Understanding the vGW Series Main Module

The Main module of the vGW Security Design VM displays information gathered from many of the vGW Security Design VM components. When vGW Series detects new events and alerts, data and graphs in the Main module’s panes are automatically refreshed.

The Main module contains the following tabs.

Dashboard

In both graphical and table format, the Dashboard allows you to view the behavior of your environment at a glance. You can view the activity of all virtual machines (VMs). You can select an individual VM or a group of VMs in the VM tree to focus on. The Dashboard displays information for both IPv4 and IPv6 traffic.

See Figure 40.

Figure 40: Dashboard Tab

Dashboard Tab

The Dashboard includes the following panes:

vGW Status

Provides an overview of the current state of your infrastructure. It shows the state of vGW connectivity to the VMware vCenter. It also shows the number of vGW Security VMs deployed to secure ESX/ESXi hosts, and the overall state of your deployment’s VMs, that is, whether they are secured by vGW Series or not.

Compliance Status for All Machines

Shows the overall posture of all VMs in your organization that might be violating compliance rules. The more VMs that violate rules (high weighting), the further the needle moves to the red.

Top Talkers for All Machines

Displays network activity for the last hour.

IDS Alerts for All Machines

If IDS is enabled, the overall IDS alerts information is displayed.

Status Tab

The Status tab displays a summary of vGW status for each module, and it displays status on individual vGW Security VMs. The page is refreshed every 60 seconds. See Figure 41.

Figure 41: Status Tab

Status Tab

Note: For vGW Security VMs for which standby or secondary vGW Security VM instances are configured, vGW Series counts only the primary vGW Security VM and reflects that count in vGW Status table Firewalls number.

For disconnected vGW Security VMs, Firewalls shows separate counts for primary, standby, and secondary vGW Security VMs. For example, it might show “1 disconnected, 1 Standby disconnected, 1 Secondary disconnected”.

The Status page includes these panes:

vGW Status

For the vGW Series components, the pane indicates the current state using the status icons shown in Table 5.

Table 5: vGW Series Status Icons

Icon

Indicates

vGW Series component is working properly.

One or more issues exist with the component. For example, maintenance settings might be incompatible or disabled, or you might need to update its firewall.

Significant issues exist for the component. For example, a module did not load correctly.

In addition to these icons, an overall health status icon appears when individual components require your attention. Figure 42 shows the taskbar with the health status icon at the far right. The icon is either red or yellow, depending on the underlying state of the components being monitored.

Figure 42: Taskbar Showing the Health Status Icon

Taskbar Showing the Health Status Icon
Status of Security VMs

This pane reports status on individual vGW Security VMs.

This pane shows the following information:

  • vGW Security VM name.
  • Host that the vGW Security VM protects.
  • Number of VMs that it protects.

    For vGW Security VMs configured with secondary or standby instances, vGW Series counts VMs protected by the primary vGW Security VM. That is, it does not count the same VM again in relation to the secondary or the standby vGW Security VM instance.

  • If vGW Series HA is enabled.
  • If the vGW Security VM is connected to the vGW Security Design VM.
  • If the firewall module is enabled.
  • If VM monitoring is used.
  • IP address of the vGW Security Design VM management center.
  • If IDS is used, the IP address of the IDS console.
  • If IDS is enabled, IDS data appears. Otherwise, the chart is blank.
  • If AntiVirus is enabled.

Click the Status icon for a vGW Security VM to display detailed information about it. When you click the icon, the vGW Security Design VM automatically positions you in the Security VM Settings section of the Settings module that pertains to the selected vGW Security VM. You can use the tabs on that page to change configuration settings for the vGW Security VM. See Understanding the vGW Security VM Settings .

Events and Alerts Tab

The Events and Alerts page allows you to view Security Alerts and System Status and Events messages individually, in separate panes of the page. You can use an individual filter to search each set separately. See Figure 43.

Figure 43: Main Module Events and Alerts Page

Main Module Events and Alerts Page

Alternatively, you can search through the combined logs for a specific time period using the Consolidated Search button. For example, you might want to look at historical data. Rather than searching through each set, you can specify a time and see all the logs for that period. See Figure 44.

Figure 44: Consolidated Logs for Events and Alerts

Consolidated Logs for Events and Alerts

Security Alerts

The Security Alerts pane lists all vGW Series alerts that have occurred in your protected virtualized environment, except for IDS alerts and AntiVirus alerts which are reported in their own modules. The reported alerts are primarily vGW Series system-related events, such as reports on occurrences of vGW Series version updates or alerts when component failures occur.

Alerts are classified as high (H), medium (M), or low (L), depending on their severity. Click the Priority or Date column to sort the list differently. You can use the filter to sort the data by IPv6 or IPv4 address. For example, you can enter an IPv6 address or an IPv4 address and the pane will show the alert or event for only the VM with that IP address.

System Status and Events

Many companies require a complete audit trail of administrative and policy operations to meet compliance standards and their security best practices. A detailed audit trail is an important part of a security infrastructure that security administrators rely on.

vGW Series collects information on events and posts it to the System Status and Events pane when administrative and policy operations occur. It posts the following event alerts:

Events are listed chronologically. The events that occurred most recently are listed at the top of the table. To view additional events, you can access the vGW Security Design VM database.

You can configure the Alerting pane in the Settings module to allow alerts to be sent also to administrators through e-mail. See vGW Series Event and Alert Messages Guide Reference.

Quarantine Tab

The Main module Quarantine tab displays information about VMs that have been quarantined as a result of AntiVirus, Compliance, or Image Enforcer scans. Using it, you can view the time that the VM was quarantined, when it was removed from quarantine, and the reason that it was quarantined. You can also remove a VM from quarantine from this page. See Figure 45.

Figure 45: Quarantine Tab

Quarantine Tab

To display information about quarantined VMs for one or more features, select the check box beside the feature. You can view information about VMs quarantined as a result of only one type of scan or you can view all information for any of them in combination. For any of these selections you can display:

The Quarantine page shows the following information for each VM:

To remove a VM from quarantine, check the select box for it and click Un-Quarantine VM.

Note: You can use the AntiVirus module to quarantine files infected by a virus or other malware. See Understanding vGW Series AntiVirus .

For details on the relationship between the Main module Quarantine tab, the Quarantine Policy group, and AntiVirus, Compliance, and Image Enforcer scans, see Understanding Quarantined VMs and How to Manage Them.

Related Documentation