icon. For example, if you click on the Create CSV File icon for the Applications tab, this file is created:dashboard_appflow_reports
The AppFlow Reports page provides configurable scheduled reports by applications, users, IP addresses, viruses, intrusions, spyware, locations, botnets, and URL rating. AppFlow Reports statistics enable you to view a top-level aggregate report of what is going on in your network and, at a quick glance, answer such questions as the following:
• What are the top-most used applications running in my network?
• Which applications in terms of total number of sessions and bytes consume my network bandwidth?
• Which applications have viruses, intrusions, and spyware?
• What website categories are my users visiting?
The report data can be viewed from the point of the last system restart, since the system reset, or by defining a schedule range. Reports also can be sent by FTP or by email.
Tip The Dashboard > AppFlow Dash page displays the top ten items in each category (except IP addresses) in graph format. See Dashboard > AppFlow Dash.
To configure your AppFlow Reports, follow the procedures described in AppFlow > Flow Reporting. The bottom of the Dashboard > AppFlow Reports page has a link to the AppFlow > Flow Reporting page.
The bottom of the page displays the:
• Totals for each column, such as number of entries, number of bytes sent by the initiator and responder, locations blocked
• Total up time of the appliance in days, hours, minutes, and seconds
• Time of the last update/reset: hour, minute, second, month, day
Topics:
The Dashboard > AppFlow Reports page displays these reports on separate tabs:
• Users
• IP
• Viruses
• Spyware
• Location
• Botnets
• Name—Name of the application — the signature ID
• Sessions—Number of connections/flows both as a number and as a percentage
• Init Bytes—Number of bytes sent by the initiator both as a number and as a percentage
• Resp Bytes—Number of bytes sent by the responder both as a number and as a percentage
• Access Rules Block—Number of connections/flows blocked by firewall rules
• App Rules Block—Number of connections/flows blocked by the DPI engine
• Location Block—Number of connections/flows blocked by GEO enforcement
• Botnet Block—Number of connections/flows blocked by Botnet enforcement
• Viruses—Number of connections/flows with viruses
• Intrusions—Number of connections/flows identified as intrusions
• Spyware—Number of connections/flows with spyware
• User Name
• Sessions—Number of sessions/connections initiated/responded both as a number and as a percentage
• Bytes Rcvd—Number of bytes received by the user both as a number and as a percentage
• Bytes Sent—Number of bytes sent by the user both as a number and as a percentage
• Blocked—Number of sessions/connections blocked
• Virus—Number of sessions/connections detected with a virus
• Spyware—Number of sessions/connections detected with spyware
• Intrusion—Number of sessions/connections detected as intrusions
• IP Address
• Sessions—Number of sessions/connections initiated/responded both as a number and as a percentage
• Bytes Rcvd—Number of bytes received by this IP address both as a number and as a percentage
• Bytes Sent—Number of bytes sent by this IP address both as a number and as a percentage
• Blocked—Number of sessions/connections blocked
• Virus—Number of sessions/connections detected with a virus
• Spyware—Number of sessions/connections detected with spyware
• Intrusion—Number of sessions/connections detected as intrusion
• Virus Name
• Sessions—Number of sessions/connections with this virus
• Intrusion Name
• Sessions—Number of sessions/connections detected as an intrusion
• Spyware Name—Name of the spyware signature
• Sessions—Number of sessions/connections with this spyware
• Country Name—Name and flag of the country initiating/responding to a session/connection
• Sessions—Number of sessions/connections initiated/responded by this country both as a number and as a percentage
• Bytes Rcvd—Number of data bytes received by this country both as a number and as a percentage
• Bytes Sent—Number of data bytes sent by this country both as a number and as a percentage
• Dropped—Number of sessions/connections dropped
• Botnet Name:
– Botnet Detected
– Botnet Blocked
• Sessions—Number of sessions/connections where a botnet was detected/blocked
• Rating Name—Name of the URL category
• Sessions—Number of sessions/connections both as a number and as a percentage
The following functions are common to all the tabs:
• Downloading Dell SonicWALL Security Services Signatures
You can select the source of the report data in the Data Source drop-down menu:
• Local (default)
• AppFlow Server, if available
• GMSFlow Server, if available
Downloading Dell SonicWALL Security Services Signatures
The AppFlow Reports feature requires that you have the latest Dell SonicWALL Security Services signature downloads enabled for the latest dynamic protection updates. Click on the Status button on any tab to view the list of enabled Dell SonicWALL Security Services as illustrated below.
The pop-up window displays the following for each service generating an AppFlow Report:
• Whether the service is licensed, not licensed, or a license is N/A (not applicable)
• Whether the service is enabled, disabled, or N/A
• Whether the relevant database has been downloaded for the service or NA
• A link to the relevant SonicWALL page for configuring the service
You can limit the amount of data displayed in these ways:
• Limiting the Number of Entries Displayed
Limiting the Number of Entries Displayed
You can limit the number of entries displayed in a report by selecting one of these numbers from the Limit pull-down menu:
• 10
• 25
• 50 (default)
• 100
• 150
• Unlimited
Note The number of entries for the Location, Botnets, and URL Rating reports cannot be limited.
You can limit the display to only certain entries in a tab by specifying a string in the Filter String field. The string is not case sensitive.
The filter applies only to the active tab and does not affect the display of the other tabs. Displaying another tab erases the filter for all tabs.
The filter can be as general or specific as necessary. For example, entering 10.2 for the IP tab returns 4 entries while entering 10.203 returns only 2:
|
You can create a CVS file of a tab’s data by clicking the Create CSV File icon. For example, if you click on the Create CSV File icon for the Applications tab, this file is created:
Note This is not the same CSV file as that created by downloading an AppFlow Report (see Downloading AppFlow Reports).
If your appliance has a printer, you can print the data on a tab by clicking the Printer 
icon.
You can refresh the display by clicking the Refresh 
icon.
You can view the AppFlow data in these ways:
To view AppFlow data since the last reboot or restart of the firewall, select Since Restart from the View pull-down menu. This report shows the aggregate statistics since the last reboot of the device. The date and time of the reboot are given in green as well as the total up time, in days, hours, minutes, and seconds, since the reboot. For example, SINCE: 08/14/2014 15:40:06.000 UPTIME: 32 Days 01:25:10.
Tip The up time is also displayed at the bottom of the page along with the date and time of the last update.
To view AppFlow data since the last reset of the firewall, select Since Last Reset from the View pull-down menu. This report shows the aggregate statistics since the last time you cleared the statistics by pressing the Reset button. The date and time of the reset are given in green as well as the total up time, in days, hours, minutes, and seconds, since the reset. For example, SINCE: 08/14/2014 15:40:06.000 UPTIME: 32 Days 01:25:10.
The reset option allows you to quickly view AppFlow Report statistics from a fresh reset of network flows. The reset clears the counters seen at the bottom of the page, which displays counter totals for number of sessions, initiator and responder bytes, to the number of intrusions and threats.
To view AppFlow data by a defined schedule start and end time, select On Schedule from the View pull-down menu and click the Configure button. This report shows AppFlow statistics collected during the time range specified in the configure settings options. Once the end time of the schedule is reached, scheduled AppFlow statistics are exported automatically to an FTP server or an email server. AppFlow statistical data is exported in CSV file format. Once the AppFlow statistics are exported, the data is refreshed and cleared.
To configure an On Schedule AppFlow report, perform the following configuration of selecting either an FTP server or email server for CSV file export:
1. Navigate to the AppFlow > AppFlow Reports page.
2. Select On Schedule from the View pull-down menu.
3. Click the Configure button. The Schedule Report options page displays.
4. Have your AppFlow Reports data automatically sent to either or both an
• FTP server by selecting the Send Report by FTP checkbox.
• Email server by selecting the Send Report by E-mail checkbox.
5. For reports sent by FTP, enter these options:
• The FTP server address in the FTP Server field.
• A user name in the User name field; the default is admin.
• The password in the Password field.
• The directory in which to send the reports in the Directory field; the default is reports.
6. For reports sent by email, enter these options:
• The address of the email server in the E-Mail Server field.
• The recipient’s email address in the E-mail To field.
• The email address used for the sender in the From E-mail field.
• The SMTP port number in the SMTP Port field.
7. If your email server requires SMTP authentication, select the POP Before SMTP checkbox.and enter these options
• Address of the POP server in the Pop Server field.
• User name in the User name field
• Password in the Password field.
8. Enter the maximum number of user entries in the Max User Entries field; the default is 200.
9. Enter the maximum number of IP entries in the Max IP Entries field; the default is 200.
10. Click the Set Schedule button to define a start and end schedule. The Edit Schedule window displays.
11. In Schedule type, select:
• Once to create a one-time schedule. The Once schedule options allow you to set reporting schedules based on a calendar start and end date with time in hours and minutes.
• Recurring to create an ongoing scheduled. The Recurring schedule options allow to select ongoing schedules based on days of the week and start and end hour and minute time targets.
• Mixed to create both a one-time schedule and an ongoing schedule.
The Recurring and Mixed schedules display your selections in the Schedule List.
12. If you selected Recurring or Mixed for the schedule type, complete the schedule times:
• For both Recurring and Mixed, in the Recurring section, specify the day(s), Start Time and Stop Time of the schedule.
• For Mixed, in the Once section, specify the Year, Month, Day, Hour, and Minute for the Start and End of the report.
13. Click OK to save your AppFlow Reports schedule.
14. On the Schedule Reports options page, click the Apply button to start using your AppFlow Reports schedule object settings.
You can download the AppFlow Reports to one of these formats:
• CSV (Microsoft Excel Comma Separated Values File)—opens in Excel as a swarm.csv file
Note This is not the same csv file that is generated by clicking the Create CSV File icon (see Creating a CSV File).
• DOC (Microsoft Word Document)—opens in Word as a swarm.docx file
• PDF—opens as an html file in the browser window
To download a report:
1. Navigate to the Dashboard > AppFlow Reports page.
2. Click on the Send Report 
icon. The Download Application Visualization Report pop-up window displays.
3. Click the Download Report button. An Opening file.wri.sfr window displays.
4. Click OK to save the file. The file is downloaded to your Downloads folder.
5. Open a browser window.
6. Log on to mysonicwall.com.
7. Navigate to SW Tools > App Reports. The Upload Report page displays.
8. Click the Browse button. A File Upload window displays.
9. Locate the file and click Open. The file name appears on the Upload Report page.
10. Click the Upload button. It may take several minutes to upload the report.
11. When the upload is complete, you can select any or all of these forms (the file has the name swarm):
• CSV
• DOC