Understanding the vGW Series Main Module

The Main module of the vGW Security Design VM displays information gathered from many of the vGW Security Design VM components, such as AntiVirus and IDS. When the vGW Series detects new events and alerts, data and graphs in the Main module’s panes are automatically refreshed.

The Main module contains the following tabs.

Dashboard

In both graphical and table format, the Dashboard tab provides an at-a-glance view of your deployment’s behavior. You can view the activity of all guest virtual machines (VMs). Alternatively, you can select a group of VMs or individual VMs in the VM tree to focus on their activity. See Figure 21.

Figure 21: Dashboard Tab

Dashboard Tab

The Dashboard tab includes the following panes:

vGW Status

Provides an overview of the current state of your infrastructure. It shows the state of vGW connectivity to the VMware vCenter. It also shows the number of vGW Security VMs deployed to secure ESX/ESXi hosts, and the overall state of your deployment’s VMs, that is, whether they are secured or not.

Compliance Status for All Machines

Shows the overall posture of all VMs in your organization that might be violating compliance rules. The more VMs that violate rules (high weighting), the further the needle moves to the red.

Top Talkers for All Machines

Displays network activity for the last hour.

IDS Alerts for All Machines

Displays high, medium, and low priority alerts for the past 24 hours.

Status Tab

The Status tab displays a summary of vGW settings for each module and status on individual vGW Security VMs. The page is refreshed every 60 seconds. See Figure 22.

Figure 22: Status Tab

Status Tab

The Status page includes these panes:

vGW Status

For each vGW Series component, the pane indicates its current state using the status icons shown in Table 3.

Table 3: vGW Series Status Icons

Icon

Indicates

The vGW Series component is working properly.

One or more issues exist with the component. For example, maintenance settings might be incompatible or disabled, or you might need to update its firewall.

Significant issues exist for the component. For example, a module did not load correctly.

In addition to these icons, an overall health status icon appears when individual components require your attention. Figure 23 shows the taskbar with the health status icon at the far right. The icon is either red or yellow, depending on the underlying state of the components being monitored.

Figure 23: Taskbar Showing the Health Status Icon

Taskbar Showing the Health Status Icon

Roll the mouse pointer over the icon to see exactly which components are currently in need of attention.

Status of Security VMs

This pane reports status on individual vGW Security VMs. You can click the Status icon for a vGW Security VM to display detailed information.

This pane shows the following information:

  • vGW Security VM name.
  • Host that the vGW Security VM protects.
  • Number of VMs that it protects.
  • If vGW Series HA is enabled.
  • If the vGW Security VM is connected to the vGW Security Design VM.
  • If the firewall module is enabled.
  • If VM monitoring is used.
  • IP address of its management console.
  • If IDS is used, the IP address of the IDS console.
  • If IDS is enabled. IDS data appears if IDS is enabled. Otherwise, the chart is blank.
  • If AntiVirus is enabled.

To modify the configuration of a particular vGW Security VM, use the Security VM Settings section of the Settings module. See Understanding the vGW Security VMs Settings.

Events and Alerts Tab

The Events and Alerts tab contains two panes. See Figure 24.

Figure 24: Events and Alerts Tab

Events and Alerts Tab

Security Alerts

The Security Alerts pane lists all alerts that have occurred in the vGW Series, apart from IDS alerts and AntiVirus alerts, which are reported in their own modules. The reported alerts are primarily vGW Series system-related events, such as reports on occurrences of vGW Series version updates or alerts when failures in components occur.

Alerts are classified as high (H), medium (M), or low (L), depending on their severity. Click the Priority or Date column to sort the list differently. See Figure 25.

Figure 25: Main Module Events and Alerts Security Alerts

Main Module Events and Alerts Security
Alerts

System Status and Events

Many companies require a complete audit trail of administrative and policy operations to meet compliance standards and their security best practices. A detailed audit trail is an important part of a security infrastructure that security administrators rely on.

The vGW Series collects information on events and posts it to the System Status and Events pane when administrative and policy operations occur. It posts event alerts on the following events:

Events are listed chronologically. The events that occurred most recently are listed at the top of the table. To view additional events, you can access the vGW Security Design VM database.

You can configure the Alerting pane in the Settings module to allow alerts to also be sent to administrators through e-mail.

Quarantine Tab

this is The Main module Quarantine tab displays information about VMs that have been quarantined as a result of AntiVirus, Compliance, or Image Enforcer scans. Using it, you can view the time that the VM was quarantined, when it was removed from quarantine, and the reason that it was quarantined. See Figure 26.

Figure 26: Quarantine Tab

Quarantine Tab

You can use the Main module Quarantine tab to display information about quarantined VMs for one or more features.

Click the check box beside AntiVirus, Compliance, or Image Enforcer to individually to view information about VMs quarantined as a result of only that feature’s scan.

Note: You can use the AntiVirus module to quarantine files infected by a virus or other malware. See Understanding vGW Series AntiVirus .

For details on the relationship between the Main module Quarantine tab, the Quarantine Policy group, and AntiVirus, Compliance, and Image Enforcer scans, see Understanding Quarantined VMs and How to Manage Them.

Related Documentation