[Contents] [Prev] [Next] [Index] [Report an Error]

Monitoring Firewalls

Firewall information is divided into multiple parts:

To view stateful firewall information in the J-Web interface, select Monitor>Firewall>Stateful Firewall. To display firewall information for a particular address prefix, port, or other characteristic, type or select information in one or more of the Narrow Search boxes, and click OK.
Alternatively, enter the following CLI show commands:
- show services stateful-firewall conversations
- show services stateful-firewall flows

To view intrusion detection service (IDS) information, select Monitor>Firewall>IDS Information. Click one of the following criteria to order the display accordingly:

Bytes (received bytes)
Packets (received packets)
Flows
Anomalies

To limit the display of IDS information, type or select information in one or more of the Narrow Search boxes listed in Table 52, and click OK.

Table 52: IDS Search-Narrowing Characteristics

Narrow Search Box	Entry or Selection
Destination Address	Type a destination address prefix to display IDS information for only that prefix.
IDS Table	Select one of the following: Destination—Displays information for an address under attack. Pair—Displays information for a suspected attack source and destination pair. Source—Displays information for an address that is a suspected attacker.
Number of IDS Entries to Display	Select a number between 25 and 500 to display only a particular number of entries.
Threshold	Type a number to display events with only that number of bytes, packets, flows, or anomalies—whichever you selected to order the display. For example, to display all events with more than 100 flows, click Flows and then type 100 in the Threshold box.
Service Set	Select a service set to display information for only the set.

Alternatively, enter the following CLI show commands:

show services ids destination-table
show services ids source-table
show services ids pair-table

Table 53 summarizes key output fields in firewall and IDS displays.

Table 53: Summary of Key Firewall and IDS Output Fields

Field	Values
Stateful Firewall
Protocol	Protocol used for the specified stateful firewall flow.
Source IP	Source prefix of the stateful firewall flow.
Source Port	Source port number of stateful firewall flow.
Destination IP	Destination prefix of the stateful firewall flow.
Destination Port	Destination port number of the stateful firewall flow.
Flow State	Status of the stateful firewall flow: Drop—Drop all packets in the flow without response. Forward—Forward the packet in the flow without inspecting it. Reject—Drop all packets in the flow with response. Watch—Inspect packets in the flow.
Direction	Direction of the flow: I (input) or O (output).
Frames	Number of frames in the flow.
IDS Information
Source Address	Source address for the event.
Destination address	Destination address for the event.
Time	Total time the information has been in the IDS table.
Bytes	Total number of bytes sent from the source to the destination address, in thousands (k) or millions (m).
Packets	Total number of packets sent from the source to the destination address, in thousands (k) or millions (m).
Flows	Total number of flows of packets sent from the source to the destination address, in thousands (k) or millions (m).
Anomalies	Total number of anomalies in the anomaly table, in thousands (k) or millions (m).
Application	Configured application, such as FTP or telnet.

[Contents] [Prev] [Next] [Index] [Report an Error]