SonicWALL ViewPoint 6.0 Administrator`s Guide
Contents
1. Detailed Reports The Detailed Report tab is the default view in the Report Layout region Report Layout Detailed Report Select report Seld ee w lace Seethy Ose Time and Cece Time v B B E le F te For a SSL VPN Resource Activity report the Select report field drop down list contains four data categories that you can add as column headings in the report The categories are e Destination IP Adds a column containing the IP address of each accessed resource e Protocol Adds a column containing the protocol used by the traffic e Source IP Adds a column containing the IP address of each system which accessed a resource User Adds a column containing the user ID To include a field in the report select a choice from the list and then click Add When you click Add a row is populated in the table below which has three column headings Field Filter and Options Note When you place your mouse cursor over the row under the Field heading the cursor changes to a move cursor You can drag and drop the rows to rearrange the column ordering in the final report In the Filter column two fields are displayed an operator field and an input field The operator field is a drop down list containing the operator choices for the selected report field See Filter Operators on page 319 for a description of each operator The input field can be a drop down list or a standard input field depending on2. Teration WA NIA N A NIA 4 The table contains the following information Type equal to Failed Login User Name the user name Source Host the IP address of the user s computer Time the time that the user attempted to log in SonicWALL ViewPoint 6 0 Administrator s Guide Viewing the SSL VPN Log Duration not applicable 5 The ViewPoint Reporting Module shows yesterday s report To change the date of the report use the Search Bar and click the Start field to access the drop down calendar 6 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing the SSL VPN Log The Log Viewer contains detailed information on each transaction that occurred on the SSL VPN appliance This information is stored for the time that you specified in the configuration settings Note The Log Viewer displays raw log information for every connection Depending on the amount of traffic this can quickly consume a large amount of space in the database It is highly recommended to be careful when choosing the number of days of information that will be stored For more information see Scheduling and Configuring Reports on page 133 Viewing the Log for a SSL VPN Appliance To view the Log perform the following steps 1 Click the SSL VPN tab 2 Select a SSL VPN appliance SonicWALL ViewPoint 6 0 Administrator s Guide 3 1
3. Events number of events or hits Cost amount of the expense per 100 megabytes You can configure this in the Cost Per Mega Byte Bandwidth Use field in the Console gt Reports gt Summarizer screen MBytes number of megabytes transferred of MBytes percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of data was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 6 The ViewPoint Reporting Module shows yesterday s report To change the date of the report and other settings click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Bandwidth Reports W amp Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Select the Source and Destination interfaces to view If you want to track bandwidth usage in both directions select the Bi directional check box See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected day Note These settings will stay in effect for all summary reports during your active login session Viewing the Top Users of Bandwidth The T
4. The GEM framework provides different types of alert types for the respective areas of the ViewPoint application UTM panel Alert settings for Reporting e Console panel Alert settings for the ViewPoint application Table 2 GEM Alert Types Panel location Available Alert Types Console Date Base Info Database Size Status Database Log Size Status on MySQL DB only Summarizer Utilization Status Summarizer Backed Up Files Status on MySQL DB only UTM Anti Virus License CFS License Warranty License Anti Spyware License Intrusion License SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Granular Event Management amp Configuring Granular Event Management To set up the GEM environment after installing ViewPoint start with the Events screens on the Console panel You should examine the Threshold and Schedule screens and make any necessary configuration changes Then you can enable alerts in the Events screens on the Console panel and UTM panel See the following sections e Configuring Events on the Console Panel section on page 101 e Enabling or Disabling Alerts on the UTM Panel section on page 107 Configuring Events on the Console Panel In the Events screens on the Console panel you can configure the frequency of subscription expiration and task failure notifications as well as severities thresholds schedules and alerts for handling events See the following sections e
5. Attacks the number of attacks of Attacks the percentage of this type of attack compared to all other attack types For example if 5 000 attacks occurred during the day and the IP Spoof makes up 500 of the attacks its of Attacks field will display 10 6 By default the ViewPoint Reporting Module shows yesterday s report a pie chart and the ten top categories To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date 9 These settings will stay in effect for all similar reports during your active login session Viewing the Errors Report The Errors Summary report contains information on the number of dropped packets on a SonicWALL appliance or all SonicWALL appliances during the specified day To view the Errors report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports Wx 3 Expand the Attacks tree and click Errors The Errors p
6. Backs up system information and all data in sgmsdb for the current month sgmsdb contains summarized report data Archived and Raw syslog data Backs up the archived data that is moved from sgmsdb to other files at the end of every month and backs up raw syslog data Complete data Backs up all data including sgmsdb and all archived data and raw syslog data this option requires the most time 2 Select the Zip files checkbox if you want the backup to be compressed and stored as a zip file Click the Backup Database Immediately button 4 Inthe confirmation dialog box click OK Restoring a Database Backup This feature allows the administrator to restore a previously backed up database file Note All services except the Web Server and the Database Service should be manually stopped before restoration is started to avoid corruption of data SonicWALL ViewPoint 6 0 Administrator s Guide Database Maintenance To restore your database with one of your backups perform the following steps On the Console gt Management gt Database Maintenance page under 1 Database Restore select the radio button for the backup that you want to restore Database Restore tilename Type Date Product Version Sire OGS 5 1 C 2009 OS 10 21 0S archve sd Complete deta 05 20 GMS S t 0 01 MB GMS 5 3 10 26 MB Vaya 2 GMS S L C Complete data 5in4 Restore Database 2 Click the Restore Database button Inthe c
7. Bandwidth Summary for May 1 2007 d z 000 700 400 400 800 t000 1300 1400 1900 7200 Bandwidth MBytes by Hour of Day Bandwidth Summary schedule print Hor al Fi stan 2008 07 20 Jp t Emren e Revert Daulay Settings Display Type Chart and Tabie i Chon Type Ban E interfaces Settings Source 5 Destination O S Bi drectenal o SonicWALL ViewPoint 6 0 Administrator s Guide Navigating ViewPoint Reporting The search bar feature consists of a column drop down list an operator drop down list a search text field and a detailed pull down menu Search Filter functions can be performed by utilizing various components reporting at unit level The drop down list contains all the searchable columns of a report It is context based meaning that it contains different options in different reports The column drop down list defines criteria for search and filter functions to work on More S v s v S 4 05 gt S Equals v tart 2007 05 01 aa iSite _ Hits MBytes Category There are two different operator sets If the content of the selected column is character based the character based operators will show gt More S v s v S 4 05 01 ite Equais S Start 2007 05 01 pice Start with 2 End with Contains A character based list contains Equals Start with End with and Contains operators If the content of the selected column contains numerical
8. Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 7 To display a limited group of items use the Search Bar fields Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith or john42 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing Intrusion Prevention Reports The Intrusion Prevention Service IPS reports show the number of attempted intrusions that occurred during the specified time period Note All reports appear in the appliance s time zone If the selected appliance is not licensed for SonicWALL Intrusion Prevention Service a sample report is displayed as shown below You can click the Click Here link near the top to view the global dashboard report showing all SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Intrusion Prevention Reports intrusions and similar attacks currently being monitored by SonicWALL or click the link at the bottom of the page to read detailed information about SonicWALL Intrusion Prevention Service and other subscription services Intrusion Prevention amp Detection Subscription Needed Ths apphance does not have an intruswn Preventoon amp Detection subscrpption The Som WALL iniruswn Prevention Service IPS enpme pro
9. Configuring Event Thresholds on page 101 e Configuring Event Schedules on page 104 e Enabling or Disabling Alerts on the Console Panel on page 107 Configuring Event Thresholds In the Events gt Threshold screen you can view existing event thresholds and configure their elements and add custom thresholds A threshold defines the condition for which an event is triggered Predefined thresholds have names similar to predefined Alert Types Each threshold can contain one or more threshold elements An element consists of an Operator a Value and a Severity The following tasks are described in this section e Editing an Event Threshold Element on page 102 Enabling Disabling Event Thresholds and Threshold Elements on page 103 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Granular Event Management Editing an Event Threshold Element To edit an existing element of a Threshold perform the following steps 1 On the Events gt Threshold screen click the Edit icon located in the Configure column in the element row 2 In the Edit Threshold Element window you can edit the following fields Operator Value Description Severity Disable Edit Threshold Airment for Database Size Status Operator is greater than or equa to D Veale 25000 Desorption Exceeds 25000 M8 Severty A crio a Disable go EWE 1 Update Heset 3 Inthe Operator field
10. Enter your SonicWALL serial number in the Serial N umber field Enter a descriptive name for the SonicWALL appliance in the Friendly N ame field Select the Product Group from the drop down list D oe o Click Register The MySonicWALL website registers the SonicWALL appliance Activating the ViewPoint Software on Your Appliance To activate the SonicWALL ViewPoint software perform the following steps 1 Log on to mysonicwall com 2 Click the label of the newly registered SonicWALL appliance The Service Management page displays 3 Scroll down to locate the ViewPoint service and click Enter Key The Activate Service page displays 4 Enter the ViewPoint Activation Key in the Activation Key field The ViewPoint Activation Key is printed on the ViewPoint Software License Certificate shipped with the ViewPoint package If you purchased ViewPoint on mysonicwall com the key is emailed to you SonicWALL ViewPoint 6 0 Administrator s Guide installing Universal Management Suite 5 Click Submit After the Activation K ey is registered a ViewPoint License Key will appear Carefully write down the ViewPoint License K ey in a safe place Enabling the ViewPoint License on Your Appliance To enable the SonicWALL ViewPoint license perform the following steps 1 2 3 Log into the SonicWALL appliance Navigate to Log gt ViewPoint The ViewPoint page displays Enter the ViewPoint License K ey provided by mysonicwal
11. Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing Application Firewall Reports Application Firewall reports provide information on the applications users and Application Firewall policies that are handled by Application Firewall on the selected SonicWALL appliance s The Application Firewall feature is available on SonicWALL NSA and SonicWALL TZ 210 Series appliances in SonicOS Enhanced 5 0 and higher Application Firewall reports can be used to view Application Firewall usage by the day or over a period of days Additionally you can view the top applications top users or top policies for Application Firewall on a single SonicWALL NSA or SonicWALL TZ 210 series appliance Clickable reports Graphs and Data are supported providing drill down reporting information by clicking the graphical elements such as pie chart slices and data rows For example you can drill down to the User report level by clicking a user in one of the Top reports Note All reports appear in the appliance s time zone Select from the following e To view a summary of the daily Application Firewall usage see Viewing the Application Firewall Summary Report on page 282 e To view Application Firewall usage over time see Viewing the Application Firewall Ov
12. Unit View From the Unit view of the UTM panel reports contain detailed data for the selected SonicWALL appliance To open the Unit view click the UTM tab Then click a SonicWALL appliance in the left pane of the SonicWALL ViewPoint interface The report page for the SonicWALL appliance displays As you navigate the UTM panel with a single SonicWALL appliance selected and change settings those settings will remain in effect throughout the session SonicWALL ViewPoint 6 0 Administrator s Guide Navigating ViewPoint Reporting Using Interactive Reports ViewPoint provides interactive reporting to create a clear and visually pleasing display of information The following figures provide examples of an interactive report graph and a pie chart for Summary and Top Users You can control the way the information is displayed by adjusting the settings which are collapsed in the search bar Bandwidth Summary scheduie i pret tour IF sart 4 2007 08 01 Searen orb Bandwidth Sammary for May 1 2007 Top Users of Bandwidth schedute print m r Mye Users v fga Start 02007 0501 Search A UTN oper Top Users of Bandwalth for May 1 7007 SonicWALL ViewPoint 6 0 Administrator s Guide Navigating ViewPoint Reporting Searching for a Report The search bar feature provides search and configuration capabilities for every report In addition to the original quickset functions the search
13. Viewing ViewPoint Reports The ViewPoint reports are available on the UTM and SSL VPN tabs of the ViewPoint interface SONICWALL ViewPoint 6 0 The ViewPoint Reports view is divided into three panes E tow x Gerra Web Activity ubedi O Pree emcees webre Web Actrty bor December 4 2009 Devewuber 14 2009 astada Arh sprouse nnas reren spas 4 Applik stion Fermat rs kian f a Dete enter Brome Tere Jemena n irii Intel mw soos zm iaar e A list of individual units referred to as the TreeControl In the left pane you can select the top level view or a unit to display reports that apply to the selected view or unit The top level view is MyReportsView A list of reports The middle pane provides a list of available reports that changes according to your selection in the TreeControl pane The reports are divided into categories You can click on the plus sign next to a category to view the list of reports in that category You can click on an individual report name to view that report SonicWALL ViewPoint 6 0 Administrator s Guide ViewPoint Reporting Overview e The report The right pane displays the report that you selected in the middle pane for the view or unit that you selected in the TreeControl For most reports the search bar is provided at the top of the pane Above the search bar a link to the Scheduler is provided You can change the time for the report to ru
14. lt SonicWALL Universal Manapement Suite 6 0 Installation and Use of SonicWALL Universal Management Suite 6 U Requires Acceptance of the Following License Agreement A End user lhoenmng Agreement For Eoriowal Global Management i Syren ana VIEWPOINT This Eng User Licensing Agreement EULA is a legal agreement between you and GeokeWALL Inc Bonic MALL tor the SonicWALL eothasce prodwet iGentiied above which tectedes computer sofbeate and any and alt associated media printed materials and online ot electionic decumentates SOFTWARE PRODUCT ty opening the tested package OA installing ot others using the SOFTWARE PRODUCT you agree be De bound by the terms of th EULA If you Ge not agree to the terms of et LULA do not open the tealed packages install or use the POTENTEA TTE re aoad aea the terra of Be Doua Agera lde NOT aocept the tams of the Doense Aywermert inplaliEr tiere E SonicWALL ViewPoint 6 0 Administrator s Guide installing Universal Management Suite 5 Select the path to the folder where you would like to install SonicWALL ViewPoint You can accept the default path C GMSVP type in a new path or click the Choose button to navigate to the selected folder When you are finished click N ext Ne SonicWALL Universal Management Suite 6 0 Enter install Folder Path Without Spaces SONICWALL Restore Default Fotder ItastullAreyetere Cancel Tip Do not
15. End Tine 23 Start Dete Start Tine 00 v v S t mike Date Rage End Date EndTme 23 wi 62 v 6 Report Layout Detailed Report Select report fei User v Asa Seortby Dede Tine a Deter Tine v Few Fi wer Oplo B nd Report Section lt Full Mode gt Resource Activity Save Template amp Th Page 1 8 Date Time Destinrtion IP Sarce Protocol User 1 200 12 09 15 58 13 192 168 151 126 10 195 11 62 NJA io ior 2 2009 9 168 151 125 10 195 11 82 NJA OUNKNO 3 m gt 1019 L randia irano 4 127 0 0 1 10 195 11 62 Tr arelaton Nogent UENO 5 tx 92 168 151 128 10 195 11 82 NJA ANNO 6 QF 12 09 16 55 51 192 160 151 126 10 19 11 02 NJA maniu e 2009 12 09 16 35 51 127 0 0 1 10 195 11 02 Trarsiabon foigent manju At any time you can change to Full Mode if you want to display either the Template Section or the Report Section individually From Full Mode you can easily change back to Split Mode To toggle between Split Mode and Full Mode 1 Select a unit for which Log Viewer is enabled and then navigate to the Custom Report page 2 On a page that is currently displayed in Full Mode to change the view to Split Mode click the lt Split Mode gt button at the right side of the section heading SonicWALL ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports W amp 3 Ona page that is currently displayed in Split Mode do one of the following to change to a Full Mode display of either the Template Section or
16. 1 never times out Max Rows Per Screen 10 Range 10 100 Applicable to non reporting related paginated screens only Update Reset SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring General Settings Perform the following steps 1 Enter the existing SonicWALL ViewPoint password in the Current ViewPoint Password field 2 Enter the new SonicWALL ViewPoint password in the New ViewPoint Password field 3 Reenter the new password in the Confirm New Password field Note Password fields will be grayed out for users on a Remote Domain 4 The ViewPoint Inactivity Timeout period specifies how long SonicWALL ViewPoint waits before logging out an inactive user To prevent someone from accessing the SonicWALL ViewPoint UI when SonicWALL ViewPoint users are away from their desks enter an appropriate value in the ViewPoint Inactivity Timeout field You can disable automatic logout completely by entering a 1 in this field The minimum is 5 minutes and the maximum is 120 minutes 5 Select a value between 10 and 100 in the Max Rows Per Screen field This value applies only to non reporting related paginated screens 6 When you are finished click Update The settings are changed To clear all screen settings and start over click Reset Note The maximum size of the SonicWALL ViewPoint User ID is 24 alphanumeric characters The password is one way hashed and any password of any l
17. 1226 12 Total 10000 100 0 Chek here for more mformaton See the following sections to view Anti Spyware reports e Viewing a Spyware Summary on page 268 e Viewing Spyware Attempts By Category on page 269 e Viewing Spyware Attempts Over Time on page 270 e Viewing Spyware Attempts By Category Over Time on page 272 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Anti Spyware Reports Viewing a Spyware Summary The Anti Spyware Summary report contains information on the number of spyware attempts by hour of the day To view a spyware Summary perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Anti Spyware tree and click Summary The Summary page displays Spywarn Atamgts Seemmary ine August 16 2005 Ad 4 LL ZELA LiL LT Hour _Atempts of Attempts 15 0 16 Of 2400 100 0 Toa 7100 100 0 4 The bar graph displays the number of virus attacks attempted during each hour of the day 5 The table contains the following information Hour the hour of the day for which the summary is provided Attempts the number of times the spyware attempted to infect the device during a pre set time interval the hour of the day is the default of Attempts the percent of attempts the current spyware entry comprises as a portion of the aggregate number of spyware attempts on the device during a pre se
18. 3 Expand the VPN Usage tree and click By Policy The By Policy page displays Top VPN Policies D Scredate FD print v Equa Start 2007 04 27 Searee Top VPN Policies for April 27 2007 Policy Events Moytes of MBytes Tom Ord Pasi Tveit 2 4 The pie chart displays the amount of data transferred for each policy 5 The table contains the following information Policy the name of the policy Events the number of VPN events MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred for this policy compared to all other policies For example if a total of 10 000 megabytes was transferred and 2 500 megabytes was transferred for one policy the of Usage field will display 25 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing VPN Usage Reports 6 The ViewPoint Reporting Module shows yesterday s report To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing the Top VPN Poli
19. April 28 2007 Cannechons Moy s of MBytes 4 The pie chart displays the VPN connections for the top VPN users 5 The table contains the following information Users the IP address of the user Connections the number of VPN connections MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred by this user compared to all users For example if 10 000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user the of MBytes field will display 20 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing VPN Usage Reports W amp 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing VPN Usage By Policy The VPN Usage By Policy report contains information on VPN usage for a SonicWALL appliance organized by policy To view the VPN Usage By Policy report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance
20. Erd Date Report Layout Detailed Report Seel report Seid SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using Custom Reports on UTM Appliances To specify a Static Date Range 1 10 11 Select a unit for which Log Viewer is enabled and then navigate to the page under Custom Report for the report type you want In the Template Section under Date Time select the Static Date Range radio button Click the Start Date field to access the pop up calendar Use the navigation arrows near the top of the calendar to change the year or month Click the lt lt button to move to the previous year or hold the button to select from a list of years Click the gt gt button to move to the next year or hold the button to select from a list of years Similarly click the lt or gt to move back or ahead by one month or hold the button to select from a list of months Click the desired start date in the calendar This adds the date to the Start Date field and closes the calendar Click the End Date field to access the pop up calendar Use the navigation arrows near the top of the calendar to change the year or month Click the desired end date in the calendar This adds the date to the End Date field and closes the calendar For the Start Time select the hour minute and second from the drop down lists in the Static Date Range row These settings specify the earliest data for each day in the date ran
21. For registering your sofware ploase use the 124etlor GMB sorial number you recewed To rogister ViewPoint ploase enter the word ViEVIPOINT when prompted for a Serial number 11 In the Installation Complete screen select one of the following options for restarting your system to complete the installation and then click Done Yes restart my system No I will restart my system myself Note Restarting after installation is required for full functionality w Somic WALL Universal Management Suite 6 0 The product has been insteled in the folder CLOMSVP Press Done to quit the installer Afer you reboot the system access the Universal Management Host configuration website at hip Mocathost 8 to further configure the spplication Use the credentials adminpaseword to login You need to restart te systern to complete the inste ation Yes restart my system O ho Le restart my system myse Ly ee Se SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading SonicWALL ViewPoint 5 1 to 6 0W amp 12 After restarting your system you can access the SonicWALL ViewPoint UMH system interface by either clicking on the new desktop shortcut for SonicWALL Universal Management Suite 6 0 or by pointing your browser at http localhost 80 13 Your default Web browser will launch http localhost 80 appliance login 14 Login using the username admin and the password password 15 You will be prompted to
22. Mis Fre Pet I Oaa Lii 2 In the Buy GMS page click I want to upgrade to GMS now Buy GMS Free Trial Upgrade options Use the Polomer options to bur a GMS loense oF ty oral he OMS hree trol ark toupa ode to CMS now SONICWALL 3 The Console gt Licenses gt Product Licenses page is displayed Click Manage Licenses SONICWAL GMS 5 1 SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading from ViewPoint to GMS amp 4 In the next page in the Manage Service column for Global Management System click the Upgrade link Product Ucenses MA Fee Tot 28 Gaa Lett jin DINAJA ie N License Summary Last Some WALL Riegetration Ste contact Aor 12 2000 OE 140m Sarid Number Secwity Service Status free Trial Manage Service Cost Dxptration Goba Managemert Systen Free Trial Uparade it 02 May 2009 verson Leensed United Aphan to Lonne Sumeary 5 The next page has Serial N umber and Authentication Code fields for SonicWALL G MS You must contact your SonicWALL reseller to complete the purchase and obtain the 12 character serial number and authentication code Type in the values to the Serial N umber and Authentication Code fields ast Soret WALL bogsh ation Ske contact Agr G2 IWT OD 1 mt ana tanter 30 ung ode ben begel f aret Wesport rotadan s larger than retal upg ade 6 Enter a descriptive name for the SonicWALL GMS installation into the Friendly Name field This name will appear in your MySonicWALL ac
23. The Web Usage Summary report contains information on the amount of HTTP bandwidth handled by a SonicWALL appliance or all SonicWALL appliances during each hour of the specified day The report includes information on the amount of time spend browsing the Internet behind a SonicWALL appliance or all SonicWALL appliances To view the Web Usage Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Web Usage tree and click Summary The Summary page displays Web Usage Summary schedule print 2007 64 27 f More v Start 2007 04 27 p Searem wwa Web Usage Summary for April 27 2007 Hour Events Browse Tene hh mm ss MBytes 3 of MBytes 4 The bar graph displays the amount of HTTP bandwidth transferred during each hour of the day SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports W amp 5 The table contains the following information Hour when the sample was taken Events number of events or hits Browse Time number of hours minutes and seconds spent browsing non job function related sites on the Internet Browse Time is calculated as follows Number Of Pages Noise Reduction Factor Average Browse Time Per Page Number Of Pages is the number of hits responses by the Web site to build the page when a User accesses a Web page www sonicwall com Noise Redu
24. To view intrusion attempts using categories over time intervals as the viewing criteria perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Intrusion Prevention tree and click By Category Over Time The By Category Over Time page displays Top Intrusions Category wo Eoas v Start 1 2007 04 29 End 2007 05 04 p Search Top Intrusions for April 29 2007 May 4 2007 Top intrusi ej Category Intrusions of intrusons 11s aa EN 4 The pie chart displays a list of intrusions attempted by category over time The table contains the following information Category the category of the intrusion attempt Intrusions the number of attempted intrusions during a pre set time interval of Intrusions the percentage of intrusion attempts the current intrusion entry comprises as a portion of the aggregate number of intrusion attempts on the device during a pre set time interval EN SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Application Firewall Reports Wx 5 The ViewPoint Reporting Module shows yesterday s report To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart
25. all prior agreements and representations between them It may be amended only in writing executed by both parties This EULA shall be governed by and construed under the laws of the State of California as if entirely performed within the State and without regard for conflicts of laws Should any term of this EULA be declared void or unenforceable by any court of competent jurisdiction such declaration shall have no effect on the remaining terms hereof The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches Termination This EULA is effective upon your opening of the sealed package s installing or otherwise using the SOFTWARE PRODUCT and shall continue until terminated Without prejudice to any other rights SonicWALL may terminate this EULA if you fail to comply with the terms and conditions of this EULA SonicWALL reserves the right to terminate this EULA five 5 years after the SOFTWARE PRODUCT is issued to Licensee In event of termination you agree to return or destroy the SOFTWARE PRODUCT including all related documents and components items as defined above and any and all copies of same Limited Warranty SonicWALL warrants that a the software product will perform substantially in accordance with the accompanying
26. by this field An arrow is displayed in the column heading when this field is the basis for sorting and indicates ascending or descending order Last Error Displays the error condition from the most recent run if any You can click on the column heading to sort by this field An arrow is displayed in the column heading when this field is the basis for sorting and indicates ascending or descending order SonicWALL ViewPoint 6 0 Administrator s Guide Scheduled Reports Owner Indicates the user ID of the user who created the schedule You can click on the column heading to sort by this field An arrow is displayed in the column heading when this field is the basis for sorting and indicates ascending or descending order 4 To view the properties for a schedule click the notepad icon in that row The Schedule Properties page displays 5 To view the report click on the name of the report Your screen will change to the report screen on the UTM or SSL VPN panel Resending Schedules Apart from selecting multiple schedules for a one time execution by selecting the appropriate checkboxes and clicking the Email Archive the Selected Schedules now you can re send required schedules using the Re send the selected schedules for dates option C select Only the 15 Schedules Displayed above g Select Al Schedles Mail Archeve the selected schedules now Note This is a one te event and val not affect the Scheduled E Mad
27. can verify that the template has been saved by changing back to Split Mode and viewing the contents of the Template drop down list SonicWALL ViewPoint 6 0 Administrator s Guide Viewing SSL VPN Resources Reports W amp Viewing SSL VPN Resources Reports Resources reports provide information on the amount of data transmitted through the selected SSL VPN appliance by each service or protocol Resources reports are useful for revealing inappropriate usage of bandwidth and can help determine network policies For example if there is a large spike of bandwidth usage you can determine whether this is caused by regular Web access someone using FTP to transfer large files an attempted Denial of Service DoS attack or another service Note All reports appear in the appliance s time zone The procedures for viewing the Resources Reports are described in the following sections e Viewing SSL VPN Resources Summary Reports on page 325 e Viewing SSL VPN Resources Top Users Reports on page 327 Note You cannot view resources reports from the global view Viewing SSL VPN Resources Summary Reports The Resources Summary report displays the number of connections handled by each service or protocol during the specified day To view the Resources Summary report perform the following steps 1 Click the SSL VPN tab 2 Select a SSL VPN appliance SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewi
28. gt Top Users page click the Go Back button By default the ViewPoint Reporting Module shows yesterday s report a pie chart for the top six users and a table for all users To change the date of the report click the Start field to access the drop down calendar 9 To display a limited number of users use the Search Bar fields Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 10 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected day Note The date setting will stay in effect for all similar reports during your active login session SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing SSL VPN Authentication Reports Viewing SSL VPN Authentication Reports The Authentication reports show user logins and failed login attempts Authentication reports are available at the unit level Note All reports appear in the appliance s time zone Select from the following e Viewing SSL VPN User Login Reports on page 330 e Viewing SSL VPN Failed Login Reports on page 331 Viewing SSL VPN User Login Reports The user login report shows the user name source host IP address and time of login for users that logged on to the SSL VPN appliance during the specified day To view the User Login report perform the following steps 1 Click
29. logsin UTC Yes Viewpoint Mode Enahied Yes Name Resoluton Mode Otsebled Access Mode HTTP Systog Categories Log Type Log Type System Maintenance Attacks Systen Eros Dropped TCP Uocdied Web Stes Dropped UDP Boded Jave etc Dropped ICMP User Activity Network Debug VPN TCP Seats Denied LAN IP Syslog Servers IP Address Port 30 0 14 150 514 50 0 14252 5i4 w Synchronize Appliance Information how Getting Started with ViewPoint y Open Getting Started Instructions In New Window 4 The sections contain the following information Node information Information on the firewall s is displayed at the global or unit level Syslog Categories The types of syslog data selected to be collected for the selected appliance Syslog Servers The IP address and Port number of the syslog servers configured to collect data from the selected appliance Synchronize Applicance Information with ViewPoint Click the Synchronize Applicance Information Now link to refresh status data about the monitored appliances This status information is normally updated every 24 hours Getting Started With ViewPoint Click the Open Getting Started Instructions In New Window link to open the ViewPoint installation and initial configuration instructions in a separate window SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Dashboard Reports W amp Viewing Dashboard Reports Dashboard reports display an overview of ban
30. reports 273 Java plugin 371 requirements 338 java policy file 21 L licensing requirements 10 SonicWALL appliances for use with ViewPoint 10 ViewPoint on appliances 342 log viewing 58 Log Viewer 290 332 log viewer for SSL VPN appliances 332 logging out 25 M Mail Usage reports 231 MDTA 87 MySonicWALL creating an account 340 N name resolution crawler 79 network requirements 339 P pagination settings 51 password settings 51 PDF exporting reports to 144 reports 152 port syslog 370 profiles existing 150 scheduled report 149 SonicWALL ViewPoint 6 0 Administrator s Guide g R registering procedure 351 requirements 10 SonicWALL appliances 341 reporting overview 115 search bar 116 118 reports adding scheduled 135 Browse Time 128 By Site to By User navigation 129 compliance 144 cover pages 147 domains or IP addresses 130 inheritance 138 no data 156 PDF format 144 ROI 128 searching by dates of 155 settings 154 SSL VPN 295 SSL VPN authentication 330 SSL VPN bandwidth 301 SSL VPN custom resource activity 307 SSL VPN overview 293 SSL VPN resources 325 SSL VPN scheduled reports 296 SSL VPN summarization 297 viewing D ashboard 159 views 17 Web usage exclusions 53 requirements browser 338 database 337 hardware 339 Java 338 network 339 system 337 reverse inheritance for reporting 139 role configuring 32 S scheduled reports disabling enabling 128 scheduler lin
31. session is logged out A setting of 1 allows an unlimited amount of inactivity without being logged out Under Enhanced Security Access you can configure the number of failed login attempts before the admin account is locked out and the number of minutes that the lockout lasts You can also configure the number of days before the admin account password must be changed Under Administrator Password you can change the administrator password for the SonicWALL ViewPoint application Enter the current password for the system administrator or root account into the Current Password field and then enter the new password into both the New Password and Confirm Password fields After making any changes on this page click Update To revert the fields on the page to their default settings click Reset SonicWALL ViewPoint 6 0 Administrator s Guide Configuring UMH System Settings Wx Managing System Settings The System gt Settings page provides a way to upload new SonicWALL ViewPoint software or service packs to the system Click Browse to browse to the file you wish to upload and then click Apply SONICWALL UMH 6 0 6606 v EB Syitem Service Pack Hotfix Mata oad the Servce Pai MMothu Se n order to LOOSE he system Ucarees Current verson 6 0 Bubl 6057 2172 Thursday December 10 2009 3 32 43 AM PST Chk here for hastory AdmesTabon Uploed fie LBuwse__ Settings Chagnon festy gt AA Decloyment The pa
32. 1 Upgrade the License Use the kensa upgrade screen provided below to upgrade the icense from Viewpoint to GM5 Global Management System Free Trial Thond you for your inkerest in Goba Management System If you choose to purchase Global Management System subscription you may do O at any tiene during or after the trial Contre ska SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading from ViewPoint to GMS W amp 2 The next screen provides a summary of G MS and ViewPoint status Verify that the Try link for the Free Trial is gone and only the Upgrade link remains The Expiration column displays the expiration date of your Free Trial You can click the Upgrade link at any time during the Free Trial to purchase the SonicWALL GMS upgrade Click Proceed Viewpoint Upgrade Too Step 1 Upgrade the License Below the summary of the upy aded keences Please cick the Proceed button to continue to the naxt teo Security Service Status Free Trial Mansge Service Count Expiration Goby Management System Free Tre uor ade 15 25 Ri 2009 View cid lkermed herded 3 In the next ViewPoint Upgrade Tool page you begin the configuration for SonicWALL GMS instep 2 of the upgrade process This page displays two sections Automatic Configuration Contains a list of SonicWALL UTM or CSM appliances in your ViewPoint installation These appliances will be automatically configured for SonicWALL G MS management Manual Configuration Contains al
33. 20 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Mail Usage Reports W amp Viewing the Top Users of Mail Bandwidth Over Time The Top Users Over Time report displays the users who sent and received the most mail during the specified time period To view the Top Users Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Mail Usage tree and click Top Users Over Time The Top Users Over Time page displays Top Mail Users D schedule E Eoss at 92007 0622 Esd 2007 0420 fe Search YS Top tad Users for April 23 2007 April 28 2007 Jeers Events MBytes of Matos ol 439 L517 100 0 4 The pie chart displays the percentage of mail sent and received by the top mail users 5 The table contains the following information Users the IP address of the user Events the number of mail messages sent and received MBytes the number of megabytes tr
34. 44 A pplication Wid Gel cevscsissceshsteseundcesaestsecewsscasennd casdesendeonverasonsdvsnsebdnosendeesucesdedesbdasacetestectdersene deteceudctasoreed 44 RSS Feed unina n A NA E E N i 46 Addig M re Pag s irnir et E ARCEA 47 Editing and Deleting Pages c ssssssssssesssssssscssscsssssssessessssscsussesscssecssscsssscssessuccssecsuscessesssessuessseeesseesuesessees 48 ONAA F Ea Ln DEA SEAE A TAA A 49 Chapter 5 Configuring User Settings cccssseeeeeesseeeeeeseeeeesenseeneeeenneeeneeeees 51 Configuring G eneral Settings csscessessssessescssscssessscssscsseccssssssesescsssesssscssscsssecesccssscsuscsssecsseesseeesseesueeessees 51 Configuring Reports Settings snsinennk onain ie R N R aiai 53 Adding Web Sites to the Filter List sssssssssssesssssesssesssesesssseessssesssssssnsnnsnnnsnonnsssoeeesoeeteteeeeteenoseressssses 54 Deleting Web Sites from the Filter List ccsssssessssssssssseessscsssecssscssesssssssssssecssecescsssecesesesecsseecaseeess 54 Adding Web Users to the Filter List ccccssessssssssssssssssssseessecsssesssssssecsssesssssssessessesecesscssseessecseeseses 54 Deleting Web Users from the Filter List ccsssssssssessescssecssesssscsssscesssssesssssssecsseccssecssscesscessesseeess 55 Chapter 6 Configuring Log Settings ssssssenennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnn 57 GO MME NAT ALLO Ta OEA A S EE E bees seasese sees 57 W W DOU airet n e ERA E R EE E AA a 58 Chapter 7 Configurin
35. 6B Open Getting Started Instrections In iew Window Under System the host name of the computer is listed along with the time and other information about the host computer At the bottom of the page a link is provided to access the G etting Started G uide which takes you to the online help table of contents Managing System Licenses The System gt Licenses page provides buttons for managing refreshing and uploading licenses The page displays the status of ViewPoint and Global Management System licenses The Global Management System license status will show the status of your SonicWALL G MS Free Trial if activated If you choose to upgrade to SonicWALL GMS this page will show Global Management System as fully licensed SonicWALL ViewPoint 6 0 Administrator s Guide Configuring UMH System Settings Wx The value in the Count column indicates the number of appliances for which this SonicWALL ViewPoint or SonicWALL GMS instance is licensed for reporting or management For SonicWALL ViewPoint this value is usually unlimited but for SonicWALL GMS the base license is either for 10 nodes or 25 nodes and additional node licenses can be purchased in various increments The Expiration column indicates the expiration date of the license If no date is shown the license is perpetual and does not expire SONICWALL UMH 6 0 6e6s6 Sve tk pme Management Security Service Status Cat Dorata Arearen Godel Maregement rr
36. All reports e Custom set of reports Summarizer Usage Top Appliances The Summarizer Usage Top Appliances section displays information about the appliances in the deployment that used the most summarizer time Details are given about which reports were generated and their summarizer execution time Database Statistics The size is displayed for each of the following databases e Current e Archive e Raw Syslog SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer Status Wa Syslog File Storage Statistics The size is displayed for each of the following syslog directories e Current Archived Bad Details for Summarizer at lt IP Address gt Summarizer Utilization The Summarizer Utilization section for a specific summarizer shows the same information described above for the entire deployment but only shows the values for this summarizer Y Details For Summarizer At 10 0 14 251 Y Summarizer Utilization Average Summarizer Utilization 1 Peak Summarizer Utilization 2 Total Run Time Oh 16m 3s Number of Syslogs Received 683 060 Number of Syslogs Summarized 683 060 Average Syslogs Summarized Per Minute 42 558 Estimated Unused Capacity in syslogs 29 958 883 Reporting Details The Reporting Details section shows the number of appliances serviced by this summarizer and the number with the following types of reports enabled e Factory default reports e All reports e Custom set of reports Summarizer
37. Attempts the percentage of attempts to access the blocked site compared to all other user attempts For example if 500 attempts were made during the day and 250 of those attempts were made by a single user his of Attempts field will display 50 5 By default the ViewPoint Reporting Module shows yesterday s report a pie chart and the ten top users To change these settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports Wa Viewing Blocked Site Attempts Over Time The Web Filter Over Time report displays the number of attempts that were made to access blocked Web sites for the specified time period To view the Web Filter Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Web Filter tree and click Over Time The Over Time page displays BAO 2 4 The bar graph displays the number of attempts that
38. Destination IP Protocol Source IP or User To select a field for a Summary Group simply drag and drop the desired field from the list to either the Level 1 Summary Group or Level 2 Summary Group boxes When the field name is dragged to one of these the operator drop down list and filter input value field are displayed allowing you to specify values to match when the data is searched See Filter Operators on page 319 for a description of each operator Either the Level 1 Summary Group field or the Level 2 Summary Group field can be used alone the resulting report will look the same in both cases When both the Level 1 and Level 2 Summary Group fields are populated the report will display the top entries for the Level 2 field for each of the top entries for the Level 1 field For example if User is dragged to the Level 1 Summary SonicWALL ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports W amp Group and Domain is dragged to the Level 2 Summary Group and 5 is selected in the Top drop down list the generated report will display the top five domains visited by each of the top five users To configure a summary report 1 Select a unit for which Log Viewer is enabled and then navigate to the page under Custom Report for the report type you want 2 In Report Layout region of the Template Section of the Custom Report page select the Summary Report tab 3 In the Top drop down list select the number
39. Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports W amp Viewing Web Usage By User Over Time The By User Over Time report displays a list of all users their top sites the number of hits to each site the time spent browsing and the amount of data transferred for the specified time period To view the By User Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Web Usage tree and click By User Over Time The By User Over Time page displays Top Web Sites By User Schedule Print vse v Equa Y Start 412907 04 23 End 2907 04 28 A Searce Top Web Stes Dy User for Apr 23 2007 April 25 2007 4 The table contains the following information User the IP address of the user Hits number of hits to each Web site visited by the user Browse Time number of hours minutes and seconds spent browsing non job function related sites on the Internet MBytes
40. Java SE 6 Update 10 or ister Otherwise Java based web applications 2 Execute the installer 3 Select the radio button next to Accept the Terms of the License Agreement Click N ext 4 Select the radio button next to Typical installation and click N ext It may take several minutes for the Java Plug in to install 6 In the Installation Complete window click Finish Restart your computer to complete the installation process SonicWALL ViewPoint 6 0 Administrator s Guide 4 Miscellaneous Procedures and Troubleshooting Tips SonicWALL ViewPoint 6 0 Administrator s Guide Appendix B Technical Tips This chapter includes the following sections e Log Viewer section on page 373 e Real time Syslog Viewer section on page 375 e Forwarding Syslog D ata to Another Syslog Server section on page 376 e Posting ViewPoint Reporting to Another Web Server for End User Access section on page 377 Log Viewer The Log Viewer contains detailed information on each transaction that occurred on the SonicWALL appliance This information is stored for the time that you specified in the configuration settings N Note The Log Viewer displays raw log information for every connection Depending on the amount of traffic this can quickly consume a large amount of space in the database It is highly recommended to be careful when choosing the number of days of information that will be stored For information a
41. Over Time report perform the following steps 1 2 3 4 Click the UTM tab Select a SonicWALL appliance Expand the Web Filter tree and click By Category Over Time The By Category Over Time page displays LS 2 Azerrgts S of ASerTpts The table contains the following information Category the Web site category Attempts number of attempts the user made to access each Web site of Attempts the percentage of attempts to access the blocked site compared to all other user attempts For example if 500 attempts were made during the period and 250 of those attempts were made by a single user his of Attempts field will display 50 To change date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range SonicWALL ViewPoint 6 0 Administrator s Guide Viewing File Transfer Protocol Reports Wx Viewing File Transfer Protocol Reports FTP usage reports provide information on the amount of FTP usage that occurs through th
42. Page enter a Title and Subtitle and select colors for the Foreground and Background of the cover page For Summary Report Page you can select up to 4 reports Select a report for the summary page from the Choose the Summary Reports drop down list and then click Add For Detailed Report Page do one of the following Click Select an existing profile and then select the profile to use from the Profile Name drop down list Click Create a new profile type a profile name into the New Profile Name field and then select the checkboxes in the Report list for each report to be included You can click the checkbox next to the Report heading to select all reports in the list Optionally click Configure Filters Options For this procedure see Configuring Filters and Options on page 137 To see a preview of this scheduled report click PREVIEW When finished click Add SonicWALL ViewPoint 6 0 Administrator s Guide Selecting Reports for Summarization Configuring Filters and Options 1 At the bottom of the Scheduled Report Configuration page click the Configure Filters Options button The Display Options Settings page displays 2 Select the number of sites to display in Top Sites reports default 20 Select the number of users to display in Top Users reports default 20 4 Select the number of sites to display in Sites by User Users By Site reports default 20 Select the number of items to display i
43. Q Test Losgaan Report 7 IHn prEN Sede wes Bccess Sy Repos emailez successi w aman Gsorvcwal com Successi bgn rt he system by use snn m k srno ard FYI v See soe DiocsOoner Sytem GiocaDoman PARAOA System GrocaBoman PARADA 30 0 14 1 System GiocaDonar ms 0 0 14 i99 Lin pcewn Gi ccaDoman 100 448 inen GuccaDonar adanG ocaDoman 10 0 14 53 4 When Summarize Now has completed click the UTM tab at the top of the screen In the left most pane click MyReportsView or click an appliance N Note You may see incomplete data if you view the Summary section of a selected report before the Summarize Now process is complete Wait for the Report Data Summarized message to be displayed in Log gt View Log SonicWALL ViewPoint 6 0 Administrator s Guide amp Summarizer 5 In the center pane click a report to expand it then click the Summary option underneath it For example click Bandwidth then click Summary to review the summarized bandwidth usage data Bandwidth Summary schedule Print Mere Hour vie v Esant 4 2008 07 20 gt Search l optons Bandwidth Summary for July 20 2008 Connections Cost USD MBytes of Mbytes 1914 6 Navigate to the Summary section of other reports in the center pane to see other summarized data Configuring the Syslog Deletion Schedule Settings Syslog files sent from SonicWALL appliances are stored on the ViewPoint system a
44. Reporting Module displays the report for the selected date range Viewing the Attacks By Category Over Time The Categories Over Time report displays the number of attacks in each attack category during the specified time period To view the Categories Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Attacks tree and click Categories Over Time The Categories Over Time page displays Summary of Attacks by Category D Sctredrate FE rrim v toe v Stet 3007 07 92 fad 2007 57 17 je Summary of Attacks by Category ler duly 12 2007 July 17 2007 type Attacks of Attacks Fi 2 109 4 The bar graph displays the number of attacks attempted each day of the specified time period To view source and destination information on the individual attacks expand the category tree indicated by a sign 5 The table contains the following information Type the type of attack Source the IP address of the source SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports Destination the IP address to the destination Click the highlighted source or destination IP address to access the Whois Source Website Attacks the number of attacks of Attacks the percentage of this type of attack compared to all other attack types For example if 5 000 attacks occurred during the day and the IP Spoof m
45. Section Note that this will change the Date Time region as well as the Report Layout region back to default settings Filter Operators When configuring the Report Layout on either the Detailed Report tab or the Summary Report tab you can specify filter values to be matched in the database during report generation Depending on the selected field type text string or numeric several filter operators are available The filter operators are used with a filter input value to determine which data should be included in the report The operators are defined as shown in Table 6 Table 6 Filter Operators Operator Definition Equals Only data that exactly matches the filter input text will be included in the report Start with Data that begins with the input text will be included in the report SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using Custom Reports on UTM Appliances Operator Definition End with Data that ends with the input text will be included in the report Contains Data that contains the input text will be included in the report Only data that exactly matches the filter input numerical value will be included in the report gt Data values that are greater than the input numerical value will be included in the report gt Data values that are greater than or equal to the input numerical value will be included in the report lt Data values that are less than or equal to t
46. SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 7 Configuring Management Settings This chapter describes the settings available on the Console panel in the Management section The following sections are found in this chapter e Settings section on page 61 e Alert Settings section on page 64 e Sessions section on page 65 e Database Maintenance section on page 66 Settings On the Console gt Management gt Settings page you can configure email settings set the system debug level synchronize model codes information and configure password security settings This section describes the following Settings topics e Configuring Email Settings on page 62 e Configuring System Debug Level on page 62 Enforcing Password Security on page 63 e Synchronizing Model Codes on page 63 SonicWALL ViewPoint 6 0 Administrator s Guide M Settings Configuring Email Settings An SMTP server and an email address are required for sending ViewPoint reports If the Mail Server settings are not configured correctly you will not receive important email notifications such as e System alerts for your SonicWALL ViewPoint deployment performance e Availability of product updates hot fixes or patches e Scheduled Reports To configure these email settings 1 Click the Console tab 2 Expand the Management tree and click Settings The Settings page displays 3 Type the IP add
47. UTM tab 2 Select a SonicWALL appliance 3 Expand the Web Usage tree and click Top Sites The Top Sites page displays Top Visited Web Sites O siatt GD pent Ste tous Start 4 2007 04 27 p Sesa ere Top Visited Web Sites for April 27 2007 o a a G E B r fl t Sne Mts Mayter Category hed of MBytes 44625 wa 4 The pie chart displays the percentage of bandwidth used to access the top sites 5 The table contains the following information Site URL or IP address of the site Hits number of hits MBytes number of megabytes transferred Category the Web site category of MBytes percentage of megabytes transferred between this site compared to all other HTTP traffic For example if 10 000 megabytes of data was transferred during the day and 5 000 megabytes was transferred between the appliance and Ebay the of MBytes field will display 50 and you have a problem SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports W amp 6 To change the date of the report and other settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Sites Rows per Screen See Managing Report Settings on page 154 8 When you are
48. Update button to save your changes 4 The Web Services table in the Web Services gt Status screen gives the following information about each Web Service Feature Description Enabled If selected this feature is currently enabled Service Indicates the name of the Web Service URI Indicates the full URI used to access this Web Service Description Provides a description of the Web Service SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 12 Using ViewPoint Help To access the ViewPoint online help click the blue help button in the top right corner of the ViewPoint user interface Bet Tips and Tutorials Tips and tutorials are available in some pages of the user interface and are denoted by a Lightbulb icon Ta Tips and Tutorials Microsoft I E l about blank Tips and Tutorials al KB 5275 Name Resolution in Reports 5 KB 6372 How to get the Summarizer caught up KB 6661 Displaying GYC user info in ViewPoint reports u Online Help ig Internet SonicWALL ViewPoint 6 0 Administrator s Guide About ViewPoint To access tips and tutorials 1 Navigate to the page where you need help 2 If available click the Lightbulb icon in the upper right hand corner of the window Tips tutorials and online help are displayed for this topic About ViewPoint The Console gt Help gt About page displays the version of ViewPoint being run who the ViewPoint
49. ViewPoint 6 0 Administrator s Guide 4 Miscellaneous Procedures and Troubleshooting Tips e To uninstall SonicWALL Universal Management Suite databases from Microsoft SQL Server 2000 see MS SQL Server 2000 on page 370 Windows To uninstall SonicWALL Universal Management Suite from a Windows system follow these steps 1 Click Start point to Settings and click Control Panel 2 Double click Add Remove Programs The Add Remove Programs Properties window displays 3 Select SonicWALL Universal Management Suite and click Change Remove The SonicWALL Universal Management Suite Uninstall program starts 4 Follow the on screen prompts 5 Restart the system SonicWALL Universal Management Suite is uninstalled MS SQL Server 2000 To uninstall or remove the SonicWALL Universal Management Suite databases in the MS SQL Server 2000 you can execute the following D O S command from any SonicWALL Universal Management Suite server osql U username P password S dbHost_IP q drop database SGMSDB osql U username P password S dbHost_IP q drop database sgmsvp_yyyy_mm_dd Or you can use the MS SQL Server s Enterprise Manager and delete the SG MSD B and sgmsvp_ databases Troubleshooting Tips This section contains SonicWALL ViewPoint troubleshooting tips Changing the Default Syslog Server Port Number By default the SonicWALL ViewPoint syslog server default port number is 514 on Windows systems To change the port number
50. ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports W amp When the Custom Report page is initially displayed for a selected appliance the Template Section is displayed in Full Mode Split Mode is available but the Report Section displays no data until a report has been generated The image below shows the Custom Report gt Resource Activity page with the Template Section displayed in Full Mode Template Section lt Split Mode gt Custom Report Resource ActivitV templa Load a Teenplate Date Time Stat Time 00 w 00 wi 00 Dynamk Dale Range Tod v indtime D v v v Start Date Start Time o0 w gt mac VOTE henge ind Date EudTme 234 53 w 09 v Report Layout Detaited Report Select report Sek Destination P w fasa Sart by and OmeTine v ad Jate Time v fie Firre Ontierr Generate Repon Reset SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using SSL VPN Custom Reports After generating a report the page automatically changes to Split Mode and displays the report settings in the Template Section in the top half of the page and the report results in the Report Section in the lower portion The image below shows the Template Section and Report Section displayed in Split Mode Template Section lt Full Mode gt Custom Report Resource Activitv Tempiste Load a Template Date Time Start Time o0 v oo w Dynami Oste Range Weetwone v lt 3113 8
51. ViewPoint 6 0 Administrator s Guide Viewing Bandwidth Reports W amp Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Users of Bandwidth Over Time The Top Users Over Time report displays the users who used the most bandwidth and accumulated the highest cost during the specified date range This report is available at the unit level To view the Top Users Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Bandwidth tree and click Top Users Over Time The Top Users Over Time page displays Top Users of Bandwidth schedule E print Sat 4 2887 Ns 99 4 9007 04 gt More Users Equal start 14 2007 04 23 End 2007 04 28 Search Sre Odos Top Users of Bandwidth for April 23 2007 April 28 2007 LELLI IS MBytes of MBytes 41 nla lea lel co Ph ae ae S os ns 0 004 5 30s 4 The pie chart displays the percentage of bandwidth transferred by each user SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Bandwidth Reports 5 The table contains the following information Users the IP address of the user Connect
52. ViewPoint log perform the following steps 1 Click the Console tab expand the Log tree and click View Log The View Log page displays Math come yy Start Search y Clear Search y Export Loge Search Results V Show Messages Per Screen 2 Previews lt Oupleyrg Dx Seventy Som WAL UseroiPr 2 Each log entry contains the following fields specifies the number of the log entry Date specifies the date of the log entry Message contains a description of the event Severity displays the severity of the event Alert Warning or FYI SonicWALL specifies the name of the SonicWALL appliance that generated the event if applicable User IP specifies the user name and IP address 3 To narrow the search configure some of the following criteria Tip You can press Enter to navigate from one form element to the next in this section SonicWALL ViewPoint 6 0 Administrator s Guide View LogT amp Select Time of logs displays all log entries for a specified range of dates SonicWALL Node displays all log entries associated with the specified SonicWALL appliance ViewPoint User displays all log entries with the specified user Message contains displays all log entries that contain the specified text This input field provides an auto suggest functionality that uses existing log message text to predict what you want to type It fills in the field
53. Viewing Application Firewall Reports 4 The table contains the following information User Name the user s name or IP address Host Name the host name or IP address of the computer that made the connection Connections number of attempted connections logged and possibly blocked by Application Firewall Mbytes megabytes of data transferred during the connections Action Type either No Action Logged or Blocked 5 To change the date of the report click the Start field to access the drop down calendar select the desired date and then click Search The ViewPoint Reporting Module displays the report for the selected date Viewing Application Firewall Top Policies The Top Policies report displays the Application Firewall policies that were triggered the most on the specified date The Top Policies report is available at the unit level To view the Top Policies report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Authentication Reports W amp 3 Expand the Application Firewall tree and click Top Policies The Top Policies page displays Top Policies Schedule amp Print Poicy Name Equais v Start 4 2009 11 27 Search Top Policies lor November 22 2009 dangerous web files static 207 Policy Name Connections Mirtes acdon Type 1 dangercers web fi 297 N A No Action 4 The table contains
54. Web Filter tree and click Top Sites Over Time The Top Sites Over Time page displays Ce Ae 4 The graph displays the number of access attempts for each of the top blocked Web sites during the specified time period 5 The table contains the following information Site the URL or IP address of the site Attempts the number of attempts Category the Web site category of Attempts the percentage of attempts to access the blocked site compared to all other blocked site attempts For example if 500 attempts were made during the period and 100 of those attempts were for www badsite com its of Attempts field will display 20 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports Wa 6 To change date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Sites Rows per Screen See Managing Report Settings on page 154 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing the Top Blocked Site Users Over Time The Web Filter Top Users Over Time report displays the users who made the most attempts to access blocked sites during the specified t
55. With MySonicWALL com Note Status information is updated every 24hours To refresh the information dick on the link above To change these settings you must log into the appliance and update them manually 4 Inthe unit view to synchronize settings with the SSL VPN appliance and license information with MySonicWALL click SynchronizeSettings With Appliance And License Information With Mysonicwall com SonicWALL ViewPoint 6 0 Administrator s Guide Viewing SSL VPN Bandwidth Reports W amp Viewing SSL VPN Bandwidth Reports Bandwidth reports display the amount of data transferred through one or more selected SSL VPN appliances Bandwidth reports are an ideal starting point for viewing overall bandwidth usage You can view bandwidth usage view by hour day or over a period of days Additionally you can view the top users of bandwidth From this information you can determine network strategies For example if you need more bandwidth you might need to upgrade network equipment or you might simply need to curtail the bandwidth usage of a few employees Note All reports appear in the time zone of the selected appliance Select from the following e Viewing SSL VPN Bandwidth Summary Reports on page 301 e Viewing SSL VPN Top Users of Bandwidth Reports on page 303 e Viewing SSL VPN Bandwidth Usage Over Time Reports on page 304 e Viewing SSL VPN Top Users of Bandwidth Over Time Reports on page
56. Wx Connections number of attempted connections logged and possibly blocked by Application Firewall Mbytes megabytes of data transferred during the connections Action Type either No Action Logged or Blocked 5 To change the date of the report click the Start field to access the drop down calendar select the desired date and then click Search The ViewPoint Reporting Module displays the report for the selected date Viewing Application Firewall Top Users The Top Users report displays the users who made the most logged and or blocked connections by Application Firewall on the specified date The Top Users report is available at the unit level To view the Top Users report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Users page displays Top Users User hamo Equal v Top Users for November 22 2009 A w Other 201 Liser Name Host Name Corrections MBytes 1 10 061 179 10 0 81 179 18 10 0 92 2 40 0 92 2 17 J 10 061 16 10 0 51 161 17 4 axodh adnet gouie ad ret 16 gt 10 081 181 10 0 51 161 14 Sant 4j 2009 11 22 Expand the Application Firewall tree and click Top Users The Top Schedule Print Search NooIe 2 JA 10 081 181 14 1000 181 1 crecediie adnet gt 10 jwoerze Ww 10 0 81 176 16 Action Type 4 No Actior 1 No Actior No Actor SonicWALL ViewPoint 6 0 Administrator s Guide
57. XD WoektoOste_ Aa 4 The tables at the top of the page display the totals using megabytes for the bandwidth totals 5 The graphical display breaks down the information as follows Bandwidth shown by group when viewed at global level At the unit level the bandwidth is shown per hour HTTP Bandwidth at the unit level this is shown as a pie chart with eight slices The top seven Web users by IP address are each shown as a slice with all other HTTP bandwidth combined in the eighth slice Attacks Events at the global level both attack events and virus attack attempts are shown per group At unit level these are shown per hour not pictured Custom Report Templates your favorites list of saved custom report templates See Using Custom Reports on UTM Appliances on page 163 You can click the Edit icon next to the template on this page to edit the template in the Custom Report page and save it using the Save Template button To delete the template click the Delete icon SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Dashboard Reports W amp Viewing Custom Reports on the Dashboard SonicWALL ViewPoint provides access to your saved Custom Report templates on the Dashboard gt Summary page for the appliance The template must have been previously created and saved for the same appliance on the Custom Report gt Internet Activity or Custom Report gt Website Filtering page Da
58. a color by either choosing a color on the color bar and then selecting its value in the color box or by typing in the HTML color Cover tackgrourd Coor Tae epee Coor a s a noose Color Sedgord Coo rere m _Sumr Choose t prun 4 repons car be coset 4 The color codes are automatically filled in the corresponding fields once the color chooser window is closed Customizing Your Summary Report Page The Summary Report Page allows you to add new reports and individually customize their appearance 1 On the Summary report page select the type of summary reports you need up to a maximum of 4 reports Then click the Add button The report will be created based on the type of summary report you have selected Enter the report title in and report description in the appropriate fields Select the text color for the title and description Select the background color for both fields me Ye P Select the order in the Order drop down window Summary Ropon Page 6 You may continue to add reports based on the summary you select in the Summary Reports drop down menu Repeat steps 1 5 to add more summary reports SonicWALL ViewPoint 6 0 Administrator s Guide Scheduling PDF Compliance Reports W amp Customizing Your Detailed Reports Page The Details Report Page provides you with a list of reports you may select to include in your report summaries You can refine your setting for your report in more detail in th
59. abin one S5 System Cki Proceed to start the ugrade proceckre Recommended System Requirements Oper ahing System Modit Ereeworenent Windows 2000 Server 04 Wirken 2000 Professional SP4 Werdoane W Profeescnal S272 Windoert IIN Sarver SP2 Detabesn Mesos UB Erevironment Mecrosoll SQL Server 2000 SM ond Meronelt SA Server 2005 SP on ofthe Wierhowes 2000 Server 54 or 2003 Server SPL Nacnare 106 Controrment Mrama 3 Gtr processor dustcore CPU Intel processor 2 G RAM and 300 GB dsk space Current Syston Information Ope ary Sytem Wris P et 5 1 2 27 Ot RAN Proceed Cacai 4 The ViewPoint Upgrade Tool displays the login screen for MySonicWALL Enter your MySonicWALL credentials and click Submit ViewPoint Upgrade Tool Step L Upgrade the License Use the heeme upgrade screen proveried blow to uo ade the kerse from Vergari to GMS mySonicWALLcom Login OT COPRLA COM A a OAA rta for negutenng al pow Sorell Intamat Security Apobarces and managing af your Some WALL securty service upgrades and changes mySoneWALL provides you mth an easy to ne intee aoe to nanaga servies ated upg aces for mapie Sore WALL poiras Por more formation on nySOrKC WALL please viet the FAD you do not heve a mySonicWall account please cick here to oeste one Please erter your existing myar WALL com username or emai address and passord belor Errand uies Ler Nave Password Stent Tid you fee get your User Name or Password
60. accept this content if you trust SonicWALL Inc to make that assertion Yes No Always SonicWALL ViewPoint 6 0 Administrator s Guide About Signed Applets in SonicWALL ViewPoint Otherwise click N o In this case you must manually edit the java policy file You can view the following technote for more information about editing the java policy file Manually Configuring the java policy File for SonicWALL GMS JRE SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 2 Using the UMH System Interface This chapter describes the Universal Management Host system interface one of the two management interfaces available for SonicWALL ViewPoint This section includes the following subsections Overview of the UMH System Interface page 24 Configuring UMH System Settings page 25 Configuring UMH Deployment Options page 31 SonicWALL ViewPoint 6 0 Administrator s Guide Overview of the UMH System Interface Overview of the UMH System Interface The SonicWALL ViewPoint UMH system interface is used for system management of the SonicWALL ViewPoint instance including registration and licensing setting the admin password configuring network and database settings selecting the deployment role and configuring other system settings When installing SonicWALL Universal Management Suite 6 0 on a host a Web server is installed to provide the system management interface The system interface is available by
61. and HTTPS access for adding a SonicWALL appliance to ViewPoint is supported as follows e HTTP for access to a LAN IP address only e HTTPS for access to a LAN IP or WAN IP address MySonicWALL Account Requirements A MySonicWALL account is required to complete the SonicWALL UMS installation and registration process If you do not already have a MySonicWALL account open a Web browser and navigate to the following website http www mysonicwall com Follow the on screen prompts to create a user account Activating SonicWALL ViewPoint on Your Appliances To use SonicWALL ViewPoint you must license it on each SonicWALL security appliance for which you want reports The SonicWALL appliance must be registered on MySonicWALL before you can purchase and activate the SonicWALL ViewPoint license for it You must also enable the SonicWALL ViewPoint license on the appliance itself See the following sections e Registering Your SonicWALL Appliance on page 341 e Activating the ViewPoint Software on Your Appliance on page 341 e Enabling the ViewPoint License on Your Appliance on page 342 SonicWALL ViewPoint 6 0 Administrator s Guide Activating SonicWALL ViewPoint on Your Appliances Wax Registering Your SonicWALL Appliance To register the SonicWALL appliance that ViewPoint will monitor perform the following steps 1 Logon to MySonicWALL 2 Click My Products The SonicWALL My Products page displays My Products
62. and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing VPN Usage Reports 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date 9 These settings will stay in effect for all similar reports during your active login session Viewing VPN Usage Over Time The VPN Usage Over Time report displays the daily number of VPN connections made through a SonicWALL appliance or all SonicWALL appliances during the specified time period To view the VPN Usage Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the VPN Usage tree and click Over Time The Over Time page displays VPN Activity I Schedule M print Yo VPN Activity for April 23 2007 April 28 2007 Dote Connections MBytes of MBytes SonicWALL ViewPoint 6 0 Administrator s Guide Viewing VPN Usage Reports Wa 4 The bar graph displays the number of VPN connections made during each day of the specified time period 5 The table contains the following information Dat
63. arcive tme X Oclete the selected schedules V Re send the selected schedules for dates mm dd yyyy Report Oste Mj Report date to generate reports for Used os beyrnng date for Weekly an Monty reports End Date Tj Apples to Weekly and Monthly reports If omitted ow of week or month wi be assumed ote This is a one ome event and wil not affect the Scheckied E Mad Archeve tme Only one set of reports wil be sent for the specified dete date range End Date is cptonal To resend any schedules follow the procedures below 1 Select the Schedule Type Daily Weekly or Monthly from the Search Criteria section and click Start Search This lists all the schedules of the selected type Select the checkboxes of the schedules you want to resend 2 Provide astart date and an end date if applicable Reports are generated for the specified date date range 3 Click Re send the selected schedules for dates Reports are generated for the specific dates and emailed archived as a one time option for all the schedules selected SonicWALL ViewPoint 6 0 Administrator s Guide Management amp Management Report Data Management allows the SonicWALL ViewPoint administrator to backup large amounts of report data incrementally and at specified intervals using MDTA Typically the total amount of data stored in an archive is equal to at least 30 days although best benefits are seen when storing at least 60 days of summarizer data MD
64. as defined in paragraph 52 227 19 c 2 of the Federal Acquisition Regulations FAR Use duplication reproduction or disclosure by the Government is subject to such restrictions or successor provisions Contractor Manufacturer is SonicWALL Inc 2001 Logic Drive San Jose CA 95124 3452 USA SonicWALL ViewPoint 6 0 Administrator s Guide g Exports License Licensee will comply with and will at SonicWALL s request demonstrate such compliance with all applicable export laws restrictions and regulations of the U S Department of Commerce the U S Department of Treasury and any other any U S or foreign agency or authority Licensee will not export or re export or allow the export or re export of any product technology or information it obtains or learns pursuant to this Agreement or any direct product thereof in violation of any such law restriction or regulation including without limitation export or re export to Cuba Iran Iraq Libya North Korea Sudan Syria or any other country subject to applicable U S trade embargoes or restrictions or to any party on the U S Export Administration Table of Denial Orders or the U S Department of Treasury List of Specially Designated Nationals or to any other prohibited destination or person pursuant to U S law regulations or other provisions Miscellaneous This EULA represents the entire agreement concerning the subject matter hereof between the parties and supercedes
65. at the bottom of the screen To stop the viewer click the Stop button 10 To search for text use the browser s Find utility 11 When you are finished close the Syslog Viewer Forwarding Syslog Data to Another Syslog Server To forward SonicWALL ViewPoint syslog data to another syslog server perform the following steps 1 Open the sgmsConfig xml file with a text editor 2 Locate the following line Parameter name syslog forwardTo Host value 3 Add the IP address or hostname of the destination syslog server to the value attribute 4 Save the sgmsConfig xml file and exit SonicWALL ViewPoint 6 0 Administrator s Guide Posting ViewPoint Reporting to Another Web Server for End User Access W amp 5 Ensure that at least firmware 6 3 1 0 is running on the SonicWALL appliances Note To configure SonicWALL ViewPoint to not store the syslog data after it has been forwarded you must disable the ViewPoint Reporting Module To do this open the ViewPoint Settings page in the Console Panel deselect the Enable Reporting check box and click Update Posting ViewPoint Reporting to Another Web Server for End User Access To allow end user access to another web server for end user access install the SonicWALL ViewPoint Console in redundant mode You can then allow end user access to the redundant Console for viewing ViewPoint Reporting real time and historical reports End user access will be i
66. been successfully acquired SonicWALL ViewPoint will then attempt to set up an HTTP or HTTPS connection to access the appliance ViewPoint then reads the appliance configuration and acquires the SonicWALL appliance for reporting This will take a few minutes After the SonicWALL appliance is successfully acquired its icon turns blue its configuration settings are displayed at the unit level and its settings are saved to the database Modifying SonicWALL Appliance Settings If you make a mistake or need to change the settings of an added SonicWALL appliance you can manually modify its settings or how it is managed To modify a SonicWALL appliance perform the following steps 1 Right click the appliance name in the left pane of the SonicWALL ViewPoint UI and select Modify Unit from the pop up menu The Modify Unit dialog box appears 2 The Modify Unit dialog box contains the same options as the Add Unit dialog box For descriptions of the fields see Adding SonicWALL Appliances to SonicWALL ViewPoint page 37 3 When you have finished modifying options click OK The SonicWALL appliance settings are modified Deleting SonicWALL Appliances from ViewPoint To delete a SonicWALL appliance from ViewPoint perform the following steps 1 Right click on a SonicWALL appliance in the left pane and select Delete from the pop up menu SonicWALL ViewPoint 6 0 Administrator s Guide Deleting SonicWALL Appliances from ViewPoi
67. change your password Note You are forced to change your password the first time you login Upgrading SonicWALL ViewPoint 5 1 to 6 0 To upgrade from SonicWALL ViewPoint 5 1 to 6 0 using the the Universal Management Suite 6 0 single binary installer perform the following steps 1 Logon to your SonicWALL ViewPoint management computer as administrator Windows Launch the SonicWALL Universal Management Suite 6 0 installer by double clicking the file sw_gmsvp_win_eng_6 0 xxxx xxxx exe where Xxxxx represent the exact version numbers It may take several seconds for the InstallA nywhere self extractor to initialize In the Introduction screen click N ext In the License A greement screen select the radio button next to I accept the terms of the License Agreement Click N ext 4 When the installer detects that SonicWALL ViewPoint 5 1 is currently installed on the system a notification is displayed Click Install to continue the upgrade 5 The installer begins installing the files using the existing installation folder IP address to which SonicWALL Services bind for capturing syslog and SN MP packets and Web port settings SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading SonicWALL ViewPoint 5 1 to 6 0 6 The Installer displays the installation progress during the few minutes required Upon completion whether or not the system has Windows Firewall enabled a dialog is displayed notifying you to e
68. click in the left pane TreeControl pane of the SonicWALL ViewPoint management interface and select Add Unit The Add Unit dialog box appears OB aid Unit Ur Name Serial Number IP Adcress Login Name adnan Password Access Mode Use Insecure login HTTP Use Secure login HTTPS HTTP Port 80 3 Enter a descriptive name for the SonicWALL appliance in the Unit Name field Note Do not enter the single quote character in the Unit Name field 4 Enter the serial number of the SonicWALL appliance in the Serial Number field Enter the IP address of the SonicWALL appliance in the IP Address field 6 Enter the administrator login name for the SonicWALL appliance in the Login Name field 7 Enter the password used to access the SonicWALL appliance in the Password field 8 For Access Mode select from the following If the SonicWALL appliance will be connected over HTTP select Use Insecure login HTTP SonicWALL ViewPoint 6 0 Administrator s Guide Deleting SonicWALL Appliances from ViewPoint W amp Ifthe SonicWALL appliance will be connected over HTTPS select Use Secure login HTTPS 9 Enter the port used to connect to the SonicWALL appliance in the HTTP S Port field default ports are HTTP 80 HTTPS 443 10 Click OK The new SonicWALL appliance appears in the SonicWALL ViewPoint management interface It will have a yellow icon that indicates it has not yet
69. controls for pagination printing and exporting the report in PDF or CSV format You can also click the Save Template button in this section if you want to save the settings for this report as a template for reuse later See the following sections for detailed information e Toggling Between Split Mode and Full Mode on page 164 e Configuring the Date and Time for Custom Reports on page 166 e Configuring the Report Layout and Generating the Report on page 168 e Generating the Custom Report on page 176 e Viewing a Custom Report on page 177 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using Custom Reports on UTM Appliances e Printing a Page or Exporting the Report as a PDF or CSV File on page 179 e Saving the Report Template on page 180 Toggling Between Split Mode and Full Mode The Custom Report page contains two main sections the Template Section and Report Section which can be displayed together or independently depending on the mode When the Custom Report page is initially displayed for a selected appliance the Template Section is displayed in Full Mode Split Mode is available but the Report Section displays no data until a report has been generated The Custom Report gt Internet Activity page with the Template Section displayed in Full Mode is shown below Template Section lt Split Hode gt Custom Report Internet Activity tempiate Load a Template Dat
70. data a list with mathematical symbols plus the between operator selection will display MBytes ijj v Start 2007 05 01 Search Sotons Between SonicWALL ViewPoint 6 0 Administrator s Guide Navigating ViewPoint Reporting A generated report is shown below with user name Users starting with Start With 10 50 20 the value of the search text field Top Users of Web schede F pnt sun pne 199020 Stat 9 2007 06 01 P Gra ee Top Users of Web far May 1 2807 Q s a a i io B Hts Srowse Time th mmcss Moyes of Mayes 1 10 trs i1253 morn 2 w ros TA 3 so u 22 ss ani ian 3 LA 33 0 2 i Ow 7m J b T a on a 02 2 0 3676 19 409 100 0 A generated report is shown below in which the Hit count Hits column is greater than gt 100 the value of the search field Top Users of Web schedule FE pre a i s00 San 2007 06 01 Cra pers Top Users of Web for May 1 2007 Bio 50 201 Bio Bix Biosci a r of Maytas t 11 251 9 2 42 DER 3 2523 12s 4 La 20 s 0 a 2 7 20 478 100 0 SonicWALL ViewPoint 6 0 Administrator s Guide Navigating ViewPoint Reporting The calendar module of the search bar is shown below You can use the calendar module to easily select a date for the Start or End field You can also manually type in a date For single day reports the End field is disabled Bandwidth Summary schedule FE
71. drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing Intrusion Attempts By Category These reports display the intrusion activity by category including the actual category or classification of the intrusion the priority and the event attacks type By using the category as criteria you can display details about the type message text and number of events To view intrusion attempts by category perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Intrusion Prevention Reports W amp Expand the Intrusion Prevention tree and click By Category The By Category page displays Top Intrusions schedule FE print More Category v fous Start 4 2007 05 04 Search gt J opters Top Intrusions for May 4 7007 2 Category intrusions of intrusions 2 i en 1 5 8236 nos 2 Ares H r Se 4 WEB MISC 3767 ILa The pie chart displays a list of intrusions attempted by category The table contains the following information Category the category of the intrusion attempt Intrusions the number of intrusion
72. each schedule configure either e One Time Occurrence Fill in the Date and Time fields e Recurrence Fill in Days Start Time and End Time fields 6 Click Add to add this schedule to the Schedule List text box Add Schedule Hae Dumain LaceDomain E Description Visible to fa Non Adranctrators Decable a invert Schedte O One time occurrence Date ouniddiyyyy lane 24 br Format ORecorrence Davis Mon C Tus C Wed C Thu Oe C oe Oan Da Rat lene 24 be Format ind Tine 24 be Format Vv add Schredte List V Delete V Delete All Update Reset 7 To delete an entry from the Schedule List text box select the entry that you want to delete and then click Delete Click Delete All to delete all entries 8 Click Update when you are finished SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Granular Event Management Editing an Event Schedule To edit an existing schedule click the amp Edit icon on the right side of the Events gt Schedule screen The screen and procedure for editing are the same as those for adding a schedule See Adding an Event Schedule section on page 104 Adding an Event Schedule Group You can combine several schedules into a schedule group on the Events gt Schedule screen To add a schedule group perform the following steps 1 On the Events gt Schedule screen click the Add Schedule Group button Enter the name of your schedule group in th
73. field To view data for all IP addresses enter All Select the type of events to view from the Message Category list box You can select from the following All Categories Connections Rejected Connections SonicWALL ViewPoint 6 0 Administrator s Guide M Viewing the SSL VPN Log User Events Unrecognized Events 12 To limit the report to messages containing a specific text string enter the text in the Message Text field Leave the field blank to view all messages 13 Select the number of entries to display per page from the Results Per Page field 14 Click Generate Report The Log Search Results page displays Lag Sasca Hecate Sr Augusti JL 205 00 50 02 amp August JI JOU 715888 as of OETA 18 ab Tt TC Cumplayntg records 1 590 of 1015 Next s00 Nethaaecoer vere tart reeder ares NetEsaeccer eye aTTrS 15 To view the next page of entries click Next 16 To generate another report click Search again in the Log Viewer tree SonicWALL ViewPoint 6 0 Administrator s Guide Appendix A Installing SonicWALL ViewPoint This appendix is designed to help you install SonicWALL ViewPoint If you have not used SonicWALL ViewPoint before you might want to familiarize yourself with SonicWALL ViewPoint concepts and features This appendix contains the following sections About Installing and Upgrading SonicWALL ViewPoint section on page 336 Activating SonicWALL ViewPoint
74. file Changing the SQL Server Authentication Mode SonicWALL ViewPoint requires the Mixed Mode authentication mode To change the authentication mode from Windows Mode to Mixed Mode follow these steps 1 Start the Microsoft SQL Server Enterprise Manager 2 Right click the appropriate SQL Server Group and select Properties from the pop up menu Click the Security tab 4 Change the Authentication mode from Windows only to SQL Server and Windows 5 Click OK Reinstalling SonicWALL ViewPoint Using an Existing Database If you need to reinstall SonicWALL ViewPoint but want to preserve the settings in an existing SonicWALL ViewPoint database follow these steps 1 Install anew database using the same username and password that you used for the existing SonicWALL ViewPoint database 2 Install SonicWALL ViewPoint using this new database Stop all SonicWALL ViewPoint services 4 Open the sgmsConfig xml and web xml files with a text editor Change the values for the dbhost and dburl parameters to match the existing SonicWALL ViewPoint database 5 Restart the SonicWALL ViewPoint services 6 Uninstall the new database Uninstalling SonicWALL Universal Management Suite and Its Database This section describes how to uninstall SonicWALL Universal Management Suite and its components Select from the following e To uninstall SonicWALL Universal Management Suite on the Windows platform see Windows on page 370 SonicWALL
75. finished click Search The ViewPoint Reporting Module displays the report for the selected date Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Users of Web Bandwidth The Top Users report displays the users who used the most HTTP bandwidth and the amount of time they spent browsing the Internet on the specified date To view the Top Users report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports 3 Expand the Web Usage tree and click Top Users The Top Users page displays Top Users of Web Y schedule ET print Users v Eques v Start 4 2007 04 27 gt Searen Top Users of Web for April 27 2007 CEE E E E ES hits Browse Time hh mm ss Mayes of MBytes 4 The pie chart displays the percentage of bandwidth transferred by each of the top users 5 The table contains the following information Users the IP address of the user Hits number of hits Browse Time number of hours minutes and seconds spent browsing non job function related sites on the Internet MBytes number of megabytes transferred of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during the day and 200 megabytes was transferred by the
76. from ViewPoint to GMS amp 5 In the left pane right click the same appliance and select Login to Unit gt Using HTTPS Global iew 3 corp sslypn General A sslvpn 1 2 Status a gt Bandwidth I P Resources G8 Find gt Authentication D Refresh gt Configuration ae Rename Unit Log Viewer E Add Unit g Modify Unit E Delete 3 Loginto Unit gt Using HTTPS l 6 In the appliance management interface navigate to the System gt Administration page 7 Under GMS Settings select the Enable GMS Management checkbox or verify that it is selected 8 IntheGMS Host Name orIP Address field paste or type the appliance IP address that you obtained from the Modify Unit screen in Step 3 9 Click the Accept button at the top of the appliance interface screen 10 Click the Logout button in the top right corner of the appliance interface screen 11 Repeat these steps for each appliance listed in the Manual Configuration section of the ViewPoint Upgrade Tool page SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading from ViewPoint to GMS Purchasing a SonicWALL GMS Upgrade You can purchase an upgrade to SonicWALL GMS at any time during the 30 day Free Trial To purchase the SonicWALL GMS license perform the following steps 1 Inthe SonicWALL GMS interface click the GMS Free Trial X Days Left button where X is the number of days left in the Free Trial Semo Today
77. gmsvpserverks Keystore Type ges Keystore Provider SUN verson 1 6 Abas Name grsvoserverks Creation Date Tue Oct 07 11 48 51 POT 2008 Cert cate Chan Length 1 Certficate Detals Owner CN eSoric WALL GMS and ViewPoint Aggication OUsSoftware and P eyi Sener r ea we faie Cenires Cat nic minke CT siian v 5 When finished click Update to apply the changes To revert the fields on the page to their default settings click Reset SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring UMH Deployment Options Controlling Deployment Services The Deployment gt Services page provides a list of the services that are running on your system as part of SonicWALL ViewPoint It also provides a way to stop or start any of the services SONICWALL gt UMH 6 0 9 b M System Host Role amp Deployment Most Rale ViewPent Thetis Anies we Host Services Sevens Service Mame Current State C SonicWALL Urrversal Management Sute Update Manager Started Enabled C SonicWALL Universal Management Suite Syslog Colector Started Enabled C SonicWALL Universal Management Sule Web Server Started Enabled C SonicWALL Universal Management Suite Scheduler Started Enabled C SonicWALL Universal Management Sule Reports Schrecker Started Enabled C Sen WALL Universal Management Suite Reports Summarizer Started Enabled Dematde Stop Enable Start Resiart To stop aservice that is current
78. include spaces in the SonicWALL ViewPoint installation path SonicWALL ViewPoint 6 0 Administrator s Guide 6 7 Installing Universal Management Suite Wa Select the IP address you want SonicWALL Services to bind to for capturing syslog and SNMP packets The default is your management computer IP address To provide a different IP address select the radio button next to Other and enter the IP address Click N ext Ne SonicWALL Universal Management Suite 6 0 Address that Sonicwall Services wal bind to for capturing UDP and SAMP packets 10 0 203 251 Oore M lustullaryatera cancel In the SonicWALL Universal Management Suite Settings window enter the Web server ports for HTTP and HTTPS Ne Sonic WALL Universal Management Suite 6 0 Web Server Ports foe managing the product on this Server HTTP Port 00 HTTPS Port 443 ItistullAreyetheers SonicWALL ViewPoint 6 0 Administrator s Guide installing Universal Management Suite y Tip If you receive the message Cannot bind to the port number specified Please specify a different one the port you specified in Web Server Port is in use by another program for example Internet Information Services IIS Specify another unused Web server port for example 8080 Tip If you specify a custom port you will need to modify the URLs you use to access SonicWALL ViewPoint by using the following format http localh
79. interface click the Logout button in the top right corner of the interface Configuring UMH System Settings This section describes the tasks you can perform on the System pages of the SonicWALL ViewPoint UMH system interface See the following sections e Viewing System Status page 26 e Managing System Licenses page 26 e Configuring System Administration Settings page 28 e Managing System Settings page 29 e Using System Diagnostics page 30 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring UMH System Settings Viewing System Status The System gt Status page provides the general information about the installation including the name which identifies the system as a SonicWALL Universal Management Host the serial number of the SonicWALL ViewPoint instance the software version licensing status and the system role For SonicWALL ViewPoint the role is always ViewPoint O oF hetpe 10 0 14 180 8S appharce lappiarenttareage v x P gt We BE yy SonicWALL Universal Management Host R B p Or O A S SONICWALL UMH 6 0 v System Status Information Suas General uoerses Kame SorecWALL Urevertal Management Mos Serial Number 00 49 02734447 ox r verson 6 0 ui 6017 1172 Thursday December 10 2009 11 343 AM PST Setra Leense oare Ror Diegnosixs b Aa Deployment System z 2 79 Giz 2 Logeal CPUs betal Orve 200 99 G8 of Total 732 73 GH Sipsiogs Drive 200 99 CB of Total 232 75
80. it You can disable a threshold by disabling all its elements You can also disable individual elements within a threshold To enable or disable Thresholds and or their elements perform the following tasks 1 On the Console panel navigate to the Events gt Threshold screen On this screen you are able to view existing Thresholds You can also view existing elements within those thresholds by clicking the expand button by a threshold You have the following two options for the enabling disabling feature You can enable or disable a Threshold by disabling enabling all the elements that exist within it You can enable disable the individual elements within a Threshold 2 To enable or disable a threshold and or elements click the edit button amp that is on the element level SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Granular Event Management 3 Select the Disable checkbox to disable the element or de select the Disable checkbox to enable the element Lit Threshold Lement for Unit Status Over stor is greater than Value J Desuigtjan Exceeds J messed heartbeats Severty A cree non Disable gJ R Update Reset 4 Click Update Configuring Event Schedules The next component on the Console panel is Events gt Schedule In this screen you can add delete or configure schedules and schedule groups Schedule groups are one or more schedules grouped within an object Administrato
81. of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during the period and 200 megabytes was transferred by the top user the of MBytes field will display 20 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports Wa 5 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Web Filter Reports Web filter reports provide information on the number of attempts that users made to access blocked Web sites through the selected SonicWALL appliance s These reports include Web sites blocked by the Content Filter List customized keyword filtering and domain name filtering Web filter reports can be used to view blocked site access attempts by the hour day or over a period of days Additionally you can view the users that most frequ
82. of Netscape Communications Corporation in the U S and other countries Netscape Navigator and Netscape Communicator are also trademarks of Netscape Communications Corporation and may be registered outside the U S Adobe Acrobat and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the U S and or other countries Other product and company names mentioned herein may be trademarks and or registered trademarks of their respective companies and are the sole property of their respective manufacturers End User Licensing Agreement For SonicWall ViewPoint This End User Licensing Agreement EULA is a legal agreement between you and SonicWALL Inc SonicWALL for the SonicWALL software product identified above which includes computer software and any and all associated media printed materials and online or electronic documentation SOFTWARE PRODUCT By opening the sealed package s installing or otherwise using the SOFTWARE PRODUCT you agree to be bound by the terms of this EULA If you do not agree to the terms of this EULA do not open the sealed package s install or use the SOFTWARE PRODUCT You may however return the unopened SOFTWARE PRODUCT to your place of purchase for a full refund The SOFTWARE PRODUCT is licensed not sold You acknowledge and agree that all right title and interest in and to the SOFTWARE PRODUCT including all associated intellectual property rights are and shall rema
83. of bandwidth used by each service during each hour of the day 5 The table contains the following information Protocol the service Events number of events or hits MBytes Number of Megabytes of MBytes percentage of megabytes transferred by this service on the selected day compared to all other services For example if 10 000 megabytes of data was transferred during the day and 5 000 of the megabytes were transferred the of MBytes field will display 50 6 To change the date of the report and other settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports W amp 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Note These settings will stay in effect for all similar reports during your active login session Viewing Web Usage Reports Web usage reports provide information on the amount of Web usage that occurs through the selected SonicWALL appliance s Web usage reports can be used to view Web bandwidth usage by the hour day or over a period of days Additionally you can
84. of entries to be displayed in the report 4 In the Summary Base drop down list use the default Event Count 5 To specify the field for the Level 1 Summary Group click and drag the desired field from the list on the left to the Level 1 Summary Group field and then release your mouse button to drop the field into position The filter operator and input field are displayed next to the field name Level 1 Summary Group User Equals v 6 To specify the field for the Level 2 Summary Group click and drag the desired field from the list on the left to the Level 2 Summary Group field then release your mouse button to drop the field into position The filter operator and input field are displayed next to the field name 7 To specify a filter operator and filter value for a Summary Group select the operator from the drop down list next to the field and type a filter value into the input field to the right of the operator 8 To change the settings back to the defaults click Reset at the bottom of the Template Section Note that this will change the Date Time region as well as the Report Layout region back to default settings Filter Operators When configuring the Report Layout on either the Detailed Report tab or the Summary Report tab you can specify filter values to be matched in the database during report generation Depending on the selected field type text string or numeric several filter operators are available The filter ope
85. on Your Appliances section on page 340 Installing Universal Management Suite section on page 342 Upgrading SonicWALL ViewPoint 5 1 to 6 0 section on page 349 Registering SonicWALL ViewPoint section on page 351 Configuring D eployment Settings section on page 354 Upgrading from ViewPoint to GMS section on page 356 Miscellaneous Procedures and Troubleshooting Tips section on page 368 SonicWALL ViewPoint 6 0 Administrator s Guide About Installing and Upgrading SonicWALL ViewPoint About Installing and Upgrading SonicWALL ViewPoint You can either perform a fresh installation of SonicWALL ViewPoint using the installer or upgrade a previous installation of SonicWALL ViewPoint patched or unpatched The upgrade installer checks with the SonicWALL backend to see if the SonicWALL ViewPoint deployment has valid support If it does not then the upgrade discontinues When the SonicWALL ViewPoint installer detects that the SonicWALL backend site is not accessible it prompts the user to enter an Upgrade Key Inaccessible SonicWALL Backend xi 2 GMS Upgrade Key cme If the key is valid it allows the upgrade to continue If the key is invalid the installation fails Note The upgrade key can be obtained by contacting SonicWALL Technical Support Installing SonicWALL ViewPoint This chapter describes how to install or upgrade SonicWALL ViewPoint To install or upgrade SonicWALL V
86. on page 359 e Completing the Free Trial Upgrade section on page 360 e Configuring Appliances for GMS Management section on page 364 e Purchasing a SonicWALL GMS Upgrade section on page 366 SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading from ViewPoint to GMS W amp Enabling the GMS Free Trial from ViewPoint When five or more devices are connected to SonicWALL ViewPoint reporting the Try GMS Free 30 Days button appears next to the tabs at the top of the SonicWALL ViewPoint management interface To find out how many devices your SonicWALL ViewPoint installation is handling log in to MySonicWALL and navigate to the My Products page Click on the link for your SonicWALL ViewPoint installation to get to the Service Management page and scroll to the bottom You will see the list of appliances under Associated Products To enable the 30 day SonicWALL G MS Free Trial from the SonicWALL ViewPoint management interface perform the following steps 1 In the SonicWALL ViewPoint management interface click the Try GMS Free 30 Days button next to the tabs at the top of the page o To 2 The Viewpoint Upgrade Tool launches and guides you through the process of installing the Free Trial or Upgrade T he tool displays the Upgrade Requirements Licensing screen Before migrating to GMS 5 1 ensure that all appliances under Viewpoint reporting are registered to the same MySonicWALL account Follow the steps pr
87. print More Hour vile Start 4 2007 05 01 Search n options Report Daplay Settings Dapisy Type Chari and Table nterfaces Setings O bidenctiana The detailed options are per report based For example if you select PIE as the chart type for report A you will still see Bar chart in report B if the bar chart was the existing chart type The detailed drop down menu can be expanded by clicking More Options as shown in the red circle below As Figure 1 and Figure 2 show the options in the detailed drop down menu are context based Figure 1 shows the detailed options of the Web Usage By User report As you can see Figure 2 contains different options because it is specific to the By User report Figure 1 Context based Detail Options Top Users of Web schedule E print Report Diapisy enings Spy type Chan and Tabe an e PE v humber of Users 2 y Rows Per screen 20 v SonicWALL ViewPoint 6 0 Administrator s Guide amp Navigating ViewPoint Reporting Figure 2 Web Usage by User Report Display Settings Top Visited Web Sites By User D FPERRA pater User i Eaua stan al 2007 05 02 Sparen Site optons play Settings Number of Users 2s Number of Stes per User 39 v Rows Per Screer 2 v Collapsible TreeControl Pane The unit TreeControl pane can be collapsed to free up screen space by clicking on the the small arrow button to the right of the Add Unit Modify Unit Ref
88. specified date To view the Top Sites report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Web Filter tree and click Top Sites The Top Sites page displays N 2 4 The graph provides a display of the number of access attempts for each of the top twenty blocked Web sites SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports Wa 5 The table contains the following information Site the URL or IP address of the site Attempts the number of attempts Category the Web site category of Attempts percentage of attempts to access the blocked site compared to all other blocked site attempts For example if 500 attempts were made during the day and 100 of those attempts were for www badsite com its of Attempts field will display 20 6 To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Sites Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing the Top Users that Try to Access Blocked Sites The Web Filter Top Users report displays th
89. the Internet for the specified time period To view the Top Users Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Web Usage tree and click Top Users Over Time The Top Users Over Time page displays Top Web Users Usera Egos Start 42037 0423 End 2007 24 28 Scorch OE Top Web Users for April 23 2007 April 28 2007 Seeaggan MOytew Se of Moytes 4 The graph provides a graphical display of the percentage of bandwidth transferred by each of the top users over the specified time period 5 The table contains the following information SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports Site URL or IP address of the site Hits number of hits Browse Time number of hours minutes and seconds spent browsing non job function related sites on the Internet MBytes number of megabytes transferred Category the category of the site of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during the period and 200 megabytes was transferred by the top user the of MBytes field will display 20 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report
90. the SSL VPN tab 2 Select a SSL VPN appliance 3 Expand the Authentication tree and click User Login The User Login page displays User Logins 2 schedule User Hame Equals Start 2007 08 20 Search 4 The table contains the following information Type equal to User Login User Name the user name SonicWALL ViewPoint 6 0 Administrator s Guide Viewing SSL VPN Authentication Reports W amp Source Host the IP address of the user s computer Time the time that the user logged in Duration the duration of the user login session 5 The ViewPoint Reporting Module shows yesterday s report To change the date of the report use the Search Bar and click the Start field to access the drop down calendar 6 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing SSL VPN Failed Login Reports The failed login report shows failed login attempts for users who attempted to log into the SSL VPN appliance during the specified day This report is useful for identifying unauthorized access attempts and potentially malicious activity To view the Failed Login report perform the following steps 1 Click the SSL VPN tab 2 Select a SSL VPN appliance 3 Expand the Authentication tree and click Failed Login The Failed Logins page displays Failed Logins 2 Schedule print User Hame M Equals v Start 2007 08 20 Search
91. top user the of MBytes field will display 20 6 The ViewPoint Reporting Module shows yesterday s report To change the date of the report and other settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports W amp 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 8 To display a limited group of users enter the user IDs in the Search Bar fields Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 9 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing Web Usage by User The By User report displays a list of all users their top sites the number of hits to each site the time spent browsing and the amount of data transferred To view the By User report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Us
92. view the top users of Web bandwidth and view the most visited sites Exclusion settings for Web sites and Web users are available on the Console gt User Settings gt Reports page Web Usage reports will not contain references to the Web sites or users specified on this page For more information see the Configuring Reports Settings section on page 53 For the Summary and Over Time reports and for all reports involving Users the browse time is also provided in one column of the table The browse time is the amount of time consumed browsing the Internet through one or more selected SonicWALL appliances The browse time is not displayed in reports for Category or Sites Note All reports appear in the appliance s time zone Select from the following e Viewing the Web Usage Summary Report on page 192 e Viewing the Top Web Sites on page 194 e Viewing the Top Users of Web Bandwidth on page 195 e Viewing Web Usage by User on page 197 e Viewing Web Usage By Site on page 199 e Viewing Web Usage By Category on page 200 e Viewing Web Usage Over Time on page 202 e Viewing Top Sites Over Time on page 203 e Viewing Top Users Over Time on page 205 e Viewing Web Usage By User Over Time on page 207 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports e Viewing Web Usage By Category Over Time on page 208 Viewing the Web Usage Summary Report
93. when this field is the basis for sorting and indicates ascending or descending order Enabled A green check mark indicates that this schedule is enabled and a red X means that it is disabled Name The name of the report Click on the highlighted report name link to access the report for editing You can click on the column heading to sort by this field An arrow is displayed in the column heading when this field is the basis for sorting and indicates ascending or descending order Type All Daily Schedules Weekly Schedules and Monthly Schedules Unit Group Devices s The host name of the SonicWALL appliance Last Run Local The date when the report was last generated You can click on the column heading to sort by this field An arrow is displayed in the column heading when this field is the basis for sorting and indicates ascending or descending order Status Includes the following report status options Blue Queued waiting to be processed Yellow Currently processing Orange Report completed with errors Red Report failed with errors Green Report processed successfully You can click on the column heading to sort by this field An arrow is displayed in the column heading when this field is the basis for sorting and indicates ascending or descending order Last Run Type Indicates if the most recent run was a scheduled run or a one time execution You can click on the column heading to sort
94. which you can configure in the Console gt Events gt Schedule screen 4 When finished selecting options under Database Backup Schedule click the Update Backup Schedule button 5 Under Database Backup Settings in the Backup files to directory installDir field enter the folder name in which you want to store the backup files 6 Select the Zip files checkbox if you want the backup to be compressed and stored as a zip file SonicWALL GMS 6 0 Administrator s Guide WA Database Maintenance 7 In the Number of backups to store field enter the number of backups you want to store The maximum is 3 When the maximum number of backups is reached in the configured folder the oldest one will be removed when a new backup is created If the folder is changed existing backups in the previous folder will not be deleted 8 When finished selecting options under Database Backup Settings Select the Zip files checkbox if you want the backup to be compressed and stored as a zip file 9 When finished selecting options under Database Backup Settings click the Update Backup Settings button Backing Up a Database Immediately To perform an interactive backup of a database complete the following steps 1 On the Console gt Management gt Database Maintenance page under Immediate Database Backup select the type of backup from the Backup database now drop down list You can select one of the following types Current data
95. wish to generate Custom Reports See Using Custom Reports on UTM Appliances on page 163 N Note The Log Viewer displays raw log information for every connection Depending on the amount of traffic this can quickly consume a large amount of space in the database It is highly recommended to be careful when choosing the number of days of information that will be stored For more information see Scheduling and Configuring Reports on page 133 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing the LogT amp Viewing the Log for a SonicWALL Appliance To view the Log perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Log Viewer tree and click Search The Search page displays i Enable Log Viewer a CEMI ee Start Date Start Time tnd Ome IRORI w End Time 735955 Source IPAher Source Port Destination IP Hosmame Destination Port Message Category Commectics Masssge Text Reswits Per Page oo Note Specifying date time IP address and Message Category will resuh in tamar report generation Ca Gecerste Set 4 Select Enable Log Viewer and then click Update to turn on collection of raw data in the database and enable viewing of that log data This can consume a large amount of space in your database Review your database space constraints before enabling the log viewer The maximum number of appliances for which Log Viewer can be enabled is controll
96. written materials for a period of ninety 90 days from the date of purchase and b any support services provided by SonicWALL shall be substantially as described in applicable written materials provided to you by SonicWALL Any implied warranties on the software product are limited to ninety 90 days Some states and jurisdictions do not allow limitations on duration of an implied warranty so the above limitation may not apply to you Customer Remedies SonicWALL s and its suppliers entire liability and your exclusive remedy shall be at SonicWALL s option either a return of the price paid or b repair or replacement of the SOFTWARE PRODUCT that does not meet SonicWALL s Limited Warranty and which is returned to SonicWALL with a copy of your receipt This Limited Warranty is void if failure of the SOFTWARE PRODUCT has resulted from accident abuse or misapplication Any replacement SOFTWARE PRODUCT shall be warranted for the remainder of the original warranty period or thirty 30 days whichever is longer Outside of the United States neither these remedies nor any product Support Services offered by SonicWALL are available without proof of purchase from an authorized SonicWALL international reseller or distributor No Other Warranties To the maximum extent permitted by applicable law SonicWALL and its suppliers licensors disclaim all other warranties and conditions either express or implied including but not limited to implied wa
97. you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date 9 These settings will stay in effect for all similar reports during your active login session Viewing Attacks Reports Attacks reports show the number of attacks that were directed at or through the selected SonicWALL appliance s These include denial of service attacks intrusions probes and all other malicious activity directed at the SonicWALL appliance or computers on the LAN or DMZ Note All reports appear in the appliance s time zone SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports Wx Select from the following e To view a summary of the attacks see Viewing the Attack Summary Report on page 251 e To view the attacks by attack category see Viewing the Attacks By Category on page 253 e To view the attacks by source IP address see Viewing the Errors Report on page 254 To view a summary of the errors and exceptions see Viewing the Errors Report on page 254 To view attacks over a period of time see Viewing Attack Reports Over Time on page 256 To view errors and exceptions over a period of time see Viewing Errors Over Time on page 258 Viewing the Attack Summary Repo
98. 0 11 Viewing the SSL VPN Log W amp Expand the Log Viewer tree and click Search The Search page displays Log Viewer Settings Enable Log Viewer P UPDATE Start Date 8 21 2007 Start Time 00 00 00 End Date 812112007 M End Time 23 59 59 Source IP All User Destination IP Hostname All Message Category Connections 1 v Message Text blank for all Results Per Page 500 v Note Specifying date time IP address and Message Category will result in faster report generation 7 Generate Report Select Enable Log Viewer and then click Update to turn on collection of raw data in the database and enable viewing of that log data This can consume a large amount of space in your database Review your database space constraints before enabling the log viewer Under Select Search Criteria select the date range to view data from in the Start Date and End Date fields Enter the starting time of events to view in the Start Time field Enter the ending time of events to view in the End Time field To limit the report to data originating from specific IP addresses enter the source IP address in the Source IP field To view all IP addresses enter All To view log entries for data originating from a particular user enter the user name in the User field To limit the report to data going to specific IP addresses or hosts enter the destination IP address or host name in the Destination IP Hostname
99. 0 fa m m j Intrusions of Intrusions 4 The bar graph displays the number of intrusions attempted each day of the specified time period 5 The table contains the following information Date when the sample was taken Intrusions the number of intrusion attempts of Intrusions the percentage of intrusion attempts on this day compared to the time period For example if 10 000 intrusion attempts occurred during the time period and 1 000 intrusion attempts occurred on Thursday its of Intrusions field will display 10 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Intrusion Prevention Reports Viewing Intrusion Reports By Category Over Time You can generate reports that display the intrusion activity by category such as the category priority and events attacks over time Using the category over time statistic as criteria for report generation provides details about the type message text and number of events
100. 05 11 43 DhgAgpianced log 1 575 07 29 2009 02 41 41 DbgAoohence t log 9 765 04 ea 07 29 2009 04 31 05 There are 214 files to view in this category A Sysags Search Fiter p Please Sier the fies uring the Search Fiter box above There are 350 files to view in this category Export Logs Under D ebug Log Settings select the log level from the System D ebug Level drop down list You can select 0 for no debug information 1or 2 for more and 3 for maximum debug information SonicWALL ViewPoint 6 0 Administrator s Guide Configuring UMH Deployment Options W amp In the Test Connectivity section select one of the following radio buttons and then click Test to verify connectivity to that server Database Connectivity Tests connectivity to the database server configured on the Deployment gt Roles page e License Manager Connectivity Type the host name or IP address into the License Manager Host field and click Test to test connectivity to that server SMTP Server Connectivity Tests connectivity to the SMTP server configured on the Deployment gt Settings page In the Download System Log Files section you can enter a filter or search value into either of the Search Filter fields and then press E nter to locate log entries of interest Click the Export Logs button to save the log files to a file on your computer To generate a TSR Technical Support Report select the Technical Support Rep
101. 10 00 04 POT 2009 c P Fremsl Unt edided te Sere WAL GMB ony kat 24 207 174600 POT leq Maragenert Mode HTTPS 300 94 900 443 Ptaa Perr Agent 10 0 9 111 Active Cnagnestics naty iget tare b Website Mocking taha tering Ka gt wP tant Log Grery Saaceasth Lemon of Lak Soncteoos wn SA Config ation Int pemation gt Users Sis z gt w Srubled Ss tre SonicWALL ViewPoint 6 0 Administrator s Guide 4 Upgrading from ViewPoint to GMS Configuring Appliances for GMS Management To manually configure the appliances listed in the Manual Configuration section of the ViewPoint Upgrade Tool page see Step 3 on page 361 perform the following steps for each appliance 1 In the SonicWALL GMS management interface click the tab at the top of the page that corresponds to the type of appliance such as SSL VPN or CDP 2 In the left pane right click one of the listed appliances and select Modify Unit 3 In the Modify Unit screen in the right pane copy the appliance IP address in the Managed Address section to your clipboard or make a note of it m o aaae A MReporls Vies Locau Und Nane gt t tg gt SerialNumber 000601 27Sr48 tg Corp t Ing fee Magai adres Oetermee atonatxaly Specty manually 10 120 1 2 Avertad TU VPN oiae HTTPS Peet HS atenti PO SA AusPenticaton Key aaa Agot P Address Sanchy Apert P 4 4 Click Cancel SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading
102. 306 Viewing SSL VPN Bandwidth Summary Reports The Bandwidth Summary report shows the number of connections handled by a SSL VPN appliance during each hour of the specified day or at the global level by each SSL VPN appliance for the day To view the Bandwidth Summary report perform the following steps 1 Click the SSL VPN tab 2 Select the global icon or a SSL VPN appliance SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing SSL VPN Bandwidth Reports 3 Expand the Bandwidth tree and click Summary The Summary page displays Bandwidth Usage L schedule print Hour o Start 4 2007 08 20 Search Bandwidth Usage for August 20 2007 70 ornections b Cc 10 f j 00 00 0200 G400 0000 0800 1000 1200 09 1600 1800 2000 2200 Hour 4 The graph displays the number of connections to the SSL VPN appliance during each hour of the day 5 The table contains the following information Hour when the sample was taken Connections number of connections to the SSL VPN appliance 6 The ViewPoint Reporting Module shows yesterday s report To change the date of the report click the Start field to access the drop down calendar 7 After selecting a date click Search The ViewPoint Reporting Module displays the report for the selected day Note The date setting will stay in effect for all similar reports during your active login session SonicWALL ViewPoint 6 0 Administrator s Gui
103. A 95124 3452 USA SonicWALL ViewPoint 6 0 Administrator s Guide SonicWALL ViewPoint 6 0 Administrator s Guide Table of Contents Table of Content sseni ran anaua aaa daaa eaaa canes aan ees 1 Chapter 1 Introduction to SONICWALL ViewPoint cccssssessseeereeeeeeeeeeeeeees 9 SONICWALL ViewPoint Overview sesssecsssssssessscsssssssscssesesscensccenseanscessesscenssesuccavscssesenscenssesecsennesasessssees 9 SONICWALL ViewPoint Installation oo sssssssscsssscssssscsseccsssccssuessssecessscessscsssscesssccessccessecsssscesseeessecesseecs 10 License and Registration Requirement ccccccsssesssesssecssescssesssscsssssscssscsssesssesssecsusssssceseecsscesseeeeeees 10 Accessing the Correct Management Interface cscssssessessscsssesssssssesssecssccsseesseccssccsseceseessecsuesesseeseesees 11 Switching Between Management Interfaces sccsssssssssecssessseccsscsssessscsssecssecsssecsscsessssseceescesseesees 12 Taos Amid Tuona Annea aana i a vevassasbani a Eia 12 Navigating the ViewPoint User Interface c ccsssessssssssssescssssssesssssssecssecsseccssssssccesssssecesscesscessccessceasees 13 UIT ME aTa AEA EEEE ENA AAA EE A 13 SSL VPN Pane e te a E AE A E AN ANRE 15 Console Paheli sannan a E AN AN E i A a 16 ViewPoint Views and Status scasagscscssscsssscssessssadscsdasssssczasesshsedeesceessstasascsobsenesscouscsebasacsesenuesssdbiccsaaudcievstbesece 17 Using the ViewPoint TreeControl Menu sssss
104. ALL appliances during the specified day To view the VPN Usage Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing VPN Usage Reports 3 Expand the VPN Usage tree and click Summary The Summary page displays VPN Usage Summary I Schedule E print How ER Start 2007 04 27 D Search VPN Usage Summary tor Apr 27 2007 i Events Maytes of MBytes 4 The bar graph displays the number of VPN connections made during each hour of the day 5 The table contains the following information Hour when the sample was taken Events the number of mail events MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred by this user compared to all users For example if 10 000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user the of MBytes field will display 20 6 The ViewPoint Reporting Module shows yesterday s report To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on pa
105. ALL as part of the Support Services SonicWALL may use such information for its business purposes including for product support and development SonicWALL shall not utilize such technical information in a form that identifies its source Ownership As between the parties SonicWALL retains all title to ownership of and all proprietary rights with respect to the SOFTWARE PRODUCT including but not limited to any images photographs animations video audio music text and applets incorporated into the SOFTWARE PRODUCT the accompanying printed materials and any copies of the SOFTWARE PRODUCT The SOFTWARE PRODUCT is protected by copyrights laws and international treaty provisions The SOFTWARE PRODUCT is licensed not sold This EULA does not convey to you an interest in or to the SOFTWARE PRODUCT but only a limited right of use revocable in accordance with the terms of this EULA U S Government Restricted Rights If you are acquiring the Software including accompanying documentation on behalf of the U S Government the following provisions apply If the Software is supplied to the Department of Defense DoD the Software is subject to Restricted Rights as that term is defined in the DOD Supplement to the Federal Acquisition Regulations DFAR in paragraph 252 227 7013 c 1 If the Software is supplied to any unit or agency of the United States Government other than DOD the Government s rights in the Software will be
106. Add Component Manager dialogue box 2 Select RSS Feed from the Type drop down list This will automatically bring up a list of predefined RSS Feeds you may choose from The Title will default to the Alert Type you choose but you may customize this if you prefer You also will indicate how many Items you want to be shown on the component window as well as the Refresh Interval In this example we will select AP Sports News displaying the first five items every 30 minutes on the component window Add Component Manager Type RSS Feed RSS Feed Details RSS Feeds AP Entertainment News a AP Sports News AP Tech News CNN Top Stories Internet News Security Feed x Title ap Sports News Items E min 5 Refresh Interval in minute s 30 min 5 Cancel 3 Click Add when you are finished This will add the new RSS Feed component window to your SonicToday dashboard To Choose a Custom RSS Feed 1 Click Add Component to bring up the Add Component Manager dialogue box 2 Select RSS Feed from the Type drop down list This will automatically bring up a list of predefined RSS Feeds you may choose from 3 Scroll to the bottom of the predefined list and select Custom RSS Feed Enter the URL of the RSS Feed you would like on your component window SonicWALL ViewPoint 6 0 Administrator s Guide Adding More Pages Note To search a large directory of available RSS Feeds na
107. Anti Spyware These reports include spyware attacks by category spyware attacks over time and spyware attacks by category over time SonicWALL ViewPoint 6 0 Administrator s Guide Navigating the ViewPoint User Interface Wa e View reports on attempted intrusion attacks Intrusion prevention reports are available for appliances that are licensed for SonicWALL Intrusion Prevention Service These reports include intrusion attacks by source IP address intrusion attacks by category intrusion attacks over time and intrusion attacks by category over time e View reports on traffic triggering A pplication Firewall policies A pplication Firewall reports are available for UTM appliances that are licensed for SonicWALL Application Firewall These reports include summary over time top applications top users and top policies e View successful and unsuccessful user and administrator authentication attempts These reports include a user authentication report an administrator authentication report and a failed authentication report View detailed logging information The detailed logging information contains each transaction that occurred on the SonicWALL appliance e View current alerts and access alert settings SSL VPN Panel The SSL VPN panel provides access to SSL VPN appliances and is similar to the UTM panel It is used to view and schedule reports about critical network events and activity such as security threats inappropr
108. Attack Summary report contains information on the number of attempted intrusions on a SonicWALL appliance or all SonicWALL appliances during the specified day To view the IPS Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Intrusion Prevention tree and click Summary The Summary page displays Intrusion Summary cchedute F print oan Nour vl z Start 1 2007 05 04 e Seacch re uyhuve Intrusion Summary for May 4 2007 Irvus on Event Hour intrusions of Intrusions 1 2 00 01 00 2638 8 3 2 01 00 02 00 2709 3 2 3 O2 w gox 4 03 00 0400 273 o 5 04 00 05 00 2758 23 4 The bar graph displays the number of intrusions attempted during each hour of the day 5 The table contains the following information Hour when the sample was taken Intrusions the number of intrusion attempts of Intrusions the percentage of intrusion attempts on this day compared to the time period For example if 10 000 intrusion attempts occurred during the time period and 1 000 intrusion attempts occurred on Thursday its of Intrusions field will display 10 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Intrusion Prevention Reports 6 The ViewPoint Reporting Module shows yesterday s report To change the date of the report use the Search Bar and click the Start or End field to access the
109. Configuring UMH Deployment Options W amp To test connectivity to the database server click Test Connectivity A popup will display the status AA Database cormecton successfully ceated Database Port 0 Database User sa Ostabase URL jddc saserver 127 0 0 LinstanceName s SOAL When finished click Update to apply the changes To revert the fields on the page to their default settings click Reset SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring UMH Deployment Options Configuring Deployment Settings The Deployment gt Settings page provides a way to set the Web ports the SMTP server IP address with the sender and administrator email addresses and the SSL access configuration SONICWALL gt UMH 6 0 eeo gt Bi Systen Web Port C oetiparation Y onure TTP pirt holes ae ting Sences ve SMTP Configuration HT server 30 50 12522 anim Aies reer n aa howe ot o pite Pacet SSL Access Configuration D Dates That galechon alice you to keep the Gofal certficate that comes sith the sgoicaton for use Dy Te VewPort Wen Server for SSL access Fiename for he beyetore uord n graper reris Cus Ths velettor shoes you ty woined o aatom cer tficate for wee by the WienForit Wal Server for GR anceee The angral Sename of Se cortiicate enported all be reniisced wih orevceerverc storss n he bca fe syste Kory store Cer tiare Se iame Keystore Cern cate paasa To configure the Web ports enter t
110. Data Daily At settings Limiting the number of days to store will increase the overall performance of your ViewPoint system and limits the size of the Database Max limit is 2GB Note Summarizer settings for appliance s Aventail EX 1500 Gataprabha QA Avenntail 750 differ between unit and group level The settings at the unit level will override the settings at the Group level Sync appliance s to group level settings Update SSL VPN reports generated in ViewPoint can be exported in PDF format providing easy online transfer For more information about the Summarizer and exporting reports in PDF format see Selecting Reports for Summarization on page 137 Configuring Data Storage Settings on page 139 Using Summarize Now on page 76 Scheduling PDF Compliance Reports on page 144 SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 17 Viewing SSL VPN Reports This chapter describes the available reports for SonicWALL SSL VPN appliances For information on how to configure scheduled reports and summarization see e Using and Configuring SSL VPN Reporting on page 295 Select from the following reports e Viewing General Status Reports section on page 299 e Viewing SSL VPN Bandwidth Reports section on page 301 e Using SSL VPN Custom Reports section on page 307 e Viewing SSL VPN Resources Reports section on page 325 e Viewing SSL VPN Authentication Repo
111. Data Storage Configuration settings 1 On the UTM tab expand the Configuration tree and click Summarizer Settings 2 Scroll down to the Data Storage Configuration section 3 Type the desired number of days to store summarized data into the Days To Store Summarized Data field and then click Update 4 Type the desired number of days to store raw syslog database files into the Days To Store Raw Syslog Databases field and then click Update 5 Type the desired number of days to store raw syslog database files into the Days To Store Raw Syslog Databases field and then click Update 6 Type the desired number of days to store archived XML reports into the Days To Store XML reports field and then click Update Configuring Summarization Data for Top Usage The Reports Summarization Data for Top Usage section of the Configuration gt Summarizer Settings page allows you to enable Web event consolidation and resolve unrated categories When enabled Web event consolidation reduces repetitive syslog event entries within the syslog database Enabling Web Event Consolidation promotes search and summarizer efficiency by consolidating the syslog messages that result from a single click for example a visit to a Web page and further correlates events by time proximity such as multiple visits to the same URL by the same user within a set time and HTTP header information ViewPoint consolidates syslog messages under the main domain name Whe
112. Database Maintenance Wx See the following sections e Configuring Backup Schedule and Settings page 67 e Backing Up a Database Immediately page 68 e Restoring a Database Backup page 68 If you have a SonicWALL UMA appliance you can download and run the Data Export Wizard The wizard will help you configure a Java based client and a corresponding script that you can use to schedule recurring automatic backups For information about the Data Export Tool see the Data Export Wizard section on page 91 Configuring Backup Schedule and Settings To configure the database backup schedule and settings perform the following steps 1 Click the Console tab expand the Management tree and click Database Maintenance The Database Maintenance page displays 2 Under Database Backup Schedule select one of the following from the Database Backup Type drop down list Current data Backs up system information and all data in sgmsdb for the current month sgmsdb contains summarized report data Archived and Raw syslog data Backs up the archived data that is moved from sgmsdb to other files at the end of every month and backs up raw syslog data Complete data Backs up all data including sgmsdb and all archived data and raw syslog data this option requires the most time 3 Select the desired backup schedule from the Database Backup Schedule drop down list You can select a pre configured schedule or a custom schedule
113. Go bo bitten Jnemee anpara corm For heip SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading from ViewPoint to GMSW amp 5 Inthe next ViewPoint Upgrade Tool page click the Try link in the Free Trial column for Global Management System Viewpoint Upgrade Too Step 1 Upgrade the License Use the kere upgrade screen provided below to upgrade the icense from Viewpoint to GMS Security Servier Status Free Trial Mansge Service Count Papiration Goba Management System Not Wcanced I Uso ade vevent Lkersey Uate 6 From this point the upgrade process continues with the same steps for access from either the SonicWALL ViewPoint interface or the Universal Management Host interface To continue the procedure perform the steps in the Completing the Free Trial Upgrade section on page 360 Enabling the GMS Free Trial from the UMH Interface To enable the 30 day Free Trial of SonicWALL GMS from the Universal Management Host interface on your SonicWALL ViewPoint system perform the following steps 1 In the Universal Management Host interface navigate to the System gt Licenses page and click Manage Licenses SONICWALL UMH 5 1 0 0 0 Lene Management Satin mis Sera Number 00401022F00C Fi Securty Servie Status Count Fapa abion AIEI oN Y senny Global MADANA yp Eae Nek Liceedend Meor Leaneed Urrats Manage ixeraes Refresh Leerdes tied Licerdes 2 If you are not already logged into MySonicWA LL the MySonicWALL logi
114. Guide Viewing Mail Usage Reports W amp 3 Expand the Mail Usage tree and click Summary The Summary page displays Mail Usage J Schedule prim Start 9 2007 04 27 Search e aptons Hail Usage for April 27 2007 Math Mour Events MBytes of MBytes 4 The bar graph displays the amount of mail sent and received during each hour of the day 5 The table contains the following information Hour when the sample was taken Events the number of mail events MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred during this hour compared to the day For example if 10 000 megabytes of mail was transferred during the day and 1 000 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 6 The ViewPoint Reporting Module shows yesterday s report To change the date of the report or the report display settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date SonicWALL ViewPoint 6 0 Administrator s Guide Viewing M
115. L ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports W amp Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 9 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing Web Usage By Site The By Site report displays a list of all sites the users that accessed the sites the number of hits to each site and the amount of data transferred To view the By Site report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Web Usage tree and click By Site The By Site page displays Top Visited Web Sites By Site I Schedule F print v ques v Start 42007 042 fe E Top Visited Web Sites Dy Site fos April 27 2007 4 The table contains the following information Site the URL of the site Hits the number of hits to the Web site by user MBytes the number of megabytes transferred by the user Category the category of the site SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports 5 You can navigate directly from the Web Usage gt By Site page to a Web Usage gt By User page detailing the information of the users who have been browsi
116. PN Resources Top Users Reports The Resources Top Users report displays the users who used the most connections on the specified date SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing SSL VPN Resources Reports To view the Resources Top Users report perform the following steps 1 Click the SSL VPN tab 2 Select a SSL VPN appliance 3 Expand the Resources tree and click Top Users The Top Users page displays Top Users of Resources schedule Hh print UserName Equals v Stari 41 2008 05 10 Search Top Users of Resources for May 10 2009 TOTTE mases Lib salye 7 bata 8 dtelebovnbi 7 User Name Connections a 1 sphreon z5 bn u 3 ctelehowshi Soyer S hus 4 meat 7 smee J 8 pncatelos J 9 te te 1 TOTAL 74 4 The pie chart displays the percentage of connections used by each user 5 The table contains the following information for all users Users the user name Connections number of connection events or hits SonicWALL ViewPoint 6 0 Administrator s Guide Viewing SSL VPN Resources Reports W amp 6 To view the resources by service or protocol used by a particular user click the user slice in the pie chart or the user name in the table to drill down for this information Resource Detail for dtelehowski ovat tack Resource Detail fer May 10 2009 Wethxtender s 2 OPSJave 8 eoue Name Sonnections 7 To return to the Resources
117. SonicWALL Reporting Solutions REPORTING SonicWALL ViewPoint SonicWALL ViewPoint 6 0 Administrator s Guide SONICWALL gt SonicWALL ViewPoint Administrator s Guide Version 6 0 SonicWALL Inc 2001 Logic Drive San Jose CA 95124 3452 Phone 1 408 745 9600 Fax 1 408 745 9300 E mail info sonicwall com SonicWALL ViewPoint 6 0 Administrator s Guide g Copyright Notice 2010 SonicWALL Inc All rights reserved Under the copyright laws this manual or the software described within can not be copied in whole or part without the written consent of the manufacturer except in the normal use of the software to make a backup copy The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original This exception does not allow copies to be made for others whether or not sold but all of the material purchased with all backup copies can be sold given or loaned to another person Under the law copying includes translating into another language or format Specifications and descriptions subject to change without notice Trademarks SonicWALL is a registered trademark of SonicWALL Inc Windows XP Windows Vista Windows 7 Windows Server 2008 Windows Server 2003 Internet Explorer and Active Directory are trademarks or registered trademarks of Microsoft Corporation Firefox is a trademark of the Mozilla Foundation Netscape is a registered trademark
118. Split Mode and Full Mode 1 Select a unit for which Log Viewer is enabled and then navigate to the Custom Report page 2 On a page that is currently displayed in Full Mode to change the view to Split Mode click the lt Split Mode gt button at the right side of the section heading 3 On a page that is currently displayed in Split Mode do one of the following to change to a Full Mode display of either the Template Section or the Report Section Click the lt Full Mode gt button to the right of the Template Section heading Click the lt Full Mode gt button to the right of the Report Section heading SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using Custom Reports on UTM Appliances Configuring the Date and Time for Custom Reports At the top of the Template Section of the Custom Report page the Date Time region provides a way to designate the time period to use when generating the report You can select either a Dynamic Date Range or a Static Date Range Both the Dynamic Date Range and the Static Date Range provide Start Time and End Time settings By using the Start Time and End Time fields you can specify the exact hour minute and second for both the beginning and the end of the period for the report When a start and end time is specified for a date range containing multiple days the start end times are applied to each day of the period when analyzing data for the report The default is to include da
119. TA allows this archive to be built over time archiving as little as 1 day of data each time the MDTA process is run Note Total days to store summarized data in reports is set separately in the Console gt Reports gt Summarizer screen Set this field for a value greater than 60 days for best results Report Data Management Settings vi Lrable Data archive _ Updeto Save Data Archive Transaction Logs Update Note This feature amp available ordy on MS SCA database Next Scheduled archive Time meniddtyeyy hA min 12 16 2009 oy inv uodate Number of Days To Archive 1 paxe Arde Date Immediately Update Note Database mantenance jobs should Soe the completion of Neat Schedved Ardive Tine ard Delete Syshoy Data Daly At scheduled furs See documentation for details Hex k Schedted Archive Tine i teins eri 0 10 Last Archeve Time 09 21 2009 10 at Last Archeve Stats inber of days pend ed Time takene min gt 1 0 0 Configuring Report Data Management As an administrator you choose the number of days worth of data to archive each time the MDTA process is run With the exception of the current month all available data is eligible for archiving For example if you specify 3 days as the number of days to archive MDTA will archive 3 days of data starting with the oldest available data and will repeat this process every day In order to obtain optimal performance when viewing reports however SonicWALL ViewPoint ensu
120. The bar graph displays the amount of FTP bandwidth transferred during each hour of the day 5 The table contains the following information Hour when the sample was taken Events the number of FTP events MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of FTP data was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 6 The ViewPoint Reporting Module shows yesterday s report To change the date or other report settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart See Managing Report Settings on page 154 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing File Transfer Protocol Reports Wa 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing the Top FTP Sites By User The By User report displays the users who used the most FTP bandwidth on the specified date To view the By User report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the FTP Usage tree a
121. This is helpful when viewing some reports or other extra wide screens E MyReports iew SB MyRepo R Hide TreeControl Panel Engg Production 7 Sais eee SMe INGE Statusi To open a TreeControl appliance menu right click MyReportsView or a Unit icon MyReports iew MyReportsYiew Y Ge Engg Prod Collapse Engg Prod T2 170 Sim an m y TZ 170 Sir n O68 Find 5 Eind FD Refresh SSS Refresh e Add Unit le Rename Unit E Delete Se E Add Unit g Modify Unit E Delete E Login to Unit gt The following options are available in the right click menu e Find Opens a Find dialog box that allows you to search for units e Refresh Refreshes the ViewPoint UI display Rename Unit unit view only Renames the selected SonicWALL appliance Add Unit Add anew unit to the ViewPoint view Requires unit IP and login information Modify Unit unit view only Change basic settings for the selected unit including unit name IP and login information and serial number SonicWALL ViewPoint 6 0 Administrator s Guide About Signed Applets in SonicWALL ViewPointW amp e Delete Delete the selected unit e Login to Unit unit view only Login to the selected unit using HTTP or HTTPS protocols About Signed Applets in SonicWALL ViewPoint There are anumber of applets in the SonicWALL ViewPoint manag
122. Usage Top Appliances The Summarizer Usage Top Appliances section displays information about the appliances serviced by this summarizer that used the most summarizer time Details are given about which reports were generated and their summarizer execution time SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer Status Syslog File Information This section displays syslog file details for the selected summarizer Y Syslog File Information Syslog File Type File Stats Oldest Unprocessed Files 12 Files 51 01MB Mon Sep 28 10 25 06 PDT 2009 Processed Files 1 Files 4 77MB Mon Sep 28 10 24 59 PDT 2009 Upload Pending Files 3Files 11 26MB Mon Sep 28 10 25 07 PDT 2009 Bad Files 3 Files 0 29MB Mon Jun 01 16 20 37 PDT 2009 The Syslog File Information table is divided into three columns Syslog File Type The type of files being reported on There are ten main syslog file types Processed Files Unprocessed Files Grouped Files Not Mine Files Infected Files Archived Files Bad Files Upload Pending Files Uploaded Files Bad Upload Files File Stats The number of syslog files in the category and their size in Megabytes Oldest The date and time on the oldest file in the category Summarizer Process Details The Summarizer Process Details section shows what tasks the summarizer is performing at the moment the Console gt Diagnostics gt Summarizer Status page displ
123. WALL ViewPoint database see Reinstalling SonicWALL ViewPoint Using an Existing Database on page 369 e Ifyou need to uninstall SonicWALL ViewPoint from a server it is important to do it correctly To uninstall SonicWALL ViewPoint see Uninstalling SonicWALL Universal Management Suite and Its D atabase on page 369 Backing up SonicWALL ViewPoint Data SonicWALL ViewPoint stores its configuration data in the SG MSD B database It is important to back up this database and the individual SonicWALL ViewPoint databases sgmsvp_yyyy_mm_dd on a regular basis The Console gt Management gt Database Maintenance page provides the necessary support for backing up and restoring the MySQL database that is bundled with SonicWALL UMS For more information see the Database Maintenance section on page 66 If you are using SQL Server this can be accomplished by backing up the entire SQL Server using the database backup tool When using this tool there is no need to stop the SonicWALL ViewPoint services for database backup However make sure that the backup occurs when SonicWALL ViewPoint activity is the lowest and that the backup operation schedule does not clash with the SonicWALL ViewPoint scheduler SonicWALL ViewPoint 6 0 Administrator s Guide Miscellaneous Procedures and Troubleshooting Tips Wax Note Itis also recommended to regularly back up the entire contents of the SonicWALL ViewPoint directory the sgmsConfig xml
124. Web Services resources Each URI is composed of both static and dynamic parts which differ based on each particular deployment The following provides a typical though not comprehensive URI example https protocol host name or IP address serial number of the appliance dynamic https 10 0 14 150 ws screenAttributes 0001B123C45D 1003 Web Service Web Services screen ID name application name dynamic Note For more information on configuring and using Web Services in your deployment download the GMS Web Services Technote at lt http www sonicwall com us support html gt SonicWALL ViewPoint 6 0 Administrator s Guide Settings Settings The Settings screen allows configuration of a secure HTTPS Public URI for use with Web Services features The public URI specified here is used to access Web Services and to ensure proper embedded cross links between Web Services applications To configure Web Services Settings 1 Navigate to the Web Services gt Settings screen on the Console panel P User Settings GMS Deployment log wept 1 Y Select the depkrymert to corfagze Web Services for Management gt Repects Diagnostics P Events Web Services i Settings public dampa Te ane aft An which GMG tb Sera Seon 4 sce Dephyymert Settings gt ne update ver name for this deploymert This name rl be used Nites f 10 0 14 150 9445 ont this server arai wil be nchaded n eerdechied
125. a and syslog data Data Storage Configuration Days To Store Sumenenced Date 60 Update Days To Rore Raw Sysiog Ostebeses JU Update Oasys To Sore Rary Syslog Files 30 Update Days to store XML reports 61 Lindane nite Deletion of old data occurs everyday at 14230 To change the schedted delebon time please go to the Console Parel Reports gt Summerizer screen Delete Syslog Osta Daty Al settings Limiting the number of days to store wil increase the overal performance of your Vienn ont sytem ard n s Ure size of the Database Max init 268 For all fields in this section the minimum values should be 3 days and will typically be longer Raw syslog data is transferred to the ViewPoint system by individual SonicWALL appliances where it is stored in raw syslog files The data from these files is combined and stored in a raw syslog database Data from this database is processed by the Summarizer and then stored in the summarized data database SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Summarization Data for Top Usage The raw syslog files and databases older than the number of days specified here will get deleted by the global daily deletion schedule configured on the Console gt Reports gt Summarizer page That page also provides a way to delete the summarized database for a certain date See the Configuring the Syslog Deletion Schedule Settings section on page 78 To configure the
126. age click Update To clear the screen settings and start over click Reset Synchronizing Model Codes The Sync Model Codes feature accommodates new SonicWALL product introductions without the need for ViewPoint update When SonicWALL updates the the corporate server MySonicWALL with a new product code it then becomes available to ViewPoint The task is scheduled to run every 24 hours and is also available manually To synchronize model codes immediately 1 On the Console gt Management gt Settings page click Sync Model Codes information now 2 Ashorttime later the page is updated to display the synchronization status at the top SonicWALL GMS 6 0 Administrator s Guide U Alert Settings Alert Settings The Alert Settings page specifies which email addresses receive email alerts and notifications during specific times To configure the alert notification settings perform the following steps 1 Click the Console tab expand the Management tree and click Alert Settings The Alert Settings page displays E Mail Alert Recipient Schedule Note You can enter multiple email addresses separated by semicolon Weekday Schedule 1 am_support somecompany com 00 v to 08 hours Schedule 2 admin somecompany com suppor 08 to 16 hours Schedule 3 pm_support somecompany com 16 M to 00 v hours Weekend Saturday on_call somecompany com Sunday on_call somecompany com E Mail Alert Format Prefer
127. age Reports 3 Expand the Web Usage tree and click By User The By User page displays Top Visited Web Sites By User P schedule FE print user Equals v Start 2007 04 27 P Search ji Top Visted Web Sites By User for April 27 2007 4 The table contains the following information User the IP address of the user Hits the number of hits to each Web site visited by the user Browse Time number of hours minutes and seconds spent browsing non job function related sites on the Internet MBytes the number of megabytes transferred 5 You can navigate directly from the Web Usage gt By User page to a Web Usage gt By Site page detailing the information of the site the user has been browsing Click the Plus sign to the left of the User name or IP address to show details and then hover the mouse over a site A sticky tooltip will display with a link to the corresponding site s report page 6 The ViewPoint Reporting Module shows yesterday s report To change the date of the report and other settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Number of Users Number of Sites per User Rows per Screen See Managing Report Settings on page 154 8 To display a limited group of users enter the user IDs in the Search Bar fields SonicWAL
128. age displays Errors amp Exceptions schedute FE pre 2007 64 27 P3 Mor Hasr Start 42007 0427 r Search Irrors A Deceptions fer Apri 27 2007 Hour Packets of Pockets 00 00 01 00 7 1 9 0100 0200 S33 4 2 03 S32 ry O20 s 0200 80 aa 4 The bar graph displays the packets that were dropped during each hour of the day 5 The table contains the following information Hour when the sample was taken Packets the number of dropped packets of Packets the percentage of packets dropped during this hour compared to the day For example if 1 000 packets were dropped during the day and 100 packets were dropped during the 1 00 time period the of Packets field will display 10 6 The ViewPoint Reporting Module shows yesterday s report To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports Viewing Attack Reports Over Time The Attacks Over Time report displays the daily number of at
129. agement gt 3doys aD aa b Gen auren afun a ann siv eh shity rinis gt Irinas ann w Lom Euit gt X Messag Sucress amp logn inen the system by user admin Raw Syslog OF Statistics Database rmwsydogdib_ 2C Raw gydag fir uplesd completed The syleg fies hw Aaw Sysieg firs selected for upicsnd 3 fies selected gt Aaw wenn fir ninad started m w AP Entertainment Hews 5 Euit gt X gt Chentian Sale arrested released denies assmit gt amp gt Gossip Gof wil launch new racy promos OMG gt 2 gt Frm sues Courtney Love over Nirvana catalog sale gt gt Picasso s Guernica gets health check gt 2 hours ago gt Sanas Brothers huy hane n Dakas Fort Warth area zi gt gt Internet Mewes 11 gt tntels Fusitting Blocks Thread pen Sauce A gt San Francien Hark Where Was the Oversight gt Sybase Phone Support f Nates Exchange gt San Francesco Hack Where Was the Oversight gt Sybase Phone Suppeart for Notes Exchange gt Sun Bets on Channel Serategy Revamp SonicWALL ViewPoint 6 0 Administrator s Guide Adding a Component Window RSS Feed RSS Feed is a component window designed to keep you updated with what is going on in the IT and Security World as well as all around the globe This section contains procedures for customizing an RSS Feed component window on your SonicToday dashboard To choose a Predefined RSS Feed 1 Click Add Component to bring up the
130. ail Usage Reports Viewing the Top Users of Mail Bandwidth The Top Users report displays the users who sent and received the most mail on the specified date To view the Top Users report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Mail Usage tree and click Top Users The Top Users page displays Top Mail Users I Schedule print Top Mail Users for April 27 2007 nnan users Eens __Mytew Total 4 The pie chart displays the percentage of mail sent and received by the top mail users 5 The table contains the following information Users the IP address of the user Events the number of mail messages sent and received MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred by this user compared to all users For example if 10000 megabytes of data was transferred during the day and 2000 megabytes was transferred by the top user the of MBytes field will display 20 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Mail Usage Reports W amp 6 By default the ViewPoint Reporting Module shows yesterday s report a pie chart and the ten top users To change the date of the report or the report display settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settin
131. akes up 500 of the attacks its of Attacks field will display 10 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing Errors Over Time The Errors Over Time report displays the number of errors during the specified time period To view the Errors Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports Wx 3 Expand the Attacks tree and click Errors Over Time The Dropped Packets amp Exceptions page displays Dropped Packets amp Exceptions D lt credate D nnt Daw Yo v wi 4 2007 46 73 Ena 2007 06 25 Dropped Packets amp Exceptions for April 23 2007 April 28 2007 x awit x i i f Dole Dropped Packets of Errors 4 The bar graph displays the number of packets that were dropped during each day of the specified time period 5 The table contains the following i
132. al 2100 100 0 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Anti Spyware Reports 4 The pie chart displays the percentage of spyware attempts by category 5 The table contains the following information Category the category of the spyware Attempts the number of times the spyware attempted to infect the device using the category as a criteria of Attempts the percent of attempts the current spyware entry comprises as a portion of the aggregate number of spyware attempts using the category as a criteria 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing Spyware Attempts Over Time You can display spyware attempts over a set time interval These reports are available at the unit and global levels similar to the other summary reports To view spyware attempts using pre set time intervals as the viewing criteria perform the following steps 1 Click the UTM tab 2 Select the global icon or a So
133. al bandwidth reports do not always provide a complete picture of network bandwidth usage If a large amount of mail traffic occurs during peak times you might want to take some of the following actions Add bandwidth e Upgrade network equipment Ask employees to use compression or transfer large files during non peak times Ask employees to place large files on an FTP site rather than sending them as mail attachments SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Mail Usage Reports Note All reports appear in the appliance s time zone Select from the following e To view a summary of the daily mail usage see Viewing the Mail Usage Summary Report on page 232 To view the users who consume the most mail bandwidth see Viewing the Top Users of Mail Bandwidth on page 234 To view mail usage over a period of time see Viewing Mail Usage Over Time on page 235 To view the users who consume the most mail bandwidth over time see Viewing the Top Users of Mail Bandwidth Over Time on page 237 Viewing the Mail Usage Summary Report The Mail Usage Summary report contains information on the amount of mail handled by a SonicWALL appliance or all SonicWALL appliances during the specified day To view the Mail Usage Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s
134. al number of bytes received and transmitted User Adds a column containing the user ID For a UTM Website Filtering report the Select report field drop down list contains four data categories that you can add as column headings in the report The categories are Full URL Adds a column containing the full URL of each logged Web site e Category Adds a column containing the category of each logged site such as Gambling or Adult Mature Content Domain Adds a column containing the domain name of each logged Web site e User Adds a column containing the user ID To include a field in the report select a choice from the list and then click Add When you click Add a row is populated in the table below which has three column headings Field Filter and Options Note When you place your mouse cursor over the row under the Field heading the cursor changes to a move cursor You can drag and drop the rows to rearrange the column ordering in the final report In the Filter column two fields are displayed an operator field and an input field The operator field is a drop down list containing the operator choices for the selected report field See Filter Operators on page 175 for a description of each operator The input field can be a drop down list or a standard input field depending on the selected report field The operators and input fields are defined in Table 5 for each report field Son
135. and Configuring SSL VPN Reporting ccsssssscsssessssssecssecssecssesssecsseesssssssecssesessesseessssesseessees 295 About Viewing Available SSL VPN Report Types cc ssscsssesssesssecssssssesssssssesssecssscsssessecsseesseeeseees 295 Configuring SSL VPN Scheduled Reports c scssssesssssssesssescsesssessssssseessscsssecssccssesssesesesssseceseseseenes 296 Configuring SSL VPN Summarization c ccccssecsssssssssssssssessseecssssssessuscssecssscssescssecsecsssecssecssesesecasees 297 Chapter 17 Viewing SSL VPN Reports sassssnnnsnnnnnnnnunnnnnnnnnnnnunnnnnnnnnnnnnnnnnn nnne 299 Viewing G eneral Status Reports is ccsssssdssicssiscsesssssasssscasecevscscascsnssdedsscsonsscinsessssotesssdesesesescesevastnasscoveseeddiets 299 Viewing SSL VPN Bandwidth Reports ssssccssscssssecsseecsseccssueccsueccssscessuessssecessecssnsccsneeesseecssseeenseees 301 Viewing SSL VPN Bandwidth Summary Reports c scsssssssesssesssssssessecssecssecssssessecessesseesseesseees 301 Viewing SSL VPN Top Users of Bandwidth Reports ssssssssssssssssssssesesserssssssseeeeeressssssseeseeresss 303 Viewing SSL VPN Bandwidth Usage Over Time Reports sccsssssssessecssesssessssscsesssecsseesseesseess 304 Viewing SSL VPN Top Users of Bandwidth Over Time Reports ssssssssssssssssssssrssesssssseseseressesss 306 Using SSL VPN Custom Reports ccsssssssssssssscsscssnesssssnssscssncsusssnssscssnesscssncessssncessessesscesneessesneeneesnees 307 Toggling Betwee
136. ange 1 Select a unit for which Log Viewer is enabled and then navigate to the page under Custom Report for the report type you want 2 In the Template Section under Date Time select the Dynamic Date Range radio button 3 In the drop down list select Today Yesterday Week to Date or Month to Date 4 For the Start Time select the hour minute and second from the drop down lists in the Dynamic Date Range row These settings specify the earliest data to be included in the report for each day of the date range 5 For the End Time select the hour minute and second from the drop down lists These settings specify the most recent data to be included in the report for each day of the date range 6 To change the settings back to the defaults click Reset at the bottom of the Template Section Note that this will change the Report Layout region as well as the Date Time region back to default settings Static Date Range The Static Date Range selection allows you to specify the exact dates starting and ending times on the days in the selected date range for the log data to be used for the report You can specify a single date or a date range and indicate the exact hour minute and second for both the beginning and the end of the daily period for the report A popup calendar makes it easy to select the Start Date and End Date for the date range Date Time Dynamic Oste Range Tocasy tart Dete Stalk Date Range
137. ansferred of MBytes the percentage of megabytes transferred by this user compared to all users For example if 10 000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user the of MBytes field will display 20 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing VPN Usage Reports 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 8 To display a limited group of users use the Search Bar fields The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 9 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing VPN Usage Reports VPN Usage reports provide information on the amount of VPN usage that occurs through the selected SonicWALL appliance s VPN Usage reports can be used to view VPN usage by the hour day or over a period of days Additionally you can view the top users of VPN General bandwidth reports do not always provide a complete picture
138. atabase executable binary files for all services and other necessary files are installed using the Universal Management Suite UMS single binary installer All SonicWALL ViewPoint and SonicWALL GMS files are installed as part of the Universal Management Suite but no distinction is made between SonicWALL ViewPoint and SonicWALL GMS during the installation The initial installation phase takes just a few minutes for any type of installation such as a SonicWALL ViewPoint server a SonicWALL GMS server a database server or any other role To install the Universal Management Suite from the single binary installer see the Installing Universal Management Suite section on page 342 License and Registration Requirements SonicWALL ViewPoint is registered and licensed from the Windows server on which it is installed SonicWALL ViewPoint registration is performed using the SonicWALL Universal Management Host system interface T he Registering SonicWALL ViewPoint section on page 351 provides detailed instructions for registering and licensing SonicWALL ViewPoint on your Windows system On SonicWALL appliances that send reporting data to SonicWALL ViewPoint ViewPoint is licensed and activated separately from SonicO S MySonicWALL provides a way to associate SonicWALL appliances with the SonicWALL ViewPoint instance installed on the Windows system Licensing your SonicWALL ViewPoint application on a SonicWALL appliance requires SonicWALL V
139. ategory such as the category priority and events attacks over time Using the category over time statistic as criteria for report generation provides details about the type message text and number of events To view Anti Spyware attempts using categories over time intervals as the viewing criteria perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Anti Spyware tree and click By Category Over Time The By Category Over Time page displays Top Soywore Catogones fer August 5 2006 Apquat 22 SWG gt ae iQ a ___ Category _Attemptsy _ of Attamots 4 The pie chart displays the percentage of spyware attempts by category The table contains the following information Category the category of the virus Attempts the number of times the spyware attempted to infect the device during a pre set time interval of Attempts the percent of attempts the current spyware entry comprises as a portion of the aggregate number of spyware attempts on the device during a pre set time interval 5 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Intrusion Prevention Reports W amp 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only
140. attempts of Intrusions the percentage of intrusion attempts as a portion of the aggregate number of intrusion attempts using the category as a criteria To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Intrusion Prevention Reports 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing Intrusions Over Time The Over Time report displays the daily number of intrusion attempts during the specified time period To view the Intrusions Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Intrusion Prevention Reports W amp 3 Expand the Intrusion Prevention tree and click Intrusions Over Time The Intrusions Over Time page displays Intrusions Detected J Schedule P Print Y Start 4 2007 64 29 E 2067 05 64 gt Sear Intrusions Detected for April 29 2007 May 4 2007 rA z fin ri f 4j 1 400
141. ays Refresh your browser display or leave the page and return to it to update the information SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer Status Wa If the summarizer is currently running the page displays the thread appliance identifier file being used and state of the summarizer Y Summarizer Process Details Number of threads currently running 1 Thread Appliance File State gt 0017c52c59f1 1 20090925_100212_to_20090925_121817_0017C52C59F1_FIREWALL__1 unp Summarizing Fri Sep 25 10 02 12 PDT 2009 Fri Sep 25 12 18 17 PDT 2009 File If the summarizer is currently idle the page displays the last run time and next run time Y Summarizer Process Details Summarizer is idle Last Run Time 12 21 2009 14 32 23 Next Run Time 12 21 2009 22 32 23 SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer Status SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 10 Granular Event Management This chapter describes how to configure and use the Granular Event Management GEM feature in a ViewPoint environment This chapter contains the following sections e Granular Event Management Overview section on page 97 e Using Granular Event Management section on page 99 e Configuring Granular Event Management section on page 101 e Viewing Current Alerts section on page 108 Granular Event Management Overview Granular Event Management GEM provides a customized and co
142. ays the report for the selected date range Viewing the Failed Login Report The failed login report shows failed login attempts for users and administrators that attempted to log on to the SonicWALL appliance during the specified day This report is useful for identifying unauthorized access attempts and potentially malicious activity To view the Failed Login report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing the Log 3 Expand the Authentication tree and click Failed Login The page displays SS V2 Displaying records 1 Tof 1 Prov 1 Next 1 4 The table contains the following information User the user name Time time the user logged in IP Address IP address of the user 5 The ViewPoint Reporting Module shows yesterday s report To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar See Managing Report Settings on page 154 6 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing the Log The Log Viewer contains detailed information on each transaction that occurred on the SonicWALL appliance This information is stored for the time that you specified in the configuration settings It is necessary to enable the Log Viewer for UTM or SSL VPN appliances for which you
143. bar has intuitive search fields to provide context based searching Users v Equals v Start 2007 05 01 gt bbl The search bar contains a number of helpful components that allow you to specify search parameters and locate a report with ease The components of the search bar include e A column drop down list The searchable column drop down list contains all the searchable columns of a report It is context based containing different options in different reports The column drop down list defines criteria for the search and filter functions An operator drop down list There are two types of operator sets If the content of the selected column is character based a character based list is displayed If the column contains numerical data a list with mathematical symbols is displayed A search text field You can input a search string into this field Start date and end date calendar fields You can also search for reports by date Clicking on the Start field displays a drop down calendar where you can select day month and year by using the side arrows to navigate You may also navigate through dates by clicking on the arrows located beside the start date and the end date fields Detailed drop down menu SonicWALL ViewPoint 6 0 Administrator s Guide Navigating ViewPoint Reporting The collapsed and expanded Search Bar views are shown below Bandwidth Summary schedule EE print iow A E E A EE tn
144. ble contains the following information for all users Users the user name of the user Connections number of connection events or hits 6 The ViewPoint Reporting Module shows yesterday s report To change the date range of the report click the Start or End field to access the drop down calendar 7 To display a limited group of users enter the user IDs in the Search Bar fields Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected users and date range Note These settings will stay in effect for all similar reports during your active login session SSL VPN Custom Reports Custom Reports are available at the unit level for appliances visible on the SSL VPN tab Log Viewer must be enabled for the appliance For information about enabling Log Viewer see Viewing the SSL VPN Log on page 332 When configuring a Custom Report on the Resource Activity page the Template Section acts as a query builder You select the criteria for the report that you want and SonicWALL ViewPoint uses your input to query the raw syslog database for the information and then outputs the report The Template Section consists of two parts the Date Time section and the Report Layout section After building your query i
145. blosesescescestcsta labessshasisscvvasts laldassiasiots unions Savestasteaes 235 Viewing the Top Users of Mail Bandwidth Over Time uu ssesssscssecsssscessecssseecsnecsssecssneesseeees 237 Viewing VPN UW Sage Reports eaaa iva labvssch dv ole abc ssdslavsidi vsharlav EA 238 Viewing the VPN Usage Summary Report sccsssssssssssssssesssesssssssssssscsssesseessuscssecessssseesseeesneeseeess 239 Viewing the Top VEN USES nianna annona EE E A A RE 241 Viewing VPN Usage Over Time sersirenicnornneriin oiar n 242 Viewing the Top VPN Users Over Time ccccsescssseesssecsseecssnccssseesssecessscessuecsssscessecssneecsuseesueceesneses 243 Viewing VPN Usage By Policy c ccccsssssssssssssssssscscsssessessssscssscesscssscssescsscsuscesscssecssecssseesueseseessseeess 245 Viewing the Top VPN Policies Over Time sssssssssssecsssecssnccsssessseccssecessuesssuecesecssnsecsueeeseeesseeees 246 Viewing Hourly VPN Usage By Policy c ccsscsssessssessesssessssscssscssesssesssscssecssecsssccssecesscsseesseceseeeseeeess 248 Viewing the VPN Services Summary Report cccccsssssssessssesssessssecssssssecsscssessssessuecssscesecsaseesseeseeees 249 Viewing Attacks REpOrts sscsiessiesszdescasedsacaievecossscosssctes cossnvasnasavedegean scassuvechsaavedvosttsstanvedbesettae E 250 Viewing the Attack Summary Report ccssecsssesssecsessssecssssesscsssccssscssecsussesscsscssecssuecsecsescessecssecssnes 251 Viewing the Attacks By Category srania ia a aa 253 View
146. bout setting the number of days data is stored see Enabling Report Table Sorting on page 72 To configure Log Viewer settings for generating a report perform the following steps 1 Start and log into SonicWALL ViewPoint 2 Click the UTM or SSL VPN tab SonicWALL ViewPoint 6 0 Administrator s Guide 4 Log Viewer 3 Select a SonicWALL appliance 4 Expand the Log Viewer tree and click Search The Search page displays Log Viewer must be enabled for the appliance in order to display all the fields on the page Log Viewer Settings Enable Log Viewer Update Select Search Criteria Start Dete 12Sa S start Time 00 00 00 End Oate 28 2010 vy End Time 23 SO SA Source IP User Aa Source Port Desthabon iP Mostiame Al Destnabon Port Message Category Connections v Message Text ark for al Results Per Page v y Appliance Timezone America Los_Angeles Note Specifying date tme IP address and Message Category wil rendt in faster report generation w Generate Report 5 Select Enable Log Viewer and then click Update to turn on collection of raw data in the database and enable viewing of that log data This can consume a large amount of space in your database Review your database space constraints before enabling the log viewer The maximum number of appliances for which Log Viewer can be enabled is controlled on the Console gt Reports gt Settings page See Controlling the Number of Appliances wi
147. ce Console Panel The Console Panel is used to configure SonicWALL ViewPoint settings view pending tasks view the log manage licenses and configure alerts To open the Console Panel click the Console tab at the top of the SonicWALL ViewPoint user interface SONICWALL ViewPoint 6 0 User Settings Change Vich uit Password ANE Qarert VewPork Passwd Reports tog New VewPort Password gt Management Confirm Mee Fansrrord gt Reports gt Blagnestics Misccilancous Settiergs gt Events gt Web Services WewPont Inacenty Timea 20 Miretes 1 navar tiinas out gt telp Max Rows Per Screen 1O Range 10 100 Aggie able tu norreperting related pagnated comers oky Update Reset SonicWALL ViewPoint 6 0 Administrator s Guide ViewPoint Views and Status Wa From the Console Panel you can do the following e Change the SonicWALL ViewPoint password adjust the amount of inactive time before the user is automatically logged out of ViewPoint and set the maximum number of rows displayed on paginated screens Configure Web sites and Web users that will be excluded from Web usage reports e View the SonicWALL ViewPoint log and delete old log messages The SonicWALL ViewPoint log contains information on alert notifications failed SonicWALL ViewPoint login attempts and other events that apply to SonicWALL ViewPoint e Manage SMTP settings system email addresses archive report settings debug level for l
148. ch Log Viewer is enabled and then navigate to the page under Custom Report for the report type you want 2 In Report Layout region of the Template Section of the Custom Report page select the Summary Report tab SonicWALL ViewPoint 6 0 Administrator s Guide Using Custom Reports on UTM Appliances W amp 3 In the Top drop down list select the number of entries to be displayed in the report 4 In the Summary Base drop down list select one of the choices to use when determining which are the top elements in the selected field 5 To specify the field for the Level 1 Summary Group click and drag the desired field from the list on the left to the Level 1 Summary Group field and then release your mouse button to drop the field into position The filter operator and input field are displayed next to the field name Level 1 Summary Group User Equals v 6 To specify the field for the Level 2 Summary Group click and drag the desired field from the list on the left to the Level 2 Summary Group field then release your mouse button to drop the field into position The filter operator and input field are displayed next to the field name 7 To specify a filter operator and filter value for a Summary Group select the operator from the drop down list next to the field and type a filter value into the input field to the right of the operator 8 To change the settings back to the defaults click Reset at the bottom of the Template
149. cies Over Time The By Policy Over Time report displays the top VPN Policies for the specified time period To view the By Policy Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing VPN Usage Reports W amp 3 Expand the VPN Usage tree and click By Policy Over Time The By Policy Over Time page displays Top VPN Policies D schedule E print Top VPN Policies for April Z3 2007 Apr 28 2007 Policy Events MDytes Se of Maytes 4 The pie chart displays the VPN connections for the top policies The table contains the following information Policy the name of the policy Events the number of VPN events MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred for this policy compared to all other policies for the period For example if a total of 100 000 megabytes was transferred and 3 000 megabytes was transferred for one policy the of MBytes field will display 3 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing VPN Usage Reports 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar P
150. click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing the Virus Attack Attempts Report The Virus Attack Attempts report displays the number of virus attempts over the specified time range To view the Virus Attack Attempts report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Virus Attacks Reports 3 Expand the Virus Attacks tree and click Over Time The Virus Attack Attempts page displays Virus Attack Attempts schedate ET print Date o Start 4 2007 04 23 Eng 2007 04 28 Soares SE wicre Virus Attack Attempts for April 23 2007 April 28 2007 Date Atternpts w of Attempts peseato Sm iN 4 The bar graph displays the number of virus attempts that were made during each day over a specified time period 5 The table contains the following information Date the date of when the sample was taken Attempts the number of attempted virus attacks of Attempts the percentage of attempted virus attacks in a day compared to the time period For example if 5 000 attempts were made during the time period and 500 were made on one day its of Attempts field will display 10 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Op
151. count 7 If your SonicWALL ViewPoint installation currently handles more than 10 appliances when you upgrade to SonicWALL GMS you will need to purchase additional SonicWALL G MS license s to manage the extra appliances The standard 10 node SonicWALL G MS license provided with the Free Trial supports up to 10 managed appliances Enter the license keys for any additional SonicWALL GMS licenses into the GMS upgrade keys text box one key per line 8 Click Submit The License page is displayed showing that SonicWALL GMSis now licensed SonicWALL ViewPoint 6 0 Administrator s Guide 4 Miscellaneous Procedures and Troubleshooting Tips Miscellaneous Procedures and Troubleshooting Tips This section contains miscellaneous SonicWALL ViewPoint procedures and troubleshooting tips Miscellaneous Procedures This section contains information on procedures that you may need to perform Select from the following e Itis highly recommended that you regularly back up the SonicWALL ViewPoint data For more information see Backing up SonicWALL ViewPoint Data on page 368 SonicWALL ViewPoint requires Mixed Mode authentication when using SQL Server 2000 To change the authentication mode see Changing the SQL Server Authentication Mode on page 369 e Ifyouare reinstalling SonicWALL ViewPoint preserving the previous configuration settings can save a lot of time To reinstall SonicWALL ViewPoint using an existing Sonic
152. csseccsseessseessseecssecssncessneesseeees 220 Viewing the Top Blocked Site Users Over Time cccssssssessssssssessecssscssesssecsssessecssssssecssessseesseeees 221 Viewing Blocked Sites for Each User Over Time ccscesssesssssssesseecssesssesssssssecssscssssessecesssesecesecees 222 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Blocked Sites By Category Over Time u cscccsccsssessseesssecssssssscsscssesssnssssecssessseessecesseesneess 223 Viewing File Transfer Protocol Reports sssssscsssssssssecsssecsssecsssecssssecsusccesnccssuscssuscessecessucessuessneecesseessnee 225 Viewing the FTP Summary Report c cccssssssessssssssssesscsssessssccsssssscssesssssssuecesscssecssscsssecsuscesseeseeeses 225 Viewing the Top FTP Sites By USEr ecssessssesssessssesssescsecsssesssscssesssscssecsssccasscssessuecsseesssecssecsseesecees 227 Viewing FTP Bandwidth Usage Over Time ssssssssssecsssecsssccssneessseccssecessncsssesceseecssncessuseesueceesseses 228 Viewing the Top Users of FTP Bandwidth Over Time ccsssssssseccsseccsneccssecessseesssecserecsseeesneees 230 Viewing Mail Usage ROports aestimet naanin rea ENE 231 Viewing the Mail Usage Summary Report cccssscssssssseccssueesssecessecssnccsssseesssecsseccssncessueesneeceeseenes 232 Viewing the Top Users of Mail Bandwidth oo secssscsssesssseessssecsssccssscessnecssuecesecssneecsuseesuecessneees 234 Viewing Mail Usage Over Time sis sssesseicvsccasssessds
153. cssssccsescssesssecesscsssccencessecesscesscssecesseesuesescaneeees 130 Managing ViewPoint Reports on the Console Panel scsssssssessssssesssecsssscssecssccesssssecesssssscsseeseneesse 131 Chapter 14 Scheduling and Configuring Reports cccsssseeeseeteseeeeees 133 Configuring Scheduled Reports ian i EERE Ra N 134 Viewing or Managing Scheduled Reports ccssscssssssssssssscsssessessssssssssesecsssccesesssecesscsssecescesseesseesseees 134 Adding or Editing a Scheduled Report ccccsssssssssssesssesssesssesssssssssssssssssesssssssssssecssesssecssscesseesneess 135 Selecting Reports for Summarization 0 eeesseessessssesssesssessssesesccssscsseccssecssscssscsssccesscssecssecessecsecsseessesseeees 137 Configuring Inheritance for Reporting Screens ccssescssssssessssssssessssssssessscsssecsssccsscssscssscssseseseseseeeseesse 138 Configuring D ata Storage Settings csecssescssssssesssscsssessessssssssessuscssecssescsscsssssesccssecsuscesscsseccessecssecsseeses 139 Configuring Summarization D ata for Top Usage scessssssssssessescssesssesssessssesscsssccssecsuccesecsseessncessessees 140 Configuring Summarization D ata for Bandwidth Reports ecssecsssesssessssssssecssecssccssesssecsseessecsseeese 141 Configuring Dashboard Summary Reports c ccsssecsssesssessssssssecssscsscssssssssccsssssscsseccssecsuecessccesccasecsseeesss 142 Viewing Currmemt A OSI EEA E oascses covsdvvsedsass oacsds soe nescebssh OT 144 Schedu
154. csssssessesscsseessssscescssessecseeesceseeseeseeaseess 330 Viewing SSL VPN Failed Login Reports c sscsssssssessssssssssseesssscssecssecsscsssesssscssssessccesssssecssecesscesees 331 Viewing the SSL VPN LOG sccdssccaiciestsedesseealetd asalteascsctecnseely datteashiseeessealy Gace A 332 Viewing the Log for a SSL VPN Appliance csecssessssesssssssessseccssssssecssescssecsscsssecssecesscessecescessecese 332 Appendix A Installing SONICWALL ViewPoint eeeeeeeseeeeeeeeeeeneeneeneeeeeeeeees 335 About Installing and Upgrading SonicWALL ViewPoint cccsssessscsssssssssssessseesseccssessseceseesseeeseees 336 Installing SonicWALL ViewPoint ccccssssessssssssessessssessessssecssssssecsssccssecssscessssssccassessecsssceseeeeseeasecs 336 Tristallatiomn Overview sieneen Ra A E E EE ETE EE E E AN 336 Activating SonicWALL ViewPoint on Your Appliances 0 secssesssssssessssccssesssessesssseessscessesseesseeessees 340 Registering Y our SonicWALL Appliance ssssssssssssssssssssssssssreserseessneessssnsssnsnnsssnnsonnsnseeesssseestsseereeeee 341 Activating the ViewPoint Software on Your Appliance ccsssecssessssessseesssccsecsscssessssecssecescesseesse 341 Enabling the ViewPoint License on Your Appliance sssssssssesssessssssssssssssssssssssssssssesssesessreeeseseee 342 Installing Universal Management Suite ccsssssssssessssssscsssccssecsssccsscsssecssscssscsssecssecssecssecesscsseecescessees 342 Upgradin
155. ction Factor is the average noise we want to exclude per page like eliminating pop up links images and more The factory default is 40 Average Browse Time Per Page is the time allocated to read a page Noise Reduction Factor and Average Browse Time Per page are configurable in the database directly but are not exposed in ViewPoint management interface MBytes number of megabytes transferred of MBytes percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of HTTP data was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 6 To change the date of the report and other settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports Viewing the Top Web Sites The Top Sites report displays the Web sites that used the most HTTP bandwidth on the specified date To view the Top Sites report perform the following steps 1 Click the
156. ctly to the Web Usage gt By Site report page Top Visited Web Sites Dy User for May 2 2007 Displaying records 1 20 of 20 vaer ies Browse Time inn mm ss levies 10 20 2 128 w99 0I LaS 22 records tivaseto Top Vinted eb Stes By Ste fvse Time hhernm ss M8ytes Category N The Web Usage gt By Site report page shows detailed information about Web traffic to this site Information in this report include the IP addresses of users who have browsed that site as well as how much time they have spent browsing Showing Domain Names in Reports Reports sometimes show the domain names of systems or websites and sometimes show only the IP address This is caused by different firmware versions on the appliances for which reports are being generated The reporting subsystem consumes the contents of src dst dstname and other tags from the syslog messages The syslog format and tags depend on the version of the firmware For firmware that includes name resolution the reports will list the domain SonicWALL ViewPoint 6 0 Administrator s Guide Managing ViewPoint Reports on the Console Panel W amp Note In SonicWALL ViewPoint 5 1 and above the Name Resolution option on the UTM appliance where the firmware supports it is enabled when a unit is added This does not apply to already existing appliances in the system E neem Name Resolution cr Fes cept sanel Rmi Naw Cache gt aj l Name Resolut
157. d from the Consule gt t verds gt Schedse screen Database thackup Settings Bochup fles to deectory nstaliiw ger T ao fies Number of backups to store fi Lpdate Backup Settings Note The mmber of backup fies to store determines how mary databace bechugs vali be retaned in the backup drectory The maumum valve is 3 Database backup files wil not be Geleted F the backup Grectory ii changed Immediate Database Backup Bacup database now Compltedea Backup Database Immediately I Toties Database Restore No barian hies avalabie in the backup directory Restore Databame Run Time Lint Backup Mun Database sine NJA No data avaliable Lost Restore Run Restore file sire WIA No data evelatie Hote Thee backup method selected wll anpact the time taken for the backup operation to run and the an of the backup Fies The diferent backup options are 1 Current data tacks up the apcharce information and reports data 2 Archived and Raw syslog data Backs up al the archived and raw syslog data 3 Complete dete Backs up al the date Slowest ance k does complete Dechup You can configure the type of backup schedule for periodic backups folder for backup storage and number of backups up to 3 to keep You can also perform an immediate database backup from this page Existing backups of the database are listed and you can select from them to restore your databases SonicWALL ViewPoint 6 0 Administrator s Guide
158. d to the time period For example if 10 000 megabytes of FTP data was transferred during the time period and 2 500 megabytes of FTP data was transferred on one day the of Usage field will display 25 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range SonicWALL ViewPoint 6 0 Administrator s Guide Viewing File Transfer Protocol Reports Viewing the Top Users of FTP Bandwidth Over Time The By Users Over Time report displays the users who used the most FTP bandwidth for the specified time period To view the By Users Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the FTP Usage tree and click By Users Over Time The By Users Over Time page displays Top FTP Sites By User Sew tove 4 The table contains the following information Users the IP address of the user Events the number of FTP Events MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred by this u
159. de Viewing SSL VPN Bandwidth Reports W amp Viewing SSL VPN Top Users of Bandwidth Reports The Top Users report displays the users who used the most connections on the specified date To view the Top Users report perform the following steps 1 Click the SSL VPN tab 2 Select a SSL VPN appliance 3 Expand the Bandwidth tree and click Top Users The Top Users page displays Top Users of Bandwidth P schedule GS priat User Hame Equals v Start 4 2007 08 20 gt Search Top Users of Bandwidth for August 20 2007 Other 62 wuatanabe 76 bagen i207 bhta Mshinada 25 braenam 62 User Name Coemectons gt i hwatanshe 2 beacham S 3 kishinada 25 4 bbi 5 bhen bbs 7 bb 8 sdeudanal 5 9 evhwnw TOTAL 4 The pie chart displays the percentage of connections used by each user SonicWALL ViewPoint 6 0 Administrator s Guide Viewing SSL VPN Bandwidth Reports 5 The table contains the following information for all users Users the user name Connections number of connection events or hits 6 By default the ViewPoint Reporting Module shows yesterday s report a pie chart for the top six users and a table for all users To change the date of the report click the Start field to access the drop down calendar 7 To display a limited number of users use the Search Bar fields Note The search bar fields use pattern matching with operators such as con
160. default at http localhost appliance after restarting the system SONICWALL UMH 6 0 6006 instal Drove 20 99 S of Total 232 78 S slogs e 2500 99 G5 fof Total 232 70 G2 Getting Started Open Getting Started Instructions In New Window Switching to the Application Interface To switch between the System interface and the SonicWALL ViewPoint application interface click the Switch button in the top right corner of the interface Viewing Online Help and Tips To display context sensitive help for the current page click the Help button in 2 the top right corner of the interface SonicWALL ViewPoint 6 0 Administrator s Guide Configuring UMH System Settings Wx The Help button can change to the Tips button if the current page has any context sensitive tips or video tutorials Clicking on the Tips button displays dynamic links for whitepapers videos knowledge base articles other references and online help Tips and Tutorials ka KB 7308 How to install ViewPoint Service Pack t Online Help Tips and Tutorials KB 4722 Transfer ViewPoint to new hardware ona different machine SOL Server or MSDE a KB 6214 Transfer ViewPoint to new hardware on a different machine MySQL y KB 6512 Change location of ViewPoint Database SOL Server or MSDE 24 Online Help LB internet R 100 Logging Out of the UMH System Interface To log out of the SonicWALL ViewPoint UMH system
161. dwidth uptime intrusions and attacks and alerts for managed SonicWALL UTM appliances The Security Dashboard report provides data about worldwide security threats that can affect your network The Dashboard also displays data about threats blocked by the SonicWALL security appliance Select from the following e Viewing the Dashboard Summary Report on page 159 e Viewing the Security Dashboard Report on page 162 Viewing the Dashboard Summary Report The Dashboard Summary report displays statistics alerts graphical summary reports and a list of available custom report templates Displayed statistics can include total bandwidth total attacks and other measurable information The alerts list is displayed when the configured threshold has been reached A wide range of graphical reports are also available for display You can configure the Dashboard gt Summary report contents in the UTM gt Configuration gt Dashboard page For a description of the configuration procedure see Configuring Dashboard Summary Reports section on page 142 To view the Dashboard Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing Dashboard Reports 3 Expand the Dashboard tree and click Summary Dashboard Summary D sineta Fi rene Dashboard Sarremary for Aogast 1L 7007 Tna besaan MonthTofate
162. e Navigating ViewPoint Reporting Navigating ViewPoint Reporting ViewPoint Reporting is a robust and powerful tool you can use to view detailed reports for individual SonicWALL appliances This section describes each view and what to consider when making changes It also describes the Search Bar and display options for interactive reports as well as other enhancements provided in SonicWALL ViewPoint See the following sections e Global Views on page 120 Unit View on page 121 e Using Interactive Reports on page 122 e Searching for a Report on page 123 e Collapsible TreeControl Pane on page 128 e Enabling Disabling Scheduled Reports on page 128 e Combined Reports on page 128 Improved Navigation on page 129 SonicWALL ViewPoint 6 0 Administrator s Guide Navigating ViewPoint Reporting Global Views From the Global view of the UTM Panel Summary and Over Time reports are available for all SonicWALL appliances connected to SonicWALL ViewPoint To open the Global view click the MyReportsView icon in the upper left hand corner of the left pane ee me tet wte et As you navigate the SonicWALL ViewPoint reports screens with the MyReportsView view selected and view different reports the settings that you specify are maintained in effect throughout the session SonicWALL ViewPoint 6 0 Administrator s Guide Navigating ViewPoint Reporting
163. e when the sample was taken Connections the number of connections MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred by this user compared to all users For example if 10 000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user the of MBytes field will display 20 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing the Top VPN Users Over Time The Top Users report displays the users who made the most VPN connections for the specified time period To view the Top Users report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing VPN Usage Reports 3 Expand the VPN Usage tree and click Top Users Over Time The Top Users Over Time page displays Top Users of VPN PD sciata OD viet Users Y tous lt Saari TOST Os 23 End 2097 06 78 j Search OO ra Top Users of VPN for April 23 2007
164. e F print nT AAI lt Mei neur vo Stat 9 2007 04 27 Search gt cptors Web Fiter Seenmary tor Apri 27 2007 TW as Hoas Adumngts S of Adumnpts bY Oe 08 oF 100 11 Eas oe 4 an 4 rT Fas T i i Tas 2 V 4 The bar graph displays the number of blocked sites that users attempted to access during each hour of the day 5 The table contains the following information Hour time when the sample was taken Attempts the number of attempts to access blocked sites of Attempts the percentage of attempts during this hour compared to the day For example if 100 attempts occurred during the day and 20 attempts occurred at the 12 00 time period the of Attempts field will display 20 6 To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing the Web Filter Top Sites Report The Web Filter Top Sites report displays the top blocked Web sites that users attempted to access on the
165. e displayed in the final report This allows you to filter the report results based on the selected report field and related filter value but not display the field as a column When you click on the Eye icon within a row the eye closes 5 to show that this field will not be displayed in the final report The filter value will still be used to filter results from the raw syslog database to apply towards the report For example you might specify the following Field Operator Filter Value Protocol http It would make sense to click the Eye icon to disable the Protocol field from being shown in the report since it would always just be http and would not add any interesting information to the final report Contrast this with simply specifying the Protocol field and leaving the Filter Value blank in which case you would want to enable the Eye so that this column would appear in the report showing a variety of protocols such as udp dns tcp http udp ntp or numbered protocols such as udp 389 the LDAP protocol or tcp 445 MS Server Message Block SMB file sharing Clicking the X icon under Options deletes the selected report field from the table so it will not be used to generate the report results nor will it be displayed in the report Use the X icon instead of the Eye when you do not choose to filter the report results based on the field The Detailed Report tab also contains the Sort By drop down list The list contains the Date Time
166. e genre hed lor the 1 30 31 of the morth Email Archive Configuration Web Server Details Following is the web server configuration information used by the Emailarchive compenert Note These fields carr be modilied and are updated sutomatically according to Ure web server settings Wed Server Address 127 0 0 1 Weh Server Protocel http Web Server Port US Loyo Settings Logo currently in use cover_kboo oF Lago Fie Browse Update SortBy Settings In PDF Reports weytes Hits Coreectuns Events a Configuring Email Archive Settings To configure Email Archive and Web server settings perform the following steps 1 Click the Console tab expand the Reports tree and click Email Archive The Email Archive page displays 2 To set the next archive time enter the date and time in the Next Scheduled Email Archive Time fields and click Update 3 To specify the day to send weekly reports select the day from the Send Weekly Reports Every list box and click Update SonicWALL ViewPoint 6 0 Administrator s Guide Scheduled Reports 4 To specify the date to send monthly reports select the date from the Send Monthly Reports Every list box and click Update 5 If the Web server address port or protocol has changed since SonicWALL ViewPoint was installed the new values will automatically appear in the Email Archive Configuration section These settings can be modified on the System Interface and cannot be mod
167. e Detailed Report Settings category First select the appropriate profile setting for your report If you are creating a new profile select the Create a New Profile button 1 New Profile Name field Enter the name of your new profile Detailed Report Page Prowdes Mat usage reports Prowsies ina affect evert repr te Prois Dyra event repose tt Drowdee Appecation Arcece attemoted racer te Provides login r 2 To determine the type of reports that will be summarized in your compliance report check the boxes next to the reports you need Sub folders are revealed to each folder by clicking the plus icon When all sub folders are selected the main folder will be selected 3 When you have completed your selection s of reports scroll down the page until you see a check button with Configure Filters Options beside it Click the check mark button y Configure Fitters Options Qvote You can set fiters and display optons to be applied for reports in this schedule here Ade Cancel Previnw SonicWALL ViewPoint 6 0 Administrator s Guide 4 Scheduling PDF Compliance Reports 4 Inthe Configure Filter Options section you are able to decide how your filter and display is set Once you have clicked the check button fill out the table accordingly Default Dapley Type umber Of Itama Anie Of Stes By User Amers Sy Ste 5 w Qefest for Non Stes Users nim Of lene irte Of ern he ee v tncduunn Hilter Param
168. e Name field Enter a description of your schedule group in the Description field 4 Click the Visible to Non Administrators check box to allow this schedule group to be viewed and used by non administrators 5 Click the Disable check box to temporarily disable the schedule group 6 In the Schedules field select the schedule s to add to your schedule group and then use the arrow buttons to move the selected schedule into or out of the group To move multiple schedule groups and or schedules all at once hold the CTRL button on your keyboard while making your selections Add Schedule Group Nae Domsin L caDomsin Ed Descretkn Visible to Non Administratces V Deeable Scheckies Friday 24 hes Friday business hrs Monday 24 hrs Manday business hes Saturday 24 hrs SJwdue akeni Schedules Argia schedule test Shredule lest Schedule Gest 1008 a DE p se Reset 7 Click Update SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Granular Event Management amp Deleting a Schedule or Schedule Group You can delete schedules or schedule groups or you can remove schedules from schedule groups To delete an event schedule schedule group or remove a schedule from a schedule group 1 Navigate to the Events gt Schedule screen 2 Click the check boxes of the schedule groups or schedules that you want deleted When you click the schedule group check box the schedules within that schedule grou
169. e SOFTWARE PRODUCT for a number of SonicWALL eligible products This number is specified and shipped with the SOFTWARE PRODUCT Support for additional SonicWALL eligible products is subject to a separate upgrade license Upgrades If the SOFTWARE PRODUCT is labeled as an upgrade you must be properly licensed to use a product identified by SonicWALL as being eligible for the upgrade in order to use the SOFTWARE PRODUCT A SOFTWARE PRODUCT labeled as an upgrade replaces and or supplements the product that formed the basis for your eligibility for the upgrade You may use the resulting upgraded product only in accordance with the terms of this EULA If the SOFTWARE PRODUCT is an upgrade of a component of a package of software programs that you licensed as a single product the SOFTWARE PRODUCT may be used and transferred only as part of that single product package and may not be separated for use on more than one computer Support Services SonicWALL may provide you with support services related to the SOFTWARE PRODUCT Support Services Use of Support Services is governed by the SonicWALL policies and programs described in the user manual in online documentation and or in other SonicWALL provided materials Any supplemental software code provided to you as part of the Support Services shall be considered part of the SOFTWARE PRODUCT and subject to terms and conditions of this EULA With respect to technical information you provide to SonicW
170. e Start or End fields to access the drop down calendar 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Note These date settings will stay in effect for all similar reports during your active login session SonicWALL ViewPoint 6 0 Administrator s Guide Viewing SSL VPN Bandwidth Reports Viewing SSL VPN Top Users of Bandwidth Over Time Reports The Top Users Over Time report displays the users who used the most connections during the specified date range This report is available at the unit level To view the Top Users Over Time report perform the following steps 1 Click the SSL VPN tab 2 Select a SSL VPN appliance 3 Expand the Bandwidth tree and click Top Users Over Time The Top Users Over Time page displays Top Users of Bandwidth APON PO User Hame V Equals v Start 412007 06 15 End 2007 08 20 Searc Top Users of Uandwidth for August 15 2007 August 20 2007 fimatanabe 401 Other 773 istakahiia 283 jbintseher 101 tia 191 eye masa gebimasaye 314 User Name Lommections amp i hwatanshe 41 2 takahia rye 354 4 _ gbhmaaju 314 S fs 191 6 fintscher 191 7 deishnamirthy 8 machustad 61 aala zA TOTAL 2517 4 The pie chart displays the percentage of connections used by the top users SonicWALL ViewPoint 6 0 Administrator s Guide Using Using SSL VPN Custom Reports W amp 5 The ta
171. e Time 3 Start Time 00 ow 00 w Dyneamc Date Range Today v EndTime 23 ov 80 v Start Date Sunt Time 00 ov 00 v State Date Range End Dase tndtime 23 v v Report Layout Detailed Report Select report field Category w Acs and Omie Time v Soriby Dale Time v fe Fite Generale Report Reset SonicWALL ViewPoint 6 0 Administrator s Guide Using Custom Reports on UTM Appliances W amp After generating a report the page automatically changes to Split Mode and displays the report settings in the Template Section in the top half of the page and the report results in the Report Section in the lower portion The Template Section and Report Section displayed in Split Mode is shown below Template Section lt Full Mode gt Custom Report Internet Activity zemptate Load a Template Date Time Start Time 00 w 00 Ww co v OynemicDatr Range Weee deie v ExiTme 23 5 v sy start Oste Start Time 00 w 0 tatk D X EATA Ew Date EndTime 23 Sv ty Report Section lt tull Mode gt Internet Activity Save Template ais Page 1 9344 sel lune Domen otocol Use 1 2009 11 19 0 0 0 15 52 con r W Ox 52 tenth in 3 wy woo i S2 rept s rin 4 4 o uo 40060 192 1 5 T o iajdns 100 At any time you can change to Full Mode if you want to display either the Template Section or the Report Section individually From Full Mode you can easily change back to Split Mode To toggle between
172. e contents of the report into the body of the email message select the Send Reports Inline check box To send the file as an email attachment make sure this check box is deselected Note Reports can only be sent inline when all data is sent in a single 11 report To archive the file on the server s hard disk select the Archive check box and enter a path in the Save Directory field SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Scheduled Reports 12 13 14 15 16 Specify the directory where the file will be archived in the Save Directory field For Report Type select Daily Weekly or Monthly For Report Format select HTML XML or PDF Select either Include all data in a single report or Zip Reports into a single file If you selected PDF for the Report Format you can create a password to protect it by selecting Password Protect the PDF File and typing a password into the Password field Users must input the password to view the contents of a password protected PDF file The content can be copied or printed but is not editable by a PDF editor If the zip file is selected you can create a password for it by selecting Password Protect the Zip File and typing a password into the Password field Note When both PDF and Zip Reports into a single file are selected 17 18 19 20 21 22 you can password protect the PDF but not the zip file For the Cover
173. e monitoring with ViewPoint From the MyReportsView of the UTM or SSL VPN Panel Summary and Over Time reports are available for all SonicWALL appliances monitored by SonicWALL ViewPoint To open the My Reports view click the MyReportsView icon at the top of the left pane To display the global status page navigate to General gt Status SONICWALL ViewPoint 6 0 Wsyeeporsiiew General O Eny Prodxton Said Global Node MyReports ierw Info amp 125 mind 5 K 2 sare Ast re p ard UTMs nthe Sytem 2 gt Banduidth ViewPoint License Status gt Web Usage gt Web Filter um Status P FTP Usage ay i grar ariere gt Mail Ucage gt VPN Usage P Attacks P Views Attacks gt Anti Spyware P iineoa Prevention gt Application fwewal Configuration P RealTime Viewer ivents SonicWALL ViewPoint 6 0 Administrator s Guide ViewPoint Views and Status Wa From the Unit view reports contain detailed data for the selected SonicWALL appliance To specify the unit view click any unit in the left pane To display the unit status page navigate to General gt Status on the UTM or SSL VPN panel SONICWALL gt ViewPoint 6 0 sa Hod E 170 Siad ii uaa ker adeer LoceDonan Adis O Myhrpmt view A O Engg lt Prockation General et Node 17 170 Samedated Info O 12 170 Siad aus Modei Sorxwait TZ 170 Seral hamber 000501049040 gt Doshhserd Fammearo Versini 50005 Enhanced 22 0 0 Engish Coston Repor
174. e selected SonicWALL appliance s FTP usage reports can be used to view FTP bandwidth usage by the hour day or over a period of days Additionally you can view the top users of FTP bandwidth General bandwidth reports do not always provide a complete picture of network bandwidth usage If a large amount of FTP traffic occurs during peak times you might need more bandwidth you might need to upgrade network equipment or you might ask employees to use compression or transfer large files during non peak times Note All reports appear in the appliance s time zone Select from the following e Viewing the FTP Summary Report on page 225 e Viewing the Top FTP Sites By User on page 227 e Viewing FTP Bandwidth Usage Over Time on page 228 e Viewing the Top Users of FTP Bandwidth Over Time on page 230 Viewing the FTP Summary Report The FTP Summary report contains information on the amount of FTP bandwidth handled by a SonicWALL appliance or all SonicWALL appliances during the specified day To view the FTP Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing File Transfer Protocol Reports 3 Expand the FTP Usage tree and click Summary The Summary page displays FTP Usage I Schedule E print vo Y FTP Usege tor April 27 2007 Hour Events Minytes of Miytes 4
175. e tab expand the Reports tree and click Summarizer Click the Summarize Now button 2 You will see a pop up window verifying that you want to summarize the data now Summarizing data using Summarize Now is a one time action and will not affect the scheduled summary Click OK to continue Microsoft Internet Explorer xi Are you sure you want to summarize the data now s Note This is a one time summary and will not affect the scheduled summary Cancel SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer 3 To verify summarization navigate to Log gt View Log in the left pane Search for the message Report Data Summarized to verify that the Summarize Now action has completed Seorch Cirera S er Te of oge Prom 3 prem eV Vy ww SrA Node tort ne Mevage contant Soverty Aj ert LJ Moich case Enact Peme ad Words ew werd Start Search y Clear Search y Export Logt Search Resalta yV Show Messages Per Screen 2 Range x Caley 110 gt ext Gets tissaeec Serey d 21 2008 Mon f D the sytem Dy use ade Pri 008 Mon D Setta Osbert rewersog gt 20000721 pet Ran rog fie gioas competed axcessfuty uploaded te database Rya Syin fim tec ted for uct for uost Ran trog Se clined eter ted Report dats eenmarines 197 The miog Siesheveters pyt J Sies seiected rot TPS meneages orocecued r started The pysiog Mes have meer peo Report t M OB Mon O24 S5 PM Sheis m regardo PII
176. e tofteate running on thie atem please disable it for proper functioning of this product Allematively You should enable porte tee Siystoge typically 14 tiytiog Femarding typloally 20007 and SNMP traps typically 162 on the Pasonal Firewall Also if you plan te enable amy remote appliance for HTTPS Management you will need to configure the FirereallS atesar in tiong of this tyrtem to fomeard UOP tiytiog pot 14 and SNMP port 162 packets to this system Othe mate thet Untwertal Management setter wall not tecemwe any Systogs and SNMP traps for Its proper functioning Cx 10 The Important Registration Information screen provides the URL and credentials to use to access the SonicWALL ViewPoint Universal Management Host system interface after restarting your system as well as information about registration The default URL for accessing the interface from the local system is http localhost 80 The default credentials are User name admin Password password To register for a SonicWALL ViewPoint installation enter the word VIEWPOINT instead of a serial number when you register the product on MySonicWALL SonicWALL ViewPoint 6 0 Administrator s Guide installing Universal Management Suite Click N ext S SonicWALL Universal Management Suite 6 0 Afar instalation and reboot ploase access the Host Web interface at Nip Mocainost BO using Credentials admin password to login and register your software
177. e users who made the most attempts to access blocked sites on the specified date To view the Top Users report perform the following steps 1 Click the UTM tab SonicWALL ViewPoint 6 0 Administrator s Guide amp Viewing Web Filter Reports 2 Select a SonicWALL appliance 3 Expand the Web Filter tree and click Top Users The Top Users page displays COZZI Aa 4 The pie chart displays the top users with the most blocked site attempts 5 The table contains the following information Users the IP address of the user Attempts the number of attempts Category the Web site category of Attempts percentage of attempts to access the blocked site compared to all other user attempts For example if 500 attempts were made during the day and 250 of those attempts were made by a single user that user s of Attempts field will display 50 6 By default ViewPoint Reporting shows yesterday s report a pie chart and the ten top users To change these settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports Wa 8 W
178. eal time syslog utility perform the following steps 1 2 3 4 Start and log into SonicWALL ViewPoint Click the UTM or SSL VPN tab Expand Real Time Viewer and click Syslog The Real Time Syslog page appears If syslog forwarding is not enabled select Enable Syslog Forwarding set the IP address and port used by the syslog reader and then click Update SonicWALL ViewPoint 6 0 Administrator s Guide Forwarding Syslog Data to Another Syslog Server 9 If the Syslog Reader is not already running click Start Syslog Reader Click Start Button at the bottom of the screen The Syslog Viewer begins showing the latest syslog entries Lnabie Syslog Forwarding IP Address 127 0 0 1 Port 21007 Wde Ret Note The IP Address specSed shoud be the Console Web Server IP eddress Recommended value for port s 21007 Trey take a few minutes fer the system to update the new condicy rabon y Start Syslog Reader Syslog forwarding is enabled QP Address 127 0 0 1 Port 21007 F noc Syslog Reader 5 carently NOT running Please start fhe Syslog Reader Note Tf you do not have sufficient predieges please contact the administrator To change how many messages are displayed select anumber from the N umber of Messages list box at the bottom of the screen Number Of Messages 100 M Refresh Time 3 M seconds Filter To change how often the Syslog Viewer is refreshed select the time from the Refresh Time list box
179. earch Bar to display the drop down calendar The End field is only configurable for Over Time reports In the calendar you can set the month by SonicWALL ViewPoint 6 0 Administrator s Guide Managing Report Settings clicking the single arrows lt gt or the year by clicking the double arrows lt lt gt gt To select the month or year from a drop down list click and hold the arrow button Click Search to begin building the report More Start 4 2007 04 29 i options Search 24 Select date Selecting a Date Range To select a date range for an Over Time report select a Start Date and End Date in the Search Bar and then click Search You can use the drop down calendars by clicking in either field Additional Settings Many reports have additional settings that you can select such as source and destination interfaces to report traffic through or how to display names and IP addresses Make your selection from these lists and click Search Troubleshooting Reports One of the most common error messages when a report does not display is No Data There are several reasons why you might see this error and SonicWALL ViewPoint 5 1 and higher displays the most likely reason and points you to the screen where you can make the necessary adjustments Some examples are shown in the following figures Figure 4 Appliance is Not Licensed for Reporting This appliance is not licensed for ViewPoi
180. ection describes how to configure the settings for viewing reports e Managing Report Settings section on page 154 Select from the following reports e Viewing General Status Reports section on page 157 e Viewing Dashboard Reports section on page 159 e Using Custom Reports on UTM Appliances section on page 163 e Viewing Bandwidth Reports section on page 180 e Viewing Services Reports section on page 189 e Viewing Web Usage Reports section on page 191 e Viewing Web Filter Reports section on page 209 e Viewing File Transfer Protocol Reports section on page 225 e Viewing Mail Usage Reports section on page 231 e Viewing VPN Usage Reports section on page 238 e Viewing Attacks Reports section on page 250 e Viewing Virus Attacks Reports section on page 260 e Viewing Anti Spyware Reports section on page 266 SonicWALL ViewPoint 6 0 Administrator s Guide Managing Report Settings e Viewing Intrusion Prevention Reports section on page 273 e Viewing Application Firewall Reports section on page 281 e Viewing Authentication Reports section on page 287 e Viewing the Log section on page 290 Managing Report Settings All of the reports in ViewPoint report on data gathered on a specific date or range of dates You can also edit the report settings for each report by using the Search Bar and the More Options button Editing Report Setting
181. ed on the Console gt Reports gt Settings page See Controlling the Number of Appliances with Log Viewer Enabled on page 72 Note Custom Reports are available on appliances with Log Viewer enabled See Using Custom Reports on UTM Appliances on page 163 5 Under Select Search Criteria select the date range to view data from in the Start Date and End Date fields Enter the starting time of events to view in the Start Time field Enter the ending time of events to view in the End Time field 8 To limit the report to data originating from specific IP addresses or users enter the source IP address or user name in the Source IP User field To view all IP addresses enter All 9 To view log entries for data originating from a particular port enter the port number in the Source Port field SonicWALL ViewPoint 6 0 Administrator s Guide Viewing the Log 10 11 12 13 14 15 To limit the report to data going to specific IP addresses or hosts enter the destination IP address or host name in the Destination IP Hostname field To view log entries for data going to all IP addresses enter All To view log entries for data going to a particular port enter the port number in the Destination Port field Select the type of events to view from the Message Category list box To limit the report to messages containing a specific text string enter the text in the Message Text field Leave the fie
182. ee 270 Viewing Spyware Attempts By Category Over Time uu cscsscsscssessecssesssssseecssscescesecesceseeeseesess 272 Viewing Intrusion Prevention Reports ssesssssssseccseecsecssccssecsucecscessscessccsueesscesssesueeesuecseecesceeneesneeseeees 273 Viewing the Intrusion Prevention Summary Report 00 seesssssssscsecsssesssecssescsecsssccsssssesesecesecssecess 275 Viewing Intrusion Attempts By Category csssssssssessssesssssssssscssusssessussssssusssussuscsuesssesneesessseesses 276 Viewing Intrusions Over Time ssssssssscssssccsscenscssssessccensccsscssssessscenseansccassessvsssseesssesecsevecesnessevees 278 Viewing Intrusion Reports By Category Over Time csessssessessssssessncsssssnesnesssesnesseesnessnesneesees 280 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing A pplication Firewall Reports 0 sssssssssscssescssssessseccssecesssesssseccssscessecsssseesusecssnscesnsecssreeseeeessneess 281 Viewing the Application Firewall Summary Report cccsssssssseccssecsssecssseessssecessecssncessneesseeessees 282 Viewing the Application Firewall O ver Time Report cssssssssssccssecsssecesseecsssecessecssnessneessueeessees 283 Viewing Application Firewall Top Applications csscssssesssseessseccssecsssecssnsessusecssnecssneessneceseecs 284 Viewing Application Firewall Top Users sscsssssssssssssssecssscssnccssseesssecessscesseeesssecessecssneessneesssseessees 285 Viewing A pplication Firewall Top P
183. een When adding or editing the report you can configure its name category formats cover page summary report page and detailed reports page You can also use or create a profile for the detailed reports page settings To add or edit a new scheduled report perform the following steps 1 10 Navigate to the Configuration gt Scheduled Reports page and do one of the following To add a new schedule report click the Add Scheduled Report button To edit an existing report click the pencil icon in that row The Scheduled Report Configuration window displays Enter a name for the report in the Name field Enter descriptive information in the Description field To email the report select the Email check box The screen expands to show email configuration settings Enter the IP address of the mail server into the SMTP Server field By default the ViewPoint Reporting Module will use the email address that was configured in the Console panel in the Management gt ViewPoint Settings screen as the Sender email address To change it enter a new Sender email address in the Source Email Address field Enter one or more destination email addresses separated by semicolons into the Destination Email Addresses field Enter the Subject Line that will appear in reports sent from the ViewPoint Reporting Module in the Email Subject field Enter text that will appear in the message body in the Email Body field To copy th
184. efault is five 3 Click Update SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer Note Limiting the number of appliances for which the Log Viewer is enabled will increase the overall performance of your SonicWALL ViewPoint system Summarizer This section contains the following subsections e About Summary Data in Reports on page 73 e Summarizer Settings and Summarization Interval on page 73 e Configuring the Syslog Deletion Schedule Settings on page 78 e Configuring Host Name Resolution on page 79 About Summary Data in Reports These reports are constructed from the most current available summary data In order to create summary data the ViewPoint Reporting Module must parse the raw data files When configuring ViewPoint Reporting using the screens on the Console panel under Reports you can select the amount of summary information to store These settings affect the database size be sure there is adequate disk space to accommodate the settings you choose Additionally you can select the number of days that raw syslog data is stored The raw data is made up of information for every connection Depending on the amount of traffic this can quickly consume an enormous amount of space in the database ViewPoint creates a new 2 GB database for raw syslog data everyday Be very careful when selecting how much raw information to store For information on configuring raw data storage see E
185. ement interface such as the TreeControl Applet in the leftmost pane Signed Applets refers to a technique for adding a digital signature to a Java applet to prove that it was not tampered with upon receipt from the signer Signed applets can be given more privileges than ordinary applets By default applets have no access to system resources outside the directory from which they were launched but a signed applet can access local system resources as allowed by the local system s security policy In some previous releases of ViewPoint you were required to edit the java policy file yourself on the client browser system in order to enable a number of applet related operations such as Copy Paste Import file Browse local folders and HTTP HTTPS login to the managed units from the ViewPoint management interface There is no need to edit the java policy file for signed applets When a signed applet starts up a warning pop up is displayed If you want to trust the applet click Yes Copy paste Import and HTTP HTTPS logins will work without any edits to the java policy file Warning Security x Do you want to trust the signed applet distributed by SonicWALL Inc Publisher authenticity verified by VeriSign Inc e 1 The security certificate was issued by a company that is trusted e 1 The security certificate has not expired and is still valid Caution SonicWALL Inc asserts that this content is safe You should only
186. ements The generated report provides graphical output that you can click to drill down for detailed information For more information about each of these Report Layout tabs see the following sections e Detailed Reports on page 169 e Summary Reports on page 173 For information about the Filter operators see the following section e Filter Operators on page 175 Detailed Reports The Detailed Report tab is the default view in the Report Layout region Report Layout Detailed Report Select report field Toes Traffic v sa Sortby DateTime Wi aw DsieTime v For a UTM Internet Activity report the Select Report Field drop down list contains eight data categories that you can add as column headings in the report The categories are Full URL Adds a column containing the full URL of each Web site visited Category Adds a column containing the category of each site visited such as Gambling or Adult Mature Content SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using Custom Reports on UTM Appliances Domain Adds a column containing the domain name of each site visited e Protocol Adds a column containing the protocol used by the traffic e Received Traffic Adds a column containing the number of bytes received from the visited site Transmitted Traffic Adds a column containing the number of bytes transmitted to the site e Total Traffic Adds a column containing the tot
187. ence H L O Plain Text AN Plain Text Pager Update Reset 2 Configure the email address es that will receive notifications and the times that they will receive them Schedule 1 Specifies who will receive notifications during the first weekday schedule Enter one or more email addresses Separated by commas and specify the start and end time for the shift Schedule 2 Specifies who will receive notifications during the second weekday schedule Enter one or more email addresses separated by commas and specify the start and end time for the shift Schedule 3 Specifies who will receive notifications during the third weekday schedule Enter one or more email addresses Separated by commas and specify the start and end time for the shift Saturday Specifies who will receive notifications on Saturday Enter one or more email addresses Separated by commas and specify the start and end time for the shift Sunday Specifies who will receive notifications on Sunday Enter one or more email addresses Separated by commas and specify the start and end time for the shift SonicWALL ViewPoint 6 0 Administrator s Guide Sessions Select whether the email alert will be sent as HTML Plain Text or Plain Text Pager The Pager setting sends a very short email to ensure that the email is not cut off by the character limits of some pagers When you are finished click Update The se
188. eneeeeneeeeneeeas 113 Tipsand UT UGO Tals E onr a AEE AT N A O achat ae Aes Le atect at 113 SonicWALL ViewPoint 6 0 Administrator s Guide ADOUEV IEW POMC E AE EAEE ENAERE EEEE 114 Chapter 13 ViewPoint Reporting Features asssssnnnsnnnnrnnnnnnnnnnnnnnnnnnnnnnnnnnnn 115 ViewPoint Reporting Overview ccsssccsssssssssssssssssussucsssssssssscsssssussssssuscsscsussssssuccasssuessessucesscsuessuesnsesueenees 115 Viewlnig ViewPoint Reports sccsscsiccssesseciscibccssessecdscdacssestacusestacdscdhacased acsseshassseshasiseseacaestaansseaneadesbaatas 117 Navigating ViewPoint Reporting ssccscsssse ccsssetscsssescosesedscseseseassdesccdetadsasesenstvesen tdetaseassles codesen sedesen cocsseascddetes 119 Global Views oihanian ia i an AATA EA E a AEN 120 UNEN EW enian ne a aa a a a A 121 Using Interativo Reports siaveccsscvesssiesccestevectscdvesesis socestdvosests soveshdscvastaseststesovestesovuste Meese aee 122 Searching fora Report erener ERRET A 123 Collapsible TreeControl Pane scccccssssesssssssesssecsssssssescscsssscsssscsucssscssssssscssnscssecesccasscsesssssecssceesceasees 128 Enabling Disabling Scheduled Reports c sssssessssssssssscsseessessssecssssesssssesssssesscessccesscssecsssceseeesees 128 Combined Repons ara anaa nana an Eia E roa Enean Ennan En rea irinae rinia 128 Ahanya NAO 11A 1O a IETT A EAEE talecs Seeds Seedsoebdes Secdsnc eed ASS ehttes 129 Showing Domain Names in Reports ccccssssessssscsseessessssescs
189. ength can be hashed into a fixed 32 character long internal password SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Reports Settings Configuring Reports Settings The User Settings gt Reports page on the Console panel provides settings for the Web Site Exclusion Filter and Web User Exclusion Filter Web Usage reports will not contain references to the Web sites or users specified on this page Web Site Exclusion Filter Web Usage Reports will not contain references to the web sites specified below Web Sites Filter Add lt Delete Web User Exclusion Filter Web Usage Reports will not contain references to the web users specified below Lg Web Users Filter Badd Delete The following Web Usage reports are affected by the Web Site and Web User Exclusion Filters e Web Usage gt Summary e Web Usage gt Top Sites e Web Usage gt Top Users e Web Usage gt By User e Web Usage gt By Site e Web Usage gt By Category e Web Usage gt Over Time e Web Usage gt Top Sites Over Time e Web Usage gt Top Users Over Time e Web Usage gt By User Over Time e Web Usage gt By Category Over Time SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Reports Settings Adding Web Sites to the Filter List When entering the Web site to exclude type only the site name The filter will search for the exact value provided In the reports only the site name is listed without the h
190. ent Suite installing 342 upgrading purchasing G MS upgrade 366 upgrade key 336 ViewPoint to GMS 356 users managing sessions 65 settings 51 V views global 120 unit 121 Virus Attacks Reports 260 VPN Usage reports 238 W Web port configuration 354 port settings 34 SonicWALL ViewPoint 6 0 Administrator s Guide g web event consolidation 141 Web Filter reports 209 Web usage exclusion list 53 Web Usage reports 191 Windows Firewall disabling 339 352 SonicWALL ViewPoint 6 0 Administrator s Guide SonicWALL Inc 201 Logic Drie e SONICWALL San Jose CA 95124 3452 F 1 408 745 9300 www sonicwall com PN 232 001802 00 RevA 3 2010 2010 SonicWALL Inc is a registered trademark of SonicWALL Inc Other product names mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice
191. ently attempt to access blocked sites and the most popular blocked sites Note All reports appear in the applianceUTM s time zone Select from the following e Viewing the Web Filter Summary Report on page 210 e Viewing the Web Filter Top Sites Report on page 212 e Viewing the Top Users that Try to Access Blocked Sites on page 213 e Viewing the Blocked Sites for Each User on page 215 e Viewing Blocked Sites Sorted By Site on page 216 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports e Viewing Blocked Sites Sorted By Category on page 217 e Viewing Blocked Site Attempts Over Time on page 219 e Viewing the Top Blocked Site Attempts Over Time on page 220 e Viewing the Top Blocked Site Users Over Time on page 221 e Viewing Blocked Sites for Each User Over Time on page 222 e Viewing Blocked Sites By Category Over Time on page 223 Viewing the Web Filter Summary Report The Web Filter Summary report contains information on the number of times users attempt to access blocked sites for the specified day To view the Web Filter Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports Wa 3 Expand the Web Filter tree and click Summary The Summary page displays Web Filter Summary O schetst
192. eports chapter SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer To configure the summarization interval perform the following steps 1 Click the Console tab expand the Reports tree and click Summarizer The Summarizer page displays Summarizer Settings T Enstie Report Sumner eaten Reports Data Summarization Interval Summarizer Name IP Address apenas ce Teme anne owen bem Treat lon argred Summater at 10 0 14 251 10 0 14 251 125 2 2009 14 1046 1117 2008 17 sire Surreneriver a LO 202 50 251 10 202 50 251 ASD A sy 2009 17 20 17 OGID4 2009 17 Samarne every OO Y w v axiote Neat Shaddod faun Tne n oy xote mmddyy hhsrn lt z Syslog Deletion Schedule Delete Syciog DateOnly at 19 w n paxe Delete Surresaricod Dato For nmi dyyry adobe Note Uriess a spectic date is provicied deletion of old sysing summarined date happens orty at the scheduled time of the Gay specified atowe Ostahie marianae sibs haki be run alter the compotion of Tint Schedkded arche Teme and Delete Syslog Data Dally At scheckded ruts See documentation for detals Hest Name Resolution Settings 7 Resolve Destination Most Names V Resotve Source Most Names Pernod Crmtng Interval 140 B maA 2 Under Reports Data Summarization Interval important information about the Summarizer is displayed Use the Summarize every drop down lists to specify how often in hours and minutes the ViewPoint Reporting Module sh
193. eports for UTM and SSL VPN appliances To configure the syslog and summarized data deletion settings perform the following 1 On the Console panel navigate to Reports gt Summarizer 2 Under Syslog Deletion Schedule select the time for daily deletion in the hour and minute Delete Syslog Data Daily at drop down lists Syslog data will be deleted at this time only after being stored for the number of days configured Click the Update button to the right of this field 4 To delete summarized data from a specific date enter a date in the form mm dd yyyy in the Delete Summarized Data For field 5 Click the Update button to the right of this field Configuring Host Name Resolution The Host Name Resolution feature allows the administrator to enable and configure the time period for the name resolution crawler The name resolution crawler periodically resolves host names for IP addresses found in reporting data Once the host name is resolved the name will appear in place of the IP address in reports that contain it Over time more host names will appear in the report data as they are added to the list The name resolution crawler runs by default every 24 hours 1440 minutes and can be configured to run every 1 to every 60 hours SonicWALL ViewPoint 6 0 Administrator s Guide amp Summarizer To use the Host Name Resolution feature perform the following steps 1 On the Console panel navigate to Reports gt S
194. eports now link their By User and By Site pages It is now possible to navigate directly from the Web Usage gt By User page to a Web Usage gt By Site page or from the Web Filter gt By User page to a Web Filter gt By Site page detailing the information of the site that the user has been browsing Click the Plus sign next to the entry in the User column to show details and hover the mouse over a site A sticky tooltip will display with a link to the corresponding site s report page This makes navigating from one report to the next much easier and makes retrieving detailed information simple Sample Navigation Use Case This sample use case demonstrates the improved navigation feature In this use case you will open up the Web Usage gt By User report and observe what sites the top browser has been visiting Then you will move directly from the By User report to a detailed By Site report 1 Navigate to the Web Usage gt By User report from the UTM tab Top Visited Web Sites By User Schedete F Top Visited Web Sites Dy User for May 2 2007 od ad Damo 2 Click the Plus button next to any IP address in the User column This displays detailed information about the sites that the user at that address has been visiting SonicWALL ViewPoint 6 0 Administrator s Guide 4 Showing Domain Names in Reports 3 Hover your mouse over a Site in this list Click the Navigate to Top Visited Web Sites By Site link to navigate dire
195. er Time Report on page 283 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing Application Firewall Reports e To view the applications most often intercepted by Application Firewall see Viewing Application Firewall Top Applications on page 284 To view the users whose traffic is most often intercepted by Application Firewall see Viewing Application Firewall Top Users on page 285 e To view the Application Firewall policies that are used the most see Viewing Application Firewall Top Policies on page 286 Viewing the Application Firewall Summary Report The Application Firewall Summary report contains information on the number of connections incurring Application Firewall activity logged by a SonicWALL appliance during each hour of the specified day or at the global level for all SonicWALL appliances for the day To view the Application Firewall Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Application Firewall tree and click Summary The Summary page displays Application Firewall Usage Summary D schedule amp Print e v v Stant 442009 1 1 224P Application Firewall Usage Summary for November 22 2009 Connections 0000 0700 0400 0500 GOO 1000 1700 400 1600 WOOD W00 ZOO Hour Hour Connections MBytes 1 00 00 01 00 gt 0o 01 00 02 00 14 0 0 700 15 00 4 The table c
196. er hot Losses erano WewPomt xensed Uriraed Cragroescs AB Cesleyment Support Service Status Count Cxpirution GG l On 2417 Software Support icensed e200 To display the MySonicWALL login page click the Manage Licenses button You can purchase licenses and obtain license keysets on MySonicWALL Click the Refresh Licenses button to refresh the license status on this page To upload a new license click the Upload Licenses button and browse to a license file on your computer i Upload Licenses Microsolt Internet Explorer provided JEA Upload Licenses Senol Number 004010234457 kense Fie Breve Uploed Cancel SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring UMH System Settings Configuring System Administration Settings The System gt Administration page allows you to configure the system behavior for admin login sessions gt A SONICWALL gt UMH 6 0 x v E System Host settings Status S 5 Tractiity Treo Mnute s 1 never Smes out ikenses Admnnraton Enhanced Security Access ESA Settings V Enforce Password Security Crayrostcs Ad Marde of fated logn atterots before user cari be loched out 6 gt P Degoyment User lockout minutes x Number of days to force password change n Admanistator Password Administ ata Mame sine Current Passwords New Password Confirm Password Under Host Settings enter the number of minutes of inactivity allowed before the
197. ervals in which to generate an alert You can also invert a schedule which means that the schedule is the opposite of the time specified in it For example Generate an alert during weekdays only or weekends only or only during business hours Do not generate an alert during a time period when the unit network or database are down for maintenance What is Granular Event Management The purpose of Granular Event Management is to provide all the event handling and alerting functionality for ViewPoint The ViewPoint management interface provides screens for centralized event management on the Console panel including screens for Events gt Threshold Schedule and Alert Settings The panel also provides an Events gt Alert Settings screen where you can enable or disable alerts You can enable or disable an alert at the global or unit level in ViewPoint At the global level the alert is then applied to all units Whenever you add a new unit to ViewPoint the alerts set at the global level are applied to the new unit How Does Granular Event Management Work The Granular Event Management framework provides customized event handlingfor specific alerts about database and database log size and security service subscription licenses For a list of the predefined alerts see Using Granular Event Management on page 99 SonicWALL ViewPoint 6 0 Administrator s Guide Using Granular Event Management amp Using Granula
198. ervices Summary Report The Services Summary report displays the amount of traffic handled by each service during each hour of the specified day To view the Services Summary report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the VPN Usage tree and click By Service The By Service page displays Summary of Services Over VPN P schecute F prime axe Pestoce tq v Stet 42007 0427 j Seerch S Sumenary of Services Over WFN for Apri 27 2007 a ctl Atal Protocol Everts MDytew So of MBytes oe 4 The bar graph displays the amount of bandwidth used by each service during each hour of the day SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports 5 The table contains the following information Protocol the service Events the number of events or hits MBytes the number of megabytes of MBytes the percentage of megabytes transferred by this service on the selected day compared to all other services For example if 1 000 megabytes were transferred and 900 megabytes were handled by the HTTP service the of Mbytes field will display 90 6 The ViewPoint Reporting Module shows yesterday s report To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings
199. es that each user attempted to access during the specified time period To view the By User Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports Wa 3 Expand the Web Filter tree and click By User Over Time The By User Over Time page displays CSS ee 2 2a 4 The table contains the following information User the IP address or name of the user Attempts the number of attempts the user made to access each Web site 5 Tochange date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Blocked Sites By Category Over Time The Web Filter By Category Over Time report displays the top categories that users attempted to access SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports To view the By Category
200. etection or prevention policies tailored to their specific network SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Anti Spyware Reports W amp environment Network administrators can create global policies between security zones and group attacks by priority simplifying deployment and management across a distributed network If the selected appliance is not licensed for SonicWALL Anti Spyware a sample report is displayed as shown below You can click the Click Here link near the top to view the global dashboard report showing all soyware and similar attacks currently being monitored by SonicWALL or click the link at the bottom of the page to read detailed information about SonicWALL Anti Spyware and other subscription services Anti Spyware Subscription Needed This appliance does not have an Anti Spyware subscription SonicWALL blocks spyware at the gateway with anti spyware technology that prevents users from downloadckng spyware m the first place In addhton t prevents auto mstallahon of ActiveX components one o the most common sources of spyware and stops any existing spyware programs from communicating with their hosts Chek Here to see the Global Threat Report showme the top spyware blocked globally With an Anti Spyware subscription reports will show spyware traffic blocked by the appliance Spyware Attempts fy Category far May 8 2008 of Att s 62 6 v 2 Cradh Genere t2 12 6 ee Cues 1249 12 5 v 4 Or
201. eters Usage reports onty Editing Existing Profiles A profile is associated with selected reports from the report list You have the ability to go back and edit existing profiles in your scheduled reports Since the report list is populated based on the report type selection a profile is associated with the report type also Instead of three categories there will only be two single day or multi days A profile in a single report will not be seen be seen by the users when they select weekly or monthly as report types To edit existing profiles perform the following tasks 1 Click the Edit icon located next to the report name you want to edit f 2 Inthe Detailed Page section choose the Select an existing profile button Note You are able to delete an existing profile in that section by clicking the Delete Selected Scheduled Reports button located at the top of the page SonicWALL ViewPoint 6 0 Administrator s Guide Scheduling PDF Compliance Reports W amp 3 From the drop down list in the Detailed Report Page select the profile name you wish to edit Choose the reports you want to add or remove from that profile If a new profile has the same name as one of the existing profiles the behavior will be the same as users opening the existing profile and edit the report list When selecting an existing profile the associated reports are checked in the report list automatically Detaled Report Page Pr
202. evesdvediaedslateasssbigsceds desert naelehereaaiee 159 Viewing the D ashboard Summary Report ccsssessessssecssescssecsseccssssssccssecssecssscsssecesscsseeeseeesseesseees 159 Viewing the Security Dashboard Report sssssssssscsssseceseecssssessssecessccssssessssccesnccssnseesuscessncessnscessees 162 Using Custom Reports on UTM Appliances csccssssssessssssessseccssecssescsssssecssscssssessecessesseessecessceseeesees 163 Toggling Between Split Mode and Full Mode esecssessssessssccscssseessessssccssccescssseessecessessseseseeaseesss 164 Configuring the D ate and Time for Custom Reports c csccssessssecsseessessssesssesssscsseessescssssseesseeseees 166 Configuring the Report Layout and G enerating the Report c ccssesssesssesssecssecssecssessssseseeesees 168 Generating the Custom Report cccsecsssssssesssssssssssesssscsssessscsssessssssssesssccssecsssccsscsssscesesssscssesessessecasees 176 Viewing a Custom Report sinia A A Ia AIi 177 Printing a Page or Exporting the Report as a PDF or CSV File ssssssesssssssesessissrssssssssserrrsresss 179 Saving the Report Template c cccsssssssssssssssessseessessssesssessscsssecsussssuccssssesssssscssssessecseecescessneesssecses 180 Viewing Bandwidth Reports sissien ai a 180 Viewing the Bandwidth Summary Report c ccsssesssessssecssecssessescsscsssecesccssessessssecsecsssecssecssscesseees 181 Viewing the Top Users of Bandwidth ou cssssssssecssessssecssssessssccsseccssu
203. evious page and last page or you can specify an exact page number in the field N 4 168 D O In a Detailed Report the selected report fields are displayed as column headings You can click on any column heading to sort that page by the values in the column that you click Click again to toggle between ascending and descending order on that page When you navigate away from that page and SonicWALL ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports then come back using the pagination controls the page reverts to the original sorting order as specified in the Sort by field of the Template Section before generating the report Report Section lt Splt Mode gt Resource Activity save Teroate G D Page 1 4 Oate Time Oestinaton P Source IP Protocol User 1 2009 12 09 15 56 19 192 160 151 126 10 195 11 02 NjA pedoo 200 12 09 16 00 23 192 160 151 126 10 195 11 02 NIA AENOWIDONAA Ath 3 209 12 09 1425 41 97 168 153 126 10 195 11 87 WA UNKNOWN Ath 4 IOP 12 OF 16 3541 127 0 0 1 10 195 11 82 Tranabon Natigert UNKNOWN Ath 5 ROOF 12 09 16 35 41 10 195 11 02 Trenation NoAgent QUNOWN Ath 6 29 12 09 16 7551 51 12 10 195 11 82 Nia marque kcal OP 12 09 16 55 31 10 195 11 82 tarian ogent marqueXkxal 0 00 12 09 16 95 51 10 195 13 82 Translation Nodgent marquee In a Summary Report the Report Section displays the event count as horizontal bar charts This lets you see the information at a glance such as wh
204. ewing Top Users O ver Time issc cstacsccsssccccctatassstassasccitecansietaucadshdscessvosnusetesecdatyocctausencsateebenalgaveletecs 205 Viewing Web Usage By User Over Time uuu csssssssssssseecssnecsssessssccssuccssuessseecessecessecesnseceseessneessneees 207 Viewing Web Usage By Category Over Time us sssseessseecssscessnecsssecssseccssecessecssssecsusecssncessnesseeees 208 Viewing Web Filter Reports ssessssssssssscsssscsssccssseecsseccsssccssscssssecessscssnscssnscesssccssscessscessueesunseesuceessneesses 209 Viewing the Web Filter Summary Report ccsssessssesssessseecssscssescssssssesseccsssesseccsscssseeseeesseessecessees 210 Viewing the Web Filter Top Sites Report cccssssssssssssssecseecssecssescsscsssecesccsseessecssseessecescesscereeessees 212 Viewing the Top Users that Try to Access Blocked Sites scscsssscsssessssessseecesecssseessneessneesseeess 213 Viewing the Blocked Sites for Each User sssesssecsssecssssesssecsssccssnccssssceseccessucssseecsueecesneessneesseeees 215 Viewing Blocked Sites Sorted By Site c sssssssssssecssssecsssccssnscssssessscessscesseecssuecesseessneessueeceseessneess 216 Viewing Blocked Sites Sorted By Category ccsecssssssssssscssssssssssesssecssesssscsssscssssessesssesseecsseessesessees 217 Viewing Blocked Site Attempts Over Time on csssesssescssecssneessseccsseccssecessueesseecesneessneessueecessecssneess 219 Viewing the Top Blocked Site Attempts Over Time o ssssssssessssec
205. example if 100 000 megabytes of data was transferred during the time period and 25 000 megabytes was transferred on one day the of MBytes field will display 25 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 o When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Top Sites Over Time The Top Sites Over Time report displays the most visited Web sites for the specified time period To view the Top Sites Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports 3 Expand the Web Usage tree and click Top Sites Over Time The Top Sites Over Time page displays Top Visited Web Sites F seneste F print Mre apsons See v Equan Start 2007 04 23 Eag 2007 04 28 Search Top Visited Web Sites for April Z3 2007 Apr 28 2007 Senene5 of MBytes 4 The bar graph displays the amount of HTTP band
206. f data for each appliance All the syslog data received by SonicWALL ViewPoint is available in the database Note Therawsyslog database required by Custom Reports is not enabled by default as it is highly resource intensive This functionality must be enabled per unit in the UTM gt Log Viewer screen SSL VPN Reporting supports scheduled reports to be sent on a daily weekly or monthly basis to any specified email address Using and Configuring SSL VPN Reporting This section describes how to use and configure SSL VPN reporting See the following subsections e About Viewing Available SSL VPN Report Types section on page 295 e Configuring SSL VPN Scheduled Reports section on page 296 About Viewing Available SSL VPN Report Types To view the available types of reports for SSL VPN perform the following steps 1 Log into your ViewPoint management console 2 Click the SSL VPN tab The SSL VPN screen displays the following list of reports Node Level reports General Status information about the appliance SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using and Configuring SSL VPN Reporting Bandwidth Summary total connections listed by hour Top Users connections listed by user Over Time connections listed by date Top Users Over Time connections listed by user for the selected date range Custom Report Resource Activity source destination and other informa
207. fic The input field is a standard input field where gt you can type in the number of bytes to match gt or compare to Leave the input field blank if lt you choose not to filter by a certain amount lt of traffic l Source IP Equals The input field is a standard input field where Starts with you can type in the numbers to match such Ends with as 192 or 10 25 Leave the input field blank if Contains you choose not to filter by a certain source IP address Total Traffic The input field is a standard input field where gt you can type in the number of bytes to match gt or compare to Leave the input field blank if lt you choose not to filter by a certain amount lt of traffic SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using Custom Reports on UTM Appliances Data Type Operators Input Field Transmitted The input field is a standard input field where Traffic gt you can type in the number of bytes to match gt or compare to Leave the input field blank if lt you choose not to filter by a certain amount lt of traffic l User Equals The input field is a standard input field where Start with you can type in the user ID to match Leave End with the input field blank if you choose not to filter Contains by a certain user In the Options column two icons are displayed an Eye and an X You can click the Eye to toggle whether the report field on that row will b
208. follow these steps 1 Open the sgmsConfig xml file with a text editor 2 Add the following line to the end of the file before the lt Configuration gt section Parameter name syslog syslogServerPort value port_ number where port_ number is the new port number 3 Save the file and exit SonicWALL ViewPoint 6 0 Administrator s Guide Miscellaneous Procedures and Troubleshooting Tips Wax Installing the Java Plug In You need Java Plug in 1 6 or later to access the SonicWALL ViewPoint management interface NAS Tip The Java Plug in is automatically installed during the SonicWALL ViewPoint installation However you can manually install the Java Plug in by following these steps To manually install the Java Plug in perform the following steps 1 Download the installer from the Internet at http java sun com javase downloads index jsp Here are the Java SE downloads in detail oK JDK 6 Update 17 Download The JDK which includes the JRE is required to develop Java and JavaFX applications and applets This special release provides a few key fixes gt Due for release In November 2009 the Firefox 3 6 browser requires Java SE 6 Update 10 or later Otherwise Java based web applications wll i ED JRE 6 Update 17 The JRE 1s required to tun Java and JavaFX appbcahons and applets This apecial ralease provides a fow key fixes mn mo Due for release in November 2009 the Firefox 3 6 browser requires
209. g description of each report Each report contains a checkbox that you can select to generate a summarized report Report Types to be Summarized gt Report Description 7 gt Sandadih Provides Bandmdth usage reports v gt Sernces reports Provides data tanier by services reports z gt Web Usage reports Provedes Web Usage and browse ame reports E gt Web iter reports Provides web fiter event reports Z gt FIP Usage reoorts Provides FTP usage rence ts z gt Mal Usage reports Provides Mad usage reports F amp WN Usage reports Provides VPN usage reports Z gt attack reports Provides attack event reports gt Intrusion reports Provides intrusan event reports al b Vins Attacks reports Provides Virus attad event reports V gt ant Spyware reports Provides spyware event reports gt Authentication reports Provides logn reports Updaten Reset Note Summarizer settings for aophance s Q differ between uit axd group level The setangs at the unit level wi override the settings at the Group level Sync group to angllance level settings Update 3 Select the checkbox of each report type to summarize 4 When you are finished click Update Your configuration changes are saved automatically Configuring Inheritance for Reporting Screens On the Configuration gt Summarizer Settings screen there is an option to synchronize report settings between the unit level and global level This opt
210. g Management Settings ecccessseeeneeeeeeeeneeeeeeenes 61 SOUT ET BENE A ESA E A E AEE E E T T 61 Configuring Email Settings c cccssssssssssssessssssssecssssssesssecsssssssessucsssesssscsssssssesssccsscessscesecesseccesesaseeess 62 Configuring System Debug Level rsisi En En NENEA 62 Enforcing Passw rd Securty c sessssssssssssesssecsssssssssssscssscssscsssscssessucsssscssssssscsssscescsssscssscesscasseseesecaseess 63 Synchronizing Model COS sssini a E RRR 63 A lert SENOS nii i REET CCEE EER carota E a aeaa 64 E SON SANNES EEEE EEE T EEEE 65 Monami SESSIONS renu a EEO 65 SonicWALL ViewPoint 6 0 Administrator s Guide Database M AI COM AMO aa a a ony snscvbewbecelaie sav eeysccds ANEN Eii 66 Configuring Backup Schedule and Settings cecscsssessssscssecssscssecssesseccssesssecssessessssssssessseesnessssees 67 Backing Up a Database Immediately 0 ssessesssssssseesssssssecsessssscsssccssessecssscsssccssecescessecsuecesseaseneses 68 Restoring a Database Backup sccsecsssssssesssscssessecesscsseessescsscssscsssscssessuccesecssecssscesnecsucsessesseesssncesseees 68 Chapter 8 Managing Reports in the Console Panel eeeececeeeeeseeneees 71 EERIE O EA AE ASETE EA A A AE E E E 71 Enabling Report Table Sorting eesessssssssssssssssssssssesssssesseestereseteeessressssnesssnnnsssnnssnnnssneeesoeeeeseessseeeee 72 Controlling the Number of Appliances with Log Viewer Enabled cccsss
211. g SonicWALL ViewPoint 5 1 to 6 0 ssssssssssssssssessssersssssssssssssssssssssssssessssersssseettseettreerrrrsseeress 349 Registering SonicWALL VieWPOINE sessssssssssessssssessssssesssssssssscsssssssssscssccsscesssusessscsscescsuseascanseaseaneenes 351 Configuring D eployment Settings c ssccssecssesssessssessscsssscsssscssecssssessssscsssscssessscsssecssscsssecsuecessesseesseesses 354 Configuring Web Port SettingS sesione E A inn E 354 Gomfiguring SMTP Settings nenene nai a Enia n ERSE ISAE Ennon 355 Upgrading from ViewPoint to GMS wucscsssessssesssscssecsssscsssssecssscsssssssecssscssecssscesscsssecescsssecsuesessesssneeeses 356 Enabling the G MS Free Trial from ViewPoint cccscesssescssssssesssscsseessscsssesssscesccsssccescsssesssecesecasees 357 Enabling the G MS Free Trial from the UMH Interface 0 ccsssesssssssssssesssescscssessessssesssecesecasees 359 Completing the Free Trial Upgrade c sessscssssssssssssssssesssscsssssscssescssscsssscsesssscssssesseeesccasecssecesscesseees 360 Configuring Appliances for GMS Management cesssecsssssssscsssssessessssessssscsscsseccessssseessscesscasees 364 Purchasing a SonicWALL GMS Upgrade cccescsessssesssessesssecssssessssssccessssscsssscsscsssccesecsseceseceseeesees 366 Miscellaneous Procedures and Troubleshooting Tips scssssssscssesssescssesssesssecsssscssssssesssesssesssneesseseses 368 Miscellaneous Proced reS ic ssssesasesaccesesscnaazssssaeassdeses vodeva
212. ge 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range SonicWALL ViewPoint 6 0 Administrator s Guide Viewing VPN Usage Reports W amp Viewing the Top VPN Users The Top Users report displays the users who made the most VPN connections on the specified date To view the Top Users report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the VPN Usage tree and click Top Users The Top Users page displays Top Users of VPN y mt u7 Scheele Print Users v quan Stan 2007 04 27 cearc Top Users of VPN for April 27 2007 Users Connections MBytes w of Miytes 9 50 165 60 73 2 392 3 7 4 0 1 12 42 182 4 5 4 The pie chart displays the VPN connections for the top VPN users 5 The table contains the following information Users the IP address of the user Connections the number of VPN connections MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred by this user compared to all users For example if 10 000 megabytes of data was transferred during the period and 2000 kilobytes was transferred by the top user the of MBytes field will display 20 6 By default the ViewPoint Reporting Module shows yesterday s report a pie chart and the ten top users To change the date of the report use the Search Bar
213. ge 154 8 To display a limited group of users use the Search Bar fields Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 9 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing FTP Bandwidth Usage Over Time The FTP Usage Over Time report displays the daily amount of FTP bandwidth handled by a SonicWALL appliance or all SonicWALL appliances for the specified time period To view the FTP Usage Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing File Transfer Protocol Reports Wx 3 Expand the FTP Usage tree and click Over Time The FTP Activity page displays FTP Activity Schedule F print Dere ve Start 2007 04 23 End 2007 04 26 t Sea da TTP Activity for Apri Z3 2007 Apri 28 2007 Date Connectons motes of MBytes 4 The bar graph displays the amount of FTP bandwidth transferred during each day of the specified time period 5 The table contains the following information Date when the sample was taken Connections the number of FTP connections MBytes the number of megabytes transferred of Usage the percentage of megabytes transferred during this day compare
214. ge shows the current version of SonicWALL UMS and provides a History link that displays the history of all hotfixes and firmware updates that were applied to the system SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring UMH System Settings Using System Diagnostics The System gt Diagnostics page is used to set log levels test connectivity to servers generate Tech Support Reports and to search and download system log files SONICWALL gt UMH 6 0 Le v EB System Debug Log Settings Sots System Detuy Level O 0 eno dehug 3 maximum debug Loenses Lindate Reset Admins tr atun ad Settings Test Connectivity Diagnoses Tiatahase Coerertmasty AS Deployment teense Manager Connecthity Lierrar Manager Hest SMTP Server Connectivity Currently configured SMTP Server 10 50 128 221 Test Duwnload System Log Files L Tedna Support Report TSR 7 togs Seach Fite j Application Logs A COP_SUM_Pourly Sarremary_200909 19_ 393144 tuse vied 148 Bytes 09 19 2009 12 31 45 CDP SUM _Mourty Summary 2009 100 1_ 131259 hue heed 145 Bytes 11 01 2009 0S 13 00 COP_SUM_Mourly Summary 20091255 112901 bue hte 148 Bytes 12 15 2009 02 23 02 COP SUM Hourly Summary 20091215_113145 bwe htni 148 Bytes 12 15 2009 03 31 46 Copy of StdApplance_0 ing 158 24 KB 04 10 003 02 55 35 dti 5 619 39 KO 12 17 2008 OF 32 21 DbyAcwiarce boy 3 337 39 KB 07 30 2009
215. ge to be included in the report For the End Time select the hour minute and second from the drop down lists These settings specify the most recent data for each day in the date range to be included in the report To change the settings back to the defaults click Reset at the bottom of the Template Section Note that this will change the Report Layout region as well as the Date Time region back to default settings Configuring the Report Layout and Generating the Report Located in the Template Section of the Custom Report page below the Date Time region the Report Layout region provides a way to specify the type of data to include and the format of the report The Report Layout region has a Detailed Report tab and a Summary Report tab The report appearance and the way information is organized is quite different between a Detailed Report and a Summary Report SonicWALL ViewPoint 6 0 Administrator s Guide Using Custom Reports on UTM Appliances W amp The Detailed Report tab contains a list of data categories that you can add as report fields and allows you to specify query values for each The categories you select will appear as column headings in the report The Summary Report tab allows you to structure a report showing the top elements of Internet Activity or Website Filtering You can select the number of top elements what to base the comparisons on and the two data categories to evaluate when determining the top el
216. gs you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing Mail Usage Over Time The Mail Usage Over Time report displays the daily amount of mail handled by a SonicWALL appliance or all SonicWALL appliances for the specified time period To view the Mail Usage Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Mail Usage Reports 3 Expand the Mail Usage tree and click Over Time The Over Time page displays Mail Usage DI schedule print vie v AE Date Conmectons MBytes of MBytes 4 The bar graph displays the amount of mail sent and received during each day of the specified time period 5 The table contains the following information Date when the sample was taken Connections the number of mail messages MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred by this user compared to all users For example if 10000 megabytes of data was transferred during the day and 2000 megabytes was transferred by the top user the of MBytes field will display
217. h ViewPoint Reporting you can monitor network access enhance security and anticipate future bandwidth needs SonicWALL ViewPoint 6 0 Administrator s Guide ViewPoint Reporting Overview You can search saved reports by using the report search bar available in most report screens in the ViewPoint UI The search bar provides pre populated quick settings for the search field and a drop down calendar for the start and end dates The search operator field offers a comprehensive list of search operators that varies depending on the search field which can be either text based or numeric You can search all columns of report data except columns that contain computed values such as Cost or Browse Time ViewPoint waits until you click Search before it begins building the new report The ViewPoint Reporting Module Displays bandwidth use by IP address and service e Identifies inappropriate Web use e Provides detailed reports of attacks e Collects and aggregates system and network errors e Shows VPN events and problems e Tracks Web usage by users and by Web sites visited e Provides detailed daily firewall logs to analyze specific events Note The ViewPoint Reporting Module receives its information from the stream of syslog data sent by each SonicWALL appliance and stores itin the SonicWALL ViewPoint database or as files on the hard disk SonicWALL ViewPoint 6 0 Administrator s Guide ViewPoint Reporting Overview W amp
218. h button in the top right corner of the page Tips and Tutorials Tips and tutorials are also available in some section of the user interface and are denoted by a Lightbulb icon C Tips and Tutorials Microsoft I E about blank Tips and Tutorials al KB 5275 Name Resolution in Reports A KB 6372 How to get the Summarizer caught up KB 6661 Displaying GYC user info in ViewPoint reports i Online Help Ld internet R 100 To access tips and tutorials 1 Navigate to the page where you need help 2 If available click the Lightbulb icon in the upper right hand corner of the window Tips tutorials and online help are displayed for this topic SonicWALL ViewPoint 6 0 Administrator s Guide Navigating the ViewPoint User Interface Wa Navigating the ViewPoint User Interface This section describes the UTM SSL VPN and Console panels in the SonicWALL ViewPoint user interface For information about the SonicToday panel see the Using the SonicToday Panel chapter UTM Panel The UTM Panel is an essential component of network security that is used to view and schedule reports about critical network events and activity such as security threats inappropriate Web use and bandwidth levels To open the UTM Panel click the UTM tab at the top of the ViewPoint user interface SONICWALL ViewPoint 6 From the UTM Panel you can view the following for connected SonicWALL app
219. he Editing a Component Window section on page 42 you can force a refresh on the component window by clicking the refresh icon on the component window header Removing or Deleting a Component Any component window can be removed or deleted from the page by clicking the close icon on the component window header Minimizing or Maximizing a Component Each component can be in minimized or maximized state The components are loaded in the page with the state they were saved in the database To minimize a component window click the minimize icon in the component window header To maximize a component window click the maximize icon in the component window header SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 5 Configuring User Settings This chapter describes how to configure the user settings that are available in the Console panel on the User Settings screens This chapter includes the following sections e Configuring General Settings section on page 51 e Configuring Reports Settings section on page 53 Configuring General Settings This section describes the User Settings gt General page which provides a way to change the ViewPoint administrator password the ViewPoint inactivity Timeout and pagination settings Change iewPoint Password Current ViewPoint Password New ViewPoint Password Confirm New Password Miscellaneous Settings ViewPoint Inactivity Timeout 120 Minutes
220. he Events gt Current Alerts page This chapter also describes how to export compliance reports in PDF format The settings described in this chapter are applied on a per unit basis This chapter includes the following sections e Configuring Scheduled Reports section on page 134 e Selecting Reports for Summarization section on page 137 e Configuring Inheritance for Reporting Screens section on page 138 e Configuring Data Storage Settings section on page 139 e Configuring Summarization Data for Top Usage section on page 140 e Configuring Summarization Data for Bandwidth Reports section on page 141 e Configuring Dashboard Summary Reports section on page 142 e Viewing Current Alerts section on page 144 e Scheduling PDF Compliance Reports section on page 144 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Scheduled Reports Configuring Scheduled Reports SonicWALL ViewPoint Reporting can automatically send reports to any email addresses that you specify This section contains the following e Viewing or Managing Scheduled Reports on page 134 e Adding or Editing a Scheduled Report on page 135 To create scheduled email reports in PDF format as Compliance Reports see the Scheduling PDF Compliance Reports section on page 144 Viewing or Managing Scheduled Reports To view delete or enable disable currently scheduled reports perform the followi
221. he desired port numbers into the HTTP Port and HTTPS Port fields and then click Update To configure the SMTP settings perform the following steps 1 In the SMTP Server field enter the IP address or fully qualified domain name of the SMTP server This is normally the same server that handles your regular email service 2 In the Sender Address field enter the email address including domain by which SonicWALL ViewPoint will be known when sending email 3 In the Administrator Address field enter the email address of the administrator who will receive email alerts and other email communications from SonicWALL ViewPoint 4 Under SSL Access Configuration select one of the following settings SonicWALL ViewPoint 6 0 Administrator s Guide Configuring UMH Deployment Options W amp e Default Keep the default certificate that comes with the application for use by the ViewPoint Web Server for SSL access The filename for the keystore is gmsvpserverks Custom Upload a custom certificate for use by the ViewPoint Web Server for SSL access The original filename of the imported certificate is replaced with gmsvpservercustomks in the local file system Click Browse and select the certificate file for the Keystore Certificate file field and type the password into the Keystore Certificate password field To display information contained in the certificate click View A Successfully parsed SSL cer tirate Keystore Ibe
222. he input numerical value will be included in the report lt Data values that are less than the input numerical value will be included in the report l Data values that are not equal to the input numerical value will be included in the report Generating the Custom Report The Generate Report button at the bottom of the Template Section is used to create the report Before clicking Generate Report use the Template Section to specify the time period for the report and the contents and layout of the report Note Custom Reports are available at the unit level and Log Viewer must be enabled for the appliance For information about enabling Log Viewer see Viewing the Log on page 290 To generate a custom report 1 Select a unit for which Log Viewer is enabled and then navigate to the page under Custom Report for the report you want 2 In the Date Time region of the Template Section specify the time period that the report will cover For detailed information and instructions see Configuring the Date and Time for Custom Reports on page 166 SonicWALL ViewPoint 6 0 Administrator s Guide Using Custom Reports on UTM Appliances W amp 3 Inthe Report Layout region of the Template Section specify the contents and appearance of the report For detailed information and instructions see Configuring the Report Layout and Generating the Report on page 168 4 Click Generate Report to create the
223. hen you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range 9 These settings will stay in effect for all similar reports during your active login session Viewing the Blocked Sites for Each User The Web Filter By User report displays the top blocked Web sites that each user attempted to access on the specified date To view the Web Filter By User report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Web Filter tree and click By User The By User page displays SS 1a 4 The table contains the following information User the IP address of the user Site the top five sites visited by the user Attempts the number of attempts the user made to access each Web site 5 You can navigate directly from the Web Filter gt By User page to a Web Filter gt By Site page detailing the information of the site the user has been browsing Click the Plus sign to the left of the User name or IP address to show details and then hover the mouse over a site A sticky tooltip will display with a link to the corresponding site s report page 6 By default the ViewPoint Reporting Module shows yesterday s report a pie chart and the ten top users To change these settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Rep
224. hetps hostname sport J Choose which deployment you wish to configure from the drop down list in the GMS Deployment section Enter the public server name and port in the Public URI section This field is typically pre populated during the ViewPoint install setup process Click the Update button to save your changes SonicWALL GMS 6 0 Administrator s Guide T W Status Status The status screen allows the administrator to view enable and disable individual Web Services across one or more ViewPoint deployments To view and configure Web Services status 1 Navigate to the Web Services gt Status screen on the Console panel User Settings P Web Servers Distributod GMS 15 P tog gt Management Web Services viewpoint 150 Reports Enabled Service um Drsonption P Diagnostics x Applance Ketus hetos 410 0 14 150 845 iwsfoustoryies_epphance_let gt tvent r x Y Agpharce Detal Petes 10 0 34 190 PH i ws appbances seramter Web Services ttry 2 Applica uens Pergs J10 0 14 150 5045ja appircej orante keres Res a Shechind Repest Lrt then 4010 0 34 1508445 iwalreports gt Help r z Scheddod Report Retrieval Pttps 10 0 14 150 8445pwsjrepert ischedueld Pieriame License Alert List Peto 10 0 14 1 S44 Siwslcustoen es _ton_slerts Chale Loge Petpet j10 0 14 1S0eeatweleutoen et_comecie loge 2 Select or deselect the Enabled checkbox for the service s you wish to enable or disable 3 Click the
225. hey can assign different logos titles to the cover pages for their customers Adding a New Scheduled Compliance Report This section includes the following sub sections e Customizing Your Cover Page section on page 147 e Customizing Your Summary Report Page section on page 148 e Customizing Your Detailed Reports Page section on page 149 e Editing Existing Profiles section on page 150 e Verifying User Compliance Reports Configuration section on page 152 To begin creating a new customized Compliance Report perform the following steps 1 Navigate to UTM gt Configuration gt Scheduled Reports 2 Click the ADD button to add a scheduled report 3 The Scheduled Report Configuration page displays In the General section enter the name of your report into the Name field and the report description SonicWALL ViewPoint 6 0 Administrator s Guide 4 Scheduling PDF Compliance Reports 4 Inthe Category section select the Email check box The details window displays SMTP Server field Enter your SMTP Server IP address or hostname e Source Email Address field Enter your Source Email Address Destination Email Address field Enter the Destination Email Address es e Email Subject field Enter your Email Subject Email Body field Enter your Email Body Category archeve 5 To archive a directory click the Archive check box Enter the your desired directory you want to archi
226. iate Web use and bandwidth levels To open the SSL VPN Panel click the SSL VPN tab at the top of the ViewPoint user interface SONICWALL gt View 60 ha ppecney Bandwidth Usage kite Poet Renton nage ter emery 17 OPIN tbii fet i Hie SonicWALL ViewPoint 6 0 Administrator s Guide Navigating the ViewPoint User Interface From the SSL VPN Panel you can view the following for connected SonicWALL SSL VPN appliances View general unit status license status and syslog settings View general bandwidth usage These reports include a daily bandwidth summary report a top users of bandwidth report and over time summary and top users reports View custom reports of custom reports of resource activity at the unit level Custom reports filter raw syslog data and you can specify start and end dates or a date range such as Week to date You can filter by user protocol destination IP and source IP categories The search template can be saved for use again later with the same appliance View a resources report This report includes information about connections and the resource used to connect such as HTTPS or NetExtender View successful and unsuccessful user authentication attempts These reports include a user authentication report and a failed authentication report View detailed logging information The detailed logging information contains each transaction that occurred on the SonicWALL applian
227. icWALL ViewPoint 6 0 Administrator s Guide Using Custom Reports on UTM Appliances W amp Table 5 Operators and Input Fields for Each Data Type Data Type Operators Input Field Category Equals The input field is a drop down list containing an alphabetized list of all the content filtering categories such as Adult Mature Content Gambling Military etc Leave the default of All in the input field if you choose not to filter by a certain category Destination IP Equals The input field is a standard input field where Starts with you can type in the numbers to match such Ends with as 192 or 10 25 Leave the input field blank if Contains you choose not to filter by a certain destination IP address Domain Equals The input field is a standard input field where Start with you Can type in the domain to match such as End with sonicwall com Leave the input field blank if Contains you choose not to filter by a certain domain Full URL Equals The input field is a standard input field where Start with you can type in the URL to match such as End with http www funnyyoutubevideo com Contains funniest html Leave the input field blank if you choose not to filter by a certain URL Protocol Equals The input field is a standard input field where Start with you can type in the protocol to match such End with as FTP Leave the input field blank if you Contains choose not to filter by a certain protocol Received Traf
228. icWALL ViewPoint must have access to the Internet The SonicWALL ViewPoint registration process sends your registration information to the MySonicWALL registration site When registration is completed SonicWALL ViewPoint will be licensed on your system Note MySonicWALL registration information is not sold or shared with any other company To register SonicWALL ViewPoint perform the following steps 1 Ina browser log in to the system management interface http lt host gt 80 appliance login If this is the first time you have logged in after running the Installer and rebooting you will be required to change the password for the admin account Enter the new password in the appropriate fields and then click Submit SonicWALL ViewPoint 6 0 Administrator s Guide M Registering SonicWALL ViewPoint 2 If the software detects that the Windows Firewall is enabled on the system a warning dialog box is displayed on top of the System gt Status page To receive syslog and SNMP packets either disable the Windows Firewall or configure it to open these ports default syslog port UD P 514 and default SNMP port UDP 162 When ready click OK Optionally you can select the Perform this check after 30 days checkbox if you do not plan to disable the Windows Firewall immediately and do not wish to see this warning every time you login The check for Windows Firewall cannot be disabled completely and if you leave it running you
229. icWALL nodes All Per Unit View Owner Displays the owner admin Name Contains Enter a context string to search by keywords Error Contains Enter a context string to search by keywords Use Condition Select from the following conditions And Or Match Case Select this checkbox to make your searches case sensitive 3 Click Start Search to begin searching or click Clear Search to reset all fields and start over The results of your search are displayed in a table in the Search Results section You can adjust the number of schedules displayed go directly to a row of the table or navigate to other screens by clicking on links within the table To work with the search results 1 To adjust the number of schedules displayed in the table enter a number of rows to display in the Show Schedules Per Screen field and then click on the checkmark 2 To go directly to a row of the table enter the row number in the Go To Schedule Number field and then click on the checkmark 3 The columns in the table are as follows The check box allows you select the schedule for emailing or archiving The notepad icon is a link to the Schedule Properties page SonicWALL ViewPoint 6 0 Administrator s Guide Scheduled Reports Wa ID The schedule ID number used to identify this schedule You can click on the column heading to sort by this field An arrow is displayed in the column heading
230. ick Update Configuring Summarization Data for Bandwidth Reports The Reports Summarization Data for Bandwidth Reports section of the Configuration gt Summarizer Settings page allows you to configure the currency type and cost per megabyte for use in bandwidth reports To configure the data for bandwidth reports perform the following 1 On the UTM tab expand the Configuration tree and click Summarizer Settings In the Reports Summarization Data for Bandwidth Reports section select the currency type in the Type of Currency field Over 20 different currencies from around the world are available Specify an amount based on your chosen currency in the Cost Per Mega Byte Bandwidth Use field Click Update SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Dashboard Summary Reports Configuring Dashboard Summary Reports In the Configuration gt Dashboard page you can configure settings to control the information displayed by the Dashboard gt Summary screen Settings are available for the following e Summary statistics list at the top left of the Dashboard gt Summary page e Alerts list at the top right of the Dashboard gt Summary page e Reports list in the main body of the Dashboard gt Summary page Dashboard Report Settings Summary Stotistics List Total Banchadth Maytes Total HTTP Bandwidth MEytes Total Attacks Total Views Attacks Tatal Bancericth MBytes Y Add Drirte Alerts Li
231. ick the Edit link located on the right side of the component window you wish to modify In this example we will modify the title of the component window CNN Top Stories gt gt CNN Top Stories 5 t X gt U S gas so cheap it hurts gt 9 hours koj gt Police Mom finds D C Madam hanging gt 2h gt Barbara Walters had affair with U S senato gt Air Force grounds T 38Cs after deadly crash gt Protesters across U S push immigration issue Y SonicWALL ViewPoint 6 0 Administrator s Guide Editing a Component Window amp 2 The component window will expand revealing the following entries you can modify Title The title of the component window RSS URL The URL of the RSS Feed the current component window updates from Items The number of items to be displayed on the component window Refresh Interval The frequency of time the component window will refresh the RSS Feed gt gt CNH Top Stories 5 End Edit X Title CNN Top 5 Stories RSS URL http sirss cnn com rss cnn_te Items 5 5 100 Refresh 30 fin Interval minutes 5 1440 Save gt worse ge Madeleine McCann inquiry gt 1 iA hour ago gt Beijing takes cars off streets for Olympics gt 1 hour ago gt Obama meets troops Iraqi leaders gt 1 hour 4 ago E CaCO In this example we will change the title to CNN Top 5 Stories For Items we specify that we want five i
232. ide Editing and Deleting Pages 5 You also have the option of making this your default page simply by placing a checkmark in the box labeled Default Page Page Page Details Page Title Page Layout Page Manager Add New Page L4 My New Page 1 Column 100 2 Column 50 50 3 Column 30 40 30 4 Column 25 25 25 25 Default Page Cancel Add 6 Click Add when you are finished The toolbar now displays the newly added page In this example we titled the new page News Paye pages My Del auk Paye My New Page din You can now add and customize component windows to navigate between Editing and Deleting Pages To edit a page click Manage Page from the toolbar Select the page you wish to edit make your changes and click Edit to finish To delete a page click Manage Page from the toolbar Select the page you wish to delete and click Delete Click OK to finish SonicWALL ViewPoint 6 0 Administrator s Guide Other AutoHide Other Features W amp Features See the following sections e AutoHide page 49 e Page Selector page 49 e Component Height Resize page 50 e Manual Refresh page 50 e Removing or Deleting a Component page 50 e Minimizing or Maximizing a Component page 50 AutoHide is a feature you customize by turning on or off When AutoHide is turned on the control bar will hide after an interval of two seconds when the
233. ie or Plot chart Number of Items Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing Hourly VPN Usage By Policy The VPN Usage By Policy Hourly report contains information on hourly VPN usage for a SonicWALL appliance organized by policy To view the VPN Usage By Policy Hourly report perform the following steps 1 2 3 Click the UTM tab Select a SonicWALL appliance Expand the VPN Usage tree and click By Policy Hourly The By Policy Hourly page displays The table contains the following information Hour the period of time Events the number of VPN events MBytes the number of megabytes transferred The ViewPoint Reporting Module shows yesterday s report To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing VPN Usage Reports W amp 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart Hour Begin Hour End See Managing Report Settings on page 154 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing the VPN S
234. iewPoint complete the following procedures e Review the installation requirements See Installation Overview on page 336 e To install SonicWALL ViewPoint see Installing Universal Management Suite on page 342 Installation Overview The SonicWALL ViewPoint Installation program is an HT ML launched installer that automatically detects whether you are installing on Windows Server 2000 2003 2008 After the installation program detects the operating system the installation procedure is identical SonicWALL ViewPoint 6 0 Administrator s Guide About Installing and Upgrading SonicWALL ViewPoint System Requirements Note SonicWALL does not support installations of ViewPoint running on any virtualization software such as VMware Before installing SonicWALL ViewPoint review the requirements in the following sections e Operating System Requirements page 337 e Database Requirements page 337 Java Requirements page 338 e Browser Requirements page 338 e Hardware Requirements page 339 e SonicWALL Appliance and Firmware Support page 339 e Network Requirements page 339 e MySonicWALL Account Requirements page 340 Operating System Requirements In order to install and run SonicWALL ViewPoint you must be logged in as the administrator SonicWALL ViewPoint is supported on the following operating systems e Windows Server 2008 SBS 64 bit Windows Server 2008 Standard SP1 32 bit and 64 bit e Windo
235. iewPoint 6 0 Administrator s Guide Accessing the Correct Management Interface Wa A MySonicWALL account A MySonicWALL account allows you to manage your SonicWALL products and purchase licenses for various services Creating a MySonicWALL account is fast simple and free Simply complete an online registration form directly from your SonicWALL security appliance management interface Your MySonicWALL account is also accessible at lt https www mysonicwall com gt from any Internet connection with a Web browser O nce you have an account you can purchase SonicWALL ViewPoint and other licenses for your registered SonicWALL security appliances A registered SonicWALL security appliance with active Internet connection You need to register your SonicWALL security appliance to activate SonicWALL ViewPoint Registering your SonicWALL security appliance is a simple procedure done directly from the management interface Once your SonicWALL security appliance is registered you can activate SonicWALL ViewPoint by using an activation key or by synchronizing with mysonicwall com Accessing the Correct Management Interface SonicWALL ViewPoint includes two separate management interfaces SonicWALL Universal Management Host UMH System Management Interface Used for system management of the SonicWALL ViewPoint instance including registration and licensing setting the admin password creating backups restarting the system configuring netwo
236. ified here 6 Under Logo Settings you can select a logo to be used on reports By default the SonicWALL logo is used To select another logo click Browse next to the Logo File field or type the path and filename into the field and then click Update 7 Under SortBy Settings for PDF Reports select one of the following as the sorting criteria for reports and then click Update Mbytes Sort reports by the number of megabytes in each entry Hits Connections Events Sort reports by the number of hits connections or events depending on the type of report Scheduled Reports The Scheduled Reports page allows you to manage all the report schedules in the system from a central location This page lists all the schedules in the system enabling you to monitor the status of these recurring schedules and re send failed schedules if needed For information on adding a new scheduled report see Adding or Editing a Scheduled Report section on page 135 Under Search Results the table indicates whether each schedule is enabled along with information about the last execution time of a schedule whether it ran successfully and the error that occurred if it failed the last run type scheduled or one time run along with the node owner and other relevant information The Summary section provides status information on your report schedules The Search Criteria section provides settings for searching report schedules Results of
237. ime period To view the Top Users Over Time report perform the following steps 1 2 3 Click the UTM tab Select a SonicWALL appliance Expand the Web Filter tree and click Top Users Over Time The Top Users Over Time page displays ZASA o 4 The pie chart displays the top users with the most blocked site attempts SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports 5 The table contains the following information Users the IP address of the user Attempts the number of attempts Category the Web site category of Attempts the percentage of attempts to access the blocked site compared to all other user attempts For example if 500 attempts were made during the period and 250 of those attempts were made by a single user his of Attempts field will display 50 6 Tochange date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Sites Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing Blocked Sites for Each User Over Time The Web Filter By User report displays the top blocked Web sit
238. in with SonicWALL This EULA does not convey to you an interest in or to the SOFTWARE PRODUCT but only a limited right of use revocable in accordance with the terms of this EULA The SOFTWARE PRODUCT is licensed as a single product and can only be used as such You may also store or install a copy of the SOFTWARE PRODUCT on a storage device such as a network server used only to install or run the SOFTWARE PRODUCT on your other computers over an internal network You may not resell or otherwise transfer for value rent lease or lend the SOFTWARE PRODUCT The SOFTWARE PRODUCT is trade secret or confidential information of SonicWALL or its licensors You shall take appropriate action to protect the confidentiality of the SOFTWARE PRODUCT You shall not reverse engineer de compile or disassemble the SOFTWARE PRODUCT in whole or in part The provisions of this section will survive the termination of this EULA You agree and certify that neither the SOFTWARE PRODUCT nor any other technical data received from SonicWALL nor the direct product thereof will be exported outside the United States except as permitted by SonicWALL ViewPoint 6 0 Administrator s Guide v the laws and regulations of the United States which may require U S Government export approval licensing Failure to strictly comply with this provision shall automatically invalidate this License License SonicWALL grants you a non exclusive license to use th
239. ing Report Settings on page 154 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports W amp Viewing the Attacks By Category The Attacks By Category report displays the attacks that occurred on the specified date sorted by category To view the Attacks By Category report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Attacks tree and click By Category The By Category page displays Summary of Attacks by Category c PEER Gb vies Tyee v tyas v Stat 2007 07 12 tna 2007 07 17 Search ae Summary of Attacks by Category for Juy 12 2007 July 17 2007 ue a a Type Aitacks of Aitackes P spost creepes 122 97 45 2 Probette TCP FIN scan detected Posstie cert scar detected 1 T as 1 100 0 4 The pie chart displays the percentage of each type of attack To view source and destination information on the individual attacks expand the category tree indicated by a sign 5 The table contains the following information Type the type of attack Source the IP address of the source Destination the IP address to the destination Click the highlighted source or destination IP address to access the Who is Source Website SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports
240. ing the Errors Report scessscscsscessciessdecsaecsscecsadecabessdtssbeacshetbaaasebeccasddeanctbeanaladentianiandbectecatala scbeate 254 Viewing Attack Reports Over Time ssssssssssssseseersssssssseerseresssesseeeessssssteeeeeressssssteereeressstssteeresessstestte 256 Viewing the Attacks By Category Over Time cecssseessessssssssssssecsseessesesscsssccessssseesseesseessesseeessees 257 Viewing Errors Over Time iscssccscsscscseiesidettessvesssstieasaissesvesduetaasctedcsedessssdsecaaschousesddedsesdueseasetnagetanetee 258 Viewing Virus Attacks Reports ssssesssecssecsssscssssessssccsssccsssecssusessuscessscessussssusessusceensessneessnsecesseecesseessnee 260 Viewing the Top Viruses By Attack Attempts Report cscsscssssessesssessssecssscssecsseccsscsssesseecssesse 262 Viewing the Virus Attack Attempts Report ccscsssesssscsscssesssessssessssssscssessssecsuesssecsssessscesnecessees 263 Viewing the Virus Attacks By User Report c sccssssessscssesssessssssssssssscssessccsscsuecessessnesescessecesseeseees 265 Viewing Ants Spyware REPOS ipenn aa aS A Seed shev E A AE 266 Viewing a Spyware Summary ssssssssssscnsessscssssnssessssenseensccsssesssessssensesneccassesevansseenseanscsassessnesssrees 268 Viewing Spyware Attempts By Category ssssssssssssssssessnesssesssssnssssssscsssssnssssssnessessneeseeseeesesseees 269 Viewing Spyware Attempts Over Time oo csssssecsecsssecssecsecssecsscesnccsseesecsscesesecseccnseeseecsneeseeea
241. ing the Security Dashboard Report The Security Dashboard report shows two types of reports An Individual Appliance Report that displays a summary of attacks detected by the local SonicWALL security appliance e A Global Report that displays a summary of threat data received from all SonicWALL security appliances worldwide The Dashboard gt Security Dashboard screen is available at the global level but not at unit level for SonicWALL CSM Series appliances To view the Security Dashboard report perform the following steps 1 Click the Reports tab 2 Select the global icon a group or a SonicWALL appliance 3 Expand the Dashboard tree and click Security Dashboard The Security Dashboard page displays Figure 8 Security Dashboard Page 4 At the top of the screen select either the Global radio button or for reporting at unit level select the radio button that is labeled with the unit s MAC address Select Global to display a summary of attacks caught by SonicWALL appliances worldwide Select the unit s MAC address to see results only for attacks through this unit At all levels the categories charted include the following Viruses Blocked by SonicWALL Network Intrusions Prevented by SonicWALL Network Spyware Blocked Multimedia IM P2P Detected Blocked SonicWALL ViewPoint 6 0 Administrator s Guide Using Custom Reports on UTM Appliances W amp For each of these the report includes the results
242. ing the settings configured in the Console gt Management screens See Settings on page 61 and Alert Settings on page 64 g Alerts List Threshold Bandwidth Limit MBytes v Threshold Add fSDelete Bandwidth Limit MBytes Number OF Attacks T Number Of Intrusions 2ports List o Number Of Virus Attacks Events Hits Limit C Number Of Spyware Attempts To remove an alert select the checkbox under the trashcan icon for that alert and then click Delete In the Reports List section to add a report to the Dashboard gt Summary page select the report type from the drop down list and then click Add To remove a report from the Dashboard gt Summary page select the checkbox under the trashcan icon for that report and then click Delete SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Current Alerts Viewing Current Alerts You can view a list of current alerts on the Events gt Current Alerts page of the UTM panel Select a global view or unit to view current alerts for your selection Alert Listing Severity Unit Name Description Warning Test 4060 The Intrusion subscription has not been activated for this device Scheduling PDF Compliance Reports ViewPoint can create scheduled email reports in PDF format Called Compliance Reports this feature allows you to export regular reports in universally readable format Compliance Report Overview A Compliance Report is a report that collec
243. int Overview Monitoring critical network events and activity such as security threats inappropriate Web use and bandwidth levels is an essential component of network security SonicWALL ViewPoint Reporting complements SonicWA LL s network security offerings by providing detailed and comprehensive reports of network activity TheViewPoint Reporting Module is a software application that creates dynamic Web based network reports The ViewPoint Reporting Module generates both real time and historical reports to offer a complete view of all activity through SonicWALL network security appliances With ViewPoint Reporting you can monitor network access enhance security and anticipate future bandwidth needs SonicWALL ViewPoint 6 0 Administrator s Guide SonicWALL ViewPoint Installation The ViewPoint Reporting Module Displays bandwidth use by IP address and service e Identifies inappropriate Web use e Provides detailed reports of attacks e Collects and aggregates system and network errors Shows VPN events and problems e Presents visitor traffic to your Web site e Provides detailed daily logs to analyze specific events SonicWALL ViewPoint Installation SonicWALL ViewPoint can be installed as a fresh install or as an upgrade to SonicWALL ViewPoint 5 0 and above Beginning in SonicWALL ViewPoint 5 1 all software components related to SonicWALL ViewPoint and SonicWALL Global Management System G MS including the MySQL d
244. ion can be displayed in any of the sections on this page when those settings are not synchronized between the unit level and global level This option provides inheritance support for report settings SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Data Storage Settings Wa When you are viewing the screen at the unit level the option is Syne group to appliance level settings This is reverse inheritance Click the Update button to apply your current unit level settings to the group to which this unit belongs Note Summarizer settings for appliance s 0 differ between unit and group level The settings at the unit level will override the settings at the Group level Sync group to appliance level settings Update When you are viewing the screen at the global level the option is Syne appliance s to group level settings This is forward inheritance Click the Update button to apply your current global level settings to the appliances in this group Note Summarizer settings for appliance s NSA 240 TZ 210 NSA 5000 TZ 190 W Pro 4060 TZ 170 ENH differ between unit and group level The settings at the unit level will override the settings at the Group level Sync appliance s to group level settings Update Configuring Data Storage Settings The Data Storage Configuration section of the Configuration gt Summarizer Settings page allows you to specify the number of days to store summarized dat
245. ion Settings AF Accicetion Frewsi gt w Marre Reschticn Metfod DNS then NetBios l Gd uwo DNS Settings _ gt BD pach Avedahee b 9 Seusty Se View wees Automate irhat ONS Settings Oynamecaly trom WAN Zone fame Resoktion tee Radiinititinah 63 Ropert Vew ort Managing ViewPoint Reports on the Console Panel There are management settings for the ViewPoint Reporting Module on the ViewPoint Console panel The UTM panel contains limited configuration screens used for managing scheduled reports and per unit settings The Reports section on the Console panel is divided into sections that allow you to manage system wide settings including the following Table 4 Console gt Reports Section Settings Settings Report Settings Options Log Viewer Settings Summarizer Summarizer Settings SonicWALL ViewPoint 6 0 Administrator s Guide 4 Managing ViewPoint Reports on the Console Panel Section Settings Reports Data Summarization Interval Syslog Deletion Schedule Host Name Resolution Settings Email Archive Email Archive Time Settings Days to Store Archived Published reports Email Archive Configuration Web Server Details Logo Settings SortBy Settings In PDF Reports Scheduled Summary Reports Search Criteria Search Results Management Report Data Management Settings The Reports section of the Console panel controls setting
246. ions number of events or hits Cost total amount of the expense per 100 megabytes MBytes number of megabytes of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during this period and 200 megabytes was transferred by the top user the of MBytes field will display 20 6 The ViewPoint Reporting Module shows yesterday s report To change the date range of the report and other settings click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 8 To display a limited group of users enter the user IDs in the Search Bar fields Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 9 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected users and date range Note These settings will stay in effect for all similar reports during your active login session SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Services Reports Wx Viewing Services Reports Service report
247. is licensed to database information and the serial number of the ViewPoint To access the ViewPoint online help click the blue help button 2 in the top right corner of the ViewPoint user interface NER SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 13 ViewPoint Reporting Features This chapter describes how to use ViewPoint reporting including the type of information that can appear in reports A description of the available features in the user interface is provided Settings for reporting on the Console panel are described This chapter includes the following sections e ViewPoint Reporting Overview section on page 115 e Navigating ViewPoint Reporting section on page 119 e Showing Domain Names in Reports section on page 130 e Managing ViewPoint Reports on the Console Panel section on page 131 ViewPoint Reporting Overview Monitoring critical network events and activity such as security threats inappropriate Web use and bandwidth levels is an essential component of network security ViewPoint Reporting complements SonicWALL s Internet security offerings by providing detailed and comprehensive reports of network activity The ViewPoint Reporting Module is a software application that creates dynamic Web based network reports The ViewPoint Reporting Module generates both real time and historical reports to offer a complete view of all activity through SonicWALL Internet security appliances Wit
248. ist of SonicWALL Aventail SSL VPN or CDP appliances in your ViewPoint installation You must manually configure these appliances for SonicWALL GMS management See the Configuring Appliances for GMS Management section on page 364 for detailed instructions on enabling SonicWALL GMS management on these appliances SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading from ViewPoint to GMS When ready click Proceed ViewPont Upg ait Too Shep 2 LPE agatos Tee rehoe ac wales 12 ales MA Cov aLa ia os Ue eestor UE ot afoot paaie Wo seems Gt Tie ets wm Ne lewd Las ia oo Ete a omen ina ge weeny L ter aa sieg Wlemsel Mind apmatinnn Sate mt appien ast PRA mig Res aana Dre ERS apse LO paaa GH Automatic Configuration Following ist shows af the UTM appkances currently in the system These applances can be automaticaly configured to support GMS Appliance Name Applance Serial Number NSA 240 0017 5269510 NSA J900 QO17CS1C055C Manual Configuration Folowing bt shows af the ron UTM appiarcos currently in the system Thea apples need manual Configuration to apport GMS Appliance Narre Appice Sod Eng Tost 00068127503 Ct praan ito nan ram 4 When the configuration finishes the ViewPoint Upgrade Tool displays the completion dialog box Click Close to log out of the console and restart the system Viewpoint Upgrade Tool You have completa the upgrade procedure piae cick Close button to logout the cormole and reb
249. ither disable the firewall or manually open the syslog and SNMP ports and to ensure that these ports are open on your network gateway or firewall Click OK Sysiogs SXMP Capture x x Systogs SNMP Capture If you have a Personal Firewall software running on thts system please ditable it for proper functioning of thie product Aernstively you should enable ports ter Sysiogs typloally 614 Sysiog Formartieg trpically 29007 and SWMP traps typically 102 om the Pantanal Firewall Also If vow plan be enable sey termote appliance for HTTPS Management you wall need to contigure the Firemail steva in front of this system to fomvaid UOP Systeg pect 614 ane SNMP pect 102 pachets to this system Otherwise thts Universal Management sytem wili not receive any Bypitegs and SHIMP traps for it peoper tenctionang C 7 The Important Registration Information screen provides the URL for access to the SonicWALL ViewPoint Universal Management H ost system interface after upgrade completion as well as information about registration The default URL for accessing the interface from the local system is http localhost 80 The default credentials are User name admin Password password To register for a SonicWALL ViewPoint installation enter the word VIEWPOINT instead of a serial number when you register the product on MySonicWALL Click N ext 8 The final installer screen contains the path of the installation folder and war
250. k to from report page 118 schedules 98 resending 86 search bar 116 118 components of 123 operators 125 Security D ashboard reports 159 serial number 353 GMS 114 services enabling disabling 36 Services reports 189 sessions managing 65 settings inactivity timeout 51 pagination 51 password 51 website exclusion list 53 severities 97 signed applets 21 SMTP settings 34 355 SonicWALL ViewPoint 6 0 Administrator s Guide SN MP port 339 SQL authentication mode 369 status viewing 17 summarizer configuring reports to create 137 instant summary reports 76 using Summarize Now 76 summary report customizing 148 syslog port 339 port number 370 system requirements 337 system interface T deployment options 31 deployment role 32 deployment services 36 HTTP S settings 34 overview 24 SMTP settings 34 system administration 28 system diagnostics 30 system licenses 26 system settings 25 system software 29 system status 26 thresholds 98 timeout inactivity settings 51 TreeControl collapsing hiding the pane 20 128 menu 20 troubleshooting 368 370 reports no data 156 U UMH interface deployment options 31 deployment role 32 deployment services 36 HTTP S settings 34 overview 24 SMTP settings 34 system administration 28 system diagnostics 30 system licenses 26 system settings 25 system software 29 system status 26 uninstalling 369 unit view 121 Universal Managem
251. l com in the Enter Upgrade Key field Click Apply Restart the SonicWALL for the change to take effect Installing Universal Management Suite This section provides the procedures to install the SonicWALL Universal Management Suite UMS software To install the SonicWALL UMS software perform the following steps 1 Log on to your SonicWALL ViewPoint management computer as administrator Windows Run the SonicWALL ViewPoint installation file sw_gmsvp_win_eng_6 0 xxxx xxxx exe where xxxx represent the exact version numbers It may take several seconds for the InstallAnywhere installer to initialize InstallAnywhere 4 Install nywhere is preparing to install Cancel C 1997 2008 Acresso Software Inc and or InstallShield Co Inc SonicWALL ViewPoint 6 0 Administrator s Guide Installing Universal Management Suite Wa 3 In the Introduction screen click Next SonicWALL Universal Management Suite 6 0 e 1 l InstallAnywhere will guide you fhrough the installation of SonicWALL SONICWA LL gt Universal Management Sule 6 0 Use the Next button to proceed 10 Me next screen you want to change someting in a previous screen click the Previous button You may quit he installer at any time by clicking the Cancer button bralelriyatiere cance 4 Inthe License Agreement screen select the radio button next to I accept the terms of the License Agreement Click N ext
252. ld blank to view all messages Select the number of entries to display per page from the Results Per Page field Click Generate Report The Log Viewer Results page displays Log Search Resuts fer May 1 2007 G0 0900 tn May t 2007 23 5959 es af SO1Q007 191147 UTT 17 uM e WAN WA Search through the entries to find the information for which you are searching To view the next page of entries click Next To generate another report click Search again in the Log Viewer tree SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 16 SSL VPN Reporting This chapter describes how to manage SonicWALL ViewPoint SSL VPN reporting by customizing and defining scheduled reports and summarization for SSL VPN appliances For details about viewing specific SSL VPN reports see Viewing SSL VPN Reports on page 299 This chapter contains the following sections e SSL VPN Reporting Overview section on page 293 e Using and Configuring SSL VPN Reporting section on page 295 SSL VPN Reporting Overview This section provides an introduction to the SSL VPN reporting feature This section contains the following subsections e What is SSL VPN Reporting section on page 294 e Benefits of SSL VPN Reporting section on page 294 e How Does SSL VPN Reporting Work section on page 295 After reading the ViewPoint SSL VPN Reporting Overview section you will understand the main steps to be taken in order
253. ld from the table click the X icon in that row To sort the report pages by a different field than the default of Date Time select the desired field from the Sort by drop down list 8 To change the settings back to the defaults click Reset at the bottom of the Template Section Note that this will change the Date Time region and the Report Layout region back to default settings Summary Reports The Summary Report tab is available in the Report Layout region of the Template Section Report Layout Summary Report Top 5 Summary Report Summary Base Total telfic v SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using Custom Reports on UTM Appliances The Top drop down list provides selections for the number of entries to display in the report For example if the User field is selected below as a Summary Group and 5 is selected in the Top drop down list the report will provide entries for the top five users For all Custom Reports available numbers in the Top drop down list are 5 10 20 50 and 100 The Summary Base drop down list offers a selection of traffic types that will be used to determine the top usage for the selected field The Summary Base choices vary as follows depending on the type of Custom Report e Fora UTM Internet Activity report the Summary Base choices are Total traffic Received traffic or Transmitted traffic Fora UTM Website Filtering report the only Summary Base choice is Filtered Ite
254. le report _ Dip Reports eto a segic fe _ Password Protect the Zip File Pasewordk Logo fie Drowse a Cover Page Tithe z toreground Cator Background Color 000000 i FFFFFF E Subtite Foreground Cater Background Cater 030000 wo FEFFFF Ea Summary Raponi Page Choose the Summary Reports Status wi Add tanimum 4 reports can be chosen Configuring SSL VPN Summarization 1 On the SSL VPN tab navigate to Configuration gt Summarizer Settings The reports that can be summarized for a SSL VPN appliance are configurable at either global or unit level The screen displays the configuration appropriate for the level The report type lists can also be expanded for a detailed description of report content SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using and Configuring SSL VPN Reporting The report types you can summarize are shown below Report Types to be Summarized Report Description Y Bandwidth Provides Bandwidth usage reports Summary of Bandwidth usage over specified Summary Over Time time period Update Reset Data Storage Configuration Days To Store Summarized Data 15 Update Days To Store Raw Syslog Databases 10 Update Days To Store Raw Syslog Files 15 Update Note Deletion of old data occurs everyday at 14 30 To change the scheduled deletion time please go to the Console Panel gt Reports gt Summarizer screen Delete Syslog
255. lect the hour minute and second from the drop down lists These settings specify the most recent data to be included in the report for each day of the date range 6 To change the settings back to the defaults click Reset at the bottom of the Template Section Note that this will change the Report Layout region as well as the Date Time region back to default settings Static Date Range The Static Date Range selection allows you to specify the exact dates starting and ending times on the days in the selected date range for the log data to be used for the report You can specify a single date or a date range and indicate the exact hour minute and second for both the beginning and the end of the daily period for the report SonicWALL ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports amp A popup calendar makes it easy to select the Start Date and End Date for the date range as shown below Date Time p StatTime 09 v co w 00 Dynamic Oste Range Tocay v EndTme 22 v so 60 y Start Dete Stat Time 00 9 Si g Static Date Range Erd Date gt Report Layout Mon Tue Wed Thu Detailed Report s a7 Sect repor ekl sse Time v To specify a Static Date Range 1 Select a unit for which Log Viewer is enabled and then navigate to the page under Custom Report for the report type you want 2 Inthe Template Section under Date Time select the Static Date Range radio button Click the Start Da
256. liances View general unit status license status and syslog settings View the SonicWALL security dashboard Dashboard reports display an overview of bandwidth uptime intrusions and attacks and alerts for connected SonicWALL UTM appliances The Security D ashboard report provides data about worldwide security threats that can affect your network The Dashboard also displays data about threats blocked by the SonicWALL security appliance SonicWALL ViewPoint 6 0 Administrator s Guide Navigating the ViewPoint User Interface e View custom reports of Internet activity or Website filtering at the unit level Custom reports filter raw syslog data and you can specify start and end dates or a date range such as Week to date You can filter by user domain protocol traffic and full URL categories depending on the type of custom report The search template can be saved for use again later with the same appliance e View general bandwidth usage These reports include a daily bandwidth summary report a top users of bandwidth report and over time summary and top users reports e View a services report This report includes information about events and usage of protocols and megabytes View Web bandwidth usage These reports include a daily bandwidth summary report a top visited sites report atop users of Web bandwidth report a report that contains the top sites of each user and a weekly summary report View the numbe
257. lick the Save Template button Internet Activity A Save Tenuate ta 11014 memetAct users Save Cancet 2 Inthe popup dialog box type in a descriptive name for the template up to 40 characters The number of remaining characters allowed in the name is displayed below the input field and changes as you type 3 Click Save If you are in a Full Mode display of the Report Section you can verify that the template has been saved by changing back to Split Mode and viewing the contents of the Template drop down list SonicWALL ViewPoint provides access to your saved Custom Report templates on the Dashboard gt Summary page for the appliance See Viewing Custom Reports on the Dashboard on page 161 Viewing Bandwidth Reports Bandwidth reports display the amount of data transferred through one or more selected SonicWALL appliances These reports include the cost of consumed network bandwidth per 100 megabytes transferred through the selected appliances SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Bandwidth Reports W amp Bandwidth reports are an ideal starting point for viewing overall bandwidth usage You can view bandwidth usage view by hour day or over a period of days Additionally you can view the top users of bandwidth From this information you can determine network strategies For example if you need more bandwidth you might need to upgrade network equipment or you might simply need to cu
258. ling PD F Compliance Reports ccccssssssssssssssssesssssssssssesssessseessessssscssesssssssecssscsssccsseesnscesseessecees 144 Compliance Report Overview seecsesssssssseecsesssssssscsssecssscsssscssccssccesscsuscssscesscssscsasccssecesccsseeesecesseeessees 144 Adding a New Scheduled Compliance Report c scsssssssesssessssssscssessssecssssesccssessessssecssecesseaseeess 145 Customizing Your Detailed Reports Page ccssssssssssssesssesssssssssssscssecssscsssesssesesccessccescsssessseceseeasees 149 Chapter 15 Viewing Reports cccssseeecesseeeeeesseeeeeeseseeeeeseeeeeeenseeeeeeneseeeeees 153 Managing Report Settings ecseri ir e A E EET EARS 154 Editing Report Settings cecsssscsssssssssessssscsssessssssesssessssessnsessscssnsssusssscsanscssssssessssesssessnssasssssnsessecasees 154 Selectin ga Graphical Disp lity aA E ase asides es 154 Setting a Date or Date Range ssesssssssssssssssssessessscsssssscsscssscsssssscsscssscsssssessucssscesssssesscssecseeessesseess 155 Additonal Settings oreinen a a stead tases Wanovsed nate EREN 156 Troubleshooting Reports ssessssssssssesssssssecsssssssssssssssscssessssecssssessecsuccssecssscsssecsuscessessuesssecssecsaneeseeees 156 Viewing G eneral Status Reports scccssssssssssscssessssssssesssccssesssscsssscssccssssssscssecessecsuccssecsuscssscesecsseessseeseeess 157 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Dashboard Reports rea ec acu yuescelecosssl
259. ll similar reports during your active login session Viewing Web Usage Over Time The Web Usage Over Time report displays the daily amount of HTTP bandwidth and browse time handled by a SonicWALL appliance or all SonicWALL appliances for the specified time period To view the Web Usage Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Web Usage tree and click Over Time The Web Activity page displays Web Activity schedule OH print Date IE J Start 2007 04 23 Ene 2007 04 26 Je Searcn Moe Web Activity for April 23 2007 April 28 2007 Date Connections Browse Time hh mm ss Mbytes of MBytes i pian 12889 05 22 13 71 199 13 8 200 otat 12353 05 21 27 73 93 19 5 207 as 12597 05 17 25 57 806 17 9 x 4 The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time period 5 The table contains the following information y 202 4 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports W amp Date when the sample was taken Connections the number of connections or hits Browse Time number of hours minutes and seconds spent browsing non job function related sites on the Internet MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred during this day compared to the time period For
260. ly Enabled select the checkbox for that service and then click Disable Stop To start a service that is currently Disabled select the checkbox for that service and then click E nable Start To restart a service that is either Enabled or Disabled select the checkbox for that service and then click Restart SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 3 Adding SonicWALL Appliances This chapter describes how to add SonicWALL appliances to SonicWALL ViewPoint This chapter contains the following sections e Adding SonicWALL Appliances to SonicWALL ViewPoint on page 37 e Deleting SonicWALL Appliances from ViewPoint on page 39 Adding SonicWALL Appliances to SonicWALL ViewPoint SonicWALL ViewPoint checks with the SonicWALL licensing server when you add an appliance so it is important that ViewPoint has Internet access to the server SonicWALL ViewPoint can communicate with SonicWALL appliances through HTTP or HTTPS See the following sections e Adding SonicWALL Appliances on page 38 e Modifying SonicWALL Appliance Settings on page 39 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Adding SonicWALL Appliances to SonicWALL ViewPoint Adding SonicWALL Appliances To add a SonicWALL appliance using the SonicWALL ViewPoint management interface follow these steps 1 Click the appliance tab that corresponds to the type of appliance that you want to add UTM or SSL VPN 2 Right
261. m ViewPoint to GMS Upgrading from ViewPoint to GMS SonicWALL ViewPoint installations have the option of upgrading to SonicWALL GMS without reinstalling You can start a 30 day Free Trial of SonicWALL GMS by clicking a button or link in either the ViewPoint or Universal Management Host interface and following a simple procedure When you are ready to finalize the upgrade your SonicWALL reseller can provide you with the license key for a seamless transition to SonicWALL GMS When five or more registered devices are connected to SonicWALL ViewPoint reporting the Try GMS Free 30 Days button appears next to the tabs at the top of the SonicWALL ViewPoint management interface Fa vwa s e You can also start the Free Trial by clicking Manage Licenses on the System gt Licenses page of the Universal Management Host interface and then clicking the Try link SONICWALL UMH 5 1 E E X a System License Management Raus Ucansat Smis Minber D0401022F00T ASTES ations Security Service Statue Free Trial Manage Service Count Exp e ation Saltire Goba Managerert Sytem Nek Laerned ly saz ede Casgnestics Verpoort Licensed United gt AD Deployment Retu lo Licerne Sesrenary For details on enabling the SonicWALL G MS Free Trial and purchasing the SonicWALL GMS upgrade license see the following sections e Enabling the GMS Free Trial from ViewPoint section on page 357 e Enabling the GMS Free Trial from the UMH Interface section
262. m the Type drop down list Add Component Manager Type Application Widget Application Widget Details Widgets Logs Current Sessions Title Items 5 100 Refresh Interval in minutes 5 1440 Add Cancel SonicWALL ViewPoint 6 0 Administrator s Guide Adding a Component Window amp 2 Specify what type of Widget you want in the component The Title will default to the Widget you choose but you may customize this if you prefer You also will indicate how many Items you want to be shown on the component window as well as the Refresh Interval In this example we will add a widget that monitors Logs displaying the latest five everyten minutes Add Component Manager Type Application Widget Application Widget Detail Widgets Logs Current Sessions Title Logs Items 5 5 100 Refresh Interval 10 in minutes 5 1440 Add Cancel 3 Click Add when finished specifying entries The component window is added to the SonicToday dashboard My Default Page Default Page Page My Default Page My Home Page Network Works Securty 19 fut gt X gt Kaspersky says hacking attack cid na damage gt 34 hours aga A b DPhietSenayk 1 6 5 gt 38 hours ago gt Detads of majer internet flaw posted by scaodent gt 38 hours ago gt The Langley Fies gt 3days ago gt african officals urge ine of TT fre chsaster man
263. med the most bandwidth and which domains they visited the most Report Section lt Spitt Mode gt Internet Activity ij Save Template 2 4 Pagel 1 Lear Oman Total trattic Dytes j 10 203 15 12 a 12014 4 170 1 s6251 5 RDO vune 2AN 04 212 170 118 1932 92 168 151 16 19 151 24 DE 226 00 9 192 168 151 21 10 192 168 151 245 GE 229 ii admin 19 15124 Ds sa7914 13 10 195 11 173 You can click on a bar in the chart to pop up detailed information just like the detailed report with all of the columns for all fields The report lists details about this Summary Group field only For example in the Internet Activity report if the Summary Group contains the User field and you click on a bar for one of the top users the report displays the date and time of all Internet activity for the user and includes data for every field available for detailed reports A scroll bar is provided along the bottom of the Detailed Information window to allow viewing of all eight fields plus the date and time column SonicWALL ViewPoint 6 0 Administrator s Guide Using Custom Reports on UTM Appliances W amp The Detailed Information window is shown below Report Section lt Splil Modes Internet Activity jivetorete G A amp Printing a Page or Exporting the Report as a PDF or CSV File To print the current page of the report click the printer icon at the top of the Report Section Your normal print dialog box pops up This pri
264. mouse is moved away from the control bar When AutoHide is turned off the control bar always appears on the SonicToday dashboard To turn AutoHide on click the Off icon To turn AutoHide off click the On icon Page Selector Whenever the number of pages added to the SonicToday dashboard exceeds five a page selector bar appears at the top of the main window with left and right arrows The arrows can be used to scroll across different pages in both directions By default the selector is scrolled to a point where the default page appears on it Any page can be selected by clicking on the page title SonicWALL ViewPoint 6 0 Administrator s Guide Other Features Component Height Resize The height of a component can be increased and decreased by stretching or shrinking the resize cursor on the status bar when the mouse is moved over the status bar p internet Hews 10 Edt X p Yahoo Icahn Declare Cease fire in Proxy War gt SAP Shutters Division Amid Orade Lawsuit Facehonk Revamp Targets Spam Privacy Issues gt Apple Investors to Look for Clues on Jobs Meskh P Yahoo Icahn Settle Marosalt CA gt 15 Open Souree Developmert insecure gt Are Enterprises Effectively Tapping the Socal gt Is Open Source Developrrert Inseure gt NTT Donates vs Bandwicth to Open Sourre gt Tech Stocks Follow Microsoft Google Lower T Manual Refresh Aside from the automatic refresh which you configure in t
265. ms Below the Top and Summary Base fields you can create one or two Summary Groups from the choices listed on the left side The Summary Groups choices vary as follows depending on the type of Custom Report e Fora UTM Internet Activity report the choices are Total traffic Received traffic or Transmitted traffic e For a UTM Website Filtering report the choices are Category Domain or User To select a field for a Summary Group simply drag and drop the desired field from the list to either the Level 1 Summary Group or Level 2 Summary Group boxes When the field name is dragged to one of these the operator drop down list and filter input value field are displayed allowing you to specify values to match when the data is searched See Filter Operators on page 175 for a description of each operator Either the Level 1 Summary Group field or the Level 2 Summary Group field can be used alone the resulting report will look the same in both cases When both the Level 1 and Level 2 Summary Group fields are populated the report will display the top entries for the Level 2 field for each of the top entries for the Level 1 field For example if User is dragged to the Level 1 Summary Group and Domain is dragged to the Level 2 Summary Group and 5 is selected in the Top drop down list the generated report will display the top five domains visited by each of the top five users To configure a summary report 1 Select a unit for whi
266. n Date when the sample was taken SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing Application Firewall Reports Connections number of attempted connections logged and possibly blocked by Application Firewall Mbytes megabytes of data transferred during the connections 5 To change the date of the report click the Start and End fields to access the drop down calendars select the desired dates and then click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing Application Firewall Top Applications The Top Applications report displays the applications that were most logged and or blocked by Application Firewall on the specified date The Top Applications report is available at the unit level To view the Top Applications report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Application Firewall tree and click Top Applications The Top Applications page displays Top Applications Schedule Print ppkenian y Eqasa v Start 4 2009 11 27 Searcn Top Applications for Hovernber 22 2009 With or Application Name Connections MUytes acbon Type i HTTP 297 nia No Action 4 The table contains the following information Application Name the type of application such as HTTP FTP and soon SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Application Firewall Reports
267. n page displays LE 2 Orspizying records t lcf 1 Prev Next Time Souico 4 The table contains the following information User the user name Time time the user logged in 5 The ViewPoint Reporting Module shows yesterday s report To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar See Managing Report Settings on page 154 6 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Authentication Reports W amp Viewing the Administrator Login Report The administrator login report shows successful administrator logins during the specified day This report is useful for identifying misuse and unauthorized management of a SonicWALL appliance To view the Admin Login report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Authentication tree and click Admin Login The Admin Login page displays ST 2 2 4 The table contains the following information User the user name Time time the user logged in 5 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar See Managing Report Settings on page 154 6 When you are finished click Search The ViewPoint Reporting Module displ
268. n 114 31m 14 2705 al Report Name Erection Time Web Usage Users By Ske O3h 49 20 153 Web Usage Stes By Category Oh 26m 2255 The Summarizer Status screen provides performance metrics for your network administrator to plan design and expand your ViewPoint server deployment This feature has information on the Syslog Collector and Summarizer metrics The Summarizer metrics are available only for ViewPoint deployments that have Distributed Summarizer enabled enabled by default on ViewPoint 5 1 The metrics are available for the past 24 hours past seven days and past 30 days These metrics are reset to zero every 24 hours for daily metrics every seven days for weekly metrics and every 30 days for monthly metrics Weekly metrics are not shown unless the data collection for weekly metrics started earlier than the daily metrics Similarly monthly metrics are not shown unless data collection for monthly metrics started earlier than for daily and weekly metrics ViewPoint will not display metrics for a component if the daily statistics collection started more than 26 hours earlier This generally indicates that the component is not active SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer Status Wa You can receive alert emails when Summarizer Status shows any abnormalities To reach the Summarizer Status screen navigate to the Console panel of ViewPoint and then to Diagnostics gt Summarizer Status The Summarizer Sta
269. n Split Mode and Full Mode o cesssesssscssscssesssescsscsssecsscssseessesssnscssessessseesseeeseees 308 Configuring the D ate and Time for Custom Reports csessssssssssssssecssscsseccsscssecssesseessseessecsses 311 Configuring the Report Layout and G enerating the Report ccsecsssssssessecssesssesssecsseesseessesenes 314 Generating the Custom Report cccccssecsssssssesssssssessecsssesssesssscsssccssssssscesscssseesuccssecsussesseesseceseseseenes 320 Viewing Custom Report eisssiscsvcrisiecaisccvacsstecsheadscdisseuecsachsasravetnaachuadssesvacenestaseaesurdesconsdenectaaaativartincse 321 Printing a Page or Exporting the Report as a PDF or CSV File wu csessssscssseceseeceseccssecessncesnee 323 Saving the Report Template cccccsscssssssssssssssssssssecssesssesssessssssssesssccssecssssesssesecssscsssecsueeescessnecsaseesse 324 Viewing SSL VPN Resources Reports sscsssessseccsessecssecsseccseccsscccscesuecsueessscssscesncesuseescecsueeseesuesuesees 325 Viewing SSL VPN Resources Summary Reports c ssssssssssessssssssecseessessessussssssuecesssuessscsneersesees 325 Viewing SSL VPN Resources Top Users Reports cssscsssssssssssssessessssssessessssssussesssesssseensersesees 327 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing SSL VPN Authentication Reports cssecsssssseessessssssssessscsssecssescsscssecsssssssssssecescesseessecessesseeeses 330 Viewing SSL VPN User Login Reports ccssesssssesesscss
270. n Web Event Consolidation is disabled multiple syslog events are logged for one request For instance a single access to www cnn com can generate more than 70 syslog messages Many of the 70 syslog messages refer to the links to other pages like images cnn com or video cnn com that are included in the Web page In this simplified example if Domain Only consolidation is SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Summarization Data for Bandwidth Reports Wa selected then only one Web event is recorded cnn com If Host amp Domain is selected then you would see three Web events You would see all 70 Web events if consolidation was not enabled at all To enable Web event consolidation and resolve unrated categories perform the following 1 On the UTM tab expand the Configuration tree and click Summarizer Settings Scroll down to the Reports Summarization Data for Top Usage section Select the Enable Web Event Consolidation checkbox to consolidate repetitive syslog event entries within the syslog database and then select one of the following levels of consolidation Host amp Domain More restrictive less consolidation Domain Only More general more consolidation Optionally select the Resolve Not Rated categories using message comparison checkbox If enabled ViewPoint will attempt to categorize unrated items by comparing them to rated items and will display the results in reports Cl
271. n all other reports default 20 Select the number of entries per item to display in all other reports default 20 7 Under Inclusion Filter Parameters enter a comma separated list of sites to include in By Site reports in the Site List field 8 Enter a comma separated list of users to include in By User reports in the User List field 9 To include the user s full name and IP address in the report select the Whole Name IP checkbox 10 For Bandwidth Usage reports select the source from the Source Interface drop down list 11 For Bandwidth Usage reports select the destination from the Destination Interface drop down list 12 Click the Update button to apply changes The new report will appear in the list on the Scheduled Reports page Selecting Reports for Summarization This section describes how to tune the performance of the Summarizer by configuring which reports will be created When an appliance is configured to communicate with ViewPoint you need to prepare it for syslog data collection for reporting Make sure the summarizer is collecting data for the reports you want for this unit To configure the Summarizer settings perform the following steps 1 Click the UTM tab SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Inheritance for Reporting Screens 2 Expand the Configuration tree and click Summarizer Settings The Summarizer Settings page provides a list of reports and a correlatin
272. n by clicking the Schedule link or its clock icon in the upper right A quick access link to your system s printer is also available in the upper right corner To print the report click the Print link or icon To access the display settings for the report click More Options to the right of the search bar The SonicWALL ViewPoint reporting feature provides the following configurable reports Table 3 Configurable Reports General Provides general unit and license status Dashboard Provides a high level activity summary Custom Report Provides Internet Activity and Website Filtering reports with details from raw data Custom Reports are only available at the unit level Bandwidth Provides bandwidth usage reports Services Provides events and usage by service protocol Services reporting is only available at the unit level Web Usage Provides Web usage reports Web Filter Provides web filter event reports FTP Usage Provides FTP usage reports Mail Usage Provides mail usage reports VPN Usage Provides VPN usage reports Attacks Provides attack event reports Virus Attacks Provides virus attack event reports Anti Spyware Provides spyware event reports Intrusion Prevention Provides intrusion event reports Application Firewall Provides Application Firewall reports Authentication Provides login reports SonicWALL ViewPoint 6 0 Administrator s Guid
273. n screen is displayed Enter your MySonicWALL credentials in the appropriate fields and log in SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading from ViewPoint to GMS 3 On the next page click the Try link in the Free Trial column for Global Management System SONICWALL UMH 5 1 000 amp Srtem License Management awn i Sers Munder OO401022FDOC Atirar A Secuntty Service Matin free trial Manage Service Count beeper alton Sethenge Gebel Management Syam Mot Licensed In Waai Daagnostics Vart Laares Urlented gt AP Deployment Betun to Leerne Senmary i 4 From this point the upgrade process continues with the same steps for access from either the SonicWALL ViewPoint interface or the Universal Management Host interface To continue the procedure perform the steps in the Completing the Free Trial Upgrade section on page 360 Completing the Free Trial Upgrade This procedure provides the common upgrading steps for access from either the SonicWALL ViewPoint interface or the Universal Management Host interface To get to this point in the process follow the steps described in one of the two preceding sections e Enabling the GMS Free Trial from ViewPoint section on page 357 e Enabling the GMS Free Trial from the UMH Interface section on page 359 To continue the upgrade perform the following steps 1 In the ViewPoint Upgrade Tool page click the Continue button Viewpoint Upgrade Too Step
274. n sieves ecesvacecssacesseed essay scsossted cesta eceasietecezectoo s 368 FT POUb eSHO OtLrig TS Fs sere cseescsscassessusesaesssscadeesi ces saessocauniss E O EA 370 Appendix B Technical Tips seccceccscisiiasseessecedeinsactenanvaadaudsnneanabstwccessaasinataaensawetaieas 373 LOG V VOWEL oaaniani aa On T R RS SO E E OONN 373 Real time Syslog Viewer sssssssssssessssssseesssssssssssessscsssscssessssscssecesecssecsuscssucsssecasscssecsuscesscasscsessecssesesncesseessss 375 Forwarding Syslog D ata to Another Syslog Server sesssssssssssssssssssessessssscsseccsscssecssecsssessescesscasecceseeass 376 Posting ViewPoint Reporting to Another Web Server for End User ACCESS sssssssssssesssseesseeesseecs 377 NAO eects let vets aa veces cuvcwd avdius sauces s sue sunnsvedensd induidadshsucietodeveaentedsreehsnduettne ese 379 SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 1 Introduction to SonicWALL ViewPoint This chapter provides an overview of SonicWALL ViewPoint and information about the user interface See the following sections SonicWALL ViewPoint Overview on page 9 SonicWALL ViewPoint Installation on page 10 Accessing the Correct Management Interface on page 11 Navigating the ViewPoint User Interface on page 13 ViewPoint Views and Status on page 17 Using the ViewPoint TreeControl Menu on page 20 About Signed Applets in SonicWALL ViewPoint on page 21 SonicWALL ViewPo
275. n the Template Section and clicking the Generate Report button the report is displayed in the Report Section The Report Section is displayed in the lower half of the page under the Template Section this layout is called Split Mode You can easily toggle between Split Mode and Full Mode Full Mode can be used to display only the Template Section or only the Report Section in a full page view SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using SSL VPN Custom Reports The Report Section displays the report and provides controls for pagination printing and exporting the report in PDF or CSV format You can also click the Save Template button in this section if you want to save the settings for this report as a template for reuse later See the following sections for detailed information Toggling Between Split Mode and Full Mode on page 308 e Configuring the Date and Time for Custom Reports on page 311 e Configuring the Report Layout and Generating the Report on page 314 e Generating the Custom Report on page 320 e Viewing a Custom Report on page 321 e Printing a Page or Exporting the Report as a PDF or CSV File on page 323 e Saving the Report Template on page 324 Toggling Between Split Mode and Full Mode The Custom Report page contains two main sections the Template Section and Report Section which can be displayed together or independently depending on the mode SonicWALL
276. nabling Report Table Sorting section on page 72 Summarizer Settings and Summarization Interval SonicWALL appliances send their syslog packets to SonicWALL ViewPoint via UDP packets When summarization is enabled the Summarizer will process those files and store the data in the summary databases at the interval you specify SonicWALL ViewPoint 6 0 Administrator s Guide amp Summarizer See the following sections e Enabling Report Summarization section on page 74 e Setting the Reports Data Summarization Interval section on page 74 e Using Summarize Now section on page 76 Enabling Report Summarization To globally enable the summarization of report data which is necessary for viewing reports perform the following 1 On the Console panel navigate to Reports gt Summarizer 2 Under Summarizer Settings select the Enable Report Summarization checkbox 3 Click Update Setting the Reports Data Summarization Interval The Summarizer will process syslog data sent from SonicWALL appliances and store the processed data in the summary databases at the interval you specify When an appliance is configured to communicate with ViewPoint you need to verify that the summarizer is scheduled to collect and process data for this unit at an appropriate interval To configure reports for summarization see the Selecting Reports for Summarization section on page 137 in the Scheduling and Configuring R
277. nd are consolidated into the syslog database The Summarizer processes the syslog data and stores the processed data in the summary database After summarization and after the configured period of syslog storage the syslog data can be periodically deleted from the system This is necessary as the syslog files and database can consume a lot of space on the file system This section of the the Summarizer page also provides a way to delete summarized data for a certain date For example if summarized data is kept for a long time such as 90 days then you could use this option to remove some summarized data from a particular date within the 90 day period if the stored data was becoming too large SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer Tip Run your database maintenance jobs soon after the completion of the scheduled tasks configured on this page for summarizing data and deleting old syslog data For information about setting the number of days to store syslog files the syslog database and the summary database see the Configuring Data Storage Settings section on page 139 ViewPoint requires large amounts of disk space for raw data storage In previous versions the maximum raw syslog database size was 2 GB ViewPoint now provides enhanced database capacity by creating a new 2 GB database everyday Each file name includes the date it was created for easy reference Raw syslog data is used to create Custom R
278. nd click By User The By User page displays Top FTP Sites By User i Schrdule Print veers v Cass v Top FIP Sites ly User for Apr 27 2007 Users Events MBytes Tota 55 pen 100 0 4 The pie chart displays the percentage of bandwidth used by each user To view the sites visited by each user expand the user s site tree indicated by a sign 5 The table contains the following information SonicWALL ViewPoint 6 0 Administrator s Guide Viewing File Transfer Protocol Reports Users the IP address of the user Events the number of FTP Events MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of FTP data was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 6 By default the ViewPoint Reporting Module shows yesterday s report a pie chart and the ten top users To change these settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Number of Sites per User Rows per Screen See Managing Report Settings on pa
279. nd then click Submit SONICWALL gt UMH 5 1 e009 v E sytem License Management State Send Number None saree ATTINET agen mrySonmieWALL com Login serg MYSONENALL COM E amp OAAS resource for regeterng al your GorcWALL Internet Security Appiances and managng ai Casgnoeocs your SorvcvALL security serve Oy ades and Marges sySorucWALL proves you WA an easy ts use nterface t9 to meant manage werviers and ung ades for made SorecvAL agghances For more nformason on ariel ieee eet fe 4 p EAD Ifyou Go not heave e mySoncvVal sccount clesse Cick Deve to ceste one Please enter your existing mySonci 4LL_ com username or ensi address and pessword below Lai Mdrees ter Pines Perrot Derr Od you forget your Liser Mane or Password Go to iting ewer sresorecwat com for help 5 In the next License Management page type VIEWPOINT all capital letters into the Serial N umber field and leave the Authentication Code fields blank Type a descriptive name for the system into the Friendly N ame field and then click Submit License Hanagement Serai Nurber None Enter your 12 character Software Serial Number Auterscabon Code and a Friendly Name For ViewPont Enter VIEWPOINT m Serial Number arc ignore Authentcasen Code Okkar f you have an 8 character Seniai Narbe Sew Nebo Astenacaton Code What to thn Prendy Mane Note The Friendly Name for this system will also be used as the name for the SonicWALL ViewPoint deployment As you
280. nformation Date when the sample was taken Dropped Packets the number of dropped packets of Errors the percentage of dropped packets on this day compared to the time period For example if 10 000 packets were dropped during the time period and 1 000 packets were dropped on Wednesday its of Attacks field will display 10 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Virus Attacks Reports Viewing Virus Attacks Reports Virus Attacks reports show the number of virus attacks that were directed at or through the selected SonicWALL appliance s Note All reports appear in the appliance s time zone If the selected appliance is not licensed for SonicWALL Gateway Anti Virus a sample report is displayed as shown below You can click the Click Here link near the top to view the global dashboard report showing all viruses and similar attacks currently being monitored by SonicWALL or click the link at the bottom of
281. nformation of the users who have been browsing the site Click the Plus sign to the left of the Site to show details and then hover the mouse over a user A sticky tooltip will display with a link to the corresponding user report page 6 By default the ViewPoint Reporting Module shows yesterday s report a pie chart and the ten top users To change these settings use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Number of Users per Site Rows per Screen See Managing Report Settings on page 154 8 Search for Web site addresses in the Search Bar fields When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Viewing Blocked Sites Sorted By Category The Web Filter By Category report displays the top categories of Web sites that were accessed by users To view the Web Filter By Category report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide amp Viewing Web Filter Reports 3 Expand the Web Filter tree and click By Category The By Site page displays CL 22 2 Agere No Adopts 4 The table contains the following information Category the Web site category Attempts the number of attempts the user made to access each Web site of
282. ng SSL VPN Resources Reports 3 Expand the Resources tree and click Summary The Resources Summary page displays Resource Summary CI schedule LE print Resource he Equals v Start 4 2007 06 20 gt Search Resource Summary for August 20 2007 TarSacever 6 HTTP 54 r HTTPS 98 NetErtender 68 Resource Nome Connections HTTPS 98 2 Net xtender 68 HTTP S4 4 POPS Active 4 TOTAL 226 4 The graph displays the number of connections used by each service or protocol during the day 5 The table contains the following information SonicWALL ViewPoint 6 0 Administrator s Guide Viewing SSL VPN Resources Reports W amp Resource name the service or protocol Connections number of connection events or hits 6 To view the user detail for a particular resource click the resource slice in the pie chart or the resource name in the table to drill down for this information User Detail for NetExtender oak User Detad for Pay 10 7009 g SA tehessen 25 To return to the Resources gt Summary page click the Go Back button To change the date of the report use the Search Bar and click the Start field to access the drop down calendar 9 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date Note This date setting will stay in effect for all similar reports during your active login session Viewing SSL V
283. ng steps 1 Click the UTM tab and select a SonicWALL appliance 2 Expand the Configuration tree and click Scheduled Reports The Scheduled Reports page displays Add Additional Scheduled Reports Add Scheduled Report Summary of Scheduled Reports f select Al GeO ded Raporte I Detete Setecied Scheduled Reports Disat e Selected Scheduled Reports inate Selected Scheduled Reports 1D Enabled Report Kame Report Type Emad Archive Do Single t e 1 SERVICES ABSORPTION REPORT Jobs Daly Reports ves Neo wo yes 3 On the Scheduled Reports page to add a new scheduled report click Add Scheduled Report See Adding or Editing a Scheduled Report on page 135 4 To edit a report click the pencil icon in that row See Adding or Editing a Scheduled Report on page 135 5 To delete a report select the checkbox in that row and then click Delete Selected Scheduled Reports 6 To disable a scheduled report select the checkbox in that row and then click Disable Selected Scheduled Reports 7 To enable a disabled report select the checkbox in that row and then click Enable Selected Scheduled Reports 8 To select all reports in the list click Select All Scheduled Reports SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Scheduled Reports W amp Adding or Editing a Scheduled Report You can add a new scheduled report or edit an existing one on the UTM panel on the Configuration gt Scheduled Reports scr
284. ng the SonicWALL ViewPoint application interface SonicWALL Universal Management Suite UMS automatically downloads the latest Java Plug in SonicWALL UMS services use JRE 1 6 For the Web server SonicWALL UMS uses Tomcat 6 0 20 Browser Requirements e Microsoft Internet Explorer 6 0 or higher e Mozilla Firefox 2 0 or higher e Pop up blocker disabled SonicWALL ViewPoint supports SSL 3 0 TLS 1 0 for HTTPS direct login to SonicWALL appliances from SonicWALL ViewPoint For enhanced security across a SonicWALL ViewPoint network for installations that must comply with stringent regulatory compliance and account management controls as found in such standards as PCI SOX or HIPAA the following browsers have SSL 3 0 TLS 1 0 as standard encryption protocols e Microsoft Internet Explorer 7 0 or higher SonicWALL ViewPoint 6 0 Administrator s Guide About Installing and Upgrading SonicWALL ViewPoint e Mozilla Firefox 2 0 or higher Hardware Requirements The hardware platform where SonicWALL ViewPoint is installed must meet the following requirements e x86 environment 3GHz or faster single CPU Intel processor e Minimum 2 GB RAM e Atleast 100 GB of free disk space Note Ensure that the drive where SonicWALL ViewPoint is installed has ample space to store the SonicWALL ViewPoint log files SonicWALL ViewPoint requires large amounts of disk space for database storage In early versions the maximum raw syslog database size
285. ng the site Click the Plus sign to the left of the Site to show details and then hover the mouse over a user A sticky tooltip will display with a link to the corresponding user report page 6 The ViewPoint Reporting Module shows yesterday s report and all Web sites To change the date of the report or Web sites displayed use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Chart Types you can set Number of Sites Number of Users per Site Rows per Screen See Managing Report Settings on page 154 8 To display a limited group of sites enter the sites in the Search Bar fields Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 9 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing Web Usage By Category The Web Usage By Category report displays a list of the top Web site categories the number of hits to each category the amount of data transferred and the percentage of data transferred To view the By Category report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administra
286. nicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Anti Spyware Reports Wx 3 Expand the Anti Spyware tree and click Over Time The Over Time page displays ae L NS bo Category _ Attempts _ of Attempts Total 2100 100 0 4 The bar graph displays the number of spyware attempts that were made during each day over a specified time period 5 The table contains the following information Date the date for which the summary is provided Attempts the number of times the spyware attempted to infect the device during a specific date of Attempts the percent of attempts the current spyware entry comprises as a portion of the aggregate number of spyware attempts on the device during a pre set time interval 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Anti Spyware Reports Viewing Spyware Attempts By Category Over Time You can generate reports that display the spyware activity by c
287. ns you that the Universal Management Suite Web page will be launched next Click Done In the SonicWALL ViewPoint login page enter the same credentials for User and Password that you had in your earlier version prior to the upgrade SonicWALL ViewPoint 6 0 Administrator s Guide Registering SonicWALL ViewPoint Registering SonicWALL ViewPoint SonicWALL ViewPoint registration is performed using the Universal Management Host system management interface The first time you log into the system interface the System gt Status page will display a Registration Pending notification at the top of the screen and the Register button will be available in the top right corner of the interface SONICWALL UMH 5 1 08006 i E Syston AY heyst aton Perrin Ct Ergai to compiete he regad ation for the management ssir Information Suta Status ikerars General Lemat aor nare SOMCWALL Urvversal Management Host Sena tember N Setengr verpon 1 124 1490 Wednesday Apri 15 2009 04 52 55 AM POT erne ee Dragrosics Role gt Decdoyment system Host Nane AP SWEIGAID 090206 172 16 11 233 Curent Tine Agr 15 2009 12 49 17 PM POT Operating system Windows A gt 86 5 1 ov Ite Pentum M 1 73 Gor cow instal Orrve 17 20 G of Tote 55 38 CE Syilogs Dive 17 3 of Total 55 88 C5 Getting Started Open Getting Started Instructiones In Mew Window SonicWALL ViewPoint must be registered before you can use it To complete registration Son
288. nt 2 In the warning message that displays click Yes The SonicWALL appliance is deleted from ViewPoint SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 4 Using the SonicToday Panel This chapter introduces the SonicToday panel in the SonicWALL ViewPoint management interface This section includes the following subsections Overview of the SonicToday Panel section on page 42 Editing a Component Window section on page 42 Adding a Component Window section on page 44 Adding More Pages section on page 47 Editing and Deleting Pages section on page 48 Other Features section on page 49 SonicWALL ViewPoint 6 0 Administrator s Guide Overview of the SonicToday Panel Overview of the SonicToday Panel Using RSS and AJAX technology SonicToday is a tab intended to work as a customizable dashboard where you are able to monitor the latest happenings with your SonicWALL ViewPoint 6 0 deployment your network the IT and Security World as well as the rest of the world Upon initial login you see a default SonicToday tab You are able to further customize this page by configuring and adding preferred components SONICWALL gt ViewPoint 6 0 thy Detaut Page E AP f mtortammest Sows 5 q Thef iet Mealy Data T Ja i Editing a Component Window One customizable feature of SonicToday is the ability to edit the title of any given component window To do this 1 Cl
289. nt Reporting Click here to go to the General gt Status page and look under Not Licensed section for steps to resolve the issue EEN SonicWALL ViewPoint 6 0 Administrator s Guide Viewing General Status Reports Wa Figure 5 Appliance is Down Summary of Web Usage lor July 9 2008 No Date Available The appliance is down For more information Navigate to P olicies gt Status Figure 6 Appliance in a Provisioned State Web Usage Top Sites for July 9 2008 No Data Available The appliance s in prov sioned state For more information Navigate to romcies gt status Figure 7 Configured for Status Only Web Usage Top Sites for July 9 2008 No Data Available The appliance is configured to only send status messages For more nformation Navigate to Policies gt Management Viewing General Status Reports The General gt Status page contains information on the SonicWALL appliance or group of SonicWALL appliances To view the Status page perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing General Status Reports 3 Expand the General tree and click Status The Status page displays Unit Node QA CSM 2100 Info Model SonicWall Content Security Manager 2100 CF Sena Number 0000 4350 SoncOS CF 2 0 0 2 ic 0 0 14 233 Peofic Time US amp Canada taint Licensed Oefmit Status Messages Only No
290. ntrolled manner in which events are managed and alerts are customized and enabled On the Console panel GEM allows you to systematically configure each sub component of your alert in order for the alert to best accommodate your needs The GEM alert has multiple sub components some of which have further subcomponents It is not necessary to configure all sub components prior to creating an alert e Severities Severity is used to tag an alert as Critical Warning or Information Severities are included within each Threshold You can change the severity levels of the threshold elements listed on the Console gt Events gt Threshold page SonicWALL ViewPoint 6 0 Administrator s Guide 4 Granular Event Management Overview Thresholds A threshold defines the condition that must be matched to trigger an event and send an alert Each threshold is associated with a Severity to tag the generated alert as critical warning or information One or more threshold elements are defined within a threshold Each threshold includes the following elements an Operator a Value anda Severity When a value is received for an alert type the GEM framework examines threshold elements to find a match for the specified condition If a match is found one or more conditions match the threshold with the highest severity containing a matching element is used to trigger an event e Schedules You can use Schedules to specify the day s and time int
291. nts only the page that is currently displayed To export the entire report in PDF format click the PDF icon at the top of the Report Section A PDF file is generated showing the report results in table format To export the entire report in Microsoft Excel Comma Separated Value CSV format click the Excel icon 2 at the top of the Report Section A CSV file is generated showing the report results in spreadsheet format The PDF can contain a maximum of 10 000 records If your report contains more than 10 000 records you can use the Static Date Range fields to adjust the dates and regenerate the report to shorten its length You can save the PDF or CSV file using any filename and location SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Bandwidth Reports Saving the Report Template After generating the report you can save the settings for this report as a template for reuse You can select the saved template from the Template Section or from the Dashboard gt Summary page at a later time and use it to generate a report using the same settings For information about using the template on the Dashboard gt Summary page see Troubleshooting Reports on page 156 The template is saved for the currently selected appliance and for the specific user The saved template will not be available for other appliances or for other users To save the report template 1 In the Report Section in the upper right corner c
292. number of megabytes transferred 5 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 6 Under Report Display Settings you can set Number of Users Number of Sites per User Rows per Screen See Managing Report Settings on page 154 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing Web Usage Reports Note These settings will stay in effect for all similar reports during your active login session Viewing Web Usage By Category Over Time The By Category Over Time report displays a list of all users their top sites the number of hits to each site and the amount of data transferred for the specified time period To view the By Category Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Web Usage tree and click By Category Over Time The By User Over Time page displays Top Visited Web Sites By Category F Schedule Prist Category Hits of Moyles Total 67240 100 0 4 The table contains the following information Category the Web site category Hits number of hits to each Web site visited by the user MBytes number of megabytes transferred
293. o had the most resource activity and which protocols they used the most Report Section lt Split Mode gt Resource Activity Save Tercer G D i Paga 1 1 User Protocol Evert Court 1 mantuedocel Nia SSS S 2 Translation NaAgerk ee 3 FWRCA EEN s5 4 wa Bil gt E 6 orrmptiocl nja E Translation Hoagert ee 27 v NA E 9 E EN tia E u EWPCA E a 12 nja E 13 uneNowN el Auth N A fetta 12 14 NIA N 15 Translation Naagert j eel 6 You can click on a bar in the chart to pop up detailed information just like the detailed report with all of the columns for all fields The report lists details about this Summary Group field only For example if the Summary Group contains the User field and you click on a bar for one of the top users the report displays the date and time of all resource activity for the user and SonicWALL ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports amp includes data for every field available for detailed reports A scroll bar is provided along the bottom of the Detailed Information window to allow viewing of all four fields plus the date and time column The Detailed Information window is shown below Keport section lt Sptt Mode gt Resource Activity D netera S Detailed Information Page 1 2 Date Time User Destination IP Protocol 20012 07 16 35 maras iocal 127 0 0 TrorsiatioerNoagert 2009 12 09 16 narju KDiocal 127 0 0 TrammistionrNoAge
294. of network bandwidth usage If a large amount of VPN traffic occurs you might need to add bandwidth upgrade network equipment or reconfigure the VPN network Note All reports appear in the appliance s time zone Select from the following To view a summary of the daily VPN bandwidth usage see Viewing the VPN Usage Summary Report on page 239 To view the users who consume the most VPN bandwidth see Viewing the Top VPN Users on page 241 To view VPN bandwidth usage over a period of time see Viewing VPN Usage Over Time on page 242 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing VPN Usage Reports W amp To view the users who consume the most VPN bandwidth over time see Viewing VPN Usage Over Time on page 242 To view the users who consume the most VPN bandwidth over time see Viewing the Top VPN Users Over Time on page 243 To view VPN usage by policy see Viewing VPN Usage By Policy on page 245 e To view VPN usage by policy over time see Viewing the Top VPN Policies Over Time on page 246 e To view hourly VPN usage by policy see Viewing Hourly VPN Usage By Policy on page 248 e To view VPN services usage see Viewing the VPN Services Summary Report on page 249 Viewing the VPN Usage Summary Report The VPN Usage Summary report contains information on the number of VPN connections made through a SonicWALL appliance or all SonicW
295. ofle ptores Select an ewang rofe Create anew orofie trofi ime fered Vyeo Usage v Desorption Prowxies Garchredtth and Cost usage reports Provides Gata tarife by cervces reper ts Provides Wed utsge and browse Sme rapor Provides web fiter event recorts Provides FTP usage reports Provides Mal soze repo ty Proveles vna anad evert reports Prouides ornare event reports Provides Aopicasen Access emend repor ts Provides logn reports Subscroten Services Exoring LJ Susoipoon Services Dored Sisopton Servers pred A default cover page is provided SONICWALL Web User Profile Report Sampie Corporate Network SonicWALL ViewPoint 6 0 Administrator s Guide M Scheduling PDF Compliance Reports Verifying User Compliance Reports Configuration If you have chosen the PDF version of this report you now have the option to see a preview of the report covers you have created and how all of the report summaries you added will fit into that template To review your customize PDF settings click the Preview button Add Cancel Preview Figure 3 Cover page Summary page and Details page Preview Seeme y Tuus ce a z TS Note The images used for the preview do not use actual data SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 15 Viewing Reports This chapter describes how to generate reports using the SonicWALL ViewPoint Reporting Module The following s
296. ogs and password security settings You can set the schedule and server settings and the email alert recipient schedule and preferred format e Manage login sessions You can view the status of user sessions and if necessary end them e Configure report settings for sort options and maximum units with Log Viewer enabled Enabling Log Viewer allows custom reports for the system but is resource intensive e Control summarizer settings syslog and summarized data deletion schedules and host name resolution settings e Configure email archive settings and search settings for scheduled reports and manage data archiving e View summarizer diagnostics useful for capacity planning e Configure granular event management report settings including threshold schedule and alert settings e Configure Web services deployment settings and view Web services status e View the version number serial number and database information for SonicWALL ViewPoint and access links to all available tips and video tutorials ViewPoint Views and Status SonicWALL ViewPoint allows you to view status and reports for all appliances at once using MyReportsView or for a single unit at a time with the Unit view ViewPoint provides status information on the G eneral gt Status page of the UTM or SSL VPN panel SonicWALL ViewPoint 6 0 Administrator s Guide ViewPoint Views and Status MyReportsView is a grouping of all the appliances you ar
297. olicies cssssssssecssccssecessueessseccssecsssecssseecessccssneessueecssseessees 286 Viewing Authentication Reports ssscsssssssessssecsssscsssssssssccsssccsssscessescssscessucsssecsessessssecssseccsseeesuesesseeesses 287 Viewing the User Login Report cccccsssssssssssssesssesssesssessssscssscesccssscsssscssessucsssesssecsssccssecescesseseeesneees 288 Viewing the Administrator Login Report ccccsssesssesssesssecsssssssessecssecssessssesseecssecssscssscesseseseessees 289 Viewing the Failed Login Report scccccssssesssssssecssscsssscssesssscesscsseccsscssecsssccesssssecesseesecssscesscesseesseeess 289 Viewing the LOG aces czecwccssssessaas cul i tsousaspachsusbssvcala i T i T a dhe 290 Viewing the Log for a SonicWALL Appliance ssssssesssseessseccsseccssscessseesseecessecssneessneecesseessneees 291 Chapter 16 SSL VPN Reporting iss cccsiccaiicscctvccecsnceeecetadentdcevneicianwes enceeenasiveneed 293 SSL VPN Reporting OVErvieW sccsesssesssssssssssssssssscsssusssssssssssssussusssussesssussssssussussssesssssscssssassaussssscensesess 293 What is SSL VPN R pOrting cscscssccasscasescosSeoaced csdasdessdesseseieblaseiatdens cobs cevlepdussdasdens a 294 Benefits of SSL VPN Reporting cc ccscssssssssssessssssssessessssecssssssssssscsesscssecesscssuscescsssessecessecsseseseceseesee 294 How Does SSL VPN Reporting Work scccssessssssssssssessssscssesssscssesssecssscsssesssccssecsuecesscessecesessseeess 295 Using
298. on the selected report field and related filter value but not display the field as a column When you click on the Eye icon within a row the eye closes 5 to show that this field will not be displayed in the final report The filter value will still be used to filter results from the raw syslog database to apply towards the report For example you might specify the following Field Operator Filter Value Protocol http It would make sense to click the Eye icon to disable the Protocol field from being shown in the report since it would always just be http and would not add any interesting information to the final report Contrast this with simply specifying the Protocol field and leaving the Filter Value blank in which case you would want to enable the Eye so that this column would appear in the report showing a variety of protocols such as udp dns tcp http udp ntp or numbered protocols such as udp 389 the LDAP protocol or tcp 445 MS Server Message Block SMB file sharing Clicking the X icon under Options deletes the selected report field from the table so it will not be used to generate the report results nor will it be displayed in the report Use the X icon instead of the Eye when you do not choose to filter the report results based on the field SonicWALL ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports W amp The Detailed Report tab also contains the Sort By drop down list The list contains the Da
299. onfirmation dialog box click OK 4 You must restart the Web Server service manually after the backup is completed SonicWALL GMS 6 0 Administrator s Guide WA Database Maintenance SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 8 Managing Reports in the Console Panel This section describes how to configure reporting settings on the Console panel These include how often the summary information is updated the number of days that summary information is stored and the number of days that raw data is stored The following sections are included in this chapter e Settings section on page 71 e Summarizer section on page 73 e Email Archive section on page 81 e Scheduled Reports section on page 82 e Management section on page 87 Settings The Settings page under Reports on the Console panel provides a check box for enabling the sort option in report tables You can also specify the number of appliances which can have Log Viewer enabled at the same time See the following e Enabling Report Table Sorting section on page 72 e Controlling the Number of Appliances with Log Viewer Enabled section on page 72 SonicWALL ViewPoint 6 0 Administrator s Guide M Settings Enabling Report Table Sorting The Report Settings Options section of the Console gt Reports gt Settings page provides a checkbox to enable the sort option on report tables To enable or disable the s
300. ontains the following information Hour when the sample was taken SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Application Firewall Reports Wx Connections number of attempted connections logged and possibly blocked by Application Firewall Mbytes megabytes of data transferred during the connections 5 The ViewPoint Reporting Module shows yesterday s report To change the date of the report click the Start and End fields to access the drop down calendars select the desired dates and then click Search The ViewPoint Reporting Module displays the report for the selected day or date range Viewing the Application Firewall Over Time Report The Application Firewall Over Time report displays the amount of Application Firewall usage handled by a SonicWALL appliance or a group of SonicWALL appliances for the specified time period To view the Application Firewall Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Application Firewall tree and click Over Time The Over Time page displays Application Firewall Usage Over Time D cheda Gh brink Date vo v Sart 14 2003 11 17 Ena 2003 11 22 Search Application Firewall Usage Over Time for November 17 2009 tevember 22 2009 Connections 3 ee 11 18 2000 11102000 11202000 Date 1121 2000 112220 4 The table contains the following informatio
301. oot the box chae SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading from ViewPoint to GMS amp 5 The GMS login page appears and requests that you reboot the system Reboot the system If a reboot is not performed you may encounter problems with the correct IP Address appearing SonicWALL Global Management System Login 5 7 Ay Si tree tea upgrade procede w complete Peete miot the ynom uses Fasswond Sethi to syster terface 6 After rebooting log in with your ViewPoint credentials When you log in you will see a button displaying the number of days left in your Free Trial at the top of the page Seme Today IS Ma5 Free Ma TE Daa Lett 7 On the System gt Status page for connected appliances you can view the log entries for task synchronization and automatic addressing mode related to the G MS ale j xja E WA Ds sa Aah ome toe 19 dai SS New lacaMemain Saw a Statins bedorrnatiom bor Uret node NSA 248 t MA SO System Farasi Reis Premed Mixt SOrWALL NSA NOUM NOCE Tee Serial Marte 001705300510 n Louaonan Laerend hodas kagt ater Code PMM hinaan ato Provee Verner Sori Enhanced 52 0 1 210 Engh Jak ou F x S00 Mee Mpat Octhon Procepsce rder taker tants Into tember of LAN Py doned retest Settings Schadtes epee benten O AL K a ee 5 ot Mragrert CER ae tome LAN WAN OMT VPR PAR TICAST WLAN SSL vey CA Coah P serva nataas Laca Cathetan Managerit tment Prod tn D wee Wed An D6
302. op Users report displays the users who used the most bandwidth on the specified date and the correlating expense To view the Top Users report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Bandwidth Reports 3 Expand the Bandwidth tree and click Top Users The Top Users page displays Top Users of Bandwidth schedule Bian sAn fe Y e M Users v Eves v Start 41 2007 04 27 P Searen por Top Users of Bandwidth for Apri 27 2007 Users Connections Cost MBytes of MBytes 50 20 122 5 0 001 1 74 159 T 0 00 7 487 10 1 9 5 4 10 50 15 173 ga 0 001 5853 7 9 4 The pie chart displays the percentage of bandwidth transferred by each user 5 The table contains the following information Users the IP address of the user Connections number of events or hits Cost amount of the expense per 100 megabytes You can configure this in the Cost Per Mega Byte Bandwidth Use field in the Console gt Reports gt Summarizer screen MBytes number of megabytes of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during the day and 200 megabytes was transferred by the top user the of MBytes field will display 20 6 By default the ViewPoint Reporting Module shows yesterday s rep
303. option and any other report fields that you have selected from the eight data types The choice you select will be used to order the results in the report from the first page to the last The selection in the left drop down list is used for the first sorting then the selection in the right drop down list is used to sort and group the entries within each group resulting from the the first sorting SonicWALL ViewPoint 6 0 Administrator s Guide Using Custom Reports on UTM Appliances W amp To configure a detailed report 1 Select a unit for which Log Viewer is enabled and then navigate to the page under Custom Report for the report type you want 2 In Report Layout region of the Template Section of the Custom Report page select the Detailed Report tab 3 In the Select report field drop down list select a data type to include in the report and then click Add A row for this field is populated in the table below Repeat this step to add other fields 4 Optionally select an operator from the drop down list under Filter in a table row and type in or select an input value to be matched when the database is queried Repeat this step for other rows to add filter values for those fields 5 To prevent a field from appearing in the final report click the Eye icon in that row so that the eye appears closed To allow the field to be displayed in the report click the closed Eye icon to return it to normal appearance To delete a fie
304. ort TSR checkbox and then click Export Logs Configuring UMH Deployment Options This section describes the tasks you can perform on the Deployment pages of the SonicWALL ViewPoint UMH system interface See the following sections e Configuring the Deployment Role page 32 e Configuring Deployment Settings page 34 e Controlling Deployment Services page 36 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring UMH Deployment Options Configuring the Deployment Role In a SonicWALL ViewPoint installation the Deployment gt Roles page provides a way to configure the syslog port and the database settings and to test database cnnectivity A SONICWALL UMH 6 0 00o ES System Host Role Configuration v Bo t dente Singe Server Configurabon Roles neont Detats oo Syuloy Serves Purt 514 Seces Database Configuration Database Type sea Database Most 127 0 0 1 Database Port Database User te Database Password Confirm Ostabave Password Database Oriver Database URL __ lest Commectunty To set the syslog port enter the port number into the Syslog Server Port field Under D atabase Configuration to provide credentials with which SonicWALL ViewPoint will access the database enter the account user name into the Database User field and enter the account password into both the Database Password and Confirm Database Password fields SonicWALL ViewPoint 6 0 Administrator s Guide
305. ort a pie chart and the ten top users To change the date of the report and other settings click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Bandwidth Reports W amp 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Rows per Screen See Managing Report Settings on page 154 8 To display a limited number of users use the Search Bar fields Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 9 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected day Note These settings will stay in effect for all similar reports during your active login session Viewing Bandwidth Usage Over Time The Bandwidth Over Time report displays the daily amount of traffic and the total daily expense for consumed network bandwidth handled by a SonicWALL appliance or a group of SonicWALL appliances for the specified time period To view the Bandwidth Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Bandwidth Reports 3 Ex
306. ort Display Settings you can set SonicWALL ViewPoint 6 0 Administrator s Guide amp Viewing Web Filter Reports Number of Users Number of Sites per User Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected settings 9 These settings will stay in effect for all similar reports during your active login session Viewing Blocked Sites Sorted By Site The Web Filter By Site report displays the top blocked Web sites that were accessed by users To view the Web Filter By Site report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Web Filter tree and click By Site The By Site page displays Yop Ped Sites By Stee 4i uy 24 2000 gt 22 Desplaying recone t20 f Gde Attengti Caena PSE Fail 31 A n U records are shown as detailed intormetor User Anewos ei atts nel 5 ARRANI AN records are shown as detailed informetien Use 4 The table contains the following information Site the top five sites visited by the user Attempts the number of attempts the user made to access each Web site Category the Web site category SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports Wa 5 You can navigate directly from the Web Filter gt By Site page to a Web Filter gt By User page detailing the i
307. ort option for report tables perform the following steps 1 Click the Console tab expand the Reports tree and click Settings Report Settings Options Enable Sort Option on Report Tables Update Log Yiewer Settings Maximum number of appliances on which Log 10 Update Viewer can be enabled 2 To enable the report table sort option select the Enable Sort Option on Report Tables checkbox To disable sorting clear the checkbox 3 Click Update Controlling the Number of Appliances with Log Viewer Enabled You can control the maximum number of managed appliances for which Log Viewer can be enabled The default setting allows Log Viewer to be enabled on up to five appliances Because enabling Log Viewer causes raw syslog data uploading it is resource intensive Use care in increasing this number and when enabling Log Viewer on systems Log Viewer must be enabled on an appliance in order to use Custom Reports Custom Reports are available for UTM and SSL VPN appliances For more information about Custom Reports see the following e Using Custom Reports on UTM Appliances section on page 163 To change the number of appliances for which Log Viewer can be enabled 1 On the Console panel navigate to Reports gt Settings 2 Under Log Viewer Settings in the Maximum number of appliances on which Log Viewer can be enabled field enter the number of appliances for which Log Viewer can be enabled The d
308. ost lt port gt sgms login to login from the local host or http lt host_ipaddress gt lt port gt sgms login to login from a remote location For example if you specified port 8080 the URL would be http localhost 8080 sgms login for a local host login or http 10 0 93 20 8080 sgms login for a remote login 8 Click Install You may see a Windows Firewall security alert If you do click Unblock Windows Security Alart Ed wt i To help protect your computer Windows Firewall has blocked V tome features of this program Do pou want to keep blocking this program Nene Javali M 2 Plotlonm Standard Edition binary Pubisher Sun Micsosyetems linc Keep Blocking Urtlock ArkMeLoter Windus Feewel hat blocked Ges progam bom accept Corechons Irom Gre Internet oe a network ff you incognize the pogua or trust the publishes you can unblock it When shosdd unblock a program SonicWALL ViewPoint 6 0 Administrator s Guide Installing Universal Management Suite Wa 9 The Installer displays the installation progress during the few minutes required Upon completion whether or not the system has Windows Firewall enabled a dialog is displayed notifying you to either disable the firewall or manually open the syslog and SNMP ports and to ensure that these ports are open on your network gateway or firewall Click OK Syslops SNMP Capture ws Syslogs SNMP Capture you have 4 Pertonal fess
309. ould process syslog data and update summary information Click the Update button to the right of this field 4 To specify the next summarization time enter a date in the form mm dd yyyy in the Next Scheduled Run Time field and select the hour and minute values from the drop down lists 5 Click the Update button to the right of this field 6 To update the summary information now click the Summarize Now button SonicWALL ViewPoint will automatically process the latest information and make it available for immediate viewing Note This will not affect the normally scheduled summarization updates on ViewPoint For more information about using and verifying the Summarize Now option see the Using Summarize Now section on page 76 SonicWALL ViewPoint 6 0 Administrator s Guide A Summarizer Using Summarize Now The Summarize Now feature allows the administrator to create instant summary reports without affecting the regularly scheduled summary reports You can use Summarize Now to test that the Summarizer is gathering data for a managed unit The SonicWALL ViewPoint Summarize Now feature is located in the Console tab under Reports gt Summarizer The SonicWALL ViewPoint Summarizer creates summary reports by default every 8 hours Summary reports can be configured by the administrator to occur every 15 minutes to every 24 hours To use the Summarize Now feature perform the following tasks 1 Click the Consol
310. over time for the top ten 5 Optionally select the period of time for the report from the drop down box at the top right of each graphical display At the unit level you can select only the Last 21 days At the global or group level you can select from Last 12 Hours Last 14 Days Last 21 Days Last 6 Months Using Custom Reports on UTM Appliances Custom Reports are available at the unit level for appliances visible on the UTM tab Log Viewer must be enabled for the appliance For information about enabling Log Viewer see Viewing the Log on page 290 When configuring a Custom Report on the Internet Activity or Website Filtering page the Template Section acts as a query builder You select the criteria for the report that you want and SonicWALL ViewPoint uses your input to query the raw syslog database for the information and then outputs the report The Template Section consists of two parts the Date Time section and the Report Layout section After building your query in the Template Section and clicking the Generate Report button the report is displayed in the Report Section The Report Section is displayed in the lower half of the page under the Template Section this layout is called Split Mode You can easily toggle between Split Mode and Full Mode Full Mode can be used to display only the Template Section or only the Report Section in a full page view The Report Section displays the report and provides
311. ovided in the screen and then click Proceed Upgrade Requirements Licersing ViaPort to GM 5 1 upgrade Gts free T aana Unened requres thet af apoharces n you Vinfont softwere be regetered to the saraa MASONI ocr rt appir wer miy hed rior Xe 9 the upr ade GMS wll be mistra conentia huctionelty such at the biky to keane coevites ard awe parse cheng thee the he paac about the i arabe mrd ee rtcktabe al the anglances P your View urt softmare Pto the sane MAWAL aoust foliose the steps Deloss Otherwise cick Proceed to rinu Gakhar the MySorac WAAL logn info for the anphance and log nto the account 2 After legging into MyGonc WALL navigate to the My Products soten and locate the appliance important Mala cote of the canal number aod MADAD ADOR code for hline rahorance Lo Loome the dekte button opion p the Service Management sosen ithe pectic MySorecwAll acecurt aul cnlect 4 kkon Conti Dakter promet amp Ths spokane K tow ready for ayan to OGS 1 Rnpan deps itiru 4 for ther rent of Or angered rdw View ort a6 ceeded brca meet wom SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading from ViewPoint to GMS 3 The Upgrade Requirements System screen displays the recommended operating system database and hardware system requirements Click Proceed Upgrade Requirements System Weare check the recommended system requrements telo to mate sure your system t qualified for upgrading to be an
312. own for detailed information Once you set up a Custom Report that meets your needs you can save your settings as a template for reuse set a schedule to run the report export the report as a PDF or CSV Excel file or print report pages Benefits of SSL VPN Reporting SSL VPN reports provide visibility into the resource use by logged in users leading to policies that enhance the user experience and the productivity of employees The following capabilities contribute to the benefits of the SSL VPN reporting feature e Custom reports can track events to the minute or second of the day for forensics and troubleshooting e Interactive charts allow drill down into specific details e Table structure with ability to adjust column width of data grid e Improved report navigation e Report search e Scheduled reports SonicWALL ViewPoint 6 0 Administrator s Guide Using and Configuring SSL VPN Reporting How Does SSL VPN Reporting Work SSL VPN appliances send syslog data to the ViewPoint syslog collector similar to SonicWALL UTM appliances Once summarization takes place you can create schedule view and search for SSL VPN reports from the ViewPoint central reporting interface SSL VPN Custom Reports are based on raw syslog information contained in a database that is created daily from the raw syslog data sent from all managed or monitored appliances This database is saved using a date time suffix and contains tables full o
313. p will be deleted as well 3 To remove a schedule from a schedule group click the expand button on the schedule group and select the schedules you wish to remove within that group 4 To delete the selected schedule group s or remove the selected schedules from a group click the Delete Schedule Group s Remove Schedules from Group button 5 To delete the selected schedule s click the Delete Schedule s button Enabling or Disabling Alerts on the Console Panel The Console gt Events gt Alert Settings screen provides predefined alerts that apply to ViewPoint as a whole You can hover your mouse over these to display information about them You can enable or disable these alerts by selecting or clearing the checkbox in the Enable column for the alert Enabling or Disabling Alerts on the UTM Panel You can enable or disable alerts for events pertaining to security services licenses on the UTM panel To enable or disable an alert 1 To enable an alert select the checkbox under Enabled in the row for the alert 2 To disable an alert clear the checkbox under Enabled in the row for the alert 3 Click Enable Disable Alert s SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Current Alerts Viewing Current Alerts You can view a list of current alerts on the Events gt Current Alerts page of the panel Select a global view or unit to view current alerts for your selection Alert Listing Severity Uni
314. pand the Bandwidth tree and click Over Time The Over Time page displays Bandwidth Usage schedule print Date g Xv Start 2007 04 23 End 2007 04 28 Riot Bandwidth Usage for April 23 2007 April 28 2007 Total Bandwidth in MBytes by Day l Date Connections Cost MBytes of MBytes j 04 23 ii x aes 1 2007 566934 0 115 1149 865 16 5 04 24 E 2007 572029 0 117 1168 017 16 8 4 The bar graph displays the amount of bandwidth transferred during each day of the specified time period 5 The table contains the following information Date when the sample was taken Connections number of hits Cost amount of the expense per 100 megabytes You can configure this in the Cost Per Mega Byte Bandwidth Use field in the Console gt Reports gt Summarizer screen MBytes number of megabytes transferred of MBytes percentage of megabytes transferred during this day compared to the time period For example if 100 000 megabytes of data was transferred during the time period and 25 000 megabytes was transferred on one day the of MBytes field will display 25 6 To change the date of the report and other settings use the Search Bar and click the Start or End fields to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only SonicWALL
315. r Event Management For convenience and usability a number of default settings are predefined for severities schedules thresholds and alerts You can edit the predefined values to customize the settings for thresholds and schedules The predefined defaults for each panel and screen are as follows Table 1 GEM Predefined Default Objects Panel Screens Predefined Default Objects Console Events gt Thresholds Unit Status Database Size Status Database Log Size Status on MySQL DB only Summarizer Utilization Summarizer Backed Up Files Console Events gt Schedule Schedule Groups 24x7 e Weekdays 24 hours e 8x5 e Weekend Schedules e Schedule admin e Monday 24 hours e Monday business hours e Tuesday 24 hours e Tuesday business hours e Wednesday 24 hours e Wednesday business hours e Thursday 24 hours e Thursday business hours e Friday 24 hours Friday business hours e Saturday 24 hours e Sunday 24 hours SonicWALL ViewPoint 6 0 Administrator s Guide Using Granular Event Management Panel Screens Predefined Default Objects Console Events gt Alert Settings Database Info Database Size Status Database Log Size Status on MySQL DB only Summarizer Utilization Status Summarizer Backed Up Files Status on MySQL DB only About Alerts The Events gt Alert Settings screens are available in the Console and UTM panels You can enable or disable alerts on these screens
316. r Event Management Overview cecssssssssssesssecssesssessssesssccssessuscssscssscsessessesesscsseccesssasecsueeeseeasees 97 What is Granular Event Management c ccsssscsssssssecsescssecssecsscsseccssccssecesscssscesecssseessecsssecsseesssesss 98 How Does Granular Event Management Work c ccssssssssssssssessessssesssscesccsseesssecssecessesseesssessees 98 Using G ranular Event Management c ccccssssssssssessscsseesssssssesssssesscsseccsssssnssesccsscssssessecseccesecssecesseeseeasees 99 Aput Alerts anaa E TA AANA A aoe A i 100 Configuring G ranular Event Management c sccssesssssssesssssssscssecsssccssecssecessssseessscessecssecessssseceseeesseess 101 Configuring Events on the Console Panel ccccssssesssesssssssescscssssssscsssecssscessesseccssecsussessesseessessass 101 Enabling or Disabling Alerts on the UTM Panel cecscssssesssssssesssescssssssscssccsseessecsssecsseseseeeseeess 107 Viewing Current Alerts cccseccsscsssssssssssecssssssssscssssssssssscsssessuscsssscssccesscssscssscesscssscsassessscessccesnecsscsesseseees 108 Chapter 11 Web Services i 2c c sce ecetccedocesscecccct este venscecdete ate ecpeeeatbenerecnstennaeie 109 URI BASICS scssesats a couse eeu sgonsatdusteuseeceensdavayetas usu gcdvannsdasea besa RE Eora laee 110 DELINGS a cantina ide bane ES Ania A GN 111 SUAS a scovscns E EEA EEA E T EE EET 112 Chapter 12 Using ViewPoint Help cces ecccseeeeeeeesseeeeeeeseneeeeeee
317. r of Syslogs Summarized Total number of syslogs summarized over the applicable time period Average Syslogs Summarizer per Minute Average number of syslogs summarized per minute over the applicable time period SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer Status Estimated Unused Capacity in Syslogs The estimated remaining capacity of the summarizer in terms of the number of syslogs it can summarize based on the time taken and number of syslogs summarized over the applicable time period This number does not include the discarded syslogs Ww Tip Usage Example For this example let s assume that the syslogs summarized per minute on a system is 18 108 and the average number of syslogs received on that system is 91 per firewall per minute Divide the number of syslogs per minute 18 108 by the number of syslogs per appliance per minute 91 This yields an estimate of 198 security appliances assuming that the current appliances are a fair sample of the security appliances on your network This simple math gives a reasonable estimate of the total number of security appliances this system should be able to handle assuming that the Summarizer was to constantly summarize 24 hours as in the case of a dedicated Summarizer Reporting Details The Reporting Details section shows the number of appliances in the deployment and the number with the following types of reports enabled e Factory default reports e
318. r of attempts that users made to access blocked websites These reports include a daily summary report a top blocked sites report a top users report a report that contains the top blocked sites of each user and a weekly summary report e View file transfer protocol FTP bandwidth usage These reports include a daily FTP bandwidth summary report atop users of FTP bandwidth report and a weekly summary report e View mail bandwidth usage These reports include a daily mail summary report a top users of mail report and a weekly summary report e View VPN usage These reports include a daily VPN summary report a top users of VPN bandwidth report and a weekly summary report e View reports on attempted attacks and errors The attack reports include a daily attack summary report an attack by category report a top sources of attacks report and a weekly attack summary report The error reports include a daily error summary report and a weekly error summary report e View reports on attempted virus attacks Virus attacks reports are available for appliances that are licensed for SonicWALL G ateway Anti Virus These reports include the most frequent virus attack attempts virus attacks by top destinations virus attacks over time virus attacks over a period of time and virus attacks by top destinations over time e View reports on attempted spyware attacks Anti spyware reports are available for appliances that are licensed for SonicWALL
319. r the report and the contents and layout of the report Note Custom Reports are available at the unit level and Log Viewer must be enabled for the appliance For information about enabling Log Viewer see Viewing the SSL VPN Log on page 332 To generate a custom report 1 Select a unit for which Log Viewer is enabled and then navigate to the page under Custom Report for the report you want SonicWALL ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports W amp 2 In the Date Time region of the Template Section specify the time period that the report will cover For detailed information and instructions see Configuring the Date and Time for Custom Reports on page 311 3 Inthe Report Layout region of the Template Section specify the contents and appearance of the report For detailed information and instructions see Configuring the Report Layout and Generating the Report on page 314 4 Click Generate Report to create the report using the specified configuration Viewing a Custom Report After you click Generate Report the Report Section is displayed in Split Mode in the lower half of the main window even if you previously were in Full Mode for the Template Section Pagination controls are displayed at the upper right of the report just below the Save Template button and the printer PDF and Excel icons Navigation buttons are provided to take you to the first page next page pr
320. rators are used with a filter input value to determine which data should be included in the report The operators are defined as shown in Table 8 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using SSL VPN Custom Reports Table 8 Filter Operators Operator Definition Equals Only data that exactly matches the filter input text will be included in the report Start with Data that begins with the input text will be included in the report End with Data that ends with the input text will be included in the report Contains Data that contains the input text will be included in the report Z Only data that exactly matches the filter input numerical value will be included in the report gt Data values that are greater than the input numerical value will be included in the report gt Data values that are greater than or equal to the input numerical value will be included in the report lt Data values that are less than or equal to the input numerical value will be included in the report lt Data values that are less than the input numerical value will be included in the report l Data values that are not equal to the input numerical value will be included in the report Generating the Custom Report The Generate Report button at the bottom of the Template Section is used to create the report Before clicking Generate Report use the Template Section to specify the time period fo
321. register SonicWALL appliances on MySonicWALL you will have the option of adding them to this deployment for SonicWALL ViewPoint reporting SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Deployment Settings 6 In the next License Management page click Continue This completes the registration process License Management Sena Number 004010234457 Thark you for registering Ges producl Regist alion completed success filly Nue When registration is complete the D eployment gt Roles page is displayed Although there is only one possible role for a SonicWALL ViewPoint deployment you must still configure certain fields on this page and then click Update to fully activate the application For instructions on configuring these settings see the Configuring the Deployment Role section on page 32 Configuring Deployment Settings This section describes the settings available on the Deployment gt Settings page of the UMH system management interface available by default at http localhost appliance Configuring Web Port Settings To change the Web port settings perform the following steps 1 On the Deployment gt Settings page under Web Port Configuration to use a different port for HTTP access to the SonicWALL ViewPoint type the port number into the HTTP Port field The default port is 80 Web Port Configuraton TTP port HTTPS pert pave Reset 2 To usea different port for HTTPS acce
322. report using the specified configuration Viewing a Custom Report After you click Generate Report the Report Section is displayed in Split Mode in the lower half of the main window even if you previously were in Full Mode for the Template Section Pagination controls are displayed at the upper right of the report just below the Save Template button and the printer PDF and Excel icons Navigation buttons are provided to take you to the first page next page previous page and last page or you can specify an exact page number in the field N 4 168 D O In a Detailed Report shown below the selected report fields are displayed as column headings You can click on any column heading to sort that page by the values in the column that you click Click again to toggle between ascending and descending order on that page When you navigate away from that page and then come back using the pagination controls the page reverts to the original sorting order as specified in the Sort by field of the Template Section before generating the report Report Section lt Split Mode gt Internet Activity Ta Save Terpiate ef g akamal nat tohto 2008 07 08 00 00 04 I 07 08 00 00 06 SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using Custom Reports on UTM Appliances In a Summary Report the Report Section displays the traffic volume as horizontal bar charts This lets you see the information at a glance such as who consu
323. res that the current month is always kept in un archived form Step 1 In the ViewPoint Administrator Interface navigate to Console gt Reports gt Management SonicWALL ViewPoint 6 0 Administrator s Guide Management Step 2 Check the box next to Enable Data Archive and click the corresponding Update button Step 3 Configure Data Archiving as follows clicking the corresponding Update button after each line is completed Save Data Archive Select to save truncated data archive transaction Transaction Logs logs during each MDTA operation Click the Update button This option is deselected by default in order to conserve disk space Next Scheduled Schedule an initial date mm dd yyyy and time Archive Time in 24 hour format for the MDTA operation Click the Update button MDTA operations will take place every day at the time you specify starting with your initial date selection Number of Days to Specify the number of days worth of data to Archive consider for each MDTA operation Archive Data Press this button to immediately start an Immediately on demand MDTA operation The archive will run immediately but your scheduled archive operation will still take place Note High traffic systems can generate reports that consume large amounts of memory disk space and CPU time when using MDTA Set your Number of Days to Archive and Scheduled Archive Time accordingly To view when MDTA operations are starting and ho
324. resh and Find buttons above the TreeControl pane The panel can be brought back by clicking the same button Enabling Disabling Scheduled Reports ViewPoint allows you to disable a scheduled report without deleting it This allows you to re use the report at a later time without having to create it again To enable or disable a report navigate to the Configuration gt Scheduled Reports page under the UTM tab This screen shows all the scheduled reports on the current appliance Select the checkbox in the row for a report s that you wish to disable and click the Disable Selected Scheduled Reports button above the table After confirmation the check mark in the Enabled column is grayed out To re enable the report use the Enable Selected Scheduled Reports button above the table Combined Reports Users familiar with ViewPoint 4 0 will find two categories of reports that are no longer visible on the function tree the Browse Time report and the ROI report The information from these two reports have been folded into the Web Usage and Bandwidth reports respectively The Web Usage report pages now feature a Browse Time column The Bandwidth report pages feature a Cost column that displays all the information previously displayed by the ROI reports SonicWALL ViewPoint 6 0 Administrator s Guide Navigating ViewPoint Reporting Improved Navigation To save time ViewPoint now features linked reports Web Usage and Web Filter r
325. ress of the Simple Mail Transfer Protocol SMTP server into the SMTP Server field This server can be the same one that is normally used for email in your network 4 Type the email account name and domain that will appear in messages sent from the SonicWALL ViewPoint into the ViewPoint Sender s e Mail Address field 5 When finished in the Settings page click Update To clear the screen settings and start over click Reset Configuring System Debug Level SonicWALL ViewPoint provides the System Debug level option to control the debug messages sent to the log file To configure this setting 1 Select a debug level from the System Debug level drop down list The range is 0 3 where a level of 0 provides no debug log messages and a level of 3 provides the maximum number of debug messages 2 When finished in the Settings page click Update To clear the screen settings and start over click Reset SonicWALL ViewPoint 6 0 Administrator s Guide Settings Enforcing Password Security SonicWALL ViewPoint supports enforced password rotation for enhanced security compliance To enable and configure enforced password rotation 1 Select the Enforce Password Security checkbox 2 In the Number of days to force password change field enter a value The default is 90 SonicWALL ViewPoint will prompt the administrator to change the admin account password after the specified number of days 3 When finished in the Settings p
326. rk PO 12 09 16 36 19 mary pilora 127 0 0 Translation Noa gert 200 12 08 16 marquee 7 0 0 Transltier odgert 2004 12 09 16 3 mera bocal 27 0 0 Translation Nargart mar plnra 27 6 Transltion Nadgert 2007 12 07 16 6 mera iMlocel Transletcer Noagert 200 120 36 19 maria Docal TramistiorloAgerk POOF 12 09 16136619 recy te lox al 2 Translation Na gert OUP 12 09 16 56 mara daiocal 27 0 0 Tranglatibertodgert 2009 12 07 16 36 inarvha eM boc al Transition NaAgert DON 12 09 163614 marple a Transhvinn Nadgert 200 12 07 10 36 19 heres MIM lOc el TransletioerNoagerk 2009 12 09 16 36 19 manju boc al Transistor NoAgers PN 12 09 16136019 mangu Wpilocal Translation Na gart 200A 16 36 manakoa 27 0 0 Translation toagert 2009 12 09 16 36 imanupi al 27 0 0 Transistor Nadgert marple a 27 0 Translation Nadgert rernseaMlocel 7 0 0 TransleticerNoagert nari et hovel TramistiorNoAgert rae pilocal Translation No gert 200 12 09 16 36 marn iocel z7 Translation hogert Printing a Page or Exporting the Report as a PDF or CSV File To print the current page of the report click the printer icon at the top of the Report Section Your normal print dialog box pops up This prints only the page that is currently displayed SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using SSL VPN Custom Reports To export the entire report in PDF format click the PDF icon at the top of the Report Section A PDF file is generated sho
327. rk settings selecting the deployment role and configuring other system settings Access the system management interface with the URL http lt IP address gt lt port gt appliance If you are using the standard HTTP port 80 it is not necessary to append the port number to the IP address If you are accessing the interface from the same system on which it is installed use the following URL http localhost appliance SonicWALL ViewPoint Management Interface Used to access the SonicWALL ViewPoint application that runs on the system This interface is used to configure and view SonicWALL ViewPoint reporting on SonicWALL appliances and for configuring SonicWALL ViewPoint administrative settings Access the SonicWALL ViewPoint management interface with one of the following URLs http lt IP address gt lt port gt sgms http localhost sgms SonicWALL ViewPoint 6 0 Administrator s Guide Accessing the Correct Management Interface Switching Between Management Interfaces You can easily switch between the SonicWALL UMH system management interface and the SonicWALL ViewPoint application management interface One methods is to change the URL by adding sgms for the ViewPoint application interface or adding appliance for the UMH interface A second method involves clicking the Switch icon While logged into either interface you can switch to the login page of the other interface by clicking the Switc
328. rranties of merchantability fitness for a particular purpose title and non infringement with regard to the SOFTWARE PRODUCT and the provision of or failure to provide support services This limited warranty gives you specific legal rights You may have others which vary from state jurisdiction to state jurisdiction SonicWALL ViewPoint 6 0 Administrator s Guide Limitation of Liability Except for the warranties provided hereunder to the maximum extent permitted by applicable law in no event shall SonicWALL or its suppliers licensors be liable for any special incidental indirect or consequential damages for lost business profits business interruption loss of business information arising out of the use of or inability to use the SOFTWARE PRODUCT or the provision of or failure to provide support services even if SonicWALL has been advised of the possibility of such damages In any case SonicWALL s entire liability under any provision of this EULA shall be limited to the amount actually paid by you for the SOFTWARE PRODUCT provided however if you have entered into a SonicWALL support services agreement SonicWALL s entire liability regarding support services shall be governed by the terms of that agreement Because some states and jurisdiction do not allow the exclusion or limitation of liability the above limitation may not apply to you Manufacturer is SonicWALL Inc with headquarters located at 2001 Logic Drive San Jose C
329. rs and Owners can edit these objects Other users should be able to view or use them only if the Visible to Non Administrators check box is selected The following tasks are described in this section e Adding an Event Schedule on page 104 e Editing an Event Schedule on page 106 e Adding an Event Schedule Group on page 106 e Deleting a Schedule or Schedule Group on page 107 Adding an Event Schedule In Events gt Schedules you can add delete or configure schedules You will see your schedules and schedule groups their descriptions and whether they are enabled You can also individually delete one schedule or schedule group at a time by selecting the trash icon on the right hand side for each row For quick reference you can hover your mouse over the descriptions to quickly view the type of schedule and the days and times when it is active To add an event schedule perform the following steps 1 Onthe Events gt Schedules screen click Add Schedule 2 Select the Visible to Non Administrators check box if you want the schedule to be visible and usable by non administrators 3 To temporarily disable a schedule select the Disable checkbox SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Granular Event Management amp 4 Click Invert to create a schedule that is off during the dates and times that you specify 5 In the Schedule field you can create one or more schedules For
330. rt The Attack Summary report contains information on the number of attacks attempted on a SonicWALL appliance or all SonicWALL appliances during the specified day To view the Attack Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports 3 Expand the Attacks tree and click Summary The Summary page displays Attack Summary P sciredete Sti print Mosr e v stare 2007 04 27 Pe march Attack Summary fer Apri 77 2007 Hour Attacks of Attacks LI 4 The bar graph displays the number of attacks attempted during each hour of the day The table contains the following information Hour when the sample was taken Attacks the number of attack attempts of Attacks the percentage of attacks during this hour compared to the day For example if 1 000 attacks occurred during the day and 100 attacks occurred during the 2 00 time period the of Attacks field will display 10 5 The ViewPoint Reporting Module shows yesterday s report To change the date of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Manag
331. rt Layout region as well as the Date Time region back to default settings Configuring the Report Layout and Generating the Report Located in the Template Section of the Custom Report page below the Date Time region the Report Layout region provides a way to specify the type of data to include and the format of the report The Report Layout region has a Detailed Report tab and a Summary Report tab The report appearance and the way information is organized is quite different between a Detailed Report and a Summary Report The Detailed Report tab contains a list of data categories that you can add as report fields and allows you to specify query values for each The categories you select will appear as column headings in the report The Summary Report tab allows you to structure a report showing the top elements of Resource Activity You can select the number of top elements what to base the comparisons on and the two data categories to evaluate when determining the top elements The generated report provides graphical output that you can click to drill down for detailed information For more information about each of these Report Layout tabs see the following sections e Detailed Reports on page 315 e Summary Reports on page 318 For information about the Filter operators see the following section e Filter Operators on page 319 SonicWALL ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports
332. rt table sorting 71 events GEM overview 97 schedules 98 severities 97 thresholds 98 F File Transfer Protocol See FTP free trial for GMS 356 GEM alert types 100 configuring 101 default settings 99 overview 97 98 schedules 98 severites 97 thresholds 98 global view 117 global views 120 GMS upgrading to from ViewPoint 356 Granular Event Management See GEM H hardware requirements 339 help viewing online help 24 host name resolution 79 inheritance report settings 138 for G MS configuring appliances 364 for GMS enabling from UMH interface 359 for GMS enabling from ViewPoint 357 friendly name 353 FTP reports 225 SonicWALL ViewPoint 6 0 Administrator s Guide installing appendix 335 appliance firmware support 339 browser requirements 338 database requirements 337 deployment settings 354 hardware requirements 339 Java requirements 338 network requirements 339 on Windows 342 overview 10 system requirements 337 task list 336 Universal Management Suite 342 interfaces IPS J accessing both 11 overview of ViewPoint application 13 switching between 12 24 TreeControl 20 UMH deployment options 31 UMH deployment role 32 UMH deployment services 36 UMH HTTP S settings 34 UMH SMTP settings 34 UMH system administration 28 UMH system diagnostics 30 UMH system interface overview 24 UMH system licenses 26 UMH system settings 25 UMH system software 29 UMH system status 26
333. rtail the bandwidth usage of a few employees Note All reports appear in the appliance s time zone Select from the following e Viewing the Bandwidth Summary Report on page 181 e Viewing the Top Users of Bandwidth on page 183 e Viewing Bandwidth Usage Over Time on page 185 e Viewing the Top Users of Bandwidth Over Time on page 187 Viewing the Bandwidth Summary Report The Bandwidth Summary report contains information on the amount of traffic handled by a SonicWALL appliance during each hour of the specified day or at the global level for all SonicWALL appliances for the day To view the Bandwidth Summary report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Bandwidth Reports 3 Expand the Bandwidth tree and click Summary The Summary page displays Bandwidth Summary E lt credute E print Mour v stan 1 2007 04 27 e Search baited Bandwidth Summary for April 27 2007 ME yas OOO 2 00 4 00 GOO 8 00 10 00 13 00 1600 19 00 Bandwidth MDtes by Hour of Day Hour Events Cost MBytes of MBytes 1 patent 2093 0 001 023 5 4 01 00 01200 D500 02 00 03 00 4 The bar graph displays the amount of bandwidth transferred during each hour of the day 5 The table contains the following information Hour when the sample was taken
334. rts section on page 330 e Viewing the SSL VPN Log section on page 332 Viewing General Status Reports The General gt Status page contains information about the SSL VPN appliance or group of SSL VPN appliances To view the Status page perform the following steps 1 Click the SSL VPN tab 2 Select MyReportsView or an SSL VPN appliance in the left pane SonicWALL ViewPoint 6 0 Administrator s Guide Viewing General Status Reports 3 In the center pane expand the General tree and click Status The Status page displays When MyReportsView is selected the Status page displays the license status of all SSL VPN appliances Global Node GlobalView Info SSL VPNs in the System 2 Viewpoint License Status SSL VPN Status corp sslvpn Not Licensed sslvpn 1 3 Licensed When a unit is selected the Status page displays information about the SSL VPN appliance including model serial number firmware version time zone license status log settings and other settings Unit Node ssivpn 1 3 Model Serial Number Firmware Version SonicWALL IP Time Zone ViewPoint Syslog Format Status Messages Only Logs in UTC Viewpoint Mode Enabled Name Resolution Mode Access Mode Info SonicWALL SSL VPN 2000 000681275034 SonicOS SSL VPN 3 5 0 4 21sv English Pacific Time US amp Canada Licensed Default No No No Disabled HTTPS 5 Synchronize Settings With Appliance And License Information
335. ruses By Attack Attempts Report The Top Viruses By Attack Attempts report displays the top viruses for the specified date To view the Top Viruses perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Virus Attacks tree and click By Virus The Top Viruses By Attack Attempts page displays Top Viruses by Attack Attempts J schedute print vrus W fouss Top Viruses by Attack Attempts for April 27 2007 j Virus Anempts of Anempts J 3 F m FETT 48 Totat 267435 100 0 4 The pie chart displays the percentage of virus attacks attempted in a given day 5 The table contains the following information Virus the name of the virus Attempts the number of attack attempts SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Virus Attacks Reports W amp of Attempts the percentage of attempts as compared to the day 6 The ViewPoint Reporting Module shows yesterday s report To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 8 When you are finished
336. ry page displays Virus Attack Summary senede FE print stu ie Start 4 2007 04 27 fe Searcn re Vires Attack Summary for Apri 27 2007 Hour Attempts of Attempts 11010 us 4 0300 0 amp 00 13300 42 10 The bar graph displays the number of virus attacks attempted during each hour of the day The table contains the following information Hour the hour of the day for which the summary is provided Attempts the number of times the virus attempted to infect the device during a pre set time interval the hour of the day is the default of Attempts the percent of attempts the current virus entry comprises as a portion of the aggregate number of virus attempts on the device during a pre set time interval the hour of the day is the default 11 The ViewPoint Reporting Module shows yesterday s report To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 12 Under Report Display Settings you can set SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Virus Attacks Reports Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 13 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing the Top Vi
337. s To edit the report settings use the Search Bar at the top of the report You can search other reports set the start and end dates for a report to view or click More Options to access other Report Display Settings For a detailed description see the Searching for a Report section on page 123 Top Users of Web D schedule print Users Vv Lovas v Start 9 2007 04 27 See Disols gt Chart and Tahie Chart Type rE v Number of Users 2 Rows Per Screen 2 v Selecting a Graphical Display Some reports allow you to specify how many items to display in the report Select 5 10 20 50 100 or All from the Number of Items list This allows you to limit the display to a the specified number in order to make the report easier to read SonicWALL ViewPoint 6 0 Administrator s Guide Managing Report Settings Wa Many reports offer different graphical displays for the data such as a bar graph or a pie chart To select a graphical display select Chart and Table under Report Display Settings and choose the display type from the Chart Type list Your selection should display immediately in the report screen For most reports you can choose Area Bar Pie or Plot Setting a Date or Date Range Summary reports display only information for a single date Over time reports display information over a date range Selecting a Single Date To select a single date for a report click on the Start or End fields in the S
338. s for syslog data collection summarizer configuration email and archiving scheduling reports and archiving report data For information about syslog data collection settings see the Enabling Report Table Sorting section on page 72 in the Managing Reports in the Console Panel chapter For information about the summarizer see the following sections in the Managing Reports in the Console Panel chapter About Summary Data in Reports section on page 73 Summarizer Settings and Summarization Interval section on page 73 For information about Email and Archiving settings see the Configuring Email Archive Settings section on page 81 in the Managing Reports in the Console Panel chapter e For a description of how to schedule reports in the Console panel see the Scheduled Reports section on page 82 in the Managing Reports in the Console Panel chapter e For information about archiving report data using the Move Data to Archive MDTA feature see the Management section on page 87 in the Managing Reports in the Console Panel chapter SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 14 Scheduling and Configuring Reports This chapter provides information about scheduling automatic reports and configuring data summarization settings It also contains instructions for configuring settings for the Dashboard gt Summary report and describes how to view the list of current alerts on t
339. s provide information on the amount of data transmitted through the selected SonicWALL appliance by each service Service reports are useful for revealing inappropriate usage of bandwidth and can help determine network policies For example if there is a large spike of bandwidth usage you can determine whether this is caused by regular Web access someone using FTP to transfer large files an attempted Denial of Service DoS attack or another service Note All reports appear in the appliance s time zone The procedures for viewing the Services Reports are described in the following section e Viewing the Services Summary Report on page 189 Note You cannot view services reports from the global view Viewing the Services Summary Report The Services Summary report displays the amount of traffic handled by each service during each hour of the specified day To view the Services Summary report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Services Reports 3 Expand the Services tree and click Summary The Summary page displays Summary of Services V schedule F print Prosocol Enuais Stant 42007 0427 Search pea Seeomary of Services for April 27 2007 Frotocol Events For 24hrs MBytes For 24hrs e ol MDytes OG abi 9 92 12 1 4 HTTPS se 5 402 6 I 4 The bar graph displays the amount
340. select from the drop down menu the type of operator to apply to your threshold element Edit threshold tlement for Database Size Status Operator amp eater than or equal to value is equal to i ts Not equal to is bess than is less than ar equal to ts greater than Descnpbon Severity Disable is equal to match case ts equal to ignore case is not equal to corners does net contain is i not 4 In the Value field enter the value for your threshold element 5 In the Description field enter the description for your threshold element SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Granular Event Management amp 6 Inthe Severity field select the severity priority from the drop down menu These are color coded for your easy reference on the Events gt Threshold screen Edit Threshold Clement for Database Size Status Over hori is greater than or equate io Vabue 23000 Description Exceeds 2000 MO Severty ERE crc eV Gorey hai Disable CJ Update Reset 7 To disable the threshold element click the Disable check box See Enabling Disabling Event Thresholds and Threshold Elements section on page 103 8 Click Update Enabling Disabling Event Thresholds and Threshold Elements The GEM feature provides a Disable check box that allows you to disable or enable thresholds or individual elements within that threshold If it is needed again you can simply enable
341. select from the following four date choices Today Uses log data from the current date beginning just after midnight e Yesterday Uses log data from just after midnight of the previous day up to and including the most recent log message from the current date SonicWALL ViewPoint 6 0 Administrator s Guide Using SSL VPN Custom Reports Week to Date Uses log data from the current date plus the seven preceding days Month to Date Uses log data from the same date as the current date in the previous month up to and including the most recent log message from the current date When generating a report with a template containing a dynamic date range setting the dates used when referencing the log data are relative to the current date Thus two reports generated from the same template on different days will provide different results To select a Dynamic Date Range 1 Select a unit for which Log Viewer is enabled and then navigate to the page under Custom Report for the report type you want 2 Inthe Template Section under Date Time select the Dynamic Date Range radio button 3 In the drop down list select Today Yesterday Week to Date or Month to Date 4 For the Start Time select the hour minute and second from the drop down lists in the Dynamic Date Range row These settings specify the earliest data to be included in the report for each day of the date range 5 For the End Time se
342. ser compared to all users For example if 10000 megabytes of data was transferred during the period and 2000 megabytes was transferred by the top user the of MBytes field will display 20 5 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Mail Usage Reports W amp 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Users Number of Sites per User Rows per Screen See Managing Report Settings on page 154 7 To display a limited group of users use the Search Bar fields Note The search bar fields use pattern matching with operators such as contains For example john will match john_smith john42 or big_john 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing Mail Usage Reports Mail usage reports provide information on the amount of mail usage that occurs through the selected SonicWALL appliance s Mail usage reports can be used to view mail bandwidth usage by the hour day or over a period of days Additionally you can view the top users of mail bandwidth Note Mail usage reports include SMTP POP3 and IMAP traffic Gener
343. sessecssessessseesseees 72 SUMP AY IZ OF APAE EA EE E E E EESE at uadeaictivess Maven siedaienewenel 73 About Summary Data in Reports ccccssssssessssecssscsssssscsssecssessssssssessscsssccssecesssssscesecesseessecsseccsecesessse 73 Summarizer Settings and Summarization Interval cccsccsssesssescssecsssssscsssecsssssssecssccssecssecsssceseeeeees 73 Configuring the Syslog D eletion Schedule Settings ccsssssssssesssecsssssssessecssesssesssesseessseesseesseees 78 Configuring Host Name Resolution ccesssssssessssssscsseesssssssesesssssecsssccssscssccesscssecsssssssecsuecssesseeeseees 79 Femail Archive sicssecsseststivestecscsnslseciusctececsdusconsl etassbdeucchitatachbenssvebetashobetaceudetosssdetesdensdbdeaceetisheletserigsiengtadiegs 81 Configuring Email Archive Settings ccccssssssssssssesssscssssssssscssseessssssssssecssessssecssscessesseesueeeseeasneeees 81 Sched led Reports r iiri i r t E RARE ct tbsbesurbut A lssdebdSiauvevedtete 82 Management aE E ENEE ee aseevaluseeys 87 Configuring Report D ata Management s sssssssssssssssssssesssseeesesessterssereesteresssnesssnnnnnnnssnsnnsneeessseerereeee 87 Chapter 9 Using Diagnostics ccccsseeeeeeesseeeeeenseeeeeeenseeeeeesseeeeseeseeeeeeneeenes 89 S ummanzer SEALS viese enn nenii n iaa Ea aE hands seinlabdhasdiasesnttbonsssiusctaugiaes Buacess 90 Chapter 10 Granular Event Management ssssssssssnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmn 97 Granula
344. shboard Summary Schedule Print Dashboard Seenmary for December 2 2009 surrey Aena vamegs Randetath MBytes by Hour of Day User Activity Detaut CFS Logging CPS blocked When you click on a saved template the detailed report page is displayed in Full Mode with the same categories in the same order as in the template that you saved In the report page the Print PDF and Excel icons are available along with the pagination controls There is no link to Split Mode and no Save Template button since this template is already saved You can also configure or delete a saved template from the Dashboard gt Summary page To access a custom report from the Dashboard 1 Select a unit for which Log Viewer is enabled and then navigate to Dashboard gt Summary 2 Locate the box labeled Custom Report Templates All saved templates for this appliance are listed in the box SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Dashboard Reports 3 Do one of the following e To generate a Custom Report click a saved template in the Custom Report Templates box e To configure a saved template click the Configure icon for that template make the desired changes and then click OK For configuration instructions see Using Custom Reports on UTM Appliances on page 163 To delete a saved template click the Delete icon for that template and then click OK in the confirmation dialog box View
345. solated from the main Console that is used for managing and configuring SonicWALL appliances SonicWALL ViewPoint 6 0 Administrator s Guide Posting ViewPoint Reporting to Another Web Server for End User Access SonicWALL ViewPoint 6 0 Administrator s Guide Index A activating ViewPoint 341 alert types 100 alerting using GEM 97 anti spyware reports 266 applets signed 21 Application Firewall reports 281 archive in Console gt Reports 132 MDTA 87 on Console gt Reports 81 report settings 81 scheduled report 135 summarizer data 87 Attacks reports 250 authentication code 353 Authentication reports 287 B Bandwidth reports 180 benefits of compliance reports 144 of report data management 87 of SSL VPN reporting 294 browser requirements 338 Cc Compliance reports configuration 152 overview 144 compliance reports 144 console management settings 61 cover page customizing 147 Custom Reports Resource Activity 307 customizing detailed report 149 report cover page 147 summary report 148 D dashboard 159 Dashboard Summary report 159 data management 87 database backing up 368 reinstalling with existing db 369 requirements 337 SonicWALL ViewPoint 6 0 Administrator s Guide g deployment settings 354 detailed report customizing 149 digital signature in applet 21 disabling GEM thresholds 103 domain names in reports 130 E email report settings 81 enabling GEM thresholds 103 repo
346. ss to the SonicWALL ViewPoint type the port number into the HTTPS Port field The default port is 443 3 Click Update to apply the Web port settings Note Changing the Web port settings will cause the system to restart SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Deployment Settings Wa 4 After the appliance restarts use the new port to access the appliance or SonicWALL ViewPoint management interface For example Ifyou changed the HTTP port to 8080 use the URL http lt 1P A ddress gt 8080 appliance Ifyou changed the HTTPS port to 4430 use the URL http lt IP A ddress gt 4430 appliance Configuring SMTP Settings The SMTP settings are used for sending email alerts to the SonicWALL ViewPoint administrator To configure the SMTP settings perform the following steps 1 On the Deployment gt Settings page under SMTP Configuration enter the IP address of the SMTP server into the SMTP server field SMTP Canfiguration SMTP server Sender v est Admir strator address Lipdata 2 In the Sender address field enter the email address that will appear as the From address when email alerts are sent to the administrator 3 In the Administrator address field enter a valid email address for the administrator who will receive email alerts 4 Click Update to apply the SMTP settings SonicWALL ViewPoint 6 0 Administrator s Guide Upgrading fro
347. sssessscssecsseccssssssscesscssscssecssscsssesssccssecsssscsscasecesscessneeees 32 Configuring D eployment Settings ccsccsssesssessssesssesssessseccssscssesssessseesssccssscssecesccssecsesssssecssesescesseeses 34 Controlling D eployment Services c sssssssssssssssssscssssssseccssscssesesscssscssessssscesscssscssecssseesueceseecseesaneesse 36 Chapter 3 Adding SONICWALL Appliances ccsssseeeceeesseeeeeeeeeeeeeeeeeeeeeees 37 Adding SonicWALL Appliances to SonicWALL ViewPoint ccscssessssssssesssssssecsseccssssssecssesssessseeess 37 Adding SonicWALL A ppliahGes sces cecescesseadscescssstdsescavactisedadedadsaieiccdescaseleusssdlsts cdl escaldkoussiconeestovesdest 38 Modifying SonicWALL Appliance Settings c sccsssssssessesssecsseecssesssecsssssssesseesssecsuecsssessecsscessesessees 39 Deleting SonicWALL Appliances from ViewPoint cssssssssssesseecssesssescsecsssecseesssecssesssssessessesesseesseess 39 Chapter 4 Using the SonicToday Panel ssseecsseeeeeeeseeeeeseneeeeeeeeeneeeeeeeees 41 Overview of the SonicT oday Panel cccssssssessssssssssessessssesssessscsssecsusesssecssesesesssscssecssscessecesesssecsnsesessess 42 Editing a Component Window cecssecssessssecsssscscscssssssecsseccssscssscesccssscsasccssscesscssscsscsssscesssesseceseeaseesueeeseees 42 Adding a Component Window x ssc sscsicsecscissscssseussovsesessuasuesessousessuveatacosnaousesaaseeusscsauestecevarea ounasecssctsoccusuvess
348. ssssesssseecessecssneessuecesssceesneess 183 Viewing Bandwidth Usage Over Time scecsssessssseccseccsssccsssecsssecesnccssssecsusccessccssusessusccssecsseeesseees 185 Viewing the Top Users of Bandwidth Over Time sssssssessssccsseccsssessssecsssecessccesneessuseesneceseeenes 187 Viewing Services Reports ssssexcssscsnsscacsnaricdtectensas ai a ds titel a 189 Viewing the Services Summary Report ccsssssssssssesssesssessseccssssssecsssssssessecesseessesssusessesessessecseseeseees 189 Viewing Web Usage Reports aana ean a E vsnsecavele eewseed U A S 191 Viewing the Web Usage Summary Report c ccsssssssssssecssesssessessssecssssescsssecsesssseceseesseesseessseeseeess 192 Viewmg the Top Web Sites aasin a AR AAE 194 Viewing the Top Users of Web Bandwidth 0 sssssssecssssecssccsseccssuesssssesssecessecssneessusecserecssneess 195 Viewing Web U sage DYU Ser imenasa a a dd shes hovaeccdinyiastouseasises i 197 Viewing Web Usage By Site o ccccssssessssssssssessssssssessessssscsseesusscssesssccesscssecsuscessessecsassesseesuecesssesseeess 199 Viewing Web Usage By Category cssssssssssssssssssessssssscssesssessssesssccesscsseessscsssssssccssscsseesuesessessunsees 200 Viewing Web Usage Over Time ou csscssssscsssecsssecssssessssccessccssssessssccssecessucsssescessecessecssneecsseeessneeesneees 202 Viewing Top Sites O ver Time ccsciscsssssissscscsssevicssestisscceticacecusedeesetsgnevescusesescnbusectcbevsdsceasesdconsetasvbsssansess 203 Vi
349. ssssssssssssssssssssssssessssesessssesttsesstesostteetetooestoressnossssnesssssteseeeet 20 About Signed Applets in SonicWALL ViewPoint csecssssssesssscssecsseccssssssesseesssecssecssscsssessessssseseessses 21 Chapter 2 Using the UMH System Interface ccceeesseeeeeeeeseneeeeeeseeeeeeneenees 23 Overview of the UMH System Interface cssesssssssesssssssecsscsssscssssssesssesssecssscessccesccssesssecesccesseeseessssees 24 Switching to the Application Interface c cccssessssssssssscssscssecssesssscssscssessssesssscsssessessseessecessessecsesees 24 Viewing Online Help and T pS n a Socket Socks egies 24 Logging Out of the UMH System Interface cscssssssssssssesssssssecssesssessssccesscssecesscsssesseecsseesseeessees 25 Configuring UMH System Settings reiciendise i 25 VIEWING System Stas aa ea OAE RA R R basen ENN 26 Managing System Licenses sresti eisern ae as EE NNEGA ANA 26 Configuring System Administration Settings ccccssssssssssssssssessssecssescssssssecssscssecssecssseesecsseesseeeseees 28 Managing System Seuuigs senoaryarynirva k ENa ON RUNT ROEN 29 Using System D tagmo Stes sctec cccscacwsicsecvscateovedadeossstecoss E T N sucess cuslebs cnedsusiedeeny dbsedeneugtivl 30 Configuring UMH Deployment Options cccesssssssssssessescssssssssssssssscssessssesssecssecssecssecssusessecsuesesecsnnees 31 SonicWALL ViewPoint 6 0 Administrator s Guide Configuring the Deployment Role csecssssssse
350. st To select all users in the list select the Select All checkbox Click the Delete button SonicWALL ViewPoint 6 0 Administrator s Guide 4 Configuring Reports Settings SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 6 Configuring Log Settings This section describes how to configure Log Settings This includes adjusting settings on deleting log messages after a certain period of time and setting criteria for viewing logs This chapter includes the following sections e Configuration section on page 57 e View Log section on page 58 Configuration The Log gt Configuration screen provides a way to delete log messages older than a specific date To delete ViewPoint log messages perform the following steps 1 Click the Console tab expand the Log tree and click Configuration The Configuration page displays Delete ViewPoint Log Messages Month Day eor V Delete Log Messages Older Tham Ady v is v 2008 v 2 Select the month day and year from the drop down menu 3 Click Delete Log Messages Older Than SonicWALL ViewPoint 6 0 Administrator s Guide MV View Log View Log The SonicWALL ViewPoint log keeps track of changes made within the SonicWALL ViewPoint UI logins failed logins logouts password changes scheduled tasks failed tasks completed tasks raw syslog database size syslog message uploads and time spent summarizing syslog data To view the SonicWALL
351. st Threshold Barndeih Lit MBytes v Thresh Add Delete Repurts List Bardvecth Summary Web Usage Top Users Attacks Sumenary noaa vinus Attacks Summary Bandwidth Summary Add Delete Reet To configure Dashboard Summary report settings perform the following steps 1 Click the UTM tab 2 Expand the Configuration tree and click Dashboard SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Dashboard Summary Reports W amp In the Summary Statistics List section to add a statistic to the Dashboard gt Summary page select it from the drop down list and then click Add Summary Statistics List Tota BardeiRh MBytes Total HTTP Barrhead MBytes Total Attacks Total Virus Aitaks BEBB Total Bandwidth MBytes v Add Delete Tota Bandwicth Mbytes Tota Attacks Total Intrusions Tota Sete Threshold Ip Time s Total HTTP Barrdvadh Mbytes Total FTP Bandrikkth MBytes ports List Total Mad Bandwickh MBytes Total VPN Bandvadth Miytes Tota Spyrrare Attempts To remove a Statistic from the Dashboard gt Summary page select the checkbox under the trashcan icon for that statistic and then click Delete In the Alerts List section to add an alert to the Dashboard gt Summary page and to receive an email alert when the alert setting is matched select an event type from the drop down list type a threshold value into the Threshold field and then click Add Alerts are emailed us
352. t Name Description Warning Test 4060 The Intrusion subscription has not been activated for this device SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 11 Web Services This chapter provides information about the Web Services feature Web Services is a software system designed to support interoperability between ViewPoint and other network appliances servers and devices through an application programming interface API Web Services is located in the Console panel of the ViewPoint management interface SONICWALL gt ViewPoint 6 0 I lt User Settings OMS Deployment Log viewport 150 V Select the Gapiorymert to corfapsn Web Serve m for Manayement Reports Pubie URI gt Diagnostics Enter the pubic server nare for ths depioynert This nane wl be used Mtow 10 0 14 7808005 vents to access Web Services on thes server arsi wi be rxiaind n enbeckind sa ae t e Gorvices coss tris Mtpsyhostnamef port Mote The p i server port i used bo accese GMS Web Services from the Settings padie daman To madly the port on which GT ans Web Saret ees please navigate to System Intert ace Depioymert Settings Heip update This chapter includes the following sections e URI Basics section on page 110 e Settings section on page 111 e Status section on page 112 SonicWALL ViewPoint 6 0 Administrator s Guide URI Basics URI Basics The URI is a HTTPS string which is used to identify
353. t SOCAL Pi 10 0 14 252 b pandwidth Tene Zone Pactic Tne US amp Canada Visuri Lannie gt Services Sysiog Format Default P Web Usege Statin Messages Ory No b Web Logs UTC No Mer Vinot Mode Enatied Yes FTP Usage Nane Rescktion Mode Owabed gt Mail Usage Acoess Mode HTTPS P VPN Lisage Attacks canes b Virus Alecks Log type Log Type Ant Spyware Yrm Marfenan n etad 4 Tuireann Srem rors Cwopood TCP be ation thockher Web Stes en men gt Log Viewer Doched Java etc Cropped ICMP gt Events User Actity Network Debug VPN TCP Date Geteed LAN IP Sysieg Servers Addrews Port fore nre 7 Synetwortre Settings With Appliance And License Information With MySeree WALL com SonicWALL ViewPoint 6 0 Administrator s Guide Using the ViewPoint TreeControl Menu Using the ViewPoint TreeControl Menu This section describes the content of the TreeControl menu within the SonicWALL ViewPoint user interface You can control the display of the TreeControl pane by selecting one of the appliance tabs at the top of the main window For example when you click the UTM tab the TreeControl pane displays all the connected UTM appliance units The two appliance tabs can display the following appliance types when ViewPoint is monitoring these device types e UTM appliances e SSL VPN and EX Series SRA appliances You can hide the entire TreeControl pane by clicking the sideways arrow icon and redisplay the pane by clicking it again
354. t field than the default of Date Time select the desired field from the Sort by drop down list 8 To change the settings back to the defaults click Reset at the bottom of the Template Section Note that this will change the Date Time region and the Report Layout region back to default settings SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using SSL VPN Custom Reports Summary Reports The Summary Report tab is available in the Report Layout region of the Template Section Report Layout Summary Report G d vi Summary Report Summary Sase Evert Count v p p Y Drag a lieki below bo the right to be a summary group Destnatan IP evel Summary Group Level 2 Summary Group The Top drop down list provides selections for the number of entries to display in the report For example if the User field is selected below as a Summary Group and 5 is selected in the Top drop down list the report will provide entries for the top five users For all Custom Reports available numbers in the Top drop down list are 5 10 20 50 and 100 The Summary Base drop down list offers a selection of traffic types that will be used to determine the top usage for the selected field For a SSL VPN Resource Activity report the only Summary Base choice is Event Count Below the Top and Summary Base fields you can create one or two Summary Groups from the choices listed on the left side For a SSL VPN Resource Activity report the choices are
355. t time interval the hour of the day is the default 6 The ViewPoint Reporting Module shows yesterday s report To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Anti Spyware Reports Wa 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range 9 Note this page displays the number of spyware attempts that occurred during two hour intervals during the past day Viewing Spyware Attempts By Category These reports display the spyware activity by category including the actual category or classification of the spyware the priority and the event attacks type By using the category as criteria you can display details about the type message text and number of events To view spyware attempts by category perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Anti Spyware tree and click By Category The By Category page displays Spear Antenpts fy Catagory for Ampat 14 2008 AD Seg Category _Atlemptsy _ of Attempts 1 Sator 2100 100 Tot
356. ta for the full 24 hours in each day of the date range Date Time a Start Time 00 w 00 w 00 v Dynamic Date Range Today v EndTime 23 59 V 59 i Start Date Start Time 00 w 00 v 00 2 RENC DAE Rage End Date EndTime 22 59 59 4 Dynamic Date Range The Dynamic Date Range selection allows you to select from four date ranges and to specify the exact starting and ending times on the days in the selected date range for the log data to be used for the report For the Dynamic Date Range you can select from the following four date choices Today Uses log data from the current date beginning just after midnight e Yesterday Uses log data from just after midnight of the previous day up to and including the most recent log message from the current date Week to Date Uses log data from the current date plus the seven preceding days Month to Date Uses log data from the same date as the current date in the previous month up to and including the most recent log message from the current date When generating a report with a template containing a dynamic date range setting the dates used when referencing the log data are relative to the current date Thus two reports generated from the same template on different days will provide different results SonicWALL ViewPoint 6 0 Administrator s Guide Using Custom Reports on UTM Appliances W amp To select a Dynamic Date R
357. tains For example john will match john_smith john42 or big_john 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected day Note The date setting will stay in effect for all similar reports during your active login session Viewing SSL VPN Bandwidth Usage Over Time Reports The Bandwidth Usage Over Time report displays the daily number of connections handled by a SSL VPN appliance or a group of SSL VPN appliances for the specified time period To view the Bandwidth Usage Over Time report perform the following steps 1 Click the SSL VPN tab 2 Select the global icon or a SSL VPN appliance SonicWALL ViewPoint 6 0 Administrator s Guide Viewing SSL VPN Bandwidth Reports W amp 3 Expand the Bandwidth tree and click Over Time The Over Time page displays Bandwidth Usage Connections v Start 412007 08 1E End 2007 08 20 Searc Bandwidth Usage for August 15 2007 August 20 2007 1 000 Cornections ol 015 2007 Db 16 2007 wI 17 200 O8 1 200 On 19 200 20 20 I 374 I 415 j 1 0 17 2009 5 10 200 ow 1 j 0 19 2000 15 20 200 4 The graph displays the number of connections during each day of the specified time period 5 The table contains the following information Date when the sample was taken Connections number of hits 6 To change the date of the report use the Search Bar and click th
358. te Time option and any other report fields that you have selected from the eight data types The choice you select will be used to order the results in the report from the first page to the last The selection in the left drop down list is used for the first sorting then the selection in the right drop down list is used to sort and group the entries within each group resulting from the the first sorting To configure a detailed report 1 Select a unit for which Log Viewer is enabled and then navigate to the page under Custom Report for the report type you want 2 In Report Layout region of the Template Section of the Custom Report page select the Detailed Report tab 3 In the Select report field drop down list select a data type to include in the report and then click Add A row for this field is populated in the table below Repeat this step to add other fields 4 Optionally select an operator from the drop down list under Filter in a table row and type in or select an input value to be matched when the database is queried Repeat this step for other rows to add filter values for those fields 5 To prevent a field from appearing in the final report click the Eye icon in that row so that the eye appears closed To allow the field to be displayed in the report click the closed Eye icon to return it to normal appearance 6 To delete a field from the table click the X icon in that row 7 To sort the report pages by a differen
359. te field to access the pop up calendar 4 Use the navigation arrows near the top of the calendar to change the year or month Click the lt lt button to move to the previous year or hold the button to select from a list of years Click the gt gt button to move to the next year or hold the button to select from a list of years Similarly click the lt or gt to move back or ahead by one month or hold the button to select from a list of months 5 Click the desired start date in the calendar This adds the date to the Start Date field and closes the calendar Click the End Date field to access the pop up calendar 7 Use the navigation arrows near the top of the calendar to change the year or month 8 Click the desired end date in the calendar This adds the date to the End Date field and closes the calendar 9 For the Start Time select the hour minute and second from the drop down lists in the Static Date Range row These settings specify the earliest data for each day in the date range to be included in the report SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using SSL VPN Custom Reports 10 For the End Time select the hour minute and second from the drop down lists These settings specify the most recent data for each day in the date range to be included in the report 11 To change the settings back to the defaults click Reset at the bottom of the Template Section Note that this will change the Repo
360. tects azamst i aay of network based apphcation Vulmerabilises and exploris Activate your subscaptoon today to recerve protection Gem these threals Chek riers to see 1 Global Threat Report showing the top intrusions prevented globally Wah an Intrusion Prevention amp Deteerion subscription reports will show actual intrusion attempts that were blocked by the appliance lop ineruwons fer January 1 2008 a Be Bac bs uy r a Ld LMegoy intrur ons T T of intrusions WEB IT e a E Weng O CSN S000 gt wer S 3 0 gt weal on 16 7 gt OAT DMs my ILT soe OS a4 OWE OLUTION boo I1 TWES PR OUTPACE pans gt BATTACK RESPONSES urn 3 2 d vier gt gt Owens 7 Ly gt iter 7 gt See A bit wo Total EJE 100 0 Select from the following intrusion reports To view a summary of the attacks see Viewing the Intrusion Prevention Summary Report on page 275 e To view the attacks by source IP address see Viewing the Errors Report on page 254 To view a summary of the errors and exceptions see Viewing the Errors Report on page 254 To view attacks over a period of time see Viewing Attack Reports Over Time on page 256 e To view errors and exceptions over a period of time see Viewing Errors Over Time on page 258 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Intrusion Prevention Reports W amp Viewing the Intrusion Prevention Summary Report The
361. tempted attacks during the specified time period To view the Attacks Over Time report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Attacks tree and click Attacks Over Time The Attacks Over Time page displays Attempted Attacks F Date s v Start 2007 9423 End 2007 04 28 Attempted Attacks for April 23 2007 Apr 28 2007 Dote Amacks of Attacks 4 23 2007 7 0424 2007 j4 25 2007 s as 4 The bar graph displays the number of attacks attempted each day of the time period 5 The table contains the following information Date when the sample was taken Attacks the number of attacks of Attacks the percentage of attacks on this day compared to the time period For example if 10 000 attacks occurred during the time period and 1 000 attacks occurred on Thursday its of Attacks field will display 10 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Attacks Reports W amp 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint
362. tems shown in the component window and we want the Refresh Interval to occur every 30 minutes Click Save to save your changes and exit the component window The changes will update the component window immediately gt gt CNN Top 5 Stories 5 Edit X a U S gas so cheap it hurts gt 9 hours ago gt Police Mom finds D C Madam hanging gt 2 h gt Barbara Walters had affair with U S senato gt Air Force grounds T 38Cs after deadly crash gt Protesters across U S push immigration issue Y SonicWALL ViewPoint 6 0 Administrator s Guide Adding a Component Window Adding a Component Window Another way to fully customize your SonicToday dashboard is by adding a component window specifically to your preferences Note that no component containing the same content can be added more than once in the SonicToday dashboard In this section there are different component windows you can add e Application Widget section on page 44 RSS Feed section on page 46 Application Widget The application widget specifically details Logs and Current Sessions in SonicWALL ViewPoint 6 0 The convenience of this new widget is that it enables you to keep track of all these different details from the SonicToday dashboard page rather than navigating through other tabs To add the application widget 1 Click Add Component to bring up the Add Component Manager dialogue box Select Application Widget fro
363. th Log Viewer Enabled on page 72 Note Custom Reports are available on appliances with Log Viewer enabled See Using Custom Reports on UTM Appliances on page 163 Select the starting date to view from the Start Date list box Enter the starting time of events to view in the Start Time field Select the ending date of events to view in the End Date list box o o Nog Enter the ending time of events to view in the End Time field 10 Enter the source IP address to view in the Source IP Address field To view all IP addresses enter All 11 Optionally enter the source port to view in the Source Port field 12 Enter the destination IP address to view in the Destination IP Address field To view all IP addresses enter All SonicWALL ViewPoint 6 0 Administrator s Guide 13 14 15 16 17 Real time Syslog Viewer W amp Optionally enter the destination port to view in the Destination Port field Select the type of events to view from the Message Category list box To search for specific message text type the text into the Message Text field Select the number of entries to display per page from the Results Per Page field Click Generate Report The Log Viewer Results page displays Real time Syslog Viewer The real time syslog utility enables you to diagnose the system by viewing the syslog messages in real time Note Only use this utility when needed for diagnostic purposes To open the r
364. the Report Section Click the lt Full Mode gt button to the right of the Template Section heading Click the lt Full Mode gt button to the right of the Report Section heading Configuring the Date and Time for Custom Reports At the top of the Template Section of the Custom Report page the Date Time region provides a way to designate the time period to use when generating the report You can select either a Dynamic Date Range or a Static Date Range Both the Dynamic Date Range and the Static Date Range provide Start Time and End Time settings By using the Start Time and End Time fields you can specify the exact hour minute and second for both the beginning and the end of the period for the report When a start and end time is specified for a date range containing multiple days the start end times are applied to each day of the period when analyzing data for the report The default is to include data for the full 24 hours in each day of the date range Date Time Start Tme 00 w 00 00 v Dynamic Dete Range Tocey v EndTme 22 2 v oy lt lt Start Date Start Time 00 Stat Date Range r z eee End Date EndTme 23 v 05 vi 02 Dynamic Date Range The Dynamic Date Range selection allows you to select from four date ranges and to specify the exact starting and ending times on the days in the selected date range for the log data to be used for the report For the Dynamic Date Range you can
365. the following information Policy Name the Application Firewall policy name Connections number of attempted connections logged and possibly blocked by Application Firewall Mbytes megabytes of data transferred during the connections Action Type either No Action Logged or Blocked 5 To change the date of the report click the Start field to access the drop down calendar select the desired date and then click Search The ViewPoint Reporting Module displays the report for the selected date Viewing Authentication Reports The login reports show user logins administrator logins and failed login attempts for users and administrators Authentication reports are available at the unit level Note All reports appear in the appliance s time zone Select from the following SonicWALL ViewPoint 6 0 Administrator s Guide 4 Viewing Authentication Reports e Viewing the User Login Report on page 288 e Viewing the Administrator Login Report on page 289 e Viewing the Failed Login Report on page 289 Viewing the User Login Report The user login report shows users that logged on to the SonicWALL appliance during the specified day to bypass content filtering or to remotely access local network resources To view the User Login report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the Authentication tree and click User Login The User Logi
366. the page to read detailed information about SonicWALL Gateway Anti Virus and other subscription services Anti Virus Subscription Needed Thes apphance does not have an anh virus subserption Actwate your subscmphon today to recerve protection from these threats Click Here to see the Global Threat Report showing the top viruses blocked globally With an Ants Virus subscrspbhon reports will show actual viruses blocked for hrs apphance and provede anportant stahshcal information Top Wiewses by Attack Attempts for lanuary 1 2000 avis gt ings Allempis of Atlempte doom F Worm dead O T P LA d mt P b Pas vd tie FoF b 4GbeF Worm dsabied 6054 24 8 Tota E im 0 Click here for more information Select from the following reports e To view the top virus see Viewing the Top Viruses By Attack Attempts Report on page 262 e To view the virus attacks by top destinations see Viewing the Virus Attack Attempts Report on page 263 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Virus Attacks Reports Wx e To view virus attacks over time see Viewing the Virus Attack Attempts Report on page 263 To view virus attacks over a period of time see Viewing the Virus Attacks By User Report on page 265 e To view virus attacks by top destinations over time see Viewing Anti Spyware Reports on page 266 9 Expand the Virus Attacks tree and click Summary The Summa
367. the selected report field The operators and input fields are defined in Table 7 for each report field SonicWALL ViewPoint 6 0 Administrator s Guide 4 Using SSL VPN Custom Reports Table 7 Operators and Input Fields for Each Data Type Data Type Operators Input Field Destination IP Equals The input field is a standard input field where Starts with you can type in the numbers to match such Ends with as 192 or 10 25 Leave the input field blank if Contains you choose not to filter by a certain destination IP address Protocol Equals The input field is a standard input field where Start with you can type in the protocol to match such End with as FTP Leave the input field blank if you Contains choose not to filter by a certain protocol Source IP Equals The input field is a standard input field where Starts with you can type in the numbers to match such Ends with as 192 or 10 25 Leave the input field blank if Contains you choose not to filter by a certain source IP address User Equals The input field is a standard input field where Start with you can type in the user ID to match Leave End with the input field blank if you choose not to filter Contains by a certain user In the Options column two icons are displayed an Eye F and an X You can click the Eye to toggle whether the report field on that row will be displayed in the final report This allows you to filter the report results based
368. tion about resource activity Resources Summary connections per connection protocol HTTPS NetExtender etc Top Users connections listed by user Authentication User Login user time and source of successful authentication daily User Login reports now combine admin users with all other users in the same report Failed login time and source host of failed logins for one day Global Level Reports General Status number of units in the system and their ViewPoint license status Bandwidth Summary connections per SSL VPN appliance Over Time total connections by date for group Configuring SSL VPN Scheduled Reports To configure SSL VPN scheduled reports and summarization perform the following tasks 1 On the SSL VPN tab navigate to Configuration gt Scheduled Reports 2 Click the Add button SonicWALL ViewPoint 6 0 Administrator s Guide Using and Configuring SSL VPN Reporting 3 The Scheduled Report Configuration form displays Fill out the fields accordingly For more information see the following sections Configuring Scheduled Reports on page 134 Scheduling PDF Compliance Reports on page 144 shedveed Separ Contrast enon General Mame Desonpvon Category L imat Snow Oetat C Archive 2 Show Ostat Formats and Settings Repon Type Daly Weerly Monthy Report Format por inciude afi Gata in a sing
369. tions for report display settings SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Virus Attacks Reports Wx 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing the Virus Attacks By User Report The Virus Attacks By User report displays the number of virus attack attempts over the specified time range To view the Virus Attacks By User report perform the following steps 1 Click the UTM tab 2 Select the global icon or a SonicWALL appliance 3 Expand the Virus Attacks tree and click By Viruses Over Time The Virus Attacks By User page displays Virus Attacks By User Y schedule F prat tpar v tet el20070 E Virws Attacks By User for April 25 2007 Apri 28 2007 Virus Attempts of Altempts DLS 35 98 224 25 0 1604085 100 0 SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Anti Spyware Reports 4 The pie chart displays the percentage of virus attacks attempted in a given day 5 The table contains the following information Virus the name of the virus Attempts the number of attack attempts of Attempts the percentage of attempts compared
370. to create and customize reports successfully SonicWALL ViewPoint 6 0 Administrator s Guide M SSL VPN Reporting Overview What is SSL VPN Reporting SSL VPN reporting allows you to configure and design the way you view your reports and the manner in which you receive them This feature offers various types of static and dynamic reporting in which you can customize the way information is reported SonicWALL ViewPoint SSL VPN reporting provides a visual presentation of all your configured report settings and information With SSL VPN reporting you are able to view your reports in new enhanced graphs create granular custom reports create scheduled reports and search for reports using the search bar tool Custom reports are also available in SSL VPN reporting SonicWALL SSL VPN appliances provide a Resource Activity custom report for tracking the source destination and other information about resource activity passing through a SonicWALL SSL VPN device The Custom Reports feature provides an intuitive responsive interface for customizing the report layout and configuring content filtering prior to generating the report Two types of reports are available Detailed Reports and Summary Reports Both provide detailed information but are formatted to meet different needs A Detailed Report displays the data in sortable resizable columns while a Summary Report provides top level information in graphs that you can click to drill d
371. to the day 6 The ViewPoint Reporting Module shows yesterday s report To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Viewing Anti Spyware Reports SonicWALL Anti Spyware is included within the SonicWALL Gateway Anti Virus GAV Anti Spyware and Intrusion Prevention Service IPS unified threat management UTM solution SonicWALL UTM delivers a comprehensive real time gateway security solution for your entire network Unlike other threat management solutions SonicWALL Gateway Anti Virus Anti Spyware and Intrusion Prevention Service has the capacity to analyze files of any size in real time without the need to add expensive hardware drive or extra memory SonicWALL Gateway Anti Virus Anti Spyware and Intrusion Prevention Service includes a pro active alerting mechanism that notifies network administrators when a new threat is discovered Granular policy tools and an intuitive user interface enable administrators to configure a custom set of d
372. tor s Guide Viewing Web Usage Reports W amp 3 Expand the Web Usage tree and click By Category The By Category page displays Summary of Web Usage by Cateaory schedule Ht print Cetegory Eques v Sat 2007 04 27 e Search paos Summary of Web Usage by Category for April 27 2007 3na Categones iy Category Hite _ MBos a of MBytes te t Nia 12373 63 492 100 0 Total 12373 63 452 100 0 4 The table contains the following information Category the Web site category Hits the number of hits to the Web site category MBytes the number of megabytes transferred of MBytes the percentage of megabytes transferred 5 The ViewPoint Reporting Module shows yesterday s report and all Web site categories To change the date of the report or Web site categories displayed use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 6 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Items Entries per Item Rows per Screen See Managing Report Settings on page 154 7 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected day SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports Note These settings will stay in effect for a
373. ts report data and presents it in an organized format The ViewPoint Compliance Report feature allows administrators to provide more customized report summaries and to create more formal and defined layout of report information in PDF format This feature provides the following benefits e Customizable cover page Default also available e Customize Summary Descriptions for the reports e Ability to customize a set of reports Three reports can be persisted as a profile so that it can be consumed by less experienced users in the system e Reports can be generated in industry standard PDF format e Compressed format provides a smaller sized file than an equivalent HTML report The print quality is higher SonicWALL ViewPoint 6 0 Administrator s Guide Scheduling PDF Compliance Reports W amp e This feature has the ability to open a 200 page PDF report with ease In comparison opening the same report in HTML takes a more extensive amount of time using IE as it is weighed down by memory and other systems Requirements Adobe Reader plug in is required for the preview function How Do Compliance Reports Work ViewPoint has the capability to generate both online and scheduled reports in HTML format Since PDF has become a standard document format for distribution the compliance reports are based on this universal standard Moreover users are able to customize define sections throughout the report For example t
374. ttings are saved Sessions The Sessions page of the Management section of the ViewPoint Console allows you to view session statistics for currently logged in ViewPoint users and to end selected sessions Managing Sessions On occasion it may be necessary to log off other user sessions To do this perform the following steps 1 Click the Console tab expand the Management tree and click Sessions The Sessions page displays Current Sessions id UserName IP Address Login Time Last Access Time Domain Name admin 20 50 16 365 Fri Ad 18 15 17 08 POT 2008 Fri Xd 38 16 12 01 POT 2008 LoacaDonen End selected seseuns When more than one session is active a checkbox is displayed next to each row Select the check box of each user to log off and click End selected sessions The selected users are logged off SonicWALL GMS 6 0 Administrator s Guide a 65 S Database Maintenance Database Maintenance The Database Maintenance page allows you to back up the MySQL databases used by SonicWALL ViewPoint This screen is not applicable to deployments using SQL Server Note The Console gt Management gt Database Maintenance page only appears in the management interface when a MySQL database is being used Database Backup Schedule Databave Rach Type Compite data stabase Backup Schodde Database Bachup Update Backup Schedule Nate A def aut schede has Geen selected for database badup Stredves can be configure
375. ttp or www prefix So for example http site1 sonicwall com would not find a match in any reports because it would be listed in the reports simply as site1 sonicwall com To add a Web site to the Web Sites Filter list perform the following steps 1 On the Console gt User Settings gt Reports page type the Web site to be excluded into the Web Sites Filter field Enter the Web site without the http or www prefix 2 Click the Add button Deleting Web Sites from the Filter List To remove a Web site from the Web Sites Filter list perform the following steps 1 On the Console gt User Settings gt Reports page select the checkbox next to the Web site to be removed from the exclusion list To select all sites in the list select the Select All checkbox 2 Click the Delete button Adding Web Users to the Filter List To add a user to the Web Users Filter list perform the following steps 1 On the Console gt User Settings gt Reports page type the user name to be excluded into the Web Users Filter field Enter the user name without the domain 2 Click the Add button SonicWALL ViewPoint 6 0 Administrator s Guide Configuring Reports Settings Deleting Web Users from the Filter List To remove a Web user from the Web Users Filter list perform the following steps 1 On the Console gt User Settings gt Reports page select the checkbox next to the user to be removed from the exclusion li
376. tus page is divided into a section showing the overall deployment wide summarizer status and sections with details for each summarizer See the following sections e Summarizer Status Over 7 Days page 91 e Details for Summarizer at lt IP Address gt page 93 Summarizer Status Over 7 Days The Summarizer Status Over 7 Days section displays overall summarizer utilization information for the deployment including database and syslog file statistics Results are calculated over the last 7 days with historical data available over the last 30 days Summarizer Utilization The top Summarizer Utilization section shows the average utilization of the summarizer over the applicable time period The Dial Charts show the percent of total capacity used by the Syslog Collector or the Summarizer The following metrics are also displayed in the Summarizer Utilization section Total Run Time Total amount of time spent generating summarization statistical data and results over the applicable time period Number of Syslogs Received Total number of syslogs received by the Summarizer over the applicable time period Note Not all syslogs are summarized some syslogs such as heartbeat messages are ignored When Web Event Consolidation Home Port Reporting is enabled several syslogs may be ignored or alternatively consolidated into a single syslog If your appliance is managed by a different Agent the results are not summarized here Numbe
377. ummarizer The Host Name Resolution Settings section is displayed at the bottom of the page Host Name Resolution Settings V Resolve Destination Host Names LJ Resolve Source Host Names Arriade Craving Interval 1440 M mn minutes pelte enabling the Host Name Rlesoistion frater val affect the averai performance of the system and with a more drect impact on the Suewmneriver module To resolve host names for destination IP addresses select the Resolve Destination Host Names checkbox To resolve host names for source IP addresses select the Resolve Source Host Names checkbox To set the interval at which the name resolution crawler runs select the number of minutes in the Periodic Crawling Interval drop down list Performance may be affected while the name resolution crawler is running especially for the Summarizer module SonicWALL ViewPoint 6 0 Administrator s Guide Email Archive Wa Email Archive The Console gt Reports gt Email Archive page provides global options for setting the time and interval for emailing archiving scheduled reports and global settings for the Web server logo and PDF sorting options Email Archive Time Settings Next Scheduled Emad archrve Time rT y omfddlyyyy hh min ada aid vm at a _ _Updete Send Weebly RepcetsLvery Friday v Update Send Monthly Regrets Every 4 oo of the Month Update Note Weekly reports are Generated For Monday Sunday of the week and Monthly Reports ar
378. ve into the Save Directory field To change the format and settings of your customized compliance report perform the following steps 6 Inthe Format and Settings category select the Report Type that reflects the time interval you want to view your reports either Daily Weekly or Monthly SonicWALL ViewPoint 6 0 Administrator s Guide Scheduling PDF Compliance Reports W amp 7 Select the PDF report format in the Report Format category Selecting the PDF option will open additional fields to allow you to customize the set up of the Cover Page Summary Report Page and Detailed Report Page of your report in PDF format Formats and Settings He 8 To zip all of your reports into a single file select the check box next to the Zip Reports into a single file check box Note PDF will disable some options that are only applicable to HTML 9 For custom reports enter the template folder name into the Template Folder Name field Customizing Your Cover Page The Cover Page section allows the user to design a cover page for their report using different color schemes 1 Title field Enter the document title 2 Subtitle field Enter the document subtitle Optional SonicWALL ViewPoint 6 0 Administrator s Guide 4 Scheduling PDF Compliance Reports 3 Select the color for the Title and Subtitle s foreground and background by clicking the gradient color box in the right side of the each field You may select
379. vigate to http www rsfeeds com 4 Enter the Title for this custom RSS Feed page Also indicate how many Items you want to be shown on the component window as well as the Refresh Interval In this example we will choose Rediff Top Stories displaying the first five items every 30 minutes on the component window Add Component Manager Type Rss Feed X RSS Feed Details RSS Feeds CNN Top Stories aj Internet News Security Feed Security Fixes US CERT Security Alerts Custom RSS Feed Custom RSS URL jwww rediff com rss usrss xml Title Rediff Top Stories Items s min 5 Refresh Interval in minute s 30 min 5 Add l Cancel 5 Click Add when you are finished This will add the new RSS Feed component window to your SonicToday dashboard Adding More Pages SonicToday allows you to create more pages in addition to your default dashboard page Note that only one page may be designated as your SonicToday default page As soon as a new page is marked as the default any previous default page settings are overwritten To create a new page 1 Click Manage Page from the toolbar to bring up the Page Manager 2 In the Page section select Add New Page from the drop down list 3 Name your new page under Page Title 4 Select the layout of your page under Page Layout A thumbnail image pops up alongside each option to assist you SonicWALL ViewPoint 6 0 Administrator s Gu
380. w long the process is taking navigate to the Console gt Log gt View Log screen and look or search for or start and completed times for Report Data Archive SonicWALL ViewPoint 6 0 Administrator s Guide CHAPTER 9 Using Diagnostics This chapter describes the diagnostic information that ViewPoint provides including summarizer status information This chapter includes the following sections Summarizer Status section on page 90 SonicWALL ViewPoint 6 0 Administrator s Guide Summarizer Status Summarizer Status The Summarizer Status page displays overall summarizer utilization information for the deployment including database and syslog file statistics and details on the current status of each summarizer Summarizer Status Over 7 days gt User Settings Summarizer Utilization Log Management gt Reports Y Diagnostics 74 Summae Ratus 2 0 gt Events e i 10 0 14 150 10 202 50 150 Help Tatal Aun Time th 38m 2s Karba of Syslogs Received 3 032 082 number of Systogs Summarized 2 999 08 Average Sydags Summarized Per Mirte 30 600 Estimated Unused Capacity in syshogs 41 064 700 Reporting Details Number of Applhances Numer of Appllances with Factory Defui Reports Enabled 2 Narbe of Agglances with Al Reports Enabled S Number of Appllances wth Custom Set of Reports Enabled 0 Summarizer Usage Top Appliances Appliance Execution Time Enabled Reports Y Engg Productio
381. was 2 G B SonicWALL ViewPoint now provides enhanced database capacity by creating a new 2 GB database everyday Each file name includes the date it was created for easy reference SonicWALL Appliance and Firmware Support You can use SonicWALL ViewPoint reporting for the following SonicWALL security appliances SonicWALL firewalls running SonicOS 1 0 or higher or SonicWALL firmware 6 1 2 0 or higher SonicWALL SSL VPN 200 2000 4000 running SonicOS SSL VPN 2 1 or higher SonicWALL SRA 4200 running SonicOS SSL VPN 3 5 0 11 or higher SonicWALL Aventail E Class SRA EX Series appliances running version 9 0 or higher SonicWALL CSM Series running SonicOS CF 1 0 or higher Network Requirements To complete the SonicWALL ViewPoint deployment process the following network requirements must be met Syslog and SNMP Port Settings You should either disable your personal firewall or enable ports for syslog syslog forwarding and SN MP traps The default syslog port is UD P 514 and the default SNMP port is UDP 162 SonicWALL ViewPoint 6 0 Administrator s Guide Activating SonicWALL ViewPoint on Your Appliances If the SonicWALL ViewPoint system is behind a gateway or firewall you may need to open up these ports on that device Static IP DHCP If accessed from the WAN interface the SonicWALL appliance must have a static IP address O therwise it may have either a static or dynamic IP address HTTP HTTPS HTTP
382. were made to access blocked Web sites during each day of the specified time period 5 The table contains the following information Date the day when the sample was taken Attempts the number of attempts to access blocked Web sites of Attempts the percentage of attempts to access the blocked site on the day compared to the time period For example if 5 000 attempts were made during the time period and 500 were made on one day its of Attempts field will display 10 6 To change date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar or Plot chart SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Filter Reports See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing the Top Blocked Site Attempts Over Time The Top Sites Over Time report displays the top blocked Web sites for the specified time period To view the Web Filter Over Time report perform the following steps 1 Click the UTM tab 2 Select a SonicWALL appliance 3 Expand the
383. width transferred during each day of the specified time period 5 The table contains the following information Site URL or IP address of the site Hits the number of hits MBytes the number of megabytes transferred Category the Web site category of MBytes the percentage of megabytes transferred between this site compared to all other HTTP traffic For example if 1 000 000 megabytes of data was transferred during the day and 500 000 megabytes was transferred between the appliance and Ebay the of MBytes field will display 50 and you have a problem 6 To change the date range of the report use the Search Bar and click the Start or End field to access the drop down calendar or click More Options for report display settings 7 Under Report Display Settings you can set Display Type Chart and Table or Table Only Chart Type Area Bar Pie or Plot chart Number of Sites SonicWALL ViewPoint 6 0 Administrator s Guide Viewing Web Usage Reports W amp Rows per Screen See Managing Report Settings on page 154 8 When you are finished click Search The ViewPoint Reporting Module displays the report for the selected date range Note These settings will stay in effect for all similar reports during your active login session Viewing Top Users Over Time The Top Users Over Time report displays the top users of bandwidth and the amount of time they spent browsing
384. will see this alert after the 30 day delay You can repeat the delay as many times as needed A Windows Firewall Alert Please check Windows Firewall settings on the GMS ViewPoint Server If Windows Firewall is enabled on your server Syslog and SNMP packets will not be collected by the product which will affect the Management Alerting and Reporting functionalities of the product Please open Windows Firewall in Control Panel to check the status of Windows Firewall Make sure you have either disabled Windows Firewall software on the Server or unblocked Syslog typically UDP 514 and SNMP UDP 162 packets Click OK only after you have undertaken these steps J Perform this check after 30 days OK 3 Inthe System gt Status page click the Register button o SONICWALL UMH 5 1 009 v W syren argusin Porcine Oa Hegeter to congieze Pa regstraton for Pet management onie a sys Sune Status Informathe weraes General Adeerest aten Meme Sere WALL Ureversal Manogement Host eral Number ua Setengs Verson 5 1 Gude S124 1460 Wedressay Asi 15 2009 04 53 55 PM POT Cagrostcs MD Onion instal Drive 17 20 G8 of Tota 55 85 GB Syg Orne 37 30 GF of Tow 55 88 G8 Getting started Open Getting Slerted Instructions In tow Window SonicWALL ViewPoint 6 0 Administrator s Guide Registering SonicWALL ViewPoint 4 Inthe License Management page type your MySonicWALL user name and password a
385. wing the report results in table format To export the entire report in Microsoft Excel Comma Separated Value CSV format click the Excel icon at the top of the Report Section A CSV file is generated showing the report results in spreadsheet format The PDF can contain a maximum of 10 000 records If your report contains more than 10 000 records you can use the Static Date Range fields to adjust the dates and regenerate the report to shorten its length You can save the PDF or CSV file using any filename and location Saving the Report Template After generating the report you can save the settings for this report as a template for reuse You can select the saved template from the Template Section at a later time and use it to generate a report using the same settings The template is saved for the currently selected appliance and for the specific user The saved template will not be available for other appliances or for other users To save the report template 1 In the Report Section in the upper right corner click the Save Template button Report Section lt full Mode gt Resource Activity Save Template B if Date Time Paad Destiny 2 Inthe popup dialog box type in a descriptive name for the template up to 40 characters The number of remaining characters allowed in the name is displayed below the input field and changes as you type 3 Click Save If you are in a Full Mode display of the Report Section you
386. with the suggested text and you can either press Tab to accept it or keep typing Different suggestions will appear as you continue to type if log messages match your input Severity displays log entries with the matching severity level All Alert Warning and FYl where FYI mean For Your Information Alert and Warning Alert Select the Match case checkbox to make the SonicWALL Node ViewPoint User and Message contains search fields case sensitive Select one of Exact Phrase All Words or Any Word Exact Phrase matches a log entry that contains exactly what you typed in the Message contains field All Words matches a log entry that contains all the words you typed in the Message contains field but the words can be non consecutive or in any order Any Word matches a log entry that contains any of the words you typed in the Message contains field 4 To view the results of your search criteria click Start Search To clear all values from the input fields and start over click Clear Search To save the results as an HTML file on your system click Export Logs and follow the on screen instructions 5 To configure how many messages are shown per screen enter a new value between 10 and 100 in the Show Messages Per Screen field default 10 Click Next to display the next page or click Previous to display the preceding page SonicWALL ViewPoint 6 0 Administrator s Guide View Log
387. ws Server 2003 SP2 32 bit and 64 bit e Windows Server 2000 SP4 e Windows 7 32 bit and 64 bit Windows Vista SP1 32 bit and 64 bit e Windows XP Professional SP3 32 bit In all instances SonicWALL ViewPoint runs as a 32 bit application Database Requirements For fresh installations or after upgrading from 5 1 SonicWALL ViewPoint 6 0 supports the following database MySQL 32 bit version 5 0 83 for Windows bundled with SonicWALL ViewPoint 5 1 and above SonicWALL ViewPoint 6 0 Administrator s Guide About Installing and Upgrading SonicWALL ViewPoint The MySQL 5 0 separate installer that was provided with SonicWALL ViewPoint 5 0 is still supported The requirements for the MySQL server are as follows e Windows 2000 SP4 and newer Windows operating systems e Minimum 300 GB hard disk space e Minimum 2 GB RAM NTFS file system e Nota Virtual Machine VM After upgrading from 5 1 SonicWALL ViewPoint 6 0 supports the following databases only when the database was already in use prior to upgrading e Microsoft SQL Server 2005 SP2 32 bit and 64 bit as follows SQL Server 2005 Workgroup SQL Server 2005 Standard SQL Server 2005 Enterprise SonicWALL ViewPoint does not support Microsoft SQL 2005 Express e Microsoft SQL Server 2000 SP4 e Microsoft Desktop Engine MSD E bundled with ViewPoint Java Requirements Java Plug in version 1 6 or higher is required on client machines when accessi
388. your searches are displayed in the Search Results section SonicWALL ViewPoint 6 0 Administrator s Guide Scheduled Reports Wa To search for scheduled reports 1 Click the Console tab expand the Reports tree and click Scheduled Reports The Scheduled Reports page displays wrerary p sess ant Mart Seant eters nein Teme Ai hae vV Mart Search v Cree Search Seant Reus v Shn Scheduirs Per Screen mo V Ge tu Schedsie Render mee ae Best w Cnobiet Marre Tros Und orowp Derwe a Last Ran Lical Met iati s y 5 nae v w el G 0 we ity gaia er y nI E y enrasac ver oa K e y 7 oo lt y test ou To r t g s eann Dats bey gt Ei lt 7 u soro iof si gt nest maci ii Screech ee t Mat Aniteve the selected schexuhes mee V R fee p ort ef roe ott he Laeta E ale toe w X Deirtr thee seitei s beduirs V Re send ther setected shoda tor dates men dd yyyy gt 2 Define the Search Criteria tab The Search Criteria tab contains the following elements to refine your search Schedule Type Select from the following schedule types All Schedules Daily Schedules Weekly Schedules Monthly Schedules Status Select from the following status conditions All SonicWALL ViewPoint 6 0 Administrator s Guide M Scheduled Reports Failed In Progress Success In Queue Partial Failure SonicWALL Node Select from the following Son
Download Pdf Manuals
Related Search