Display, sort, and review policy activity for every activated policy configured on the device. Policies are grouped by Zone Context (the from and to zones of the traffic) to control the volume of data displayed at one time. From the policy list, select a policy to display statistics and current network activity.
To review policy activity:
Select Monitor>Security>Policy>Activities in the J-Web user interface. The Security Policies Monitoring page appears and lists the policies from the first Zone Context. See Table 45 for field descriptions.
Select the Zone Context of the policy you want to monitor, and click Filter. All policies within the zone context appear in match sequence.
Select a policy, and click Clear Statistics to set all counters to zero for the selected policy.
Table 45: Security Policies Monitoring Output Fields
Zone Context (Total #)
Displays a list of all from and to zone combinations for the configured policies. The total number of active policies for each context is specified in the Total # field. By default, the policies from the first Zone Context are displayed.
To display policies for a different context, select a zone context and click Filter. Both inactive and active policies appear for each context. However, the Total # field for a context specifies the number of active policies only.
Default Policy action
Specifies the action to take for traffic that does not match any of the policies in the context:
Displays the source zone to be used as match criteria for the policy.
Displays the destination zone to be used as match criteria for the policy.
Displays the name of the policy.
Displays the source addresses to be used as match criteria for the policy. Address sets are resolved to their individual names. (In this case, only the names are given, not the IP addresses).
Displays the destination addresses (or address sets) to be used as match criteria for the policy. Addresses are entered as specified in the destination zone’s address book.
Displays the name of the source identities set for the policy.
To display the value of the source identities, hover the mouse on this field. Unknown source identities are also displayed.
Displays the name of a predefined or custom application signature to be used as match criteria for the policy.
Displays the dynamic application signatures to be used as match criteria if an application firewall rule set is configured for the policy.
For a network firewall, a dynamic application is not defined.
The rule set appears in two lines. The first line displays the configured dynamic application signatures in the rule set. The second line displays the default dynamic application signature.
If more than two dynamic application signatures are specified for the rule set, hover over the output field to display the full list in a tooltip.
Displays the action portion of the rule set if an application firewall rule set is configured for the policy.
The action portion of the rule set appears in two lines. The first line identifies the action to be taken when the traffic matches a dynamic application signature. The second line displays the default action when traffic does not match a dynamic application signature.
Displays the network services permitted or denied by the policy if an application firewall rule set is configured. Network services include:
Policy Hit Counters Graph
Provides a representation of the value over time for a specified counter. The graph is blank if Policy Counters indicates no data. As a selected counter accumulates data, the graph is updated at each refresh interval.
To toggle a graph on and off, click the counter name below the graph.
Lists statistical counters for the selected policy if Count is enabled. The following counters are available for each policy:
To graph or to remove a counter from the Policy Hit Counters Graph, toggle the counter name. The names of enabled counters appear below the graph.