Monitoring Policies
Purpose
Display, sort, and review policy activity for every activated policy configured on the device. Policies are grouped by Zone Context (the from and to zones of the traffic) to control the volume of data displayed at one time. From the policy list, select a policy to display statistics and current network activity.
Action
To review policy activity:
- Select Monitor>Security>Policy>Activities in the J-Web user interface. The Security Policies Monitoring page appears and lists the policies from the first Zone Context. See Table 191 for field descriptions.
- Select the Zone Context of the policy you want to monitor, and click Filter. All policies within the zone context appear in match sequence.
- Select a policy, and click one of the following functions:
- Clear Statistics—Clears all counters to zero for the selected policy.
- Deactivate—Deactivates the selected policy. When you click Deactivate, the commit window appears for you to confirm the deactivation.
- Move—Repositions the selected policy in the match sequence. You have the option to move the policy up or down one row at a time, or to the top or bottom of the sequence.
Table 191: Security Policies Monitoring Output Fields
Field | Value | Additional Information |
---|---|---|
Zone Context (Total #) | Displays a list of all from and to zone combinations for the configured policies. The total number of active policies for each context is specified in the Total # field. By default, the policies from the first Zone Context are displayed. | To display policies for a different context, select a zone context and click Filter. Both inactive and active policies appear for each context. However, the Total # field for a context specifies the number of active policies only. |
Default Policy action | Specifies the action to take for traffic that does not match any of the policies in the context:
| – |
From Zone | Displays the source zone to be used as match criteria for the policy. | – |
To Zone | Displays the destination zone to be used as match criteria for the policy. | – |
Name | Displays the name of the policy. | – |
Source Address | Displays the source addresses to be used as match criteria for the policy. Address sets are resolved to their individual names. (In this case, only the names are given, not the IP addresses). | – |
Destination Address | Displays the destination addresses (or address sets) to be used as match criteria for the policy. Addresses are entered as specified in the destination zone’s address book. | – |
Application | Displays the name of a predefined or custom application signature to be used as match criteria for the policy. | – |
Dynamic App | Displays the dynamic application signatures to be used as match criteria if an application firewall rule set is configured for the policy. For a network firewall, a dynamic application is not defined. | The rule set appears in two lines. The first line displays the configured dynamic application signatures in the rule set. The second line displays the default dynamic application signature. If more than two dynamic application signatures are specified for the rule set, hover over the output field to display the full list in a tooltip. |
Action | Displays the action portion of the rule set if an application firewall rule set is configured for the policy.
| The action portion of the rule set appears in two lines. The first line identifies the action to be taken when the traffic matches a dynamic application signature. The second line displays the default action when traffic does not match a dynamic application signature. |
NW Services | Displays the network services permitted or denied by the policy if an application firewall rule set is configured. Network services include:
| – |
Count | Specifies whether counters for computing session, packet, and byte statistics for the policy are enabled. By default, counters are not enabled. | – |
Log | Specifies whether session logging is enabled. By default, session logging is not enabled. Session activity to log can include the following:
| – |
Policy Hit Counters Graph | Provides a representation of the value over time for a specified counter. The graph is blank if Policy Counters indicates no data. As a selected counter accumulates data, the graph is updated at each refresh interval. | To toggle a graph on and off, click the counter name below the graph. |
Policy Counters | Lists statistical counters for the selected policy if Count is enabled. The following counters are available for each policy:
| To graph or to remove a counter from the Policy Hit Counters Graph, toggle the counter name. The names of enabled counters appear below the graph. |