Monitoring Application Firewalls

Purpose

Use the monitoring functionality to view the application firewall page. Applications can breach IP and port-based security policies by accessing standard HTTP ports 80 and 443 to tunnel non-HTTP traffic or by using ports other than 80 or 443 for HTTP traffic. An application firewall screens traffic based on an application signature rather than IP or port address. The implementation of both application firewall and network firewall policies contributes to the full security of the network.

Action

To monitor application firewall select Monitor>Security>Application FW in the J-Web user interface.

The upper pane of the Application Firewall Monitoring page provides a list of the rule sets currently configured on your device. When you select a rule set in the upper pane, the lower panes display the rules and counters associated with that rule set. Each rule entry identifies dynamic application signatures for match criteria and the action to be taken with an application signature match.

The counter pane maintains current statistics about the actions taken for the application signatures that are encountered. The Clear Counters button resets all counters to zero and begins counting again. After the number of seconds specified in the Refresh Interval has expired, the new counter values are displayed.

Meaning

Table 217 summarizes key output fields in the application firewall page.

Table 217: Application firewall Monitoring Page

Field

Value

Additional Information

Rule Set

Name

Displays the rule sets configured for the device.

Select a rule set to display its associated rules and counters in the lower panes.

Default Rule

Displays the action taken when traffic does not match any of the associated rules.

  • permit—Permits all traffic that does not match any rule in the rule set.
  • deny—Denies all traffic that does not match any rule in the rule set.

Rules

Displays the rule names associated with the rule set.

Rules in Selected Rule Set

Rule Name

Lists the names of the rules included in the rule set.

Match Dynamic Applications

Displays the dynamic applications used as match criteria for the associated rule.

Action

Displays the action to be taken if the traffic matches the associated rule’s match criteria.

  • permit—Permits traffic that matches the rule.
  • deny—Denies traffic that matches the rule.

Counters for Selected Rule-Set

Refresh interval (sec)

Specifies the interval in seconds when counter values are refreshed.

Counter

Displays the counter for rule in the rule set

Value

Displays the value for rule in the rule set

Related Documentation