AppFlowMonitor
Dashboard > AppFlow Monitor
The AppFlow Monitor provides administrators with real-time, incoming and outgoing network data. Various views and customizable options in the AppFlow Monitor Interface assist in visualizing the traffic data by applications, users, URLs, initiators, responders, threats, VoIP, VPN, devices, or by contents.
This section contains the following subsections:
Filter Options
The AppFlow Monitor Filter Options allows the administrator to filter out incoming, real-time data. Administrators can apply, create, and delete custom filters to customize the information they wish to view. The Filter Options apply across all the Application Flow tabs. Please refer to the “Using Filtering Options” section .
|
|
Adds current selection to filter. At least 1 item must be selected in order to use the Filter Options. After doing so, all other tabs will update with information pertaining to the items in the filter. |
|
|
Remove from Filter |
|
Removes the current selection from the filter view by clicking on the X. |
|
|
||
|
|
||
|
|
AppFlow Monitor Tabs
The AppFlow Monitor Tabs contains details about incoming and outgoing network traffic. Each tab provides a faceted view of the network flow. The data is organized by Applications, Users, URLs, Initiators, Responders, Threats, VoIP, VPN, Devices, and Content.
|
|
|
The Applications tab displays a list of Applications currently accessing the network. |
|
|
|
The Users tab displays a list of Users currently connected to the network. |
|
|
|
The URLs tab displays a list of URLs currently accessed by Users. |
|
|
|
The Initiators tab displays details about current connection initiators. |
|
|
|
The Responders tab displays details about current connection responders. |
|
|
|
The Threats tab displays a list of threats encountered by the network. |
|
|
|
The VoIP tab displays current VoIP and media traffic. |
|
|
|
The VPN tab displays a list of VPN sessions connected to the network. |
|
|
|
The Devices tab displays a list of devices currently connected to the network. |
|
|
|
The Contents tab displays information about the type of traffic flowing through the network. |
AppFlow Monitor Toolbar
The AppFlow Toolbar allows for customization of the AppFlow Monitor interface. The ability to create rules and add items to filters allows for more application and user control. Different views, pause and play abilities, customizable data intervals and refresh rates are also available to aid in visualizing incoming, real-time data.
|
|
||
|
|
||
|
|
Categorizes selections according to the available grouping options which vary depending on the tab that is selected. |
|
|
|
||
|
|
||
|
|
||
|
|
Exports the data flow in comma separated variable (.csv) format. |
|
|
|
Allows for customization of the display by enabling or disabling columns for Applications, Sessions, Packets, Bytes, Rate, and Threats. Also allows the administrator to enable or disable commas in numeric fields. |
|
|
|
||
|
|
Provides status updates about App signatures, GAV Database, Spyware Database, IPS Database, Country Database, Max Flows in Database, and CFS Status. Please refer to the “AppFlow Monitor Status” section for more information. A green status icon signifies that all appropriate signatures and databases are active. A yellow status icon signifies that some or all signature databases are still being downloaded or could not be activated. |
|
|
|
Rate at which data is refreshed. A numeric integer between 10 and 999 must be specified. If 300 is entered in the numeric field, that means the data flow will refresh every 300 seconds. |
|
|
|
Freezes and unfreezes the data flow. Doing so gives the administrator flexibility when analyzing real-time data. |
Group Options
The Group option sorts data based on the specified group. Each tab contains different grouping options.
|
|
|
The Applications tab can be grouped by: |
|
|
|
The Users tab can be grouped by: |
|
|
|
The URL tab can be grouped according to: |
|
|
|
The Initiators tab can be grouped according to: |
|
|
|
The Responders tab can be grouped according to: |
|
|
|
The Threats tab can be grouped according to: |
|
|
|
The VoIP tab can be grouped according to: |
|
|
|
The VPN tab can be grouped according to: |
|
|
|
The Devices tab can be grouped according to: |
|
|
|
The Contents tab can be grouped according to: |
AppFlow Monitor Status
The AppFlow Monitor Status dialog appears when the cursor rolls over the Status button in the toolbar. The AppFlow Monitor Status provides signature updates about App Rules, App Control Advanced, GAV, IPS, Anti-Spyware, CFS, Anti-Spam, BWM, and country databases.
The option to enable or disable the flow collection is available in the Status dialog. If the Status dialog is no longer wanted, click close in the upper-right corner.
AppFlow Monitor Views
Three views are available for the AppFlow Monitor: Detailed, Pie Chart, and Flow Chart View. Each view provides the administrator a unique display of incoming, real-time data.
List View
In the List View, each AppFlow tab is comprised of columns displaying real-time data. These columns are organized into sortable categories.
|
|
|
Check Box : Allows the administrator to select the line item for creation of filters. |
|
|
|
Main Column : The title of the Main Column is dependent on the selected tab. For example, if the Users Tab is the selected, then the Main Column header will read “Users”. In that column, the name of the Users connected to the network are shown. Clicking on the items in this column will bring up a popup with relevant information on the item displayed. |
|
|
|
Sessions : Clicking on this number will bring up a table of all active sessions. |
|
|
|
Packets : Displays the number of data packets transferred. |
|
|
|
Bytes : Displays the number of bytes transferred. |
|
|
|
Rate (KBps) : Displays the rate at which data is transferred. |
|
|
|
Threats : Displays the number of threats encountered by the network. |
|
|
|
Total : Displays the total Sessions, Packets, and Bytes sent during the duration of the current interval. |
Application Details
Each item listed in the Main Column provides a link to an Application Detail dialog. A display appears when the item links are clicked. The dialog provides:
|
|
|
Information pertaining to the category, threat level, type of technology the item falls under, and other additional information. |
|
|
|
Application details are particularly useful when an Administrator does not recognize the name of an Application. |
Graph View
The Graph View displays the top applications and the percentage of bandwidth used. The percentage of bandwidth used is determined by taking the total amount of bandwidth used by the top applications, and dividing that total by the amount of top applications.
Using Filtering Options
Using filtering options allow administrators to reduce the amount of data seen in the AppFlow Monitor. By doing so, administrators can focus on points of interest without distraction from other applications. To use the Filtering Options:
|
|
Log into the SonicWALL Network Security Appliance and go to Dashboard > AppFlow Monitor > Applications Tab . Then select the check boxes of the applications you wish to add to the filter. |
|
|
Click Filter View to add BitTorrent to the filter. |
|
|
Once the application is added to the filter, only BitTorrent is visible in the Applications tab. |
More information about Users, peer connectivity, and packets sent are visible in the AppFlow Monitor tabs. The Users using BitTorrent are visible in the Users tab. The IP Addresses of these users are visible in the Initiators tab. The IP Addresses of the connected peers who are sharing packets are visible in the Responders Tab.