Understanding the vGW Series Network Module

The vGW Security Design VM Network module displays network traffic for virtual machines (VMs) that are selected in the VM tree. You can view network traffic for all VMs or specific ones.

This topic includes the following sections:

Network Module

The Network module contains the following six tabs:

To display information for a VM, the VM must have a known IP address. The IP address is determined automatically if VMware Tools is installed on the VM. If it is not set automatically, you can set the IP address manually using the Settings module vGW Application Settings > Machines page.

The Network module analysis takes into account IPv4 traffic and IPv6 traffic. Tables shown on the Network module tabs display information for objects with IPv4 and IPv6 addresses.

Manipulating Displayed Information

The Network Summary tab allows you to display information about all VMs, as shown in Figure 46.

A line graph displayed at the top of the page plots bandwidth usage for the top VMs in the report. A table below the graph provides detailed network data for VMs selected in the VM tree. In this case, data for 1 hour is displayed.

Figure 46: Network Summary Tab for All VMs

 Network Summary Tab for All VMs

To display information about a single VM, select the VM in the VM tree. Figure 47 shows the information displayed for the Corp-AD-Secondary VM.

Figure 47: Main Module Network Module Summary Tab for a Single VM

 Main Module Network Module Summary Tab
for a Single VM

To view a VM’s connections, click an individual line in the graph. To display a filter for a protocol, click the protocol field.

Changing the Time Interval for Displayed Information

To change the period for which network data is plotted, use the Time Interval menu. Choose a different interval, and click Update. You can select a time interval or specify a custom period.

Tip: The time interval feature is also available for other vGW Security Design modules.

Figure 48 and Figure 49 show information for all machines for two different time periods.

Figure 48: Displaying Network Data for Different Time Intervals: Part 1

Displaying Network Data for Different Time
Intervals: Part 1

Figure 49: Displaying Network Data for Different Time Intervals: Part 2

Displaying Network Data for Different Time
Intervals: Part 2

Real-time data from the last traffic interval populates the Total, In, Out, and Internal table columns. If you are charting protocols, sources, destinations, or top talkers, the interval selected is used to calculate the minimum, maximum, and average figures in the table shown below the graph. For example, if you select 4 minutes as the time interval, the graph would show a sample of the throughput every 10 seconds. Each dot represents the average throughput value for that period.

The Custom Time Period feature allows you to view historical data. To use it, in the Time Interval menu, select Custom Time Period. (Figure 50 shows the Custom Time Period menu item.)

Figure 50: Selecting a Time Interval

Selecting a Time Interval

The custom time period is interpreted as follows:

Figure 51 shows the Custom Time Period fields.

Figure 51: Setting the Custom Time Period

Setting the Custom Time Period

Note: Depending on the size of the database and the resources available to it, when you specify a custom time period, the vGW Security Design VM might take 30 minutes or more to chart the data and display it. When you want to examine a large data set, for example, data from a month or more, we recommend that you use the Reporting module.

Using Advanced Options for Filtering Network Data

You can filter the information to be displayed. To display filtering options, click show advanced at the left end of the time interval bar. Click the Filter 1 and Filter 2 menus to select filtering options and enter associated values in the related boxes. Then click Update to refresh the graph and data display, based on your settings. Click Clear to reset filter boxes.

Note: Configured filters affect all data in the graph and tables.

Other advanced options differ somewhat depending on the tab you are viewing. Table 6 describes the Advanced options.

Table 6: Using Advanced Options for Filtering Network Data

Select

Action

Auto-refresh

Refreshes data automatically every 60 seconds.

mark verified VMs

Causes the vGW Series to automatically use the unique VMware ID/UUID as well as the IP address to validate that connections are actually coming from the identified server. vGW Series reports on both IPv4 and IPv6 addresses.

Using both the VMware ID/UUID and the IP address protects against security threats such as IP spoofing. VMs for which this extra validation occurs can be displayed in the interface.

multicast in table

Includes multicast packets when monitoring. Because multicast packets are not destined for a specific host and they are seen by all machines on the network, they are included in the connection session list for all VMs.

However, the amount of multicast traffic can be quite large, and it can obscure sessions specific to a selected VM. To remove multicast from this view, clear the multicast in table check box.

To exit advanced view, click show basic.

Sorting Table Data

You can sort table data in the Network page by column. Drag the pointer over the column headings. When the pointer changes to the pointing hand, click the column heading to sort.

To display information for a single VM that is listed in the table, click its entry.

Related Documentation