Display, sort, and review policy activity for every activated policy configured on the device. Policies are grouped by Zone Context (the from and to zones of the traffic) to control the volume of data displayed at one time. From the policy list, select a policy to display statistics and current network activity.
To review policy activity:
Select Monitor>Security>Policy>Activities in the J-Web user interface. The Security Policies Monitoring page appears and lists the policies from the first Zone Context. See Table 45 for field descriptions.
Select the Zone Context of the policy you want to monitor, and click Filter. All policies within the zone context appear in match sequence.
Select a policy, and click Clear Statistics to set all counters to zero for the selected policy.
Table 45: Security Policies Monitoring Output Fields
Field | Value | Additional Information |
|---|---|---|
Zone Context (Total #) | Displays a list of all from and to zone combinations for the configured policies. The total number of active policies for each context is specified in the Total # field. By default, the policies from the first Zone Context are displayed. | To display policies for a different context, select a zone context and click Filter. Both inactive and active policies appear for each context. However, the Total # field for a context specifies the number of active policies only. |
Default Policy action | Specifies the action to take for traffic that does not match any of the policies in the context:
| – |
From Zone | Displays the source zone to be used as match criteria for the policy. | – |
To Zone | Displays the destination zone to be used as match criteria for the policy. | – |
Name | Displays the name of the policy. | – |
Source Address | Displays the source addresses to be used as match criteria for the policy. Address sets are resolved to their individual names. (In this case, only the names are given, not the IP addresses). | – |
Destination Address | Displays the destination addresses (or address sets) to be used as match criteria for the policy. Addresses are entered as specified in the destination zone’s address book. | – |
Source Identity | Displays the name of the source identities set for the policy. | To display the value of the source identities, hover the mouse on this field. Unknown source identities are also displayed. |
Application | Displays the name of a predefined or custom application signature to be used as match criteria for the policy. | – |
Dynamic App | Displays the dynamic application signatures to be used as match criteria if an application firewall rule set is configured for the policy. For a network firewall, a dynamic application is not defined. | The rule set appears in two lines. The first line displays the configured dynamic application signatures in the rule set. The second line displays the default dynamic application signature. If more than two dynamic application signatures are specified for the rule set, hover over the output field to display the full list in a tooltip. |
Action | Displays the action portion of the rule set if an application firewall rule set is configured for the policy.
| The action portion of the rule set appears in two lines. The first line identifies the action to be taken when the traffic matches a dynamic application signature. The second line displays the default action when traffic does not match a dynamic application signature. |
NW Services | Displays the network services permitted or denied by the policy if an application firewall rule set is configured. Network services include:
| – |
Policy Hit Counters Graph | Provides a representation of the value over time for a specified counter. The graph is blank if Policy Counters indicates no data. As a selected counter accumulates data, the graph is updated at each refresh interval. | To toggle a graph on and off, click the counter name below the graph. |
Policy Counters | Lists statistical counters for the selected policy if Count is enabled. The following counters are available for each policy:
| To graph or to remove a counter from the Policy Hit Counters Graph, toggle the counter name. The names of enabled counters appear below the graph. |
Enter match criteria and conduct a policy search. The search results include all policies that match the traffic criteria in the sequence in which they will be encountered.
Because policy matches are listed in the sequence in which they would be encountered, you can determine whether a specific policy is being applied correctly or not. The first policy in the list is applied to all matching traffic. Policies listed after this one remain in the “shadow” of the first policy and are never encountered by this traffic.
By manipulating the traffic criteria and policy sequence, you can tune policy application to suit your needs. During policy development, you can use this feature to establish the appropriate sequence of policies for optimum traffic matches. When troubleshooting, use this feature to determine if specific traffic is encountering the appropriate policy.
The first policy will be applied to all traffic with this match criteria.
Remaining policies will not be encountered by any traffic with this match criteria.
Move—Moves the selected policy up or down to position it at a more appropriate point in the search sequence.
Move to—Moves the selected policy by allowing you to drag and drop it to a different location on the same page.
Table 46: Check Policies Output
Field | Function |
|---|---|
| Check Policies Search Input Pane | |
From Zone | Name or ID of the source zone. If a From Zone is specified by name, the name is translated to its ID internally. |
To Zone | Name or ID of the destination zone. If a To Zone is specified by name, the name is translated to its ID internally. |
Source Address | Address of the source in IP notation. |
Source Port | Port number of the source. |
Destination Address | Address of the destination in IP notation. |
Destination Port | Port number of the destination. |
Source Identity | Name of the source identity. |
Protocol | Name or equivalent value of the protocol to be matched. ah—51 egp—8 esp—50 gre—47 icmp—1 igmp—2 igp—9 ipip—94 ipv6—41 ospf—89 pgm—113 pim—103 rdp—27 rsvp—46 sctp—132 tcp—6 udp—17 vrrp—112 |
Result Count | (Optional) Number of policies to display. Default value is 1. Maximum value is 16. |
| Check Policies List | |
From Zone | Name of the source zone. |
To Zone | Name of the destination zone. |
Total Policies | Number of policies retrieved. |
Default Policy action | The action to be taken if no match occurs. |
Name | Policy name |
Source Address | Name of the source address (not the IP address) of a policy. Address sets are resolved to their individual names. |
Destination Address | Name of the destination address or address set. A packet’s destination address must match this value for the policy to apply to it. |
Source Identity | Name of the source identity for the policy. |
Application | Name of a preconfigured or custom application of the policy match. |
Action | Action taken when a match occurs as specified in the policy. |
Hit Counts | Number of matches for this policy. This value is the same as the Policy Lookups in a policy statistics report. |
Active Sessions | Number of active sessions matching this policy. |
Alternatively, to list matching policies using the CLI, enter the show security match-policies command and include your match criteria and the number of matching policies to display.
View screen statistics for a specified security zone.
Select Monitor>Security>Screen Counters in the J-Web user interface, or enter the following CLI command:
show security screen statistics zone zone-name
Table 47 summarizes key output fields in the screen counters display.
Table 47: Summary of Key Screen Counters Output Fields
Field | Values | Additional Information |
|---|---|---|
| Zones | ||
ICMP Flood | Internet Control Message Protocol (ICMP) flood counter. | An ICMP flood typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed. |
UDP Flood | User Datagram Protocol (UDP) flood counter. | UDP flooding occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the resources, such that valid connections can no longer be handled. |
TCP Winnuke | Number of Transport Control Protocol (TCP) WinNuke attacks. | WinNuke is a denial-of-service (DoS) attack targeting any computer on the Internet running Windows. |
TCP Port Scan | Number of TCP port scans. | The purpose of this attack is to scan the available services in the hopes that at least one port will respond, thus identifying a service to target. |
ICMP Address Sweep | Number of ICMP address sweeps. | An IP address sweep can occur with the intent of triggering responses from active hosts. |
IP Tear Drop | Number of teardrop attacks. | Teardrop attacks exploit the reassembly of fragmented IP packets. |
TCP SYN Attack | Number of TCP SYN attacks. | – |
IP Spoofing | Number of IP spoofs. | IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source. |
ICMP Ping of Death | ICMP ping of death counter. | Ping of death occurs when IP packets are sent that exceed the maximum legal length (65,535 bytes). |
IP Source Route | Number of IP source route attacks. | – |
TCP Land Attack | Number of land attacks. | Land attacks occur when attacker sends spoofed SYN packets containing the IP address of the victim as both the destination and source IP address. |
TCP SYN Fragment | Number of TCP SYN fragments. | – |
TCP No Flag | Number of TCP headers without flags set. | A normal TCP segment header has at least one control flag set. |
IP Unknown Protocol | Number of unknown Internet protocols. | – |
IP Bad Options | Number of invalid options. | – |
IP Record Route Option | Number of packets with the IP record route option enabled. | This option records the IP addresses of the network devices along the path that the IP packet travels. |
IP Timestamp Option | Number of IP timestamp option attacks. | This option records the time (in Universal Time) when each network device receives the packet during its trip from the point of origin to its destination. |
IP Security Option | Number of IP security option attacks. | – |
IP Loose route Option | Number of IP loose route option attacks. | This option specifies a partial route list for a packet to take on its journey from source to destination. |
IP Strict Source Route Option | Number of IP strict source route option attacks. | This option specifies the complete route list for a packet to take on its journey from source to destination. |
IP Stream Option | Number of stream option attacks. | This option provides a way for the 16-bit SATNET stream identifier to be carried through networks that do not support streams. |
ICMP Fragment | Number of ICMP fragments. | Because ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be fragmented, something is amiss. |
ICMP Large Packet | Number of large ICMP packets. | – |
TCP SYN FIN Packet | Number of TCP SYN FIN packets. | – |
TCP FIN without ACK | Number of TCP FIN flags without the acknowledge (ACK) flag. | – |
TCP SYN-ACK-ACK Proxy | Number of TCP flags enabled with SYN-ACK-ACK. | To prevent flooding with SYN-ACK-ACK sessions, you can enable the SYN-ACK-ACK proxy protection screen option. After the number of connections from the same IP address reaches the SYN-ACK-ACK proxy threshold, Junos OS rejects further connection requests from that IP address. |
IP Block Fragment | Number of IP block fragments. | – |
Use the monitoring functionality to view the antivirus page.
To monitor antivirus select Monitor>UTM>Antivirus in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.
Or
Select Monitor>Security>UTM>Antivirus in the J-Web user interface.
Table 48 summarizes key output fields in the antivirus page.
Table 48: Antivirus Monitoring Page
Field | Value | Additional Information |
|---|---|---|
| UTM Antivirus | ||
AV Key Expire Date | Displays antivirus licence key expiration date. | – |
Update Server | Displays antivirus pattern update server settings. | – |
Interval | Displays antivirus pattern interval. | – |
Auto Update Status | Displays antivirus pattern auto update status. | – |
Last Result | Displays last result of database loading. | – |
AV Signature Version | Displays database version timestamp virus record number. | – |
Scan Engine Info | Displays the information of the scan engine. | – |
Pattern Type | Displays the pattern type. | – |
| UTM Antivirus Statistics | ||
Antivirus statistics | Displays the antivirus statistics
| – |
Clear Anti-Virus Statistics | Clear all current viewable statistics and begin collecting new statistics. | – |
Use the monitoring functionality to view the web filtering page.
To monitor web filtering select Monitor>UTM>Web Filtering in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.
Or
Select Monitor>Security>UTM>Web Filtering in the J-Web user interface.
Table 49 summarizes key output fields in the web filtering page.
Table 49: web filtering Monitoring Page
Field | Value | Additional Information |
|---|---|---|
| UTM Web Filtering Statistics | ||
Statistics type | Displays the available information
| – |
Clear Web Filtering Statistics | Clear all current viewable statistics and begin collecting new statistics. | Click Clear Web Filtering Statistics. |
Use the monitoring functionality to view the antispam page.
To monitor antispam, select Monitor>Security>UTM>Anti Spam.
Table 50 summarizes key output fields in the antispam page.
Table 50: Anti Spam Monitoring Page
Field | Value | Additional Information |
|---|---|---|
UTM Anti Spam Status | Displays the DNS server setting IP and interface details for the following servers:
| – |
UTM Anti-spam Statistics | Displays the antispam statistics type and counter information:
| – |
Clear Anti-spam statistics | Clear all current viewable statistics and begin collecting new statistics. | Click Clear Anti-spam statistics. |
Use the monitoring functionality to view the content filtering page.
To monitor content filtering select Monitor>Security>UTM>Content Filtering.
Table 51 summarizes key output fields in the content filtering page.
Table 51: content filtering Monitoring Page
Field | Value | Additional Information |
|---|---|---|
UTM Content Filtering Statistics | Displays the statistics type, counter passed, and counter blocked details:
| |
Clear Content Filtering statistics | Clear all current viewable statistics and begin collecting new statistics. | Click Clear Content Filtering statistics |
Use the monitoring functionality to view the events page.
To monitor events select Monitor>Security Services>ICAP Redirect in the J-Web user interface.
Note When you use an HTTPS connection in the Microsoft Internet Explorer browser to save a report from this page in the J-Web interface, the error message "Internet Explorer was not able to open the Internet site" is displayed. This problem occurs because the Cache-Control: no cache HTTP header is added on the server side and Internet Explorer does not allow you to download the encrypted file with the Cache-Control: no cache HTTP header set in the response from the server.
As a workaround, refer to Microsoft Knowledge Base article 323308, which is available at this URL: https://support.microsoft.com/kb/323308. Also, you can alternatively use HTTP in the Internet Explorer browser or use HTTPS in the Mozilla Firefox browser to save a file from this page.
summarizes key output fields in the events page.
Use the monitoring functionality to view the Attacks page.
To monitor attacks, select Monitor>Security>IDP>Attacks in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.
Or
Select Monitor>Security>IPS>Attacks in the J-Web user interface.
Table 52 summarizes key output fields in the attacks page.
Table 52: Attacks Monitoring Page
Field | Description | Additional Information |
|---|---|---|
Enable Log | An option to enable event logs. | Click Enable Log to enable logs. |
Clear Log | An option to clear all the logs that is created during the session. | Click Clear Log. |
Refresh interval (sec) | Displays the time interval, in seconds, set for page refresh. The default interval is 30 seconds | Select the time interval from the list. |
Refresh | Displays the option to refresh the page. If Manual option is set, then manually click the Refresh button to refresh the page. | Click Refresh to refresh the page. |
Clear | Provides an option to clear the data of the status type. | Click Clear to clear the details. |
| Attack Table | ||
Filter By Attack Name | Specifies the string to search. | Enter the string and then click Go to execute the searching operation. |
Clear | Provides an option to disable the searching operation and show all results. | Click Clear to show all results. |
Active IDP policy | Displays active IDP policy that is used in the session. | – |
Attack Name | Displays the kind of attacks in the attack table. Double click on Attack Name, Attack Details are displayed. The available options are:
| Double click Attack Name. |
Severity | Displays the severity of the attack. The severity levels are: critical, info, minor, major and warning. | – |
Hits | Displays the count of hits. Double click on hits count, Attack Records are displayed. The available options are:
| Double click hits count, and then select an option. |
Top N Attack Hits | Displays statistics about hits and shows top 10 hits. | – |
Description | Displays information about attack. | – |
View detailed information about the IDP Status, Memory, Counters, Policy Rulebase Statistics, and Attack table statistics.
To view Intrusion Detection and Prevention (IDP) table information, do one of the following:
If you are using SRX5400, SRX5600, or SRX5800 platforms, select Monitor>Security>IDP>Status in the J-Web user interface, or enter the following CLI commands:
show security idp status
show security idp memory
Select Monitor>Security>IPS>Status in the J-Web user interface.
Table 53 summarizes key output fields in the IDP display.
Table 53: Summary of IDP Status Output Fields
Field | Values | Additional Information |
|---|---|---|
| IDP Status | ||
Status of IDP | Displays the status of the current IDP policy. | – |
Up Since | Displays the time from when the IDP policy first began running on the system. | – |
Packets/Second | Displays the number of packets received and returned per second. | – |
Peak | Displays the maximum number of packets received per second and the time when the maximum was reached. | – |
Kbits/Second | Displays the aggregated throughput (kilobits per second) for the system. | – |
Peak Kbits | Displays the maximum kilobits per second and the time when the maximum was reached. | – |
Latency (Microseconds) | Displays the delay, in microseconds, for a packet to receive and return by a node . | – |
Current Policy | Displays the name of the current installed IDP policy. | – |
| IDP Memory Status | ||
IDP Memory Statistics | Displays the status of all IDP data plane memory. | – |
PIC Name | Displays the name of the PIC. | – |
Total IDP Data Plane Memory (MB) | Displays the total memory space, in megabytes, allocated for the IDP data plane. | – |
Used (MB) | Displays the used memory space, in megabytes, for the data plane. | – |
Available (MB) | Displays the available memory space, in megabytes, for the data plane. | – |
Use the monitoring functionality to view the flow session statistics page.
To monitor flow session statistics, select Monitor>Security>Flow Session Statistics in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.
Or
Select Monitor>Security>Flow Session in the J-Web user interface.
Table 54 summarizes key output fields in the flow session statistics page.
Table 54: Flow Session Statistics Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Session Filter | Provides the option to filter sessions. The available options are:
| Select an option. |
Clear | Provides the option to clear the session details statistics. | Click Clear to clear the details session statistics. |
Show | Provides the option to show the session details statistics. | Click Show to show the details session statistics. |
| Session Summary - all | ||
Valid sessions | Displays the summary of valid sessions. | – |
Pending sessions | Displays the summary of pending sessions. | – |
Invalidated sessions | Displays the summary of invalid sessions. | – |
Sessions in other states | Displays the summary of sessions in other states | – |
Unicast-sessions | Displays the total number of active unicast sessions. | – |
Multicast-sessions | Displays the total number of active multicast sessions. | – |
Failed-sessions | Displays the total number of failed sessions. | – |
Active-sessions | Displays the total number of active sessions. | – |
Maximum-sessions | Displays the maximum number of supported sessions. | – |
| Session Summary — application | ||
Application name | Displays the application name for the session summary. | Select the application from the drop down box. |
Session ID | Displays the number that identifies the session. Use this ID to get more information about the session. | – |
Policy name | Displays the policy that permitted the traffic. | – |
Timeout | Displays the idle timeout after which the session expires. | – |
In | Displays the incoming flow (source and destination IP addresses, application protocol, and interface). | – |
Out | Displays the reverse flow (source and destination IP addresses, application protocol, and interface). | – |
| Session Summary — destination-port | ||
Port | Provides the option to enter the destination port address. | Enter the destination port address. |
Session ID | Displays the number that identifies the session. Use this ID to get more information about the session. | – |
Policy name | Displays the policy that permitted the traffic. | – |
Timeout | Displays the idle timeout after which the session expires. | – |
In | Displays the incoming flow (source and destination IP addresses, application protocol, and interface). | – |
Out | Displays the reverse flow (source and destination IP addresses, application protocol, and interface). | – |
| Session Summary — destination-prefix | ||
IP Prefix | Provides the option to enter destination IP prefix or IP address. | Enter the destination prefix address. |
Session ID | Displays the number that identifies the session. Use this ID to get more information about the session. | – |
Policy name | Displays the policy that permitted the traffic. | – |
Timeout | Displays the idle timeout after which the session expires. | – |
In | Displays the incoming flow (source and destination IP addresses, application protocol, and interface). | – |
Out | Displays the reverse flow (source and destination IP addresses, application protocol, and interface). | – |
| Session Summary — interface | ||
Interface | Provides the option to enter interface details. | Enter the interface details. |
Session ID | Displays the number that identifies the session. Use this ID to get more information about the session. | – |
Policy name | Displays the policy that permitted the traffic. | – |
Timeout | Displays the idle timeout after which the session expires. | – |
In | Displays the incoming flow (source and destination IP addresses, application protocol, and interface). | – |
Out | Displays the reverse flow (source and destination IP addresses, application protocol, and interface). | – |
| Session Summary — protocol | ||
Protocol | Provides the option to enter protocol details. | Enter the protocol details. |
Session ID | Displays the number that identifies the session. Use this ID to get more information about the session. | – |
Policy name | Displays the policy that permitted the traffic. | – |
Timeout | Idle timeout after which the session expires. | – |
In | Displays the incoming flow (source and destination IP addresses, application protocol, and interface). | – |
Out | Displays the reverse flow (source and destination IP addresses, application protocol, and interface). | – |
View information about temporary openings known as pinholes or gates in the security firewall.
Select Monitor>Security>Flow Gate in the J-Web user interface, or enter the show security flow gate command.
Table 55 summarizes key output fields in the flow gate display.
Table 55: Summary of Key Flow Gate Output Fields
Field | Values | Additional Information |
|---|---|---|
| Flow Gate Information | ||
Hole | Range of flows permitted by the pinhole. | – |
Translated | Tuples used to create the session if it matches the pinhole:
| – |
Protocol | Application protocol, such as UDP or TCP. | – |
Application | Name of the application. | – |
Age | Idle timeout for the pinhole. | – |
Flags | Internal debug flags for pinhole. | – |
Zone | Incoming zone. | – |
Reference count | Number of resource manager references to the pinhole. | – |
Resource | Resource manager information about the pinhole. | – |
Use the monitoring functionality to view the firewall authentication page.
To monitor firewall authentication, select Monitor>Security>Firewall Authentication in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.
Or
Select Monitor>Security>Authentication>Firewall Auth in the J-Web user interface.
Table 56 summarizes key output fields in the firewall authentication page.
Table 56: Firewall Authentication Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Virtual Chassis Member | Displays the list of virtual chassis member. | Select one of the virtual chassis members listed. |
Refresh Interval (30 sec) | Displays the time interval set for page refresh. | Select the time interval from the drop-down list. |
Refresh | Displays the option to refresh the page. | – |
Clear | Provides an option to clear the monitor summary. | Click Clear to clear the monitor summary. |
| User Table | ||
ID | Displays the authentication identification number. | – |
Source IP | Displays the IP address of the authentication source. | – |
Age | Displays the idle timeout for the user. | – |
Status | Displays the status of authentication (success or failure). | – |
User | Displays the name of the user. | – |
| History Table | ||
ID | Displays the identification number. | – |
Source IP | Displays the IP address of the authentication source. | – |
Duration | Displays the authentication duration. | – |
Status | Displays the status of authentication (success or failure). | – |
User | Displays the name of the user. | – |
Use the monitoring functionality to view the local authentication page.
To monitor local authentication, select Monitor>Authentication>Local Auth in the J-Web user interface.
Note
Starting in Junos OS Release 18.2R1, Monitor>Authentication>Local Auth option is enabled for logical system users.
Starting in Junos OS Release 19.1R1, Monitor>Authentication>Local Auth option is enabled for tenant users.
Clear All option is not available for both logical system and tenant users.
Table 57 summarizes key output fields in the local authentication page.
Table 57: Local Authentication Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Virtual Chassis Member | Displays the list of virtual chassis members. | Select one of the virtual chassis members listed. |
Filter by | Displays the local authentication information based on the selected filter. | – |
IP | Displays the IP address. | – |
User Name | Displays the name of the user. | – |
Role List | Displays the list of roles assigned to the username. | – |
Use the monitoring functionality to view the UAC authentication page.
To monitor UAC authentication, select Monitor>Security>Authentication>UAC Auth in the J-Web user interface.
Table 58 summarizes key output fields in the UAC authentication page.
Table 58: UAC Authentication Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Filter by | Displays the UAC authentication value based on the selected filter. | – |
ID | Displays the authentication identification number. | – |
Source IP | Displays the IP address of the authentication source. | – |
User Name | Displays the name of the user. | – |
Age | Displays the idle timeout for the user. | – |
Role List | Displays the list of roles assigned to the username. | – |
Use the monitoring functionality to view the voice ALG summary page.
To monitor voice ALG summary, select Monitor>Security>Voice ALGs>Summary in the J-Web user interface.
Table 59 summarizes key output fields in the voice ALG summary page.
Table 59: Voice ALG Summary Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Virtual Chassis Member | Display the list of virtual chassis member. | Select one of the virtual chassis members listed. |
Refresh Interval (30 sec) | Displays the time interval set for page refresh. | Select the time interval from the drop-down list. |
Refresh | Displays the option to refresh the page. | – |
Clear | Provides an option to clear the monitor summary. | Click Clear to clear the monitor summary. |
Protocol Name | Displays the protocols configured. | – |
Total Calls | Displays the total number of calls. | – |
Number of Active Calls | Displays the number of active calls. | – |
Number of Received Packets | Displays the number of packets received. | – |
Number of Errors | Displays the number of errors. | – |
H.323 Calls Chart | Displays the H.323 calls chart. | – |
MGCP Calls Chart | Displays the MGCP calls chart. | – |
SCCP Calls Chart | Displays the SCCP calls chart. | – |
SIP Calls Chart | Displays the SIP calls chart. | – |
Use the monitoring functionality to view the ALG H.323 page.
To monitor ALG H.323 select Monitor>Security>Voice ALGs>H.323 in the J-Web user interface.
Table 60 summarizes key output fields in the ALG H.323 page.
Table 60: ALG H.323 Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Virtual Chassis Member | Display the list of virtual chassis member. | Select one of the virtual chassis members listed. |
Refresh Interval (30 sec) | Displays the time interval set for page refresh. | Select the time interval from the drop-down list. |
Refresh | Displays the option to refresh the page. | – |
Clear | Provides an option to clear the monitor summary. | Click clear to clear the monitor summary. |
| H.323 Counter Summary | ||
Category | Displays the following categories:
| – |
Count | Provides count of response codes for each H.323 counter summary category. | – |
| H.323 Error Counter | ||
Category | Displays the following categories:
| – |
Count | Provides count of response codes for each H.323 error counter category. | – |
| Counter Summary Chart | ||
Packets Received | Provides the graphical representation of the packets received. | – |
| H.323 Message Counter | ||
Category | Displays the following categories:
| – |
Count | Provides count of response codes for each H.323 message counter category. | – |
Use the monitoring functionality to view the voice ALG MGCP page.
To monitor ALG MGCP, select Monitor>Security>Voice ALGs>MGCP in the J-Web user interface.
Table 61 summarizes key output fields in the voice ALG MGCP page.
Table 61: Voice ALG MGCP Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Virtual Chassis Member | Displays the list of virtual chassis member. | Select one of the virtual chassis members listed. |
Refresh Interval (30 sec) | Displays the time interval set for page refresh. | Select the time interval from the drop-down list. |
Refresh | Displays the option to refresh the page. | – |
Clear | Provides an option to clear the monitor summary. | Click Clear to clear the monitor summary. |
| Counters | ||
| MGCP Counters Summary | ||
Category | Displays the following categories:
| – |
Count | Provides the count of response codes for each MGCP counter summary category. | – |
| MGCP Error Counter | ||
Category | Displays the following categories:
| – |
Count | Provides the count of response codes for each summary error counter category. | – |
Counter Summary Chart | Displays the Counter Summary Chart. | – |
| MGCP Packet Counters | ||
Category | Displays the following categories:
| – |
Count | Provides count of response codes for each MGCP packet counter category. | – |
| Calls | ||
Endpoint@GW | Displays the endpoint name. | – |
Zone | Displays the following options:
| – |
Endpoint IP | Displays the endpoint IP address. | – |
Call ID | Displays the call identifier for ALG MGCP. | – |
RM Group | Displays the resource manager group ID. | – |
Call Duration | Displays the duration for which connection is active. | – |
Use the monitoring functionality to view the voice ALG SCCP page.
To monitor voice ALG SCCP, select Monitor>Security>Voice ALGs>SCCP in the J-Web user interface.
Table 62 summarizes key output fields in the voice ALG SCCP page.
Table 62: Voice ALG SCCP Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Virtual Chassis Member | Displays the list of virtual chassis member. | Select one of the virtual chassis members listed. |
Refresh Interval (30 sec) | Displays the time interval set for page refresh. | Select the time interval from the drop-down list. |
Refresh | Displays the option to refresh the page. | – |
Clear | Provides an option to clear the monitor summary. | Click Clear to clear the monitor summary. |
| SCCP Call Statistics | ||
Category | Displays the following categories:
| – |
Count | Provides count of response codes for each SCCP call statistics category. | – |
Call Statistics Chart | Displays the Call Statistics chart. | – |
| SCCP Error Counters | ||
Category | Displays the following categories:
| – |
Count | Provides count of response codes for each SCCP error counter category. | – |
| Calls | ||
Client IP | Displays the IP address of the client. | – |
Zone | Displays the client zone identifier. | – |
Call Manager | Displays the IP address of the call manager. | – |
Conference ID | Displays the conference call identifier. | – |
RM Group | Displays the resource manager group identifier. | – |
Use the monitoring functionality to view the voice ALG SIP page.
To monitor voice ALG SIP select Monitor>Security>Voice ALGs>SIP in the J-Web user interface.
Table 63 summarizes key output fields in the voice ALG SIP page.
Table 63: Voice ALG SIP Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Virtual Chassis Member | Displays the list of virtual chassis members. | Select one of the virtual chassis members listed. |
Refresh Interval (30 sec) | Displays the time interval set for page refresh. | Select the time interval from the drop-down list. |
Refresh | Displays the option to refresh the page. | – |
Clear | Provides an option to clear the monitor summary. | Click Clear to clear the monitor summary. |
| Counters | ||
| SIP Counters Information | ||
Method | Displays the SIP counter information. The available options are:
| – |
| SIP Counters Information (continued) | ||
Method |
| – |
T, RT | Displays the transmit and retransmit method. | – |
1xx, RT | Displays one transmit and retransmit method. | – |
2xx, RT | Displays two transmit and retransmit methods. | – |
3xx, RT | Displays three transmit and retransmit methods. | – |
4xx, RT | Displays four transmit and retransmit methods. | – |
5xx, RT | Displays five transmit and retransmit methods. | – |
6xx, RT | Displays six transmit and retransmit methods. | – |
| Calls | ||
Call ID | Displays the call ID. | – |
Method | Displays the call method used. | – |
State | Displays the state of the ALG SIP. | – |
Group ID | Displays the group identifier. | – |
Invite Method Chart | Displays the invite method chart. The available options are:
| – |
| SIP Error Counters | ||
Category | Displays the SIP error counters. The available options are:
| – |
Count | Provides count of response codes for each SIP ALG counter category. | – |
Use the monitoring functionality to view the application firewall page. Applications can breach IP and port-based security policies by accessing standard HTTP ports 80 and 443 to tunnel non-HTTP traffic or by using ports other than 80 or 443 for HTTP traffic. An application firewall screens traffic based on an application signature rather than IP or port address. The implementation of both application firewall and network firewall policies contributes to the full security of the network.
To monitor application firewall select Monitor>Security>Application FW.
The upper pane of the Application Firewall Monitoring page provides a list of the rule sets currently configured on your device. When you select a rule set in the upper pane, the lower panes display the rules and counters associated with that rule set. Each rule entry identifies dynamic application signatures for match criteria and the action to be taken with an application signature match.
The counter pane maintains current statistics about the actions taken for the application signatures that are encountered. The Clear Counters button resets all counters to zero and begins counting again. After the number of seconds specified in the Refresh Interval has expired, the new counter values are displayed.
Table 64 summarizes key output fields in the application firewall page.
Table 64: Application firewall Monitoring Page
Field | Value | Additional Information |
|---|---|---|
| Rule Set | ||
Name | Displays the rule sets configured for the device. | Select a rule set to display its associated rules and counters in the lower panes. |
Default Rule | Displays the action taken when traffic does not match any of the associated rules.
| – |
Rules | Displays the rule names associated with the rule set. | – |
| Rules in Selected Rule Set | ||
Rule Name | Lists the names of the rules included in the rule set. | – |
Match Dynamic Applications | Displays the dynamic applications used as match criteria for the associated rule. | – |
Action | Displays the action to be taken if the traffic matches the associated rule’s match criteria.
| – |
| Counters for Selected Rule-Set | ||
Refresh interval (sec) | Specifies the interval in seconds when counter values are refreshed. | – |
Counter | Displays the counter for rule in the rule set | – |
Value | Displays the value for rule in the rule set | – |
Monitoring 802.1x
Use the Application Tracking functions to monitor sessions and bytes of a particular application or application group.
To monitor and track applications, select Monitor>Security>Application Tracking in the J-Web user interface.
Note If application tracking is disabled, the Application Tracking page is also disabled. To enable application tracking, select Configure>Security>Logging in the J-Web user interface.
Table 65 summarizes key output fields in the Application Tracking page.
Table 65: Application Tracking Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Risk | Displays the risk as critical, moderate, low, or unsafe. The risk factor is based on the predefined security standard. Note: Risk is displayed only for applications. | – |
Name | Displays the name of the application or application group. | – |
# Sessions | Displays the number of active sessions. | – |
Traffic | Displays the application or application group traffic in kilobytes. | – |
Session % | Displays the session percentage of the current application or application groups. | – |
Traffic % | Displays the traffic percentage of the application or application groups. | – |
| Selected Statistics | ||
Cumulative | Refers to the statistics that are collected from the last clearing time specified to the current time. | – |
Time Interval | Enables you to set an interval of time during which statistics are collected. You can specify the time interval in minutes, hours, or days. The default is 1 minute. | For example, if you set 5 minutes as the time interval at 13:00 hours, then statistics are collected from 13:00 to 13:05. |
| Details | ||
Time Interval Began | If Cumulative is selected, this field displays the last reset time that was set. If Time Interval is selected, this field displays the last interval that was set. | – |
Elapsed Time | Displays the time elapsed since the last time interval began. | – |
Clear | If Cumulative is selected, the cumulative statistics are cleared. If Time Interval is selected, the statistics collected during the last specified interval are cleared. | You are prompted to confirm that you want to clear the statistics. |
| View | ||
Switch to Grid | In the grid view, data is displayed in a table. | By default, application tracking statistics are displayed in the grid view. |
Switch to Graphical | In the graphical view, data is displayed in a chart. The two types of charts supported are:
# Displayed – Enables you to set the number of applications or application groups to be displayed in the chart. The maximum number allowed is 10, and the default is 3. Display order – Enables you to sort the application and application groups in ascending or descending order. By default, applications are displayed in descending order. Display by – Enables you to filter the display of applications and application groups by the following:
| Bar chart is the default. |
Refresh Display | Click Refresh Display to retrieve the most current data. | – |
Settings | Enables you to set some additional options. You can set the following:
| – |
| Filter By | ||
Application | Enables you to collect application level statistics. | You can filter application or application group statistics by the following:
|
Application Group | Enables you to collect application group statistics. | |
Add to Results | Adds the filtered results to the output. | – |
Use the monitoring functionality to view the DS-Lite page.
To monitor DS-Lite select Monitor>Security>DS-Lite in the J-Web user interface.
Table 66 summarizes key output fields on the DS-Lite page.
Table 66: DS-Lite Monitoring Page
Field | Value | Additional Information |
|---|---|---|
Virtual Chassis Member | Displays the virtual chassis of the device | – |
Refresh Interval | Displays the time interval for page refresh. | Select the time interval from the list. |
| General Info | ||
Name | Displays the name of the DS-Lite configuration. | – |
Address | Displays the IP address of the device. | – |
Status | Displays the status of the DS-Lite configuration.
| – |
Num of softwire initiator | Displays the number of softwire initiators connected to the device. | – |
| Softwire Initiator from Selected Item | ||
Address | Displays the IP address of the softwire of the selected DS-Lite configuration. | – |
Status | Displays the status of the softwire initiator.
| The status types displayed are active and inactive. |
spu-id | Displays the identification number of the Services Processing Unit. | – |
Use the Application QoS Monitoring page to view counters and statistics for AppQoS activity.
To monitor AppQoS, select Monitor>Security>Application QoS.
The rate limiters statistics pane displays transfer rate information for recent traffic per PIC. For a summary of this pane, refer to Table 67.
The rules statistics pane displays the amount of traffic on each PIC broken down by the rule set and rule applied to each session. For a summary of this pane, refer to Table 68.
Counters for Selected Rule-Set pane displays AppQoS session activity per PIC. For a summary of this pane, refer to Table 69.
Table 67: Rate limiter statistics Pane
Field | Value | Additional Information |
|---|---|---|
PIC | PIC for which the AppQoS settings of the most recent sessions are displayed. | Select the PIC to display AppQoS rate-limiter information for its recent traffic. |
Rule-set Name | Name of the rule set applied to each session. | – |
Application | Applications associated with the applied rule set. | – |
Client2server rate limiter | Name of the rate limiter applied in the client-to-server direction. | – |
Rate (bps) | Maximum transfer rate specified for the client-to-server rate limiter. | – |
Server2client rate limiter | Name of the rate limiter applied in the server-to-client direction. | – |
Rate (bps) | Maximum transfer rate specified for the server-to-client rate limiter. | – |
Table 68: Rules statistics Pane
Field | Value | Additional Information |
|---|---|---|
PIC | PIC for which the rule statistics are displayed. | Select the PIC to display the number of times each AppQoS rule set and rule are applied on this PIC. |
Rule- set name | Name of the rule set applied to each session. | – |
Rule name | Name of the rule in the rule set. | – |
Hits | Number of occurrences when this rule has been matched and applied. | – |
Table 69: Counters for Selected Rule-Set Pane
Field | Value | Additional Information |
|---|---|---|
PIC | PIC number for which the AppQoS counts apply. | – |
Sessions processed | The number of sessions processed on the PIC. | – |
Sessions marked | The number of sessions where the DSCP setting was marked. | – |
Sessions honored | The number of sessions where an existing DSCP setting was honored. | – |
Sessions rate limited | The number of sessions that were rate limited. | – |
Client2server flows rate limited | The number of client-to-server flows that were rate limited. | – |
Server2client flows rate limited | The number of server-to-client flows that were rate limited. | – |
Juniper Sky Advanced Threat Prevention (ATP) uses real-time information from the cloud to provide your business with anti-malware protection.
The monitoring functionality is use to view and diagnose threat prevention policies.
Table 70 examines the content present in the page.
To monitor and diagnose threat prevention policies select Monitor> Security Services >Sky ATP>Diagnostics in the J-Web user interface.
Summarizes key output fields on the page.
Table 70: Diagnostics page option
Field | Value | Additional Information |
|---|---|---|
| Diagnostics | ||
SKY ATP Diagnostics | Specify to diagnose. | Select an option from the drop down list. |
Diagnostics Logs | Displays the diagnostic logs for the selected option. | - |
| Check Connectivity | ||
Check | Check the connectivity. | Click on the Check. |
| Server Details | ||
Server hostname | Specify the host name of the server. | – |
Server realm | Specifies the name of a server realm. | – |
Server port | Specify the server port number. | – |
Connection Plane | ||
Connection time | Specify the connection time of the server. | – |
Connection Status | Specify the connection status. | – |
Service Plane | ||
Card Info | Specify the card number. | – |
Connection Active Number | Specify the connection active numbers. | – |
Connection Relay statistics | Specify the connection relay statistics. | – |
Other Details | ||
Configured Proxy Server | Specify the configured proxy server. | – |
Port Number | Specify the port number of the proxy server. | – |
Use this page to verify the statistics of advanced-anti-malware sessions and security Intelligence sessions
To monitor and diagnose threat prevention policies select Monitor>Security Services >SKY ATP >Statistics in the J-Web user interface.
Table 71 examines the content present in the field.
Summarizes key output fields on the Statistics page.
Table 71: Statistics Page options
Field | Value | Additional Information |
|---|---|---|
| Advanced Anti Malware Session Statistics | ||
TOTAL | Specify the TOTAL Session. | - |
HTTP | Specify the HTTP Session. | - |
HTTPS | Specify the HTTP Session. | - |
SMTP | Specify the simple mail transfer protocol session. | - |
SMTPS | Specify SMTPS seesion. | - |
Clear Staistics | Clear the statistics. | - |
Sessions | ||
activities | Specify the total session activities. | - |
blocked | Specify the blocked session. | - |
permitted | Specify the permitted session . | – |
| Security Intelligence Session Statistics | ||
Profiles | Displays the IP address of the softwire of the selected DS-Lite configuration. | – |
Sessions | ||
TOTAL | Displays the identification number of the Services Processing Unit. | – |
PERMIT | Specify the permitted session. | – |
BLOCK-DROP | Specify the block drop. | – |
BLOCK-CLOSE | Specify the block close. | – |
CLOSE-REDIRECT | Specify the closure of the redirect session. | – |
Clear Statistics | Clear the statistics. | – |