You can view the Firewall Monitor for real-time information and statistics on your network traffic. The Firewall Monitor displays all detected applications, protocols, content, and threats, and provides information on the clients causing the traffic. Open the FIREWALL tab and click the Monitor icon in the ribbon bar to access the Firewall Monitor.
The Monitor page lists all currently detected application traffic by load or sessions, depending on filtering, that is forwarded by the firewall. You can view the statistics for application traffic in the sections below.
The FILTER SETTINGS section on top of the page provides drop-down menus that allow filtering for the following criteria:
- Applications – Show all application traffic or drill down the displayed information to a selected number of top applications.
- Time – Select a time interval for application traffic information to be displayed on an hourly, daily, weekly, or monthly basis.
- Traffic Type – Filter displays information based on application traffic affected by virus scanning, Intrusion Prevention System (IPS), and Advanced Threat Protection (ATP).
The drop-down menu on the upper right provides the option to toggle displayed traffic information by bytes or based on the number of sessions.
Application traffic statistics on the Monitor page are divided into sections. To view the information, expand the sections by clicking the arrow icon on the top left of each section.
To show or hide sections from the display view, click Add Element on the top right of the Monitor page, and chose the sections to be displayed.
Some sections, such as Application or URL Category, provide links to the Live and History view. When you click the arrow icon next to the entry, the Live or History page opens and automatically applies a filter for the selected application.
Some sections, such as Application or Protocol, offer icons to change the list to a flat or grouped display.
Clicking an entry in the Application element opens an information display window under the Filter Settings section. To exit the selection and return to standard view, click x.
The Monitor page displays the transferred application and protocol traffic data depending on the selected filtering criteria. Statistics are divided into the following elements:
- Risk Rating – Displays the overall risk rating of all applications that apply to currently displayed traffic information.
- Application Detail – Allows deeper inspection of processes involved in the application rule handling process.
- URL Category – Provides traffic load information related to URL categories.
- ATD – Shows traffic affecting Advanced Threat Protection (ATP), if configured.
- Application Property – Provides traffic load information related to application properties.
- File Content – Provides traffic load information related to application content.
- Application Category – Provides traffic load information related to categories.
- Geo Source – Displays the geographic location of the application source, if available.
- Geo Destination – Displays the geographic location of the application destination, if available.
- User – Provides information about users and groups that are accessing the application.
- User Agent – Displays the user agents for HTTP and HTTPS connections.
- Domain – Displays the domains involved in the application rule handling process.
- Source – Provides information about the application source, if available.
- Virus Scan – Provides traffic load information related to virus and malware detection.
- IPS – Shows traffic affecting the Intrusion Prevention System (IPS).
- Application – Displays the applications that are referred to by application rules as soon as the rules apply to incoming or outgoing network traffic.
- Protocol – Displays the protocols that the applications affect and that are involved in the application rules process.
- Risk – Provides traffic load information related to certain risk levels (1 - 4).