The Live tab lets you view and filter real-time information for the traffic that passes through the Barracuda CloudGen Firewall. You can also manage the traffic sessions. To access the Live page, click the FIREWALL tab and select the Live icon in the ribbon bar.
Video
To get a feel for how to use the FIREWALL > Live page in Firewall Admin, watch the following video:
Videolink:
https://campus.barracuda.com/The Live tab provides three separate sections:
- Session Details
- Work Processes
- Traffic Meter
The Live page provides t he following information for each session:
- ID – The icons indicating the amount of traffic (Low to High...). The number provided is the unique access ID for the connection.
- State – The connection status: One-way traffic; connection established (TCP); two-way traffic (all other); connection could not be established; closing connection. The icon next to the status symbol indicates the application policy.
- IP Protocol – The protocol used. If the protocol can be determined only by the source/destination port, it is displayed in light-gray. If the protocol was detected by the firewall engine it is displayed in black. For example, TCP, UDP, or ICMP.
- Application Context – The context of the affected application.
- Application – The name of the affected application.
File Content – The content of the affected file.
- Rule – The name of the affected firewall rule.
- Type – The origin, as specified by the following abbreviations:
- LIN – Local In. The incoming traffic on the box firewall.
- LOUT – Local Out. The outgoing traffic from the box firewall.
- LB – Loopback. The traffic via the loopback interface.
- FWD – Forwarding. The outbound traffic via the Forwarding Firewall.
- IFWD – Inbound Forwarding. The inbound traffic to the firewall.
- PXY – Proxy. The outbound traffic via the proxy.
- IPXY – Inbound Proxy. The inbound traffic via the proxy.
- TAP – Transparent Application Proxying. The traffic via stream forwarding.
- Source – The source IP address.
- Src. Port – The source port.
- Src./Dst. Prefix – The source/destination prefix.
- Destination – The destination IP address.
- Port – The destination port (or internal ICMP ID).
- User – The username of the affected user and group.
- bit/s – The bits per second (during the last second).
- Idle – Time since the last data transfer.
- Total – The total number of bytes transferred over this connection.
- In – The total number of bytes transferred over this connection from the source.
- Out – The total number of bytes transferred over this connection to the source.
- Start – Time since the connection was established.
- SNAT – The source NAT address.
- DNAT – The destination NAT address.
- Output-IF – The outgoing interface.
- Policy – The affected policy. For descriptions of the available policies, see the Policy Overview section below.
- QoS – QoS band used by this session.
- FWD Shape – The forward Traffic Shaping (IN/OUT). The shape connectors for ingress and egress shaping, respectively, in the forward direction. Ingress shaping takes place at the inbound interface. Egress shaping takes place at the outbound interface.
- REV Shape – The reverse Traffic Shaping (IN/OUT).
- Protocol – The affected protocol.
- User Agent – User agent for HTTP and HTTPS connections.
- Status – The status of the connection. For descriptions of the available status types, see Status Overview below.
- Src./Dst. Geo – The geographic source/destination of the active connection.
- TI ID – The transport rating setting (Bulk, Quality, or Fallback with IDs 0-7). For more information, see Traffic Shaping below.
- URL Category – Category of the destination URL.
Filter Options
You can filter the list of sessions by traffic type, status, and properties. Click the Filter icon on the top right of the ribbon bar to access the filtering options.
- Click the Filter icon.
- Select New Filter. The Traffic Selection section opens on the top left of the list.
- Expand the Traffic Selection drop-down menu and select the required check boxes:
- Forward – Sessions handled by the Forwarding Firewall.
- Loopback – System internal data exchanged by the loopback interface.
- Local In – Incoming sessions handled by the box firewall.
- Local Out – Outgoing sessions handled by the box firewall.
- IPv4 – IPv4 traffic.
- IPv6 – IPv6 traffic.
- From the Status Selection list, you can select the following options to filter for certain traffic statuses:
- Closing – Closing connections.
- Established – Established connections.
- Failing – Failed connections.
- Pending – Connections currently being established.
- To define more filters for specific properties:
- Click the + icon.
- Select the required criteria.
- Select or enter the value in the blank field.
Some fields allow the use of wildcards (*?; !*?). Example: !Amazon* excludes all entries starting with Amazon; Y*|A* includes all entries starting with "Y" or "A".
Clicking the Sync Filter icon on the top right of the ribbon bar above the filters allows you to switch to the History view but with the same filters applied.
Managing Sessions
You can view additional information for a specific session by double-clicking an entry.
You can control, copy, print, export, and organize the sessions listed on the Firewall > Live page. When you right-click a session, you are provided with the following options:
- Terminate Session – Ends the session.
- Abort Session (No TCP RST) – Ends the session without a TCP request.
- Change QoS / Reverse QoS – Lets you change the QoS band. For more information, see Traffic Shaping below.
- Toggle Trace – The selected connections are immediately traced, and you will be able to see all data transferred within these connections in the Trace view. To stop tracing, select the traced connections, and select Toggle Trace again.
- Change TI Settings – Lets you change the Traffic Intelligent settings. For more information, see Traffic Intelligence below.
- Show Session Details – Displays the session details.
For more settings, see: Barracuda Firewall Admin
Work Processes
In the lower left of the Live page, you can view and control firewall-related processes and workers. To access the status, click >> Show Proc on the lower left of the window.
The entry Active displays the currently active worker processes. The feature Kill Selected is used for terminating single workers.
The entry on the right of the Kill Selected button shows the status of the synchronization in case of active transparent failover. For more Information, see High Availability.
The following possible states are available:
- Active Sync (UP) – Shown on active HA partner; synchronization works.
- Active Sync (DOWN) – Shown on active HA partner; sync would work, but box firewall is down.
- Passive Sync (UP) – Shown on passive HA partner; synchronization works.
- Passive Sync (DOWN) – Shown on passive HA partner; sync would work, but box firewall is down.
The window provides the following information about the processes:
- PID – System process ID.
- Connections – Number of connections handled by worker.
- bps – Bytes per second (during the last second).
- Heartbeat – Time in seconds the process stopped to answer. Should never be more than 2.
- PID – System process ID. Allows view on PID and fully extended description column.
- Description – Role description of worker.
Traffic Meter
A traffic meter is integrated on the lower right of the page. The firewall engine samples the amount of traffic over 10 seconds, and the traffic meter displays it based on the traffic origin (Forward, Loopback, Local, Total). Traffic can be displayed as Bits/sec, Bytes/sec, or Packets/sec.
The second available view is TF Sync (click the Traffic drop-down arrow) and contains detailed information concerning the Transparent Failover function of an HA Forwarding Firewall. The pull-down menu for the statistics type (with the options Bits/sec, Bytes/sec and Packets/sec) has no function for this type of view. The display consists of the following entries:
- My Sync Addr – IP address and connection port for synchronization of this box.
- Partner Sync Addr – IP address and connection port for synchronization of the HA partner box.
- Synced Sessions – Number of sessions successfully synchronized.
- Pending Sessions – Number of pending sessions not synchronized.
Status Overview
This table provides descriptions of the possible statuses displayed in the Status column for each session on the Firewall > Live page:
Policy Overview
This table provides descriptions of the possible policies that you might see in the Policy column for each session on the Firewall > Live page: