Viewing Available Firewall Report Types

To view the available types of reports for the Firewall appliances, complete the following steps:

1	Log into your GMS management console.

2	Click the Firewall tab.

3	Select an appliance, global view, or group of appliances from the TreeControl.

4	Click the Reports tab on the top of the screen.

5	Expand the desired selection on the Reports list and click on it.

NOTE: All Reports show a one-day period unless another interval is specified in the Time Bar.

The following types of reports are available:

Global Level Reports:

•	Data Usage

•	Summary: connections, listed by appliance, for one day (default)

•	Applications

•	Summary: connections, listed by application, for one day (default)

•	Web Activity

•	Summary: hits, listed by appliance, for one day (default)

•	Web Filter

•	Summary: access attempts, listed by appliance, for one day (default)

•

VPN Usage

•	Summary: VPN connections, listed by appliance, for one day (default)

•

Threats

•	Summary: connection attempts, listed by appliance, for one day (default)

NOTE: Summary Reports are not drillable and no Detail view is available.

Unit Level Reports

Detail views are available for all Report items unless otherwise noted.

•	Data Usage

•	Timeline: connections for one day (default)

•	Initiators: Top Initiators, listed by IP address, Initiator Host, User, and Responder, displayed as a pie chart

•	Responders: Top Responders, listed by IP address, Responder Host, and Initiator, displayed as a pie chart

•	Services: connections, listed by service protocol, displayed as a pie chart

•	Details: provides a shortcut to the Detail view normally reached by drilling down. Detail sections include: Initiators, Services, Responders, Initiator Countries, and Responder Countries. Additional filtering or drill down takes you to the Log Analyzer

•	Applications

•	Data Usage connections, listed by application and threat level

•	Detected: events, listed by application and threat level

•	Blocked: blocked events, listed by application and threat level

•	Categories: types of applications attempting access

•	Initiators: events displayed by Initiator IP and Initiator host

•	Timeline: events over one day

•	User Activity

•	Details: a detailed report of activity for the specified user

•	Web Activity

•	Category: hits and browse time listed by information category

•	Sites: sites visited by IP, name, and category, with hits and browse time

•	Initiators: Initiator host and IP with category and user

•	Timeline: site hits with time of access and browse time

•	Details: provides a shortcut to an access timeline and Detail view normally reached by drilling down. Detail sections include: Categories, Sites, and Initiators.

•	Web Filter

•	Category: hits and browse time listed by information category

•	Sites: sites visited by IP, name, and category, with hits and browse time

•	Initiators: Initiator host and IP with category and user

•	Timeline: site hits with time of access and browse time

•	Details: provides a shortcut to an access timeline and Detail view normally reached by drilling down. Detail sections include: Categories, Sites, and Initiators.

•

VPN Usage

•	Policies: lists connections by VPN Policy

•	Initiators: Initiator host and IP with category and user

•	Services: Top VPN Services by Service Protocol

•	Timeline: VPN connections over a 1 day period

•	Intrusions

•	Detected: number of intrusion events by category

•	Blocked: blocked intrusions and number of attempts at access

•	Targets: number of intrusion events by target host and IP

•	Initiators: Initiator host and IP with category and use

•	Timeline: intrusions listed by time of day

•	Details: provides a shortcut to an access timeline and Detail view normally reached by drilling down. Detail sections include: Categories, Sites, and Initiators.

•	Alerts: provides a list of intrusion alerts

•	Gateway Viruses

•	Blocked: blocked virus attacks and number of attempts at access

•	Targets: targeted hosts and IP addresses

•	Initiators: initiating users, hosts, and IP addresses of the virus attack

•	Timeline: times when the virus attempted to gain access, displayed over time

•

Spyware

•	Detected: spyware detected by the firewall

•	Blocked: spyware blocked by the firewall

•	Targets: targeted hosts and IP addresses

•	Initiators: initiating users, hosts, and IP addresses of spyware download

•	Timeline: times when the spyware accessed the system, displayed over time

•

Attacks

•	Attempts: type of attack and times access was attempted

•	Targets: host and IP address, and number of times access was attempted

•	Initiators: top attack initiators by IP and host

•	Timeline: time and number of attempts at access, displayed over time

•	Authentication: authenticated users, their IP addresses, and type of login/logout

•	User Login

•	Admin Login

•	Failed Login

•

Up/Down

•	Timeline: provides a timeline of unit availability. No Detail sections are available.

•	Custom Reports: allows access to saved custom reports

•

Analyzers

•	Log Analyzer: provides a detailed event-by event listing of all activity. The Log Analyzer is drillable, but no Detail sections are available.

•	Flow Activity

•	Real-Time Viewer: real-time data displayed graphically.

•	Top Flows Dashboard: displays top flows per report type.

•	Flow Analytics: monitors applications, users, URLs, initiators, responders, threats, VoIP, VPNs, devices, and contents.

•	Flow Reports: real-time reports displayed graphically.