewall.
- IPv6 – IPv6 traffic.
To define filters for specific properties, click the + icon.