Monitoring Application Firewalls
Use the monitoring functionality to view the application firewall page. Applications can breach IP and port-based security policies by accessing standard HTTP ports 80 and 443 to tunnel non-HTTP traffic or by using ports other than 80 or 443 for HTTP traffic. An application firewall screens traffic based on an application signature rather than IP or port address. The implementation of both application firewall and network firewall policies contributes to the full security of the network.
To monitor application firewall select Monitor>Security>Application FW.
The upper pane of the Application Firewall Monitoring page provides a list of the rule sets currently configured on your device. When you select a rule set in the upper pane, the lower panes display the rules and counters associated with that rule set. Each rule entry identifies dynamic application signatures for match criteria and the action to be taken with an application signature match.
The counter pane maintains current statistics about the actions taken for the application signatures that are encountered. The Clear Counters button resets all counters to zero and begins counting again. After the number of seconds specified in the Refresh Interval has expired, the new counter values are displayed.
Table 64 summarizes key output fields in the application firewall page.
Table 64: Application firewall Monitoring Page
Displays the rule sets configured for the device.
Select a rule set to display its associated rules and counters in the lower panes.
Displays the action taken when traffic does not match any of the associated rules.
Displays the rule names associated with the rule set.
|Rules in Selected Rule Set|
Lists the names of the rules included in the rule set.
Match Dynamic Applications
Displays the dynamic applications used as match criteria for the associated rule.
Displays the action to be taken if the traffic matches the associated rule’s match criteria.
|Counters for Selected Rule-Set|
Refresh interval (sec)
Specifies the interval in seconds when counter values are refreshed.
Displays the counter for rule in the rule set
Displays the value for rule in the rule set