WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Scheduling and running reportsDeleting a filterTo remove a filter from the list of available filters, highlight the filter. Click Remove.This command removes the .ftr file from the report-defs directory.Applying a filterEach report can use only one filter. To apply a filter, open the report properties. FromHistorical Reports:1 Select the report for which you would like to apply a filter. Click Edit.2 Use the Filter drop list to select a filter.Only filters created using the Filters dialog box appear in the Filter drop list. For moreinformation, see “Creating a new filter” on page 113.3 Click OK.The new report properties are saved to the ReportName.rpt file in the report-defs directory. Thefilter will be applied the next time the report is run.Scheduling and running reportsWatchGuard offers two methods to run reports: manually at any time or scheduledautomatically using the LiveSecurity Event Processor.Scheduling a reportYou can schedule the LiveSecurity Event Processor to automatically generate reportsabout network activity. To schedule reports:1 Right-click the LiveSecurity Event Processor desktop tray icon. Select Open LogCenter.2 Click the Reports tab.3 Select a report to schedule.4 Select a time interval.For a custom interval, select Custom and then enter the interval in hours.5 Select the first date and time the report should run.The report will run automatically at the time selected and then at each selected intervalthereafter.6 Click OK.Manually running a reportAt any time, you can run one or more reports using Historical Reports. FromHistorical Reports:1 Enable the checkbox next to each report you would like to generate.2 Click Run.114
Report sections and consolidated sectionsReport sections and consolidated sectionsYou can use Historical Reports to build a report that includes one or more sections.Each section represents a discrete type of information or network activity.You can consolidate certain sections to summarize particular types of information.Consolidated Sections summarize the activity of all devices being monitored as agroup as opposed to individual devices.Report sections can be divided into two basic types:• Summary – Report sections that rank information by bandwidth or connections.• Detailed – Report sections that display all activity with no summary graphs orranking.The following is a listing of the different types of report sections and consolidatedsections.Firebox StatisticsA summary of statistics on one or more log files for a single Firebox.Authentication DetailA detailed list of authenticated users sorted by connection time. Fields include:authenticated user, host, start date of authenticated session, start time ofauthenticated session, end time of authenticated session, and duration of session.Time Summary – Packet FilteredA table, and optionally a graph, of all accepted connections distributed along userdefinedintervals and sorted by time. If you chose the entire log file or specific timeparameters, the default time interval is daily. Otherwise, the time interval is basedon your selection.Host Summary – Packet FilteredA table, and optionally a graph, of internal and external hosts passing trafficthrough the Firebox sorted either by bytes transferred or number of connections.Service SummaryA table, and optionally a graph, of traffic for each service sorted by connectioncount.Session Summary – Packet FilteredA table, and optionally a graph, of the top incoming and outgoing sessions, sortedeither by byte count or number of connections. The format of the session is: client -> server : service. If the connection is proxied, the service is represented in allcapital letters. If the connection is packet filtered, Historical Reports attempts toresolve the server port to a table to represent the service name. If resolution fails,Historical Reports displays the port number.Time Summary – Proxied TrafficA table, and optionally a graph, of all accepted connections distributed along userdefinedintervals and sorted by time. If you chose the entire log file or specific timeparameters, the default time interval is daily. Otherwise, the time interval is basedon your selection.User Guide 115
- Page 73 and 74: CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76: Using service-based NATUsing servic
- Page 77 and 78: Configuring a service for incoming
- Page 79 and 80: CHAPTER 11Setting Up Logging andNot
- Page 81 and 82: Designating Event Processors for a
- Page 83 and 84: Setting up the LiveSecurity Event P
- Page 85 and 86: Setting global logging and notifica
- Page 87 and 88: Customizing logging and notificatio
- Page 89 and 90: CHAPTER 12Connect with Out-of-Band
- Page 91 and 92: Configuring the Firebox for OOB5 En
- Page 93: PART IVAdministering a SecurityPoli
- Page 96 and 97: Using host aliasesAdding a host ali
- Page 98 and 99: Configuring Firebox authenticationC
- Page 100 and 101: Configuring CRYPTOCard server authe
- Page 102 and 103: Using authentication to define remo
- Page 104 and 105: Firebox MonitorsSetting Firebox Mon
- Page 106 and 107: Firebox MonitorsLogging optionsLogg
- Page 108 and 109: HostWatchARP tableA snapshot of the
- Page 110 and 111: HostWatch6 To change playback prope
- Page 112 and 113: HostWatch102
- Page 114 and 115: Viewing files with LogViewer2 Confi
- Page 116 and 117: Working with log filesIP header len
- Page 118 and 119: Working with log files108
- Page 120 and 121: Specifying report sectionsCreating
- Page 122 and 123: Exporting reports6 Enter the number
- Page 126 and 127: Report sections and consolidated se
- Page 128 and 129: Report sections and consolidated se
- Page 130 and 131: 120
- Page 132 and 133: Using DVCP to connect to devices•
- Page 134 and 135: Branch office VPN with IPSecFrom Po
- Page 136 and 137: Branch office VPN with IPSecdescrib
- Page 138 and 139: Branch office VPN with IPSecbe acce
- Page 140 and 141: Configuring WatchGuard VPNConfiguri
- Page 142 and 143: Configuring WatchGuard VPN• Watch
- Page 144 and 145: Configuring shared servers for RUVP
- Page 146 and 147: Configuring the Firebox for Remote
- Page 148 and 149: Configuring the Firebox for Mobile
- Page 150 and 151: Configuring debugging optionsA prom
- Page 152 and 153: Preparing the client computers• P
- Page 154 and 155: Preparing the client computers10 Cl
- Page 156 and 157: Using Remote User PPTPInstalling a
- Page 158 and 159: Configuring debugging options148
- Page 160 and 161: CChangingan interface IP address 39
- Page 162 and 163: monitors 2, 32, 93BandwidthMeter 94
- Page 164 and 165: for blocked sites 44global preferen
- Page 166 and 167: pull-down menus 32services arena 32
- Page 168 and 169: introduction 37Routes 97network con
- Page 170: manager 17mobile user 18multiple-bo
Report sections and consolidated sectionsReport sections and consolidated sectionsYou can use Historical Reports to build a report that includes one or more sections.Each section represents a discrete type of information or network activity.You can consolidate certain sections to summarize particular types of information.Consolidated Sections summarize the activity of all devices being monitored as agroup as opposed to individual devices.Report sections can be divided into two basic types:• Summary – Report sections that rank information by bandwidth or connections.• Detailed – Report sections that display all activity with no summary graphs orranking.The following is a listing of the different types of report sections and consolidatedsections.<strong>Firebox</strong> StatisticsA summary of statistics on one or more log files for a single <strong>Firebox</strong>.Authentication DetailA detailed list of authenticated users sorted by connection time. Fields include:authenticated user, host, start date of authenticated session, start time ofauthenticated session, end time of authenticated session, and duration of session.Time Summary – Packet FilteredA table, and optionally a graph, of all accepted connections distributed along userdefinedintervals and sorted by time. If you chose the entire log file or specific timeparameters, the default time interval is daily. Otherwise, the time interval is basedon your selection.Host Summary – Packet FilteredA table, and optionally a graph, of internal and external hosts passing trafficthrough the <strong>Firebox</strong> sorted either by bytes transferred or number of connections.Service SummaryA table, and optionally a graph, of traffic for each service sorted by connectioncount.Session Summary – Packet FilteredA table, and optionally a graph, of the top incoming and outgoing sessions, sortedeither by byte count or number of connections. The format of the session is: client -> server : service. If the connection is proxied, the service is represented in allcapital letters. If the connection is packet filtered, Historical Reports attempts toresolve the server port to a table to represent the service name. If resolution fails,Historical Reports displays the port number.Time Summary – Proxied TrafficA table, and optionally a graph, of all accepted connections distributed along userdefinedintervals and sorted by time. If you chose the entire log file or specific timeparameters, the default time interval is daily. Otherwise, the time interval is basedon your selection.<strong>User</strong> <strong>Guide</strong> 115