Monitoring Application Firewalls
Purpose
Use the monitoring functionality to view the application firewall page. Applications can breach IP and port-based security policies by accessing standard HTTP ports 80 and 443 to tunnel non-HTTP traffic or by using ports other than 80 or 443 for HTTP traffic. An application firewall screens traffic based on an application signature rather than IP or port address. The implementation of both application firewall and network firewall policies contributes to the full security of the network.
Action
To monitor application firewall select Monitor>Security>Application FW in the J-Web user interface.
The upper pane of the Application Firewall Monitoring page provides a list of the rule sets currently configured on your device. When you select a rule set in the upper pane, the lower panes display the rules and counters associated with that rule set. Each rule entry identifies dynamic application signatures for match criteria and the action to be taken with an application signature match.
The counter pane maintains current statistics about the actions taken for the application signatures that are encountered. The Clear Counters button resets all counters to zero and begins counting again. After the number of seconds specified in the Refresh Interval has expired, the new counter values are displayed.
Meaning
Table 226 summarizes key output fields in the application firewall page.
Table 226: Application firewall Monitoring Page
Field | Value | Additional Information |
|---|---|---|
| Rule Set | ||
Name | Displays the rule sets configured for the device. | Select a rule set to display its associated rules and counters in the lower panes. |
Default Rule | Displays the action taken when traffic does not match any of the associated rules.
| – |
Rules | Displays the rule names associated with the rule set. | – |
| Rules in Selected Rule Set | ||
Rule Name | Lists the names of the rules included in the rule set. | – |
Match Dynamic Applications | Displays the dynamic applications used as match criteria for the associated rule. | – |
Action | Displays the action to be taken if the traffic matches the associated rule’s match criteria.
| – |
| Counters for Selected Rule-Set | ||
Refresh interval (sec) | Specifies the interval in seconds when counter values are refreshed. | – |
Counter | Displays the counter for rule in the rule set | – |
Value | Displays the value for rule in the rule set | – |