SonicWALL Global Management System Reporting User Guide
Contents
1. SonicWALLs R SonicWALL Global Management System SONICWALL p ds tandard Edition 84 Standalone ViewPoint Standalone ViewPoint Guide 5 The table contains the following information e User the user name Time time the user logged in e IP Address IP address of the user 6 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 95 Figure 95 Report Settings Dialog Box E ViewPoint Settings Microsof i Ea SONICWALL 7 Select the year month and day that you would like to view 8 When you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing Reports 85 Viewing the Log The Log Viewer contains detailed information on each transaction that occurred on the SonicWALL appliance or Ravlin device This information is stored for the time that you specified in the configuration settings Note The Log Viewer displays raw log information for every connection Depending on the amount of traffic this can quickly consume a large amount of space in the database It is highly recommended to be careful when choos ing the number of days of information that will be stored For more information see Configuring GMS Reporting Module Settings on page 12 Select from the following e To view the log for a SonicWALL appli2. 10 0 0 2 255 255 255 255 38 144 185 11 216 7 64 9 209 61 152 205 206 244 69 51 Report produced for timezone GMT sonicwaLLs loes Report SonicWALL Global Management System SONICWALL z b tandard Edition 46 Standalone ViewPoint Standalone ViewPoint Guide 5 The graph displays the number of access attempts for each of the top blocked web sites during the specified time period 6 The table contains the following information e Site URL or IP address of the site e Attempts number of attempts of Attempts percentage of attempts to access the blocked site compared to all other blocked site attempts For example if 500 attempts were made during the period and 100 of those attempts were for www badsite com its of Attempts field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 45 Figure 45 Report Settings Dialog Box A ViewPoint Date Range Selector Micr Ei Ea SONICWALL February 22 2000 February 21 2000 February 20 2000 February 19 2000 8 Select the starting and ending dates that you would like to view February 22 2000 February 21 2000 February 20 2000 February 19 2000 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all report
3. Back gt O A QSearch fajFavoites hitoy H S M H O READ Address E hup 764 201 22498000 somsfouth As Links QFree AOL amp Unlimited Internet q9 RealPlayer P statesyDepartment Eas Simulator 4 By Source user admin Logout ma California ma Engineering ma Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 Simulator3 m New York sg South Dakota m Utah Attacks by Source for April 19 2002 _ settings J 550500005 ttacks 6 of Attacks 216 105 160 13 7 53 8 192 168 168 2 4 30 8 664 220 173 248 2 15 4 Total 13 t 100 0 Report produced for timezone GMT Soniewatts a s SonicWALL Global Management System SONICWALL Standard Edition D TT 9 nen Z 5 The pie chart displays the percentage of each source of attack 6 The table contains the following information e Source the source of the attack e Attacks number of attacks of Attacks percentage of attacks from this source compared to all other sources For example if 1 000 attacks occurred during the day and 500 attacks came from one source its of Attacks field will display 50 7 By default the GMS Reporting Module shows today s report a pie chart and the ten top sources To change these settings click Settings The Report Settings dialog box appears Figure 79 Viewing Reports 73 Figure 79 Report Settings Dialog Box ViewPoint Settings
4. 5 The table contains the following information e User the IP address of the user e Site the top five sites visited by the user e Attempts number of attempts the user made to access each web site 6 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 49 Viewing Reports 49 Figure 49 Report Settings Dialog Box SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 7 Select the starting and ending dates that you would like to view 8 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session 50 Standalone ViewPoint Standalone ViewPoint Guide Viewing File Transfer Protocol Reports FTP usage reports provide information on the amount of FTP usage that occurs through the selected SonicWALL appliance s FTP usage reports can be used to view FTP bandwidth usage by the hour day or over a period of days Addition ally you can view the top users of FTP bandwidth General bandwidth reports do not always provide a complete picture of network bandwidth usage If a large amount of FTP traffic occurs during peak times you might need more bandwidth you might need to upgrade network equipment or you might ask emp
5. Error initializing Hardware acceleration for VPN PPTP Control Connection Negotiation Started PPTP Session Negotiation Started PPTP Max Retransmission Exceeded PPTP Control Connection Established PPTP Tunnel Disconnect from Remote PPTP Session Established PPTP Session Disconnect from Remote PPTP PPP Negotiation Started PPTP LCP Down PPTP PPP Session Up PPTP PPP Down PPTP PPP Authentication Failed PPTP LCP Up PPTP Disconnect Initiated by the User Disconnecting PPTP Tunnel due to traffic timeout PPTP Connect Initiated by the User PPTP PPP link down PPTP starting CHAP Authentication PPTP starting PAP Authentication PPTP CHAP Authentication Failed Please verify PPTP username and password PPTP PAP Authentication Failed PPTP PAP Authentication success PPTP PAP Authentication Failed Please verify PPTP username and password PPTP PPP Link Up PPTP PPP Link down PPTP PPP Link Finished IKE Initiator Received notify NO_PROPOSAL_CHOSEN IKE Responder IKE proposal does not match Phase 1 IKE negotiation aborted due to timeout Failed payload verification after decryption Possible preshared key mismatch Failed payload verification after decryption Received packet retransmission Drop duplicate packet SA is disabled Check VPN SA settings Anti Virus Licenses Exceeded Received notify ISAKMP_AUTH_FAILED Computed hash does not match hash received from peer Received notify PAYLOAD_MALFORMED Received IPSEC SA delete req
6. MBytes number of megabytes transferred of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during the day and 200 megabytes was transferred by the top user the of MBytes field will display 20 7 By default GMS Reporting shows today s report a pie chart and the ten top users To change these settings click Settings The Report Settings dialog box appears Figure 24 Figure 24 Report Settings Dialog Box y ViewPoint Settings Microsof AE SONICWALL Report Display Settings fio El PIE y Select Report Date Sun Mon Tue Wed Thu Fri Sat i 2 E la 5 b mo le 9 ho m 12 13 lia hs fe 17 8 ho zo za 22 23 24 25 26 27 28 29 so Viewing Reports 31 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session Viewing HTTP Bandwidth Usage by User The By User report displays a list of all users their top sites the number of hits to each site and the amount of data transferred To view the By User report follow these steps 1 Start
7. Probable TCP XMAS scan 114 Standalone ViewPoint Standalone ViewPoint Guide Probable TCP NULL scan IPSEC Replay Detected TCP FIN packet dropped Received a path MTU icmp message from router gateway Problem loading the URL List Appliance not registered Problem loading the URL List Subscription expired Problem loading the URL List Try loading it again Problem loading the URL List Retrying later Problem loading the URL List Flash write failure Received a path MTU icmp message from router gateway MTU The loaded content URL List has expired Error setting the IP address of the backup please manually set to backup LAN IP Error updating HA peer configuration Fraudulent Microsoft Certificate Blocked VPN TCP SYN VPN TCP FIN VPN TCP PSH Content filter subscription expired New firmware available Successful administrator login from the CLI Administrator login failed incorrect password from the CLI L2TP Tunnel Negotiation Started L2TP Session Negotiation Started L2TP Max Retransmission Exceeded L2TP Tunnel Established L2TP Tunnel Disconnect from Remote L2TP Session Established L2TP Session Disconnect from Remote L2TP PPP Negotiation Started L2TP LCP Down L2TP PPP Session Up L2TP PPP Down L2TP PPP Authentication Failed L2TP LCP Up L2TP Disconnect Initiated by the User Disconnecting L2TP Tunnel due to traffic timeout L2TP Connect Initiated by the User L2TP PPP link down Primary WAN link down Primary
8. VPN Usage reports provide information on the amount of VPN usage that occurs through the selected SonicWALL appliance s VPN Usage reports can be used to view VPN usage by the hour day or over a period of days Additionally you can view the top users of VPN General bandwidth reports do not always provide a complete picture of network bandwidth usage If a large amount of VPN traffic occurs you might need to add bandwidth upgrade network equipment or reconfigure the VPN net work Note All reports appear in Universal Time Coordinated UTC or Greenwich Mean Time GMT Select from the following e To view a summary of the daily VPN bandwidth usage see Viewing the VPN Usage Summary Report on page 64 To view the users who consume the most VPN bandwidth see Viewing the Top VPN Users on page 65 To view VPN bandwidth usage over a period of time see Viewing VPN Usage Over Time on page 67 e To view the users who consume the most VPN bandwidth over time see Viewing VPN Usage Over Time on page 67 Viewing the VPN Usage Summary Report The VPN Usage Summary report contains information on the number of VPN connections made through a SonicWALL appliance or group of SonicWALL appliances during the specified day To view the VPN Usage Summary report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand th
9. 0 2 57 100 0 1 Tot Report produced for timezone GMT SonicwALLs E lees Reports SonicWALL Global Management System SONICWALL Standard Edition 5 The pie chart displays the percentage of mail sent and received by the top mail users 6 The table contains the following information e Users the IP address of the user Events number of mail messages sent and received KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred by this user compared to all users For example if 10000 kilobytes of data was transferred during the period and 2000 kilobytes was transferred by the top user the of KBytes field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 65 62 Standalone ViewPoint Standalone ViewPoint Guide Figure 65 Report Settings Dialog Box A ViewPoint Date Range Selector Micr FA EJ Ea SONICWALL February 22 2000 February 21 2000 February 20 2000 February 19 2000 8 Select the starting and ending dates that you would like to view February 22 2000 February 21 2000 February 20 2000 February 19 2000 9 When you are finished click Close GMS Reporting displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing Reports 63 Viewing VPN Usage Reports
10. 192 168 5 2 10 0 62 210 10 50 190 6 10 0 0 95 10 0 0 68 192 168 2 160 192 168 236 2 Report produced for timezone GMT SonicWALL Global Management System Standard Edition 5 The pie chart displays the VPN connections for the top VPN users 6 The table contains the following information e Users the IP address of the user Connections number of VPN connections of Connections percentage of VPN connections made by this user compared to all other users For example if 10 000 connections occurred during the day and 1 000 connections were made by one user the of Connections field will display 10 7 By default the GMS Reporting Module shows today s report a pie chart and the ten top users To change these settings click Settings The Report Settings dialog box appears Figure 69 Figure 69 Report Settings Dialog Box E MEL Settings Microsof AE SONICWALL Report Display Settings pio El PIE Select Report Date Sun Mon Tue wed h 2 B k ls la ito fia hs he 17 a1 22 23 24 ze 29 0 8 Select the number of users that will be displayed from the Number of Users list box 66 Standalone ViewPoint Standalone ViewPoint Guide 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close The GMS Reporting Module d
11. 2000 February 20 2000 February 19 2000 February 19 2000 Select the starting and ending dates that you would like to view When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing the Top Blocked Site Attempts Over Time The Top Sites Over Time report displays the top blocked web sites for the specified time period To view the Web Filter Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 4 Expand the Web Filter tree and click Top Sites Over Time The Top Sites Over Time page appears Figure 44 Select a SonicWALL appliance Figure 44 Top Sites Over Time Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home He Edit View Favorites Tools Help Back gt BB A Aseach Favorites lt fristoy B Sf HO g Aa Address E htp 64 221 224 98 8000 sgms auth eGo Links GQYFree AOL amp Unlimited Intemet qp RealPlayer z D 3 ib StateByDepartment rts LL Simulator 4 Top Sites Over Time user admin Logout ma California ma Engineering Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota m Utah Top Blocked Web Sites from April 13 2002 to April 19 2002 settings J oon 500005 of Attempts
12. 3 SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt view Favores Toole Help Ka Back gt BI A Qseach Favorites lt Histy Gy S E E O RAP Address E htp 64 221 224 8 8000 sgms auth o Links GFree AOL Unlimited Intemet RealPlayer m StateByDepartment rts ell h fornia Logout z D Simulator 4 Errors Over Time u ngineering ma Simulator 4 ma Simulator 5 ma Simulator ma Simulator2 ma Simulator3 m New York m South Dakota m Utah settings J ay Dropped Packets amp Exceptions from April 13 2002 to April 19 2002 Booags nacz of Errors 71 92 3 100 0 Report produced for tinezone GMT SonicwaLLs SONICWALL SonicWALL Global Management System Standard Edition 5 The bar graph displays the number of packets that were dropped during each day of the specified time period Viewing Reports 77 6 The table contains the following information e Date when the sample was taken Dropped Packets number of dropped packets of Errors percentage of dropped packets on this day compared to the time period For example if 10 000 packets were dropped during the time period and 1 000 packets were dropped on Wednesday its of Attacks field will display 10 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure
13. Ey SonicWALL GMS Microsoft Internet Explorer provided by Home TRav 165 Search Logout Q amp Engineering A TRav 163 TRav 165 Select Search Criteria SONICWALL SonicWALL Global Management System Standard Edition 5 Select the date to view from the Date list box 6 Enter the starting time of events to view in the Start Time field 7 Enter the ending time of events to view in the End Time field 8 Select the type of events to view from the Message Category list box 9 Enter the source IP address to view in the Source IP Address field To view all IP addresses enter All 10 Enter the destination IP address to view in the Destination IP Address field To view all IP addresses enter All 11 Select the number of entries to display per page from the Results Per Page field 12 Click Generate Report The Log Viewer Results page appears Figure 97 88 Standalone ViewPoint Standalone ViewPoint Guide Figure 99 Log Viewer Results Page File Edt View Favorites Tools Help Heak OA G search idFavortes eds 3 D 4 Si H Adminview s L TRav163 Search Logout m SonicWALL m Engineering TRav 163 Tratos he Pros y jC E Select Search Criteria Generate Report SonicWALL Global Management System SONICWALL siandard Edition E I OWO 0 13 Search through the entries to find the information for which you are searching To view the next page of entries
14. Xauth is required but not supported by peer L2TP Server Access from L2TP VPN Client Privilege not enabled for Radius Users L2TP Server User Name authentication Failure locally IKE Responder Tunnel terminates outside firewall but proposed remote network is not NAT public address IKE Initiator Start Quick Mode Phase 2 Port configured to receive IPSEC ONLY Drop packet received in the clear Imported VPN SA is invalid disabled IPSEC SA lifetime expired IKE SA lifetime expired IKE Initiator Start Main Mode negotiation Phase 1 IKE Responder Received Quick Mode Request Phase 2 IKE Initiator Main Mode complete Phase 1 IKE Initiator Aggressive Mode complete Phase 1 IKE Responder Received Main Mode request Phase 1 IKE Responder Received Aggressive Mode request Phase 1 IKE Responder Main Mode complete Phase 1 IKE Initiator Start Aggressive Mode negotiation Phase 1 Entering FIPS ERROR state Crypto DES test failed Crypto DH test failed Crypto Hmac MD5 fest failed Crypto Hmac Sha1 test failed Crypto RSA test failed Crypto Sha1 test failed Crypto hardware DES test failed Crypto Hardware 3Des test failed Crypto Haredware DES with SHA test failed Crypto Hardware 3DES with SHA test failed Crypto MD5 test failed 118 Standalone ViewPoint Standalone ViewPoint Guide VPN Client Policy Provisioning IKE Initiator Accepting IPSec proposal Phase 2 IKE Responder Aggressive Mode complete Phase 1
15. number of VPN connections e of Connections percentage of VPN connections made by this user compared to all other users For example if 10 000 connections occurred during the period and 1 000 connections were made by one user the of Connections field will display 10 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 73 Figure 73 Report Settings Dialog Box A ViewPoint Date Range Selector Micr FA EJ Ea SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing Reports 69 Viewing Attack Reports Attack reports show the number of attacks that were directed at or through the selected SonicWALL appliance s These include denial of service attacks intrusions probes and all other malicious activity directed at the SonicWALL appliance or computers on the LAN or DMZ Note All reports appear in Universal Time Coordinated UTC or Greenwich Mean Time GMT Select from the following e To view a summary of the attacks see Viewing the Attack Summary Report on pag
16. 000 of the events were handled by the HTTP service the of Events field will display 90 7 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 17 Viewing Reports 25 Figure 17 Report Settings Dialog Box ViewPoint Settings 8 Select the year month and day that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session Adding a Service The GMS Reporting Module can monitor known services or custom services To add a service that will be displayed in the services reports follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Expand the Reports tree and click Services The Services page appears Figure 16 Figure 18 Summary Page A SonicWALL GMS Microsoft Internet Explorer File Edit View Favorites Tools Help Qe x A A Osa Be rare lua A 23 9 Address http 10 0 14 250 sgms auth PE Globalview Console Panel Services user admin mu Gateway PRO 13 m PRO 179 Services for SonicWALLs ma SOHO 46 TELE3 15 p Wireless Add a known service Custom Service E Custom services Fie Transfer FTP 21 6 Log Viewer Settings or Web HTTP 80 a Summarizer Maia
17. 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session 38 Standalone ViewPoint Standalone ViewPoint Guide Viewing Web Filter Reports Web filter reports provide information on the number of attempts that users made to access blocked web sites through the selected SonicWALL appliance s These reports include web sites blocked by the Content Filter List customized keyword filtering and domain name filtering Web filter reports can be used to view blocked site access attempts by the hour day or over a period of days Addi tionally you can view the users that most frequently attempt to access blocked sites and the most popular blocked sites Note All reports appear in Universal Time Coordinated UTC or Greenwich Mean Time GMT Select from the following e To view a summary of the blocked site access attempts see Viewing the Web Filter Summary Report on page 39 e To view a list of the blocked sites that users attempted to access most often see Viewing the Web Filter Top Sites Report on page 40 e To view the users who made the most attempts to access blocked sites see Viewing t
18. 224 98 8000 sgms auth Links QFree AOL amp Unlimited Intemet gt RealPlayer m StateByDepartment rts LL Simulator 4 Over Time user admir m California E ma Engineering ma Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 a D gt Blocked Web Site Activity from April 13 2002 to April 19 2002 aa oc ma Simulator3 m New York m South Dakota m Utah 505050505 Report produced for timezone GMT SonicWALLs SONICWALL SonicWALL Global Management System Standard Edition A A O AI 5 The bar graph displays the number of attempts that were made to access blocked web sites during each day of the specified time period 6 The table contains the following information e Date day when the sample was taken e Attempts number of attempts to access blocked web sites e of Attempts percentage of attempts to access the blocked site on the day compared to the time period For example if 5 000 attempts were made during the time period and 500 were made on one day its of Attempts field will display 10 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 43 Viewing Reports 45 8 9 Figure 43 Report Settings Dialog Box Y ViewPoint Date Range Selector Micr EES SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20
19. 85 Figure 85 Report Settings Dialog Box SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Categories Over Time The Categories Over Time report displays the number of attacks in each attack category during the specified time period To view the Categories Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Categories Over Time The Categories Over Time page appears Figure 86 78 Standalone ViewPoint Standalone ViewPoint Guide Figure 86 Catagories Over Time Page SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help Address E hup 10 0 14 251 sgms auth 250 Links SPEED Free AOL Unlimited Internet dp RealPlayer Q m Engineering ma PRO 164 Marketing ma SOHO 162 ma TZ 167 Adminview 5 D 5 505050050 SonicWALLs ES SONICWALL TZ 167 Categories Over Time r Logout Top Attacks from July 20 20
20. 93 Figure 93 Report Settings Dialog Box ViewPoint Settings SONICWALL 7 Select the year month and day that you would like to view 8 When you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing the Failed Login Report The failed login reports shows failed login attempts for users and administrators that attempted to log on to the SonicWALL appliance during the specified day This report is useful for identifying unauthorized access attempts and potentially malicious activity To view the Failed Login report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Authentication tree and click Failed Login The Failed Login page appears Figure 94 Figure 94 Failed Login Page ZJ SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help Bak gt Q A A QsSeach Favorites lt SHistoy HGW HO LEAD Address E htp 64 221 224 98 8000 sgms auth Links QQFree AOL amp Unlimited Intemet qp RealPlayer ik StateByDepartment Simulator 4 Failed Login Logout ma California ma Engineering Simulator 4 Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York sg South Dakota s Utah Failed Logins for April 19 2002 settings J No Data Found Report produced for timezone GMT 000000000
21. Box A ViewPoint Date Range Selector Micr FA EJ E3 SONICWALL February 22 2000 February 21 2000 February 20 2000 February 19 2000 8 Select the starting and ending dates that you would like to view February 22 2000 February 21 2000 February 20 2000 February 19 2000 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing Reports 81 Viewing Authentication Reports The login reports show user logins administrator logins and failed login attempts for users and administrators Note All reports appear in Universal Time Coordinated UTC or Greenwich Mean Time GMT Select from the following e To view user logins see Viewing the User Login Report on page 82 e To view administrator logins see Viewing the Administrator Login Report on page 83 e To view failed login attempts see Viewing the Failed Login Report on page 84 Viewing the User Login Report The user login report shows users that logged on to the SonicWALL appliance during the specified day to bypass content filtering or to remotely access local network resources To view the User Login report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Authentication tree and click User Login The User L
22. Figure 60 Top Users Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Hep E back gt Q A A Asesien Favorites Bristoy D M J RAD Address E htp 64 221 224 8 8000 sgms auth 250 Links QFree AOL amp Unlimited Intemet q9 RealPlayer o StateByDepartment m California ma Engineering Simulator 4 E D 3 Simulator 4 Top Users r Logout Top Mail Users for April 19 2002 settings J ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota m Utah 055000 5005005 Users zm 10 0 0 2 Total Report produced for timezone GMT SonicwaLLs S Reports SonicWALL Global Management System SONICWALL ye ib tandard Edition 5 The pie chart displays the percentage of mail sent and received by the top mail users 6 The table contains the following information e Users the IP address of the user Events number of mail messages sent and received KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred by this user compared to all users For example if 10000 kilobytes of data was transferred during the day and 2000 kilobytes was transferred by the top user the of KBytes field will display 20 7 By default the GMS Reporting Module shows today s report a pie chart and the ten top users To change these settings click S
23. The Over Time page appears Figure 54 Figure 54 Usage Over Time Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home Eie Edt View Favorites Tools Help Back gt A A QSeach Favorites Hitoy Ey E H O READ Address E htp 64 221 224 88 8000 sgms auth Po Links Free AOL Unlimited Internet RealPlayer m StateByDepartment ma California ma Engineering sa Simulator 4 Simulator 5 sa Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota m Utah a D 3 3 LL Simulator 4 Over Time user admin Beog FTP Activity from April 13 2002 to April 19 2002 Total Report produced for timezone GMT sonicwaLLs 7 100 0 olices Reports SonicWALL Global Management System SONICWALL A 4 Standard Edition 5 The bar graph displays the amount of FTP bandwidth transferred during each day of the specified time period 6 The table contains the following information Date when the sample was taken Connections number of FTP connections MBytes number of megabytes transferred of Usage percentage of megabytes transferred during this day compared to the time period For exam ple if 10 000 megabytes of FTP data was transferred during the time period and 2 500 megabytes of FTP data was transferred on one day the of Usage field will display 25 7 To change the date range of the rep
24. The Top Users report displays the users who used the most FTP bandwidth on the specified date To view the Top Users report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the FTP Usage tree and click Top Users The Top Users page appears Figure 52 52 Standalone ViewPoint Standalone ViewPoint Guide Figure 52 Top Users Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home Fie Edt View Favores Tools Hep E sack gt OA A Qsearch Favorites Hisoy y i HA RAP Address E htp 10 1 14 144 sgms auh Go Links a a 5 Main View ports LL SLC Main Top Users Logout Greenland E Top Users of FTP for October 15 2001 set date J oon m Engineering ma Sim9 ma SLC Main a Human Resources sz Marketing Boa ao E 1 72 10 114 162 10 1 14 143 10 1 14 98 10 1 9 131 10 1 14 152 Report produced for timezone GMT SonicWALL Global Management System Standard Edition Done O SONICWALL 5 The pie chart displays the percentage of bandwidth used by each user The table contains the following information e Users the IP address of the user e Events number of FTP Events e KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred by this user compared to all users For example if 10000 kilobytes of data was
25. and log into ViewPoint Click the Reports tab 2 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click By User The By User page appears Figure 25 Figure 25 By User Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home CEF Ele Edt View Favorites Tools Help Back gt A G Qseach siFavories Hitoy r 4 E JI Q RAD Address E htp 64 221 224 88 8000 sgms auth Go Links QYFree AOL amp Unlimited Intemet 4 RealPlayer m StateByDepartment ma California ma Engineering ma Simulator 4 ma Simulator 5 ma Simulatori ma Simulator ma Simulator3 m New York m South Dakota m Utah ao Bee as a sonicwaLLs E SONICWALL eS Reports Simulator 4 By User user admin Top Visited Web Sites By User for April 19 2002 Displaying records 1 10 of 27 7321 06 64 28 64 22 407217 216 105 160 13 2524 45 206 252 131 235 2006 87 216 105 160 28 1968 13 204 95 248 100 1950 26 64 41 185 180 1427 73 microsoft com 1093 08 64 71 188 240 899 53 10 0 31 98 sports espn go com 1629 83 www CISCO COM 1002 09 sports espn go com 432 89 66 54 32 221 284 22 www sportsline com 223 99 64 232 200 22 144 72 206 112 116 60 94 6 espn go com 81 41 216 216 185 56 61 31 10 0 39 45 Sports
26. click Settings The Reporting Date Range Selector dialog box appears Figure 27 Viewing Reports 33 Figure 27 Report Settings Dialog Box ViewPoint Date Range Selector Micr ES SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing Top Sites Over Time The Top Sites Over Time report displays the most visited web sites for the specified time period To view the Top Sites Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click Top Sites Over Time The Top Sites Over Time page appears Figure 28 Figure 28 Top Sites Over Time Page ZJ SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help SBak gt Dl A QsSeach Favorites lt Histoy Fr GM O RES Address E htp 64 221 224 88 8000 sgms auth Go Links Free AOL Unlimited Internet RealPlayer i StateByDepartment UL Simulator 4 Top Sites Over Time Logout ma California SOTA Top Web
27. espn ga com 652 73 www theonion com 4416 iw12fd Jaw 2 hotmail msn com 423 79 www kuroShin org 294 42 ww novica com 283 02 www voodooextreme com 246 9 kSads osdn com 188 86 www ibiblio org 179 8 showcase netins net 133 49 10 0 14 140 WWW AWAVEZONES COM 906 34 SonicWALL Global Management System Standard Edition poe fenton 5 Logout 5 The table contains the following information e User the IP address of the user e Site the top five sites visited by the user e Hits number of hits to each web site visited by the user e KBytes number of kilobytes transferred 6 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears 7 Select the year month and day that you would like to view 8 When you are finished click Close The GMS Reporting Module displays the report for the selected day 32 Standalone ViewPoint Standalone ViewPoint Guide Viewing Bandwidth Usage Over Time The Web Usage Over Time report displays the daily amount of HTTP bandwidth handled by a SonicWALL appli ance or group of SonicWALL appliances for the specified time period To view the Web Usage Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Web U
28. going Idle Backup WAN link down Primary going Active Primary WAN link down Backup going Active Primary WAN link up preempting Backup DHCP RELEASE relayed to Central Gateway DHCP lease relayed to local device DHCP RELEASE received from remote device DHCP lease relayed to remote device DHCP lease to LAN device conflicts with remote device deleting remote IP entry 115 WARNING DHCP lease relayed from Central Gateway conflicts with IP in Static Devices list DHCP lease dropped Lease from Central Gateway conflicts with Relay IP IP spoof detected on packet to Central Gateway packet dropped Request for Relay IP Table from Central Gateway Requesting Relay IP Table from Remote Gateway Sent Relay IP Table to Central Gateway Obtained Relay IP Table from Remote Gateway Failed to synchronize Relay IP Table Successful administrator login Successful administrator login Successful remote user login Successful remote user login NAT Discovery Peer IPSec Security Gateway behind a NAT NAPT Device NAT Discovery Local IPSec Security Gateway behind a NAT NAPT Device NAT Discovery No NAT NAPT device detected between IPSec Security gateways NAT Discovery Peer IPSec Security Gateway doesn t support VPN NAT Traversal User login failed RADIUS authentication failure User login failed RADIUS server timeout User login failed RADIUS configuration error User login failed User has no privileges for login from that location IPS
29. reason Failed to Process CRL from Bad CRL format Issuer match failed Certificate on Revoked list CRL No Certificate for PPP Dial Up Dialing s PPP Dial Up No dialtone detected check phone line connection PPP Dial Up No link carrier detected check phone number PPP Dial Up Dialed number is busy PPP Dial Up Dialed number did not answer PPP Dial Up Connected at s bps starting PPP PPP Dial Up Unknown dialing failure PPP Dial Up Link carrier lost PPP Authentication successful PPP PAP Authentication failed check username password PPP CHAP authentication failed check username password PPP MS CHAP authentication failed check username password PPP Starting MS CHAP authentication PPP Starting CHAP authentication PPP Starting PAP authentication PPP Dial Up PPP negotiation failed disconnecting PPP Dial Up Idle time limit exceeded disconnecting PPP Dial Up Failed to get IP address PPP Dial Up Received new IP address PPP Dial Up PPP link established PPP Dial Up PPP link down PPP Dial Up Shutting down link PPP Dial Up Initialization s PPP Dial Up User requested disconnect PPP Dial Up User requested connect PPP Dial Up Connect request canceled The network connection in use is s L2TP Server L2TP Tunnel Established L2TP Server L2TP Session Established L2TP Server L2TP PPP Session Established L2TP Server Radius reports Authentication Failure L2TP Server Local Au
30. remote device DHCP DECLINE received from remote device DHCP OFFER received from server DHCP NAK received from server ERROR DHCP over VPN policy is not defined Cannot start IKE DHCP DISCOVER received from local device DHCP REQUEST received from local device PPP Dial Up No peer IP address from Dial Up ISP local and remote IPs will be the same Received AV Alert Your SonicWALL Network Anti Virus subscription will expire in 7 days s Received notify INVALID_ID_INFO DHCP lease dropped Lease from Central Gateway conflicts with Remote Management IP Category User login failed User has no privileges for wlan guest service wlan firmware image has been updated Packet dropped by wlan guest check Received CFS Alert Your SonicWALL Content Filtering subscription will expire in 7 days Received CFS Alert Your SonicWALL Content Filtering subscription has expired Received E Mail Filter Alert Your SonicWALL E Mail Filtering subscription will expire in 7 days Received E Mail Filter Alert Your SonicWALL E Mail Filtering subscription has expired ISDN Driver Firmware successfully updated Global VPN Client License Exceeded Connection denied Packet dropped by wlan vpn traversal check lt b gt SonicWALL Registration Update Needed lt b gt Restore your existing security service subscriptions by clicking lt a href Security_Services enable_services html gt here lt a gt Entering FIPS Error State WAN Interface not setup PPPoE ena
31. s report To change the date of the report click Settings The Report Settings dialog box appears Figure 67 Figure 67 Report Settings Dialog Box A ViewPoint Settings Microsof FAJEJ E3 SONICWALL 8 Select the year month and day that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing the Top VPN Users The Top Users report displays the users who made the most VPN connections on the specified date To view the Top Users report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the VPN Usage tree and click Top Users The Top Users page appears Figure 68 Viewing Reports 65 Figure 68 Top Users Page E SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Help Back gt D A Qseach Favorites lt Hisoy Ey 4 W JQ RAP Address E htp 64 221 224 98 8000 sgms auth Links GQYFree AOL amp Unlimited Intemet q9 RealPlayer a D 3 m StateByDepartment rts LL Simulator 4 Top Users user admin Logout ma California ma Engineering Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 Simulator3 m New York m South Dakota s Utah Top Users of VPN for April 19 2002 _ settings J 0500000 10 0 200 97
32. tag found in HTTP request The cache is full d open connections some will be dropped Code Type Source Destination License exceeded Connection dropped because too many IP addresses are in use on your LAN Rule Access to Proxy Server Blocked Diagnostic Code E Dynamic IPSec client connected Received fragmented packet or fragmentation needed Diagnostic Code D Illegal IPSec SPI Unknown IPSec SPI IPSec Authentication Failed IPSec Decryption Failed Incompatible IPSec Security Association IPSec packet from or to an illegal host SPI NetBus Attack Dropped Back Orifice Attack Dropped Net Spy Attack Dropped Sub Seven Attack Dropped Ripper Attack Dropped Striker Attack Dropped Senna Spy Attack Dropped Priority Attack Dropped Ini Killer Attack Dropped Smurf Amplification Attack Dropped Possible Port Scan 112 Standalone ViewPoint Standalone ViewPoint Guide Probable Port Scan Failed to resolve name local range remote range IKE Responder Accepting IPSec proposal Phase 2 IKE Responder IPSec proposal does not match Phase 2 IKE negotiation complete Adding IPSec SA Phase 2 Starting IKE negotiation Deleting IPSec SA for destination Deleting IPSec SA Diagnostic Code A Diagnostic Code B Diagnostic Code C Status Web site hit Connection Retransmitting DHCP DISCOVER Retransmitting DHCP REQUEST Requesting Retransmitting DHCP REQUEST Renewing Retransmitting DHCP REQUEST Rebinding
33. that creates dynamic Web based network reports The GMS Reporting Module generates both real time and historical reports to offer a complete view of all activity through SonicWALL Internet security appliances With GMS Reporting you can monitor network access enhance security and anticipate future bandwidth needs The GMS Reporting Module e Displays bandwidth use by IP address and service e Identifies inappropriate Web use e Provides detailed reports of attacks e Collects and aggregates system and network errors e Shows VPN events and problems e Presents visitor traffic to your Web site e Provides detailed daily firewall logs to analyze specific events Note The GMS Reporting Module receives its information from the stream of syslog data sent by each SonicWALL appliance and stores it in the ViewPoint database GMS Reporting can be enabled or disabled Once disabled the Reports tab disappears from the ViewPoint User Interface UI and the syslog data is no longer stored Note For Ravlin devices GMS Reporting provides detailed firewall logs to analyze specific events It does not pro vide real time and historical Web based network reporting Introducing ViewPoint Reporting 7 8 Standalone ViewPoint Standalone ViewPoint Guide CHAPTER 2 Configuring GMS Reporting Settings This chapter describes how to enable or disable the GMS Reporting Module configure the syslog event rate and configure GMS Reporting settings Select fr
34. traffic timeout PPTP Connect Initiated by the User PPTP PPP link down PPTP starting CHAP Authentication PPTP starting PAP Authentication PPTP CHAP Authentication Failed Please verify PPTP username and password PPTP PAP Authentication Failed PPTP PAP Authentication success PPTP PAP Authentication Failed Please verify PPTP username and password PPTP PPP Link Up PPTP PPP Link down PPTP PPP Link Finished IKE Initiator Received notify NO_PROPOSAL_CHOSEN IKE Responder IKE proposal does not match Phase 1 IKE negotiation aborted due to timeout Failed payload verification after decryption Possible preshared key mismatch Failed payload verification after decryption Received packet retransmission Drop duplicate packet SA is disabled Check VPN SA settings Anti Virus Licenses Exceeded Received notify ISAKMP_AUTH_FAILED Computed hash does not match hash received from peer Received notify PAYLOAD_ MALFORMED Received IPSEC SA delete request Received IKE SA delete request Received notify INVALID_COOKIES Received notify RESPONDER_LIFETIME Received notify INVALID_SPI PKI Error IKE Responder Proposed local network is 0 0 0 0 but SA has no LAN Default Gateway RIP disabled on LAN interface RIPv1 enabled on LAN interface RIPv2 enabled on LAN interface RIPv2 compatibility broadcast mode enabled on LAN interface 109 RIP disabled on DMZ interface RIPv1 enabled on DMZ interface RIPv2 enabled on DMZ interface R
35. transferred during the day and 2000 kilobytes was transferred by the top user the of KBytes field will display 20 By default the GMS Reporting Module shows today s report a pie chart and the ten top users To change these settings click Settings The Report Settings dialog box appears Figure 53 Figure 53 Report Settings Dialog Box o Mina EE SONICWALL Report Display Settings pa Select Report Date Sun Mon Tue Wed Thu Fri Sat i lz b la 5 6 m Bb bB fo i 12 13 lia hs fe 17 8 ho zo za 22 23 24 25 26 27 28 29 so Viewing Reports 53 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session Viewing FTP Bandwidth Usage Over Time The FTP Usage Over Time report displays the daily amount of FTP bandwidth handled by a SonicWALL appliance or group of SonicWALL appliances for the specified time period To view the FTP Usage Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the FTP Usage tree and click Over Time
36. 0 162913 microsoft com 1093 08 users der net 1020 53 a 10 0 31 98 sports espn go com 2338 76 a www CISCO COM 1095 32 66 54 32 221 a 284 22 www sportsline com 223 99 64 232 200 22 153 96 206 112 116 60 95 62 Bos espn go com 81 41 216 216 185 56 80 41 66 45 26 110 59 27 10 0 39 45 sports espn go com 652 73 www theonion com 448 48 lw 2fd Jaw 2 hotmail msn com 423 79 k5ads osdn com 298 92 www kuroShin org 295 1 www novica com 283 02 www biblio org 269 7 www voodooextreme com 246 9 www planetblackandwhite com 164 14 950 81 SonicWALLs 10 014140 WWW Wavezones com SONICWALL mz SonicWALL Global Management System Standard Edition bm fi tenet A The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time period The table contains the following information e User the IP address of the user e Site the top five sites visited by the user e Hits number of hits to each web site visited by the user e KBytes number of kilobytes transferred To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 33 Viewing Reports 37 Figure 33 Report Settings Dialog Box SONICWALL February 22 2000 February
37. 02 to July 26 2002 settings J Report produced for timezone Pacific Time US amp Canada GMT 8 00 SonicWALL Global Management System Standard Edition 5 The bar graph displays the number of attacks attempted each day of the specified time period 6 The table contains the following information e Category category of the attack e Attacks number of attacks e of Attacks percentage of attacks for this category compared to other categories For example if 5 000 attacks occurred during the time period and 1 000 attacks occurred for a category its of Attacks field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 87 Figure 87 Report Settings Dialog Box ViewPoint Date Range Selector Micr BE ES SONICWALL April 18 2002 April 16 2002 February 22 2000 February 21 2000 February 20 2000 February 19 2000 April 18 2002 April 16 2002 February 22 2000 February 21 2000 February 20 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing Reports 79 Sources Over Time The Source Over Time report displays the number of attacks from each major source d
38. 51 sgmsfauth Qa Links gt Je Adminview a D gt 505 55050505 TZ 167 Top Users Over Time c Logout Top Users of FTP from July 18 2002 to July 24 2002 _settings_ Users 1 KBytes o 192 168 168 10 21 271 81 100 1 Total 21 271 81 100 0 Report produced for timezone Pacific Time US 8 Canada GMT 8 00 SonicWALL Global Management System Standard Edition 5 The pie chart displays the percentage of bandwidth used by each user Viewing Reports 55 6 The table contains the following information e Users the IP address of the user Events number of FTP Events e KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred by this user compared to all users For example if 10000 kilobytes of data was transferred during the period and 2000 kilobytes was transferred by the top user the of KBytes field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 57 Figure 57 Report Settings Dialog Box E ViewPoint Date Range Selector Micr ME Ea SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report fo
39. 8 10 088 207 69 212121 http 1057 80 LAN 22 07 15 10 088 64 28 64 22 http 1331 80 LAN 22 07 11 10 088 204 95 248 100 http 4598 80 LAN 22 06 52 10 0 30 37 216 32 120 142 http 2368 80 LAN 22 06 48 10 0 31 2 64 75 31 197 http 1078 80 LAN 22 06 48 10 0 31 2 64 75 31 197 http 1078 80 LAN 22 06 43 10 05 22 216 32 182 251 http 2163 80 LAN 22 06 40 10 088 204 95 248 100 http 2981 80 LAN 22 06 40 10 088 216 105 160 13 http 3259 80 LAN 22 06 40 10 0 39 45 206 14 209 40 http 2867 80 LAN 22 06 39 10 0 30 107 187 216 147 210 http 4160 80 LAN 22 06 37 10 0 21 77 206 41 1 3 http 2594 80 LAN 22 06 34 10 0 216 251 97 131 http 4653 80 LAN 22 06 29 10 0 30 107 207 68 183 52 http 4360 80 LAN 22 06 22 204 202 131 254 http 4127 80 LAN 22 06 19 206 252 131 235 http 3118 80 LAN 22 06 15 204 95 248 100 http z 23441 SonicwaLts re RE A Policies Reports SonicWALL Global Management stem SONICWALL apt andard Edition E Done PB Internet A 13 Search through the entries to find the information for which you are searching To view the next page of entries click Next 14 To generate another report click Search again in the Log Viewer Tree Viewing the Log for a Ravlin Device To view the Log follow these steps Start and log into ViewPoint 2 Click the Reports tab 3 Select a Ravlin device 4 Expand the Log Viewer tree and click Search The Search page appears Figure 98 Viewing Reports 87 Figure 98 Search Page
40. Bandwidth Summary Report 17 Monitoring Bandwidth Usage in Real Time 19 Viewing the Top Users of Bandwidth 19 Viewing Bandwidth Usage Over Time 21 Viewing the Top Users of Bandwidth Over Time 22 Viewing Service Usage Reports 24 Monitoring Service Usage in Real Time 24 Viewing the Services Summary Report 25 Adding a Service 26 Viewing Web Usage Reports 27 Viewing the Web Usage Summary Report 27 Viewing the Top Sites 29 Viewing the Top Users of HTTP Bandwidth 30 Viewing HTTP Bandwidth Usage by User 32 Viewing Bandwidth Usage Over Time 33 Viewing Top Sites Over Time 34 Viewing Top Users Over Time 35 Viewing Bandwidth Usage By User Over Time 37 Viewing Web Filter Reports 39 Viewing the Web Filter Summary Report 39 Viewing the Web Filter Top Sites Report 40 Viewing the Top Users that Try to Access Blocked Sites 42 Viewing the Top Blocked Sites for Each User 43 Viewing Blocked Site Attempts Over Time 45 Viewing the Top Blocked Site Attempts Over Time 46 Viewing the Top Blocked Site Users Over Time 47 Viewing the Top Blocked Sites for Each User Over Time 49 Viewing File Transfer Protocol Reports 51 Viewing the FTP Summary Report 51 Viewing the Top Users of FTP Bandwidth 52 Viewing FTP Bandwidth Usage Over Time 54 Viewing the Top Users of FTP Bandwidth Over Time 55 Viewing Mail Usage Reports Viewing the Mail Usage Summary Report Viewing the Top Users of Mail Bandwidth Viewing Mail Usage Over Time Viewing the Top Users of Mail Bandwidth Over Time
41. Check Primary Profile or Profile details Trying to failover but Primary Profile is manual Startup without Ethernet cable will try to dial on outbound traffic Dial initiated by s The current WAN interface is not ready to route packets Probing failure on s 107 PPP Dial Up Maximum connection time exceeded disconnecting Adminstrator name changed User login failure rate exceeded source address locked out PPP Dial Up The profile in use disabled VPN networking PPP Dial Up VPN networking restored s Ethernet Port Up s Ethernet Port Down L2TP Server Call Disconnect from Remote L2TP Server Tunnel Disconnect from Remote L2TP Server Deleting the Tunnel L2TP Server Deleting the L2TP active Session L2TP Server Retransmission Timeout Deleting the Tunnel NAT translated packet exceeds size limit packet dropped HTTP management port has changed HTTPS management port has changed IKE Responder Mode d not transport mode Xauth is required but not supported by peer L2TP Server Access from L2TP VPN Client Privilege not enabled for Radius Users L2TP Server User Name authentication Failure locally IKE Responder Tunnel terminates outside firewall but proposed remote network is not NAT public address IKE Initiator Start Quick Mode Phase 2 Port configured to receive IPSEC ONLY Drop packet received in the clear Imported VPN SA is invalid disabled IPSEC SA lifetime expired IKE SA lifetime expired IKE
42. Dropped Sub Seven Attack Dropped Ripper Attack Dropped Striker Attack Dropped Senna Spy Attack Dropped Priority Attack Dropped Ini Killer Attack Dropped Smurf Amplification Attack Dropped Possible Port Scan Dropped Probable Port Scan Dropped Failed to resolve name local range remote range 102 Standalone ViewPoint Standalone ViewPoint Guide IKE Responder Accepting IPSec proposal Phase 2 IKE Responder IPSec proposal does not match Phase 2 IKE negotiation complete Adding IPSec SA Phase 2 Starting IKE negotiation Deleting IPSec SA for destination Deleting IPSec SA Diagnostic Code A Diagnostic Code B Diagnostic Code C Status Web site hit Connection Opened Retransmitting DHCP DISCOVER Retransmitting DHCP REQUEST Requesting Retransmitting DHCP REQUEST Renewing Retransmitting DHCP REQUEST Rebinding Retransmitting DHCP REQUEST Rebooting Retransmitting DHCP REQUEST Verifying Sending DHCP DISCOVER DHCP Server not available Did not get any DHCP OFFER Got DHCP OFFER Selecting Sending DHCP REQUEST DHCP Client did not get DHCP ACK DHCP Client got NACK DHCP Client got ACK from server DHCP Client is declining address offered by the server DHCP Client sending REQUEST and going to REBIND state DHCP Client sending REQUEST and going to RENEW state Sending DHCP REQUEST Renewing Sending DHCP REQUEST Rebinding Sending DHCP REQUEST Rebooting Sending DHCP REQUEST Verifyi
43. HTTP Bandwidth Usage by User on page 32 e To view web bandwidth usage over a period of time see Viewing Bandwidth Usage Over Time on page 33 e To view a list of the top visited sites over time see Viewing Top Sites Over Time on page 34 e To view the users who consume the most web bandwidth over time see Viewing Top Users Over Time on page 35 e To view the top sites visited by each user over time see Viewing Bandwidth Usage By User Over Time on page 37 Viewing the Web Usage Summary Report The Web Usage Summary report contains information on the amount of HTTP bandwidth handled by a SonicWALL appliance or group of SonicWALL appliances during each hour of the specified day To view the Web Usage Summary report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Web Usage tree and click Summary The Summary page appears Figure 19 Viewing Reports 27 Figure 19 Summary Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home 01 He Edit View Favorites Tools Help Back gt gt A A Qseah Ciravones iwy Er S JQORAP Address E hitp 64 221 224 98 8000 sgms auth Go Links GQYFree AOL amp Unlimited Intemet 4 RealPlayer EL StateByDepartment rts LL Simulator 4 Summary u admin Logout ma California ma Engineering sa Simulator 4 ma Simulat
44. ICWALL _ PANA E Done I OT 69 Internet Z 5 The bar graph displays the number of VPN connections made during each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Connections number of connections e KBytes number of kilobytes transferred e of Usage percentage of kilobytes transferred during this day compared to the time period For exam ple if 10 000 kilobytes of mail was transferred during the time period and 2 500 kilobytes of mail was transferred on one day the of Usage field will display 25 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 71 Viewing Reports 67 Figure 71 Report Settings Dialog Box items Date Range Selector Micr Ri E3 SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing the Top VPN Users Over Time The Top Users report displays the users who made the most VPN connections for the specified time period To view the Top Users report follow these
45. IPv2 compatibility broadcast mode enabled on DMZ interface IPSecTunnel status changed Source routed IP packet dropped No response from server to Echo Requests disconnecting PPTP Tunnel No response from PPTP server to control connection requests No response from PPTP server to call requests PPTP server rejected control connection PPTP server rejected the call request PPP Dial Up Trying to failover but Alternate Profile is manual Failback initiated by s Probing succeeded on s E Mail fragment dropped Locked out user re enabled lockout period expired Locked out user re enabled by admin Access Rule added Access Rule modified Access Rule deleted Access Rules restored to defaults PPTP Server is not responding check if the server is UP and running IKE Initiator Accepting peer lifetime Phase 1 FTP PASV response spoof attack dropped PKI Failure PKI Failure Output buffer too small PKI Failure Cannot alloc memory PKI Failure Reached the limit for local certs cant load any more PKI Failure Import failed PKI Failure Incorrect admin password PKI Failure CA certificates store does not have space to hold all the CA certificates required to verify this Local Certificate PKI Failure Improper file format Please select PKCS 12 p12 file PKI Failure Certificate s ID does not match this SonicWall PKI Failure public private key mismatch PKI Failure Duplicate local certificate name PKI Failure Duplicate local
46. Initiator Start Main Mode negotiation Phase 1 IKE Responder Received Quick Mode Request Phase 2 IKE Initiator Main Mode complete Phase 1 IKE Initiator Aggressive Mode complete Phase 1 IKE Responder Received Main Mode request Phase 1 IKE Responder Received Aggressive Mode request Phase 1 IKE Responder Main Mode complete Phase 1 IKE Initiator Start Aggressive Mode negotiation Phase 1 Entering FIPS ERROR state Crypto DES test failed Crypto DH test failed Crypto Hmac MD5 fest failed Crypto Hmac Sha1 test failed Crypto RSA test failed Crypto Sha1 test failed Crypto hardware DES test failed Crypto Hardware 3Des test failed Crypto Haredware DES with SHA test failed Crypto Hardware 3DES with SHA test failed Crypto MD5 test failed VPN Client Policy Provisioning IKE Initiator Accepting IPSec proposal Phase 2 IKE Responder Aggressive Mode complete Phase 1 Error initializing Hardware acceleration for VPN 108 Standalone ViewPoint Standalone ViewPoint Guide PPTP Control Connection Negotiation Started PPTP Session Negotiation Started PPTP Max Retransmission Exceeded PPTP Control Connection Established PPTP Tunnel Disconnect from Remote PPTP Session Established PPTP Session Disconnect from Remote PPTP PPP Negotiation Started PPTP LCP Down PPTP PPP Session Up PPTP PPP Down PPTP PPP Authentication Failed PPTP LCP Up PPTP Disconnect Initiated by the User Disconnecting PPTP Tunnel due to
47. Microsof AE SONICWALL Report Display Settings Sun Mon Tue wed i 2 B ls 9 ho lis 16 17 lzz 23 24 28 29 0 8 Select the number of sources that will be displayed from the Number of Sources list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session Viewing the Errors and Exceptions Report The Errors and Exceptions Summary report contains information on the number of dropped packets on a SonicWALL appliance or group of SonicWALL appliances during the specified day To view the Errors and Exceptions report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Errors amp Exceptions The Errors amp Exceptions page appears Figure 74 74 Standalone ViewPoint Standalone ViewPoint Guide Figure 80 Errors amp Exceptions Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Hep Back gt O A A Aseach Favorites lt fristoy Fr w EO BAD Address E http 64 221 224 98 8000 sgms auth o Links Free AOL amp Unlimited Inteme
48. Retransmitting DHCP REQUEST Rebooting Retransmitting DHCP REQUEST Verifying Sending DHCP DISCOVER DHCP Server not available Did not get any DHCP OFFER Got DHCP OFFER Selecting Sending DHCP REQUEST DHCP Client did not get DHCP ACK DHCP Client got NACK DHCP Client got ACK from server DHCP Client is declining address offered by the server DHCP Client sending REQUEST and going to REBIND state DHCP Client sending REQUEST and going to RENEW state Sending DHCP REQUEST Renewing Sending DHCP REQUEST Rebinding Sending DHCP REQUEST Rebooting Sending DHCP REQUEST Verifying DHCP Client failed to verify and lease has expired Go to INIT state DHCP Client failed to verify and lease is still valid Go to BOUND state DHCP Client got a new IP address lease Sending DHCP RELEASE Access attempt from host without Anti Virus agent installed Anti Virus agent out of date on host Received AV Alert s Unused AV log entry Starting PPPoE discovery PPPoE LCP Link Up PPPoE LCP Link Down PPPoE terminated 113 PPPoE Network Connected PPPoE Network Disconnected PPPoE discovery process complete PPPoE starting CHAP Authentication PPPoE starting PAP Authentication PPPoE CHAP Authentication Failed PPPoE PAP Authentication Failed Wan IP Changed XAUTH Succeeded with VPN client XAUTH Failed with VPN client Authentication failure XAUTH Failed with VPN client Cannot Contact RADIUS Server Log Debug Add a
49. Settings ma Wireless 14 RASA Time Between Summaries hh mm 0 v 00 AI Services Next Scheduled Summary Time mm dd yyyy hh min 07 28 2003 21 w 30 Email Archive Summarize Data Immediately Report Settings for SonicWALLs gs oo Number Of Top Sites 20 v Number Of Top Users 10 v N Number Of Top Sites Per User 5 v Y Enable HomePort Syslog Reporting Update Days To Store Summarized Data for SonicWALLs Days To Store Summarized Data 15 m update Delete Summarized Data For mm dd yyyy update Summarized Data Status for SonicWALLs Following is the time the Summarizer completed its last run You can change the settings appropriately to resummarize data for any required days Last Summarized Time mm dd yyyy hh min 0728 2003 20 v 30 vw _ update gt PONIES REPORTS Console SonicWALL Global Management System SONICWALL Standard Edition SonicwALLs 5 Previous generations of the Summarizer wrote raw data directly to the database and periodically parsed it and stored it as summarized data This is very resource intensive The Distributed Summarizer writes events to directly to log files which it parses periodically and stores as summarized data To improve performance select the Enable Distributed Summarizer check box However keep in mind that you will not be able to view individual events in the Log Viewer and you will periodi
50. Sites from April 13 2002 to April 19 2002 settings J ma Simulator 5 Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota sg Utah ooon peo 195 19 14 125 8361 11 64 28 64 22 438212 sports espn go com 2997 26 216 105 160 13 2807 02 204 95 248 100 2217 56 206 252 131 235 2209 12 216 105 160 28 2120 41 64 41 185 180 1629 13 www cisco com 1095 32 microsoft com a 100 0 Report produced for timezone GMT SonicwaLts olices Reports SonicWALL Global Management System SONICWALL REA andard Edition Done TP lore 7 34 Standalone ViewPoint Standalone ViewPoint Guide 5 The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time period 6 The table contains the following information e Site URL or IP address of the site e Hits number of hits e KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred between this site compared to all other HTTP traffic For example if 1 000 000 kilobytes of data was transferred during the day and 500 000 kilobytes was trans ferred between the appliance and Ebay the of KBytes field will display 50 and you have a problem 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 29 Figure 29 Report Settings Dialog Box A ViewPoint Date Range Se
51. SonicWALL Global Management System Reporting User Guide Version 2 5 Copyright Information 2003 SonicWALL Inc All rights reserved Under the copyright laws this manual or the software described within may not be copied in whole or part with out the written consent of the manufacturer except in the normal use of the software to make a backup copy The same proprietary and copyright notices must be affixed to any permitted copies as were affixed to the original Under the law copying includes translating into another language or format SonicWALL is a registered trademark of SonicWALL Inc Other product and company names mentioned herein may be trademarks and or registered trademarks of their respective companies Specifications and descriptions subject to change without notice Part Number 232 000187 01 Rev A Software License Agreement for SonicWALL Global Management System To review the SonicWALL Global Management System Software License Agreement see the SonicWALL Global Manage ment System Introduction Guide CONTENTS Chapter 1 Introducing ViewPoint Reporting 7 Chapter 2 Configuring GMS Reporting Settings 9 Enabling GMS Reporting 10 Configuring the Syslog Event Rate 11 Configuring GMS Reporting Module Settings 12 Distributed Scheduler 12 General Report Settings 12 Configuring Log Viewer Settings 13 Configuring Email Archive Settings 14 Chapter 3 Viewing Reports 17 Viewing Bandwidth Reports 17 Viewing the
52. This report is useful for identifying misuse and unauthorized management of a SonicWALL appliance To view the Admin Login report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Authentication tree and click Admin Login The Admin Login page appears Figure 92 Figure 92 Admin Login Page By SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help Bak gt A A QSeach Favorites lt Histoy Fr GB H O 8A Address E htp 64 221 224 88 8000 sgms auth 6 Links G Free AOL amp Unlimited Intemet QQ RealPlayer EL StateByDepartment eports Simulator 4 Admin Login Logout ma California ma Engineering ma Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota m Utah Admin Logins for April 19 2002 settings Displaying records 1 3 of 3 Time onoonoonoon 15 01 20 10 0 27 2 Boo Report produced for timezone GMT SonicwaLts Ei ports SonicWALL Global Management System SONICWALL Standard Edition 5 The table contains the following information User the user name Time time the user logged in Viewing Reports 83 6 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure
53. Viewing VPN Usage Reports Viewing the VPN Usage Summary Report Viewing the Top VPN Users Viewing VPN Usage Over Time Viewing the Top VPN Users Over Time Viewing Attack Reports Viewing the Attack Summary Report Viewing the Attacks by Category Viewing the Attacks by Source Viewing the Errors and Exceptions Report Viewing Attack Reports Over Time Viewing Errors Over Time Categories Over Time Sources Over Time Viewing Authentication Reports Viewing the User Login Report Viewing the Administrator Login Report Viewing the Failed Login Report Viewing the Log Viewing the Log for a SonicWALL Appliance Viewing the Log for a Ravlin Device Chapter 4 Scheduling GMS Reporting Scheduling a Daily Report Scheduling a Weekly or Monthly Report Chapter 5 Customizing Report Elements Using the Reporting Customization Tool Scheduling a Report Firmware 6 5 SonicOS 1 0 6 Standalone ViewPoint Standalone ViewPoint Guide 57 57 59 60 62 64 64 65 67 68 70 70 71 73 74 76 77 78 80 82 82 83 84 86 86 87 91 92 93 97 98 98 101 111 CHAPTER 1 Introducing ViewPoint Reporting Monitoring critical network events and activity such as security threats inappropriate Web use and bandwidth lev els is an essential component of network security GMS Reporting complements SonicWALL s Internet security offerings by providing detailed and comprehensive reports of network activity The GMS Reporting Module is a software application
54. adio but ton and click Edit To delete a report select its radio button and click Delete Note Scheduled reports are identified by their email addresses Therefore modifying the email address for a scheduled report creates another scheduled report 6 To e mail a currently scheduled report now click E mail Reports Now Note This will not affect the normally scheduled report Scheduling GMS Reporting 91 7 Select from the following e To create a new daily report see Scheduling a Daily Report on page 92 To create a new weekly or monthly report see Scheduling a Weekly or Monthly Report on page 93 Scheduling a Daily Report Daily reports are sent out once a day at 03 00 GMT and contain information for the previous day To configure a new daily report follow these steps 1 From the Scheduled Reports page click the Add Daily Report button The Daily Reports page appears Figure 101 Figure 101 Daily Reports Page E SonicWALL GMS Microsoft Internet Explorer File Edit View Favorites Tools Help Z R RET Om O DAG P from Gia QAR MG Address http 10 0 14 250 sgms auth Globalview ma Gateway 4 Milbank High A Milbank Middle m PRO 13 m PRO 179 Tele3 15 ma Wireless 129 ma Wireless 14 5 D 3 3 Milbank Middle Scheduled Reports user eo Single Day EMail Report Configuration pz M L onoono a Report List SonicWALL Global Management System Standard Ed
55. ance see Viewing the Log for a SonicWALL Appliance on page 86 e To view the log for a Ravlin device see Viewing the Log for a Ravlin Device on page 87 Viewing the Log for a SonicWALL Appliance To view the Log follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Log Viewer tree and click Search The Search page appears Figure 96 Figure 96 Search Page E SonicWALL GMS M ovidex CWALL INC File Edit View Favorites Tools Help Bak gt Q 2 A Qsearch Favorites meda 4 Fr S El El Address E mtpinomawogojsgme ah A A Sa fAclobaview PRO 179 i Logout ma Gateway amp Milbank High 4 Milbank Middle PRO 13 PRO 179 ma Tele3 15 ma Wireless 129 ma Wireless 14 Select Search Criteria 5005000500000 SonicWALL Global Management System Standard Edition 49 Internet 5 Select the date to view from the Date list box 6 Enter the starting time of events to view in the Start Time field 7 Enter the ending time of events to view in the End Time field 8 Select the type of events to view from the Message Category list box 9 Enter the source IP address to view in the Source IP Address field To view all IP addresses enter All 10 Enter the destination IP address to view in the Destination IP Address field To view all IP addresses enter All 11 Select the number of entries to display
56. andalone ViewPoint Guide Viewing the Top Sites The Top Sites report displays the web sites that used the most HTTP bandwidth on the specified date To view the Top Sites report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click Top Sites The Top Sites page appears Figure 21 Figure 21 Top Sites Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help HBack gt Q kj A Aseach G Favorites HHistow D Sm HORAS Address E hitp 64 221 224 8 8000 sgms auth Links QFree AOL amp Unlimited Intemet gt RealPlayer ib StateByDepartment LL Simulator 4 Top Sites use min Logout ma California m Engineering ma Simulator 4 ma Simulator 5 ma Simulator ma Simulator2 ma Simulator3 m New York m South Dakota m Utah Top Visited Web Sites for April 19 2002 _ settings J Boo 55505 195 19 14 125 7321 06 64 28 64 22 407217 216 105 160 13 2524 45 206 252 131 235 2006 87 216 105 160 28 1966 22 204 95 248 100 1950 26 sports espn go com 1634 78 64 41 185 180 1427 73 microsoft com 1093 08 sports espn go com 1085 53 Total 3 100 09 Report produced for timezone GMT SonicaLLs EEN sd SonicWALL Global Management System SONICWALL Standard Edition Done Ci Omme 7 5 Th
57. as taken e Attacks number of attacks e of Attacks percentage of attacks on this day compared to the time period For example if 10 000 attacks occurred during the time period and 1 000 attacks occurred on Thursday its of Attacks field will display 10 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 83 76 Standalone ViewPoint Standalone ViewPoint Guide Point Date Range Selector Micr SONICWALL February 22 2000 February 21 2000 February 20 2000 February 19 2000 April 19 2002 April 18 2002 April 16 2002 February 22 2000 February 21 2000 February 20 2000 February 19 2000 Figure 83 Report Settings Dialog Box ICE 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing Errors Over Time The Errors Over Time report displays the number of errors during the specified time period To view the Errors Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Errors Over Time The Errors Over Time page appears Figure 84 Figure 84 Errors Over Time Page
58. ays the users who used the most HTTP bandwidth on the specified date To view the Top Users report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click Top Users The Top Users page appears Figure 23 30 Standalone ViewPoint Standalone ViewPoint Guide Figure 23 Top Users Page y SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help Back gt Q A d QSeach Favorites Histon Hr W J RAD Address E htp 64 221 224 88 8000 sgms auth 250 Links QYFree AOL amp Unlimited Intemet 4 RealPlayer ib StateByDepartment LL Simulator 4 Top Users user min Logout Q alifornia Engineering ma Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota s Utah Top Users of Web for April 19 2002 _ settings J Bos Boog 10 0 8 9 10 0 31 98 10 0 39 45 10 0 14 140 10 0 5 22 10 0 21 77 10 0 30 37 10066 10 0 30 103 Report produced for timezone GMT SonicwaLLs SONICWALL i SonicWALL Global Management System Standard Edition Done se 4 5 The pie chart displays the percentage of bandwidth transferred by each of the top users 6 The table contains the following information e Users the IP address of the user Hits number of hits
59. bled but not ready L2TP enabled but not ready PPTP enabled but not ready WAN not ready VPN disabled for active dial up DHCP client enabled but not ready Blocked Quick Mode for Client using Default Keyld VPN disabled by administrator VPN enabled by administrator WLAN disabled by administrator WLAN enabled by administrator WiFiSec Enforcement disabled by administrator WiFiSec Enforcement enabled by administrator Wireless MAC Filter List enabled by administrator Wireless MAC Filter List disabled by administrator PPPoE user name changed by Administrator 121 PPPoE password changed by Administrator IKE Responder Default LAN gateway is not set but peer is proposing to use this SA as a default route Diagnostic Code D 802 11b Management wlan recovery Administrator logged out from the CLI SonicWALL initializing Malformed IP packet dropped ICMP packet dropped Web access request dropped Protocol Web access request received FTP PORT bounce attack dropped FTP PASV response bounce attack dropped Global VPN Client connection is not allowed Appliance is not registered 122 Standalone ViewPoint Standalone ViewPoint Guide
60. cally need to open the log file directory and delete old events Otherwise it can begin to consume significant amounts of space 6 Specify how often the GMS Reporting Module processes and updates summary information from the Time Between Summaries list box and click Update 7 To specify the next summary time enter a date and time in the Next Scheduled Summary Time field and click Update 8 To update the summary information now click Summarize Data Immediately ViewPoint will automatically process the latest information and make it available for immediate viewing Note This will not affect the normally scheduled summarization updates 9 Configure the following report setting defaults e Select the default number of sites that will be displayed in Top Sites reports from the Number of Top Sites list box default 10 e Select the default number of users that will be displayed in Top Users reports from the Number of Top Users list box default 10 e Select the default number of sites that will be displayed in Top Sites Per User reports from the Number of Top Sites Per User list box default 10 10 Specify how many days of summarized data the GMS Reporting Module will store in the database from the Days To Store Summarized Data list box default 15 and click Submit To save all information enter All Summarized data consumes approximately one kilobyte of information per SonicWALL appliance per day Make sure the database is larg
61. certificate PKI Failure No CA certificates yet loaded PKI Failure Internal error PKI Failure Temporary memory shortage try again PKI Failure The certificate chain is circular PKI Failure The certificate chain is incomplete PKI Failure The certificate chain has no root PKI Failure The certificate or a certificate in the chain has expired PKI Failure The certificate or a certificate in the chain has a validity period in the future PKI Failure The certificate or a certificate in the chain is corrupt PKI Failure The certificate or a certificate in the chain has a bad signature PKI Failure Loaded but could not verify certificate PKI Failure Loaded the certificate but could not verify it s chain 110 Standalone ViewPoint Standalone ViewPoint Guide VPN Cleanup Dynamic network settings change WARNING Central Gateway does not have a Relay IP Address DHCP message dropped DHCP REQUEST received from remote device DHCP DISCOVER received from remote device DHCP DECLINE received from remote device DHCP OFFER received from server DHCP NAK received from server ERROR DHCP over VPN policy is not defined Cannot start IKE DHCP DISCOVER received from local device DHCP REQUEST received from local device PPP Dial Up No peer IP address from Dial Up ISP local and remote IPs will be the same Received AV Alert Your SonicWALL Network Anti Virus subscription will expire in 7 days s Received notify INVALID_ID_INFO DHCP lease drop
62. click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session 18 Standalone ViewPoint Standalone ViewPoint Guide Monitoring Bandwidth Usage in Real Time The Bandwidth Monitor displays bandwidth usage for the selected SonicWALL appliance in real time To view the Bandwidth Monitor follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Bandwidth tree and click Monitor The Monitor page appears Figure 8 Figure 8 Monitor Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home 01 Ele Edt View Favoites Tools Help Bak gt Q A A Qseach Favorites Hitoy Fr fei E RAY Address htip 64 221 224 98 8000 sgms auth Ea EB Links GA Free AOL amp Unlimited Intemet dp RealPlayer R StateByDepartment LL Simulator 4 Monitor user admin Logout ma California x ma Engineering ma Simulator 4 ma Simulator 5 ma Simulator ma Simulator2 ma Simulator3 m New York m South Dakota s Utah Bandwidth Monitor 50050050500 gt SonicwaLLs Policies Reports Consok SonicWALL Global Management System SONICWALL Standard Edition DT 9 Internet 7 5 The Bandwidth Monitor shows the amount of data transferred during each sampling period for the last five minutes The sampling perio
63. click Next 14 To generate another report click Search again in the Log Viewer Tree Note See Appendix A for the list of available message texts Viewing Reports 89 90 Standalone ViewPoint Standalone ViewPoint Guide CHAPTER 4 Scheduling GMS Reporting Standalone ViewPoint ViewPoint Reporting can automatically send reports to any e mail addresses that you specify To view currently scheduled reports or configure new reports follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Configuration tree and click Scheduled Reports The Scheduled Reports page appears Figure 100 Figure 100 Scheduled Reports Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Ble Edt View Favorites Tools Help Bak gt Dl Aseach Favorites Hristoy yr Sy w HORA Address E hitp 710 0 14 251 sgms auth 250 Links Free AOL amp Unimited Intemet RealPlayer RA Adminview LL prodhep Scheduled Reports user admin Logout 9 A SonicWALL Q Engineering ma prodhcp soho162 ma 17167 eo Add Additional Scheduled Reports ao nos Summary of Scheduled Reports nasa From Email Address SonicwaLts Ea E CT Policies Reports SonicWALL Global Management System SONICWALL Standard Edition 5 The Scheduled Reports page contains a list of currently scheduled reports To edit a report select its r
64. ctory field 10 Optional To specify a specific date enter the date in the Report Date field 92 Standalone ViewPoint Standalone ViewPoint Guide 11 If you are using custom reports specify the folder location of the template files in the Template Folder Name field For more information see Chapter 5 Scheduling GMS Reporting 12 Select the daily reports that will be included in the e mail message e User Login shows users that logged on to the SonicWALL appliance to bypass content filtering or to remotely access local network resources e Admin Login shows successful administrator logins for the SonicWALL appliance e Failed Login shows failed login attempts for users and administrators that attempted to log on through the SonicWALL appliance Bandwidth Summary amount of traffic handled by the SonicWALL appliance during each hour Bandwidth Top Users displays the users who used the most bandwidth e Service Summary amount of traffic handled by each service during each hour e Web Usage Summary amount of HTTP bandwidth handled by the SonicWALL appliance during each hour of the day e Web Usage Top Sites displays the web sites that used the most HTTP bandwidth e Web Usage Top Users displays the users who used the most HTTP bandwidth Web Usage Sites By User displays a list of all users their top sites the number of hits to each site and the amount of data transferred e Web Filter Summary displays
65. d date sorted by category To view the Attacks by Category report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Attacks tree and click By Category The By Category page appears Figure 76 Viewing Reports 71 Figure 76 By Category Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Toos Help Back gt A A Qseach Favorites lt Hisoy Ey 4 W JQ RAP Address E htp 64 221 224 98 8000 sgms auth Links GQYFree AOL amp Unlimited Intemet q9 RealPlayer a D 3 3 EL StateByDepartment rts U Simulator 4 By Category user admin Logout ma California ma Engineering Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 Simulator3 m New York m South Dakota s Utah Attacks by Category for April 19 2002 _ settings J 0050500500 Type 1 Probable TCP FIN scan 2 IP spoof detected Report produced for timezone GMT SonicWALL Global Management System Standard Edition SONICWALL dome fi A 5 The pie chart displays the percentage of each type of attack 6 The table contains the following information e Type the type of attack e Attacks number of attacks e of Attacks percentage of this type of attack compared to all other attack types For example if 5 000 attacks occurred during the day and
66. d is five seconds Viewing the Top Users of Bandwidth The Top Users report displays the users who used the most bandwidth on the specified date To view the Top Users report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Bandwidth tree and click Top Users The Top Users page appears Figure 9 Viewing Reports 19 Figure 9 Top Users Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Help Bak gt A A Search Favorites Bristoy EY 3 w JARA Address E htp 64 221 224 98 8000 sgms auth 250 Links GQYFree AOL amp Unlimited Intemet q9 RealPlayer EL StateByDepartment LL simulator 4 Top Users user admin Logout ma California ma Engineering Simulator 4 gt Top Users of Bandwidth for April 19 2002 settings J Simulator 5 ma Simulatori ma Simulator2 Simulator3 m New York m South Dakota m Utah 00500005 00505005 10 0 8 9 10 0 30 170 10 0 31 98 10 0 39 45 10 0 5 22 10 0 14 140 10 0 30 37 10 0 21 77 10 0 0 2 10 0 30 66 Report produced tor timezone GMT SonicWALL Global Management System Standard Edition Done PTA ma The pie chart displays the percentage of bandwidth transferred by each user 6 The table contains the following information e Users the IP address of
67. d local network is not NAT public address Tunnel terminates inside firewall but proposed local network is not inside firewall Tunnel terminates on DMZ but proposed local network is on LAN Tunnel terminates on LAN but proposed local network is on DMZ AH Perfect Forward Secrecy mismatch ESP Perfect Forward Secrecy mismatch Algorithms and or keys do not match Administrator logged out Administrator logged out inactivity timer expired User logged out User logged out max session time exceeded User logged out inactivity timer expired NAT device may not support IPSec AH passthrough TCP Xmas Tree Blocked CFL auto download disabled time problem detected Requesting CRL from CRL Loaded from Failed to get CRL from Not enough memory to hold the CRL Connection timed out Cant connect to the CRL server Unknown reason Failed to Process CRL from Bad CRL format Issuer match failed Standalone ViewPoint Standalone ViewPoint Guide Certificate on No Certificate PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Authenti Revoked list CRL for Dialing s No dialtone detected check phone line connection No link carrier detected check phone number Dialed number is busy Dialed number did not answer Connected at s bps starting PPP Unknown dialing failure Link carrier lost cation successful PPP PAP Authentication failed check userna
68. de during the day and 250 of those attempts were made by a single user his of Attempts field will display 50 7 By default GMS Reporting shows today s report a pie chart and the ten top users To change these settings click Settings The Report Settings dialog box appears Figure 39 42 Standalone ViewPoint Standalone ViewPoint Guide 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view Figure 39 Report Settings Dialog Box A ViewPoint Settings Microsof Hi Ea SONICWALL Report Display Settings Sun Mon Tue Wed Thu Fri Sat 1 l 3 ls 5 f ls a wo ha 12 f3 lis 6 17 8 19 fzo l22 23 24 25 26 27 ze 29 30 11 When you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing the Top Blocked Sites for Each User Note These settings will stay in effect for all reports during your active login session The Web Filter By User report displays the top blocked web sites that each user attempted to access on the specified date To view the Web Filter By User report follow these steps 1 2 3 4 Start and log into ViewPoint Click the Reports tab Select a SonicWALL appliance Expand the Web Filter tree and click By User The By User page appears Figure 40 Viewing Rep
69. e Viewing Service Usage Reports on page 24 e To view web usage bandwidth reports see Viewing Web Usage Reports on page 27 e To view reports on the number of attempts that users made to access blocked websites see Viewing Web Filter Reports on page 39 e To view file transfer protocol FTP bandwidth usage reports see Viewing File Transfer Protocol Reports on page 51 e To view mail bandwidth usage reports see Viewing Mail Usage Reports on page 57 e To view virtual private networking VPN reports see Viewing VPN Usage Reports on page 64 e To view reports on attempted attacks see Viewing Attack Reports on page 70 e To view detailed logging information see Viewing the Log on page 86 e To view user and administrator authentication reports see Viewing Authentication Reports on page 82 Viewing Bandwidth Reports Bandwidth reports display the amount of data transferred through the selected SonicWALL appliance s Bandwidth reports are an ideal starting point for viewing overall bandwidth usage You can view bandwidth usage view by the hour day or over a period of days Additionally you can view the top users of bandwidth From this information you can determine network strategies For example if you need more bandwidth you might need to upgrade network equipment or you might simply need to curtail the bandwidth usage of a few employees Note All reports appear in Universa
70. e 70 e To view the attacks by attack category see Viewing the Attacks by Category on page 71 e To view the attacks by source IP address see Viewing the Attacks by Source on page 73 e To view a summary of the errors and exceptions see Viewing the Errors and Exceptions Report on page 74 e To view attacks over a period of time see Viewing Attack Reports Over Time on page 76 e To view errors and exceptions over a period of time see Viewing Errors Over Time on page 77 Viewing the Attack Summary Report The Attack Summary report contains information on the number of attacks attempted on a SonicWALL appliance or group of SonicWALL appliances during the specified day To view the Attack Summary report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Summary The Summary page appears Figure 74 Figure 74 Summary Page ZJ SonicWALL GMS Microsoft Internet Explorer provided by Home BEE File Edit View Favorites Tools Help l Bak gt Q 2 A Qseach Favorites lt HHistow B 3 w O g aAa Address http 64 221 224 98 8000 sgms auth hd e Go Links GQYFree AOL amp Unlimited Intemet RealPlayer 7 StateByDepartment ma California ma Engineering sa Simulator 4 po D 3 3 LI Simulator 4 Summary user admin Logout Attack Summar
71. e VPN Usage tree and click Summary The Summary page appears Figure 66 Figure 66 Summary Page E SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Help Back gt O A A GSearch Favorites Hristoy E SH J ORAD Address e http 64 221 224 98 8000 sams auth Go Links QNFree AOL amp Unlimited Internet RealPlayer m StateByDepartment ma California ma Engineering sa Simulator 4 ma Simulator 5 ma Simulatori VPN Usage Summary for April 19 2002 ma Simulator2 Simulator3 NE aala al AB a D 3 3 LI Simulator 4 Summary user admin Logout Boones A Al s Dakota LA U Z 4 aa DB VILLA a SonicwaLLs SONICWALL vi 35 15 SonicWALL Global Management System Standard Edition E Done ll 6 inene a 5 The bar graph displays the number of VPN connections made during each hour of the day 64 Standalone ViewPoint Standalone ViewPoint Guide 6 The table contains the following information e Hour when the sample was taken e Connections number of VPN connections of Connections percentage of VPN connections during this hour compared to the day For example if 10 000 connections occurred during the day and 1 000 connections occurred during the 2 00 time period the of Connections field will display 10 7 The GMS Reporting Module shows today
72. e enough to accommodate the number of days that you choose 11 The Summary Data Available Until field displays when the data was last summarized To re summarize any data enter a date and time and click Update Configuring Log Viewer Settings To configure Log Viewer settings follow these steps Configuring GMS Reporting Settings 13 Start and log into ViewPoint Click the Console tab Select a SonicWALL appliance Expand the Reports tree and click Log Viewer Settings The Log Viewer Settings page appears Figure 4 Po RE Figure 4 Log Viewer Settings Page File Edit View Favorites Tools Help a Qu X x a J seach she Favorites veda B ES EJ Address 18 148 8080 sgmsjauth w EJ Go Norton Antivirus E Adminview e oa Viewe e a ogo 4 SonicSystems m SonicWALL m USA California San Diego XPRS220 a o o z All te ma XPRS240 Sh San Francisco GATE2 ma SOHO220 SOHO240 50H0260 TELE220 E m XPRS2 a XPRS260 5 Specify how many days of raw data ViewPoint will store in the database from the Days To Store Raw Data list box and click Submit To save all information enter All 6 To save the changes click Submit Configuring Email Archive Settings To configure Email Archive settings follow these steps 1 Start and log into ViewPoint 2 Click the Console tab 3 Select a SonicWALL appliance 4 Expand the Reports tree and click Email Archive The Email Archive
73. e pie chart displays the percentage of bandwidth used to access the top sites 6 The table contains the following information e Site URL or IP address of the site e Hits number of hits MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred between this site compared to all other HTTP traffic For example if 10 000 megabytes of data was transferred during the day and 5 000 megabytes was trans ferred between the appliance and Ebay the of MBytes field will display 50 and you have a problem 7 By default GMS Reporting shows today s report a pie chart and the ten top sites To change these settings click Settings The Report Settings dialog box appears Figure 22 Viewing Reports 29 Figure 22 Report Settings Dialog Box ViewPoint Settings Microsof AE SONICWALL Report Display Settings Sun Mon Tue wed i 2 B k ls la ito la 15 he f7 a1 22 23 24 28 29 0 8 Select the number of sites that will be displayed from the Number of Sites list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session Viewing the Top Users of HTTP Bandwidth The Top Users report displ
74. e the syslog event rate follow these steps 1 Start and log into ViewPoint 2 Click the Policies tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Log tree and click Log Settings The Log Settings page appears Figure 2 Figure 2 Log Settings Page EE SonicWALL GMS Microsoft Internet Explorer provided by Home EEE Ble Edt View Favorites Tools Help Back gt Dll A QSearch iFava es Bristow yr HM O RAS Address E hep 710 0 14 251 soms auth 6 Links QFree AOL amp Unlimited Intemet gt RealPlayer FA Mojview Unit Policies Z USA E Q 4 California EME LJ General MOJ Loq Settings Mail Server IP Address 4 PRO DHCP SOHO 162 PRO DHCP Log Settings user admin a a m 12167 Firewall Name fposorooeca Cid EMail Log How Syslog Format Derat DC Clear Log How Syslog Event Rate EO secondsievent Heartbeat Rate fo secondsievent co Automation Send Log Aren Full every Sunday z at 0 74 00 hours When Log Overflows Overwrite Log C Shutdown SonicWALL a Categories Log g M Attacks FK Dropped TCP System Errors Dropped UDP 7 Blocked Web Sites Dropped ICMP F Network Debug m Denied LAN IP System Maintenance System Errors Blocked Web Stes Blocked Java etc User Activity YPN TCP Stats 133238 update j _reset_ SonicwaLts as
75. eached the limit for local certs cant load any more PKI Failure Import failed PKI Failure Incorrect admin password PKI Failure CA certificates store does not have space to hold all the CA certificates required to verify this Local Certificate PKI Failure Improper file format Please select PKCS 12 p12 file PKI Failure Certificate s ID does not match this SonicWall PKI Failure public private key mismatch PKI Failure Duplicate local certificate name PKI Failure Duplicate local certificate PKI Failure No CA certificates yet loaded PKI Failure Internal error PKI Failure Temporary memory shortage try again PKI Failure The certificate chain is circular PKI Failure The certificate chain is incomplete PKI Failure The certificate chain has no root PKI Failure The certificate or a certificate in the chain has expired PKI Failure The certificate or a certificate in the chain has a validity period in the future 120 Standalone ViewPoint Standalone ViewPoint Guide PKI Failure The certificate or a certificate in the chain is corrupt PKI Failure The certificate or a certificate in the chain has a bad signature PKI Failure Loaded but could not verify certificate PKI Failure Loaded the certificate but could not verify it s chain VPN Cleanup Dynamic network settings change WARNING Central Gateway does not have a Relay IP Address DHCP message dropped DHCP REQUEST received from remote device DHCP DISCOVER received from
76. ec packet from an illegal host Forbidden E Mail attachment deleted IKE Responder Mode d not tunnel mode IKE Responder No matching Phase 1 ID found for proposed remote network IKE Responder Proposed remote network is 0 0 0 0 but not DHCP relay nor default route IKE Responder No match for proposed remote network address IKE Responder Default LAN gateway is set but peer is not proposing to use this SA as a default route IKE Responder Tunnel terminates outside firewall but proposed local network is not NAT public address IKE Responder Tunnel terminates inside firewall but proposed local network is not inside firewall IKE Responder Tunnel terminates on DMZ but proposed local network is on LAN IKE Responder Tunnel terminates on LAN but proposed local network is on DMZ IKE Responder AH Perfect Forward Secrecy mismatch IKE Responder ESP Perfect Forward Secrecy mismatch IKE Responder Algorithms and or keys do not match Administrator logged out Administrator logged out inactivity timer expired User logged out User logged out max session time exceeded User logged out inactivity timer expired NAT device may not support IPSec AH passthrough TCP Xmas Tree Blocked CFL auto download disabled time problem detected Requesting CRL from CRL Loaded from Failed to get CRL from Not enough memory to hold the CRL Connection timed out Cant connect to the CRL server 116 Standalone ViewPoint Standalone ViewPoint Guide Unknown
77. ected Illegal LAN address in use Possible SYN flood attack Probable SYN flood attack Land Attack Dropped Fragmented Packet Dropped Successful administrator login Administrator login failed incorrect password Successful local user login User login failed incorrect password Unknown user attempted to log in Login screen timed out Attempted administrator login from s TCP connection dropped UDP packet dropped ICMP packet dropped 101 PPTP packet dropped IPSec packet dropped Unknown protocol dropped IPSec packet dropped waiting for pending IPSec connection IPSec connection interrupt NAT could not remap incoming packet ARP timeout Broadcast packet dropped No ICMP redirect sent Out of order command packet dropped Failure to add data channel RealAudio decode failure Duplicate packet dropped No HOST tag found in HTTP request The cache is full d open connections some will be dropped Code Type Source Destination License exceeded Connection dropped because too many IP addresses are in use on your LAN Rule Access to Proxy Server Blocked Diagnostic Code E Dynamic IPSec client connected Received fragmented packet or fragmentation needed Diagnostic Code D Illegal IPSec SPI Unknown IPSec SPI IPSec Authentication Failed IPSec Decryption Failed Incompatible IPSec Security Association IPSec packet from or to an illegal host SPI NetBus Attack Dropped Back Orifice Attack Dropped Net Spy Attack
78. ed HA hardware ID did not match this firewall Discovered HA Backup Firewall HA Peer Firewall Synchronized Error Synchronizing HA Peer Firewall Received AV Alert Your SonicWALL Network Anti Virus subscription has expired s Primary received heartbeat from wrong source Backup received heartbeat from wrong source HA packet processing error Heartbeat received from incompatible source Diagnostic Code F Forbidden E Mail attachment disabled PPPoE PAP Authentication success PPPoE PAP Authentication Failed Please verify PPPoE username and password Disconnecting PPPoE due to traffic timeout No response from ISP Disconnecting PPPoE Backup going Active in preempt mode after reboot VPN Log VPN Log Debug Denied TCP connection from LAN Denied UDP packet from LAN Denied ICMP packet from LAN Firewall access from LAN Probable TCP FIN scan Probable TCP XMAS scan Probable TCP NULL scan IPSEC Replay Detected TCP FIN packet dropped Received a path MTU icmp message from router gateway 104 Standalone ViewPoint Standalone ViewPoint Guide Problem loading the URL List Appliance not registered Problem loading the URL List Subscription expired Problem loading the URL List Try loading it again Problem loading the URL List Retrying later Problem loading the URL List Flash write failure Received a path MTU icmp message from router gateway MTU The loaded content URL List has expired Error setting the IP address of the backu
79. eduled Reports page click the Add Multi Day Report button The Multi Day Reports page appears Figure 102 Scheduling GMS Reporting 93 Figure 102 Multi Day Reports Page F SonicWALL GMS Microsoft Internet Explorer File Edit View Favorites Tools Help Que x A CD seach fe Favorites Queda QM R 2 B http 10 0 14 250 sgms auth IFA Glabalview rts LL Milbank Middle Scheduled Reports user admin Logout ma Gateway 4 Milbank High 4 Milbank Middle m PRO 13 PRO 179 ma Tele3 15 ma Wireless 129 ma Wireless 14 5 D 3 3 z Multiple Day EMail Report Configuration v L M ofnecseces a Report List T gt Policies Repor SonicWALL Global Management System SONICWALL poza andard Edition 2 Enter the Destination e mail addresses in the Destination Email Addresses field Separate each e mail address with a semicolon 3 Enter the IP address or hostname of the Simple Mail Transfer Protocol SMTP server in the SMTP Server Address field 4 Enter the Sender e mail address that will appear in messages sent from the GMS Reporting Module in the Source Email Address field 5 Enter the Subject Line that will appear in reports sent from the GMS Reporting Module in the Email Subject field 6 Enter text that will appear in the message body in the Email Body field 7 To send the file as an email attachment select the Email Attached File check box 8 To compress reports
80. en you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing Reports 75 Viewing Attack Reports Over Time The Attacks Over Time report displays the daily number of attempted attacks during the specified time period To view the Attacks Over Time report follow these steps 1 Start and log into ViewPoint Click the Reports tab 2 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Attacks Over Time The Attacks Over Time page appears Figure 82 Figure 82 Attacks Over Time Page SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favortes Tools Help Address E htp 64 221 224 8 8000 sgms auth Go gaara Links Free AOL amp Unlimited Intemet RealPlayer 3 StateByDepartment kia ma California Engineering Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 sg New York sg South Dakota m Utah 00050000 SONICWALL INN EE bmi 7 Simulator 4 Attacks Over Time user admin Attempted Attacks from April 13 2002 to April 19 2002 yi A Report produced for timezone GMT SonicWALL Global Management System Standard Edition 5 The bar graph displays the number of attacks attempted each day of the specified time period 6 The table contains the following information e Date when the sample w
81. ers and link information i e WAN LAN and DMZ These pre vent WebTrends from resolving the IP to DNS entries and from performing HTML title lookups within the reports Note The GMS Reporting Module also has problems with the WebTrends syslog format To disable GMS Report ing open the SGMS Settings page in the Console Panel deselect the Enable Reporting check box and click Update Posting GMS Reporting to Another Web Server for End User Access To allow end user access to another web server for end user access install the ViewPoint Console in redundant mode You can then allow end user access to the redunant Console for viewing GMS Reporting real time and historical reports End user access will be isolated from the main Console that is used for managing and configuring Son icWALL appliances 99 100 Standalone ViewPoint Standalone ViewPoint Guide APPENDIX B Syslog Messages for Firmware 6 5 SonicWALL activated Log Cleared Log successfully sent via email Log full deactivating SonicWALL New URL List loaded No new URL List available Problem loading the URL List check Filter settings Problem loading the URL List check your DNS server Problem sending log email check log settings Restarting SonicWALL dumping log to email Web site blocked Newsgroup blocked Web site accessed Newsgroup accessed ActiveX blocked Java blocked ActiveX or Java archive blocked Cookie removed Ping of death blocked IP spoof det
82. ettings The Report Settings dialog box appears Figure 61 Viewing Reports 59 Figure 61 Report Settings Dialog Box E YiewPoint Settings Microsof AE SONICWALL Report Display Settings Sun Mon Tue wed i 2 B ls 9 ho lis 16 17 lzz 23 24 28 29 0 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session Viewing Mail Usage Over Time The Mail Usage Over Time report displays the daily amount of mail handled by a SonicWALL appliance or group of SonicWALL appliances for the specified time period To view the Mail Usage Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Mail Usage tree and click Over Time The Over Time page appears Figure 62 60 Standalone ViewPoint Standalone ViewPoint Guide Figure 62 Over Time Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Help Hek gt O A Al Qsah Gira aw S Y JQ RAD Address E htp 64 221 224 98 8000 sgms au
83. far timezone GMT SonicWALL Global Management System Standard Edition Done FT A mma 7 5 The pie chart displays the top users with the most blocked site attempts 6 The table contains the following information e Users the IP address of the user Attempts number of attempts of Attempts percentage of attempts to access the blocked site compared to all other user attempts For example if 500 attempts were made during the period and 250 of those attempts were made by a single user his of Attempts field will display 50 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 47 Figure 47 Report Settings Dialog Box ViewPoint Date Range Selector Micr I Ed SONICWALL April 19 April 18 2002 April 16 2002 February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session 48 Standalone ViewPoint Standalone ViewPoint Guide Viewing the Top Blocked Sites for Each User Over Time The Web Filter By User report displays the top blocked web sites that each user attempted to access d
84. for October 15 2001 set date m Japan g a USA m SonicWALL LY a Engineering ma Sim9 ma SLC Main s ma Human Resources m Marketing o me Y AMA ZNAM NINA E D g 3 LL SLC Main Summary user admin Logout a goo 05000 z Report produced for timezone GMT e SonicWALL Global Management System SONICWALL igre tandard Edition Viewing Reports 51 5 The bar graph displays the amount of FTP bandwidth transferred during each hour of the day 6 The table contains the following information Hour when the sample was taken Events number of FTP events MBytes number of megabytes transferred of MBytes percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of FTP data was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 7 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 51 Figure 51 Report Settings Dialog Box E ViewPoint Settings _ Microsof FES SONICWALL 8 Select the year month and day that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing the Top Users of FTP Bandwidth
85. g Customization Tool follow these steps 1 Create a folder to store custom report templates The folder name cannot contain spaces and must be located in the appropriate directory For example to use the folder name MyCustomReports you must create the folder with the following directory structure lt gms_directory gt Tomcat webapps sgms reports scheduledreports MyCustomReports Create a text file that contains all the attributes and values that can be customized For more information see the params txt file that accompanied the Reporting Customization Tool Enter the following command ReportTool bat input_file target_folder where input_file is the name of the text file that you customized and target_folder is the name of the target folder Note Do not specify the complete path to the folder The default logo used in the reports is the SonicWALL logo If you wish to use a different logo and other graph ics copy them into the following directory sgms images Restart the SGMS Web server service Set the template folder name in the report schedule created to this folder name This must be set for all the report schedules that use the customized templates Scheduling a Report For information on scheduling a custom report see Chapter 4 Scheduling GMS Reporting 98 Standalone Vi iewPoint Standalone ViewPoint Guide APPENDIX A Technical Tips Forwarding Syslog Data to Another Syslog Server To forward ViewPo
86. he Top Users that Try to Access Blocked Sites on page 42 e To view the top blocked sites that each user attempted to access see Viewing the Top Blocked Sites for Each User on page 43 e To view blocked site access attempts over a period of time see Viewing Blocked Site Attempts Over Time on page 45 e To view a list of the blocked sites that users attempted to access most often over time see Viewing Blocked Site Attempts Over Time on page 45 e To view the users who made the most attempts to access blocked sites over time see Viewing the Top Blocked Site Users Over Time on page 47 e To view the top blocked sites that each user attempted to access over time see Viewing the Top Blocked Sites for Each User Over Time on page 49 Viewing the Web Filter Summary Report The Web Filter Summary report contains information on the number of times users attempt to access blocked sites for the specified day To view the Web Filter Summary report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Web Filter tree and click Summary The Summary page appears Figure 34 Viewing Reports 39 Figure 34 Summary Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Help SBak O A A QSeach GyFavoites iwy Er SEO READ Address E h
87. icWALL Global Management System Standard Edition Done Intemet 5 The graph provides a display of the number of access attempts for each of the top twenty blocked web sites 6 The table contains the following information e Site URL or IP address of the site e Attempts number of attempts e of Attempts percentage of attempts to access the blocked site compared to all other blocked site attempts For example if 500 attempts were made during the day and 100 of those attempts were for www badsite com its of Attempts field will display 20 7 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 37 Figure 37 Report Settings Dialog Box E ViewPoint Settings Microsof Hi Ea SONICWALL Sun Mon Tue Wed Thu Fri Sat i kek b kh m la la ho fia ls 6 17 18 jai 22 23 24 25 26 28 za 30 Viewing Reports 41 8 Select the year month and day that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing the Top Users that Try to Access Blocked Sites The Web Filter Top Users report displays the users who made the most attempts to access blocked sites on the spec ified date To view the Top Users report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Se
88. ing each hour of the day 6 The table contains the following information Hour when the sample was taken Events number of mail events e KBytes number of kilobytes transferred e of KBytes percentage of kilobytes transferred during this hour compared to the day For example if 10 000 kilobytes of mail was transferred during the day and 1 000 kilobytes was transferred at the 12 00 time period the of KBytes field will display 10 7 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 59 Figure 59 Report Settings Dialog Box ViewPoint Settings Microsof SONICWALL Sun Mon Tue Wed Thu Fri Sat ak la b la 5 6 7 ole 9 io lu 12 13 fia 5 he 17 8 19 zo a1 22 23 24 25 26 27 ze za 30 8 Select the year month and day that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected day 58 Standalone ViewPoint Standalone ViewPoint Guide Viewing the Top Users of Mail Bandwidth The Top Users report displays the users who sent and received the most mail on the specified date To view the Top Users report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Mail Usage tree and click Top Users The Top Users page appears Figure 60
89. ings click Settings The Report Settings dialog box appears Figure 41 Figure 41 Report Settings Dialog Box y ViewPoint Settings Microsof AES SONICWALL Report Display Settings Sun Mon Tue wed Thu i 2 8 h k l la ito un fia ls he 17 is j1 22 23 24 25 28 29 30 7 Select the number of users that will be displayed from the Number of Users list box 8 Select the type of chart from the Chart Type list box 9 Select the year month and day that you would like to view 44 Standalone ViewPoint Standalone ViewPoint Guide 10 When you are finished click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session Viewing Blocked Site Attempts Over Time The Web Filter Over Time report displays the number of attempts that were made to access blocked web sites for the specified time period To view the Web Filter Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Web Filter tree and click Over Time The Over Time page appears Figure 42 Figure 42 Over Time Page E SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Help HBa gt O A A Qseach Favorites Bristoy E G E TO RAY Address htp 64 221
90. int syslog data to another syslog server follow these steps 1 Open the sgmsConfig xml file with a text editor 2 Locate the following line Parameter name syslog forwardToHost value 3 Add the IP address or hostname of the destination syslog server to the value attribute 4 Save the sgmsConfig xml file and exit 5 Ensure that at least firmware 6 3 1 0 is running on the managed SonicWALL appliances Note To configure ViewPoint to not store the syslog data after it has been forwarded you must disable he GMS Reporting Module To do this open the SGMS Settings page in the Console Panel deselect the Enable Reporting check box and click Update Forwarding the Syslog Date to a WebTrends Server From ViewPoint you can forward the syslog data to a WebTrends server To acomplish this do the following 1 Open the sgmsConfig xml file with a text editor 2 Locate the following line Parameter name syslog forwardToHost value Add the IP address or hostname of the WebTrends syslog to the value attribute Save the sgmsConfig xml file and exit Ensure that at least firmware 6 3 1 0 is running on the managed SonicWALL appliances Oy a ae Change the syslog format in each managed SonicWALL appliance from the default format to the WebTrends format on the Log Settings page WebTrends cannot read the SonicWALL syslog in its default format The default syslog format s source src and destination dst fields contain port numb
91. into a single file select the Zip Emailed Archived Reports into a single file check box To password protect the Zip file select the Password Protect the Zip File check box and enter the password in the Password field To include all of the data in a single report select the Include all data in a single report check box 9 To archive the file to hard disk select the Archive check box and enter a path in the Save Directory field Specify the directory where the file will be archive in the Save Directory field 10 Optional To specify a specific date enter the date in the Report Date field 11 If you are using custom reports specify the folder location of the template files in the Template Folder Name field For more information see Chapter 5 Scheduling GMS Reporting 12 Select whether the report will be sent Weekly or Monthly 13 Select the reports that will be included in the e mail message e Bandwidth Overtime displays the daily amount of traffic handled by the SonicWALL appliance for the week or month e Web Usage Overtime displays the daily amount of HTTP bandwidth handled by the SonicWALL appli ance for the week or month e Web Filter Overtime displays the number of attempts that were made to access blocked web sites for the week or month FTP Usage Overtime displays the daily amount of FTP bandwidth handled by the SonicWALL appli ance for the week or month 94 Standalone ViewPoint Standalone ViewPoint G
92. isplays the report for the selected day Note These settings will stay in effect for all reports during your active login session Viewing VPN Usage Over Time The VPN Usage Over Time report displays the daily number of VPN connections made through a SonicWALL appliance or group of SonicWALL appliances during the specified time period To view the VPN Usage Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the VPN Usage tree and click Over Time The Over Time page appears Figure 70 Figure 70 Over Time Page SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help EB gt A d Qseach Favorites Bhistoy Fr 5 wi H O RAY Address la http 64 221 224 98 8000 sgms auth Go Links QYFree AOL amp Unlimited Intemet 4 RealPlayer i StateByDepartment rts I simulator 4 Over Time user admin Logout ma California ma Engineering ma Simulator 4 a D 5 YPN Activity from April 13 2002 to April 19 2002 ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota mg Utah 05050505 Date Connections KBytes of Usage 418 104 139 3 5 8 419 735 2278 45 934 2 Total 839 2417 75 100 09 Report produced for timezone GMT SonicWALL Global Management System SON
93. ited Internet RealPlayer R StateByDepartment UL simulator 4 Top Users Over Time user admin Logout ma California ma Engineering ma Simulator 4 ma Simulator 5 Simulatori Simulator2 Top Users of Bandwidth from April 13 2002 to April 19 2002 _ settings J ma Simulator3 m New York m South Dakota s Utah 500500005 50005 10 0 8 9 10 0 30 170 10 0 31 98 10 0 39 45 10 0 5 22 10 0 14 140 10 0 30 37 10 0 21 77 10 0 0 2 10 0 30 66 100 0 Report produced for timezone GMT SonicWALLs SONICWALL SonicWALL Global Management System Standard Edition l PIB Intemet Z 22 Standalone ViewPoint Standalone ViewPoint Guide 5 The pie chart displays the percentage of bandwidth transferred by each user 6 The table contains the following information e Users the IP address of the user e Connections number of events or hits MBytes number of megabytes of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during this period and 200 megabytes was transferred by the top user the of MBytes field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 14 Report Settings Dialog Box 3 ViewPoint Date Range Selector Micr BE Ea SONICWALL Februar
94. ition SONICWALL 2 Enter the Destination e mail addresses in the Destination Email Addresses field Make sure each e mail address is separated by a semicolon 3 By default the GMS Reporting Module will use the Simple Mail Transfer Protocol SMTP server that was specified during ViewPoint installation To change it enter the IP address or hostname of the SMTP server in the SMTP Server Address field 4 By default the GMS Reporting Module will use the e mail address of the user logged into ViewPoint as the Sender e mail address To change it enter a new Sender e mail address in the Source Email Address field 5 Enter the Subject Line that will appear in reports sent from the GMS Reporting Module in the Email Subject field 6 Enter text that will appear in the message body in the Email Body field 7 To send the file as an email attachment select the Email Attached File check box 8 To compress the reports into a single file select the Zip Emailed Archived Reports into a single file check box To password protect the Zip file select the Password Protect the Zip File check box and enter the password in the Password field To include all of the data in a single report select the Include all data in a single report check box 9 To archive the file on the server s hard disk select the Archive check box and enter a path in the Save Direc tory field Specify the directory where the file will be archive in the Save Dire
95. l Policies Reports Cor SonicWALL Global Management System SONICWALL pe JI Enee 5 Enter 0 in the Syslog Event Rate field EMail Log to EMail Alerts to I Standard Edition Logout The Syslog Event Rate field reduces the number of repetitive events that are logged by ViewPoint Although this prevents a log file from being full of repetitive events setting the Syslog Event Rate field to anything other than 0 will result in inaccurate reporting 6 To make sure that the GMS Reporting Module can display all reports make sure that every event category in the Categories area is selected except for Network Debug 7 When you are finished click Update The Syslog Event Rate is changed and every event category is enabled for each selected SonicWALL appliance Configuring GMS Reporting Settings 11 12 Configuring GMS Reporting Module Settings This section describes how to configure reporting settings These include how often the summary information is updated the number of days that summary information is stored and the number of days that raw data is stored These reports are constructed from the most current available summary data In order to create summary data the GMS Reporting Module must parse the raw data files Note Because reports are based on the most current summary data the report may be old For example if the data was summarized four hours ago all activity that occurred si
96. l Time Coordinated UTC or Greenwich Mean Time GMT Select from the following e To view a summary of the daily bandwidth usage see Viewing the Bandwidth Summary Report on page 17 e To view bandwidth usage in real time see Monitoring Bandwidth Usage in Real Time on page 19 e To view the users who consume the most bandwidth see Viewing the Top Users of Bandwidth on page 19 e To view bandwidth usage over a period of time see Viewing Bandwidth Usage Over Time on page 21 e To view the users who consume the most bandwidth over time see Viewing the Top Users of Bandwidth Over Time on page 22 Viewing the Bandwidth Summary Report The Bandwidth Summary report contains information on the amount of traffic handled by a SonicWALL appliance or group of SonicWALL appliances during each hour of the specified day To view the Bandwidth Summary report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Bandwidth tree and click Summary The Summary page appears Figure 6 Viewing Reports 17 Figure 6 Summary Page SonicWALL GMS Microsoft Internet Explorer provided by Home jo x Ele Edt View Favorites Tools Help SBa gt Q A A Qseach Favorites lt Hety Fr S w O READ Address E hitp 64 221 224 98 8000 sgms auth Go Links Fres AOL amp Unimied Intemet 4 RealPlayer EL StateB
97. lect a SonicWALL appliance 4 Expand the Web Filter tree and click Top Users The Top Users page appears Figure 38 Figure 38 Top Users Page E SonicWALL GMS Microsoft Internet Explorer provided by Home Ble Edt View Favorites Tools Help ee gt 90 3 ds wie Gy UB FORA Address http 64 221 224 98 8000 sgms auth Links GQYFree AOL amp Unlimited Intemet q9 RealPlayer m StateByDepartment ma California Engineering sa Simulator 4 a D J 3 L Simulator 4 Top Users user admin Top Filtered Web Sites By User for April 19 2002 ooon ma Simulator 5 ma Simulatori ma Simulator2 Simulator3 m New York m South Dakota m Utah Boo eos 10 0 14 153 of Attempts Logout settings J z 10 0 0 74 0 0 0 0 10 0 0 66 10 0 200 84 10 0 31 98 10 0 8 9 10 0 0 102 10 0 200 140 10 0 39 45 Report produced for timezone GMT SonicwALLs fF Polices Reports SonicWALL Global Management System SONICWALL A 4 Done TT lone 5 Standard Edition 5 The pie chart displays the top users with the most blocked site attempts 6 The table contains the following information e Users the IP address of the user e Attempts number of attempts e of Attempts percentage of attempts to access the blocked site compared to all other user attempts For example if 500 attempts were ma
98. lector Micr MIE Ea SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing Top Users Over Time The Top Users Over Time report displays the top users of bandwidth for the specified time period To view the Top Users Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Usage tree and click Top Users Over Time The Top Users Over Time page appears Figure 30 Viewing Reports 35 Figure 30 Top Users Over Time Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help Back gt Q A A Qseach Favorites Histor Er SH E O LEAD Address E hitp 64 221 224 98 8000 sgms auth 250 Links QQFree AOL amp Unlimited Intemet q9 RealPlayer fib StateByDepariment rts Simulator 4 Top Users Over Time user admin Logout Q California Top Web Users from April 13 2002 to April 19 2002 _ settings J sa Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 Simulat
99. loyees to use compression or transfer large files during non peak times Note All reports appear in Universal Time Coordinated UTC or Greenwich Mean Time GMT Select from the following e To view a summary of the daily FTP bandwidth usage see Viewing the FTP Summary Report on page 51 e To view the users who consume the most FTP bandwidth see Viewing the Top Users of FTP Bandwidth on page 52 e To view FTP bandwidth usage over a period of time see Viewing FTP Bandwidth Usage Over Time on page 54 e To view the users who consume the most FTP bandwidth over time see Viewing FTP Bandwidth Usage Over Time on page 54 Viewing the FTP Summary Report The FTP Summary report contains information on the amount of FTP bandwidth handled by a SonicWALL appli ance or group of SonicWALL appliances during the specified day To view the FTP Summary report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the FTP Usage tree and click Summary The Summary page appears Figure 50 Figure 50 Summary Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help Back Q A QSeach GyFavortes lt Hstoy Fr SM FORAY Address E hitpr 10 1 14 144 sgms auth Go Links Main View m Greenland e a iceland FTP Usage
100. mary report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Services tree and click Summary The Summary page appears Figure 16 Figure 16 Summary Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home _ ol x lt Ble Edt View Favorites Tools Help Back gt Q A d QSeach Favorites Histon Hr W EQ READ Address E htp 64 221 224 88 8000 sgms auth 06 Links Free AOL amp Unlimited Intemet q9 RealPlayer M StateByDepartment Simulator 4 Summary user admin Logout ma California a ma Engineering ma Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota m Utah Services Summary for April 19 2002 aa 505050505 a Report produced for timezone GMT SonicwaLts Policies Reports SonicWALL Global Management System SONICWALL gece pa andard Edition Done TIO tntemet 7 5 The bar graph displays the amount of bandwidth used by each service during each hour of the day 6 The table contains the following information e Protocol the service KBytes number of kilobytes Events number of events or hits of Events percentage of events transferred by this service on the selected day compared to all other services For example if 10 000 events occurred during the day and 9
101. me password PPP CHAP a uthentication failed check username password PPP MS CHAP authentication failed check username password PPP Starting PPP Starting PPP Starting PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up MS CHAP authentication CHAP authentication PAP authentication PPP negotiation failed disconnecting Idle time limit exceeded disconnecting Failed to get IP address Received new IP address PPP link established PPP link down Shutting down link Initialization s User requested disconnect User requested connect Connect request canceled The network connection in use is s L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server L2TP Server PPP Dial Up PPP Dial Up PPP Dial Up PPP Dial Up L2TP Tunnel Established L2TP Session Established L2TP PPP Session Established Radius reports Authentication Failure Local Authentication Failure Radius server not assigned IP address No IP address available in the Local IP Pool L2TP Tunnel Disconnect from the Remote L2TP Session Disconnect from the Remote L2TP Remote terminated the PPP session Local Authentication Success Radius Authentication Success Keep alive Failure Closing Tunnel Manual intervention needed
102. me period and 25 000 megabytes was trans ferred on one day the of Usage field will display 25 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Viewing Reports 21 Figure 12 Report Settings Dialog Box y ViewPoint Date Range Selector Micr Ri ES SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing the Top Users of Bandwidth Over Time The Top Users report displays the users who used the most bandwidth on the specified date To view the Top Users Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Bandwidth tree and click Top Users Over Time The Top Users Over Time page appears Figure 13 Figure 13 Top Users Over Time Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help Siek Q A A QSeach Favores Bistoy Fr S M ARA Address E htp 64 221 224 88 8000 sgms auth Go Links Free AOL amp Unlim
103. n attack message Primary firewall has transitioned to Active Backup firewall has transitioned to Active Primary firewall has transitioned to Idle Backup firewall has transitioned to Idle Primary missed heartbeats from Active Backup Primary going Active Backup missed heartbeats from Active Primary Backup going Active Primary received error signal from Active Backup Primary going Active Backup received error signal from Active Primary Backup going Active Backup firewall being preempted by Primary Primary firewall preempting Backup Active Backup detects Active Primary Backup going Idle Imported HA hardware ID did not match this firewall Discovered HA Backup Firewall HA Peer Firewall Synchronized Error Synchronizing HA Peer Firewall Received AV Alert Your SonicWALL Network Anti Virus subscription has expired s Primary received heartbeat from wrong source Backup received heartbeat from wrong source HA packet processing error Heartbeat received from incompatible source Diagnostic Code F Forbidden E Mail attachment disabled PPPoE PAP Authentication success PPPoE PAP Authentication Failed Please verify PPPoE username and password Disconnecting PPPoE due to traffic timeout No response from ISP Disconnecting PPPoE Backup going Active in preempt mode after reboot VPN Log VPN Log Debug Denied TCP connection from LAN Denied UDP packet from LAN Denied ICMP packet from LAN Firewall access from LAN Probable TCP FIN scan
104. nce the last summary will be missing from the report When configuring GMS Reporting you can select the amount of summary information to store Summary informa tion consumes approximately one kilobyte of information per SonicWALL appliance per day Make sure the data base is large enough to accommodate the number of days that you choose Additionally you can select the amount of raw data to store The raw data is made up of information for every con nection Depending on the amount of traffic this can quickly consume an enormous amount of space in the data base Be very careful when selecting how much raw information to store Distributed Scheduler The Distributed Scheduler provides improved performance over the old Scheduler The following describes the pro cessing and summarization process of the Distributed scheduler As incoming events are sent to the Agent they are written to a file in the lt sgms_directory gt logs directory The format of the file is agentid_start date_start time_to_end date_end time unp where agentid is the ID of the agent start date is the starting date YYYYDD start time is the starting time HHMMSS end date is the ending date and end time is the ending time When the file contains 10 000 lines the Distributed Scheduler closes the file and begins creating a new one At the interval you specify the Distributed Scheduler changes the extension of the file to prg and begins pro cessing the file and st
105. ng DHCP Client failed to verify and lease has expired Go to INIT state DHCP Client failed to verify and lease is still valid Go to BOUND state DHCP Client got a new IP address lease Sending DHCP RELEASE Access attempt from host without Anti Virus agent installed Anti Virus agent out of date on host Received AV Alert s Unused AV log entry Starting PPPoE discovery PPPoE LCP Link Up PPPoE LCP Link Down PPPoE terminated PPPoE Network Connected PPPoE Network Disconnected PPPoE discovery process complete PPPoE starting CHAP Authentication 103 PPPoE starting PAP Authentication PPPoE CHAP Authentication Failed PPPoE PAP Authentication Failed Wan IP Changed XAUTH Succeeded with VPN client XAUTH Failed with VPN client Authentication failure XAUTH Failed with VPN client Cannot Contact RADIUS Server Log Debug Add an attack message Primary firewall has transitioned to Active Backup firewall has transitioned to Active Primary firewall has transitioned to Idle Backup firewall has transitioned to Idle Primary missed heartbeats from Active Backup Primary going Active Backup missed heartbeats from Active Primary Backup going Active Primary received error signal from Active Backup Primary going Active Backup received error signal from Active Primary Backup going Active Backup firewall being preempted by Primary Primary firewall preempting Backup Active Backup detects Active Primary Backup going Idle Import
106. ogin page appears Figure 90 Figure 90 User Login Page E SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favores Tools Help Back gt QH A Asearch Favorites Huisoy Ey M JG RAP Address E hto 64 221 224 98 8000 sgns auh 6 Links QyFiee AOL amp Unimied Intemet 4 RealPlayer StateByDepartment LL Simulator 4 User Login t O California STD i ji m Engineering User Logins for April 19 2002 a Displaying records 1 1 of 1 Simulator 4 ma Simulator 5 ma Simulatori m n ma Sj ime Sot s sg New York sg South Dakota Utah Report produced for timezone GMT 0005000000 SonicwALLs Ea lees Reports SonicWALL Global Management System SONICWALL Standard Edition 5 The table contains the following information e User the user name Time time the user logged in 6 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 91 82 Standalone ViewPoint Standalone ViewPoint Guide Figure 91 Report Settings Dialog Box 7 Select the year month and day that you would like to view 8 When you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing the Administrator Login Report The administrator login report shows successful administrator logins during the specified day
107. om the following To enable or disable the GMS Reporting Module see Enabling GMS Reporting on page 10 To configure the syslog event rate to accurately report all firewall information see Configuring the Syslog Event Rate on page 11 To configure GMS Reporting settings see Configuring GMS Reporting Module Settings on page 12 Configuring GMS Reporting Settings 9 Enabling GMS Reporting By default GMS Reporting is enabled To enable or disable GMS Reporting follow these steps 1 Start and log into ViewPoint 2 Click the Console Panel tab at the bottom of the ViewPoint UI 3 Expand the Login tree and click SGMS Settings The SGMS Settings page appears Figure 1 Figure 1 SGMS Settings Page 3 SonicWALL GMS Microsoft Internet Explorer File Edit View Favorites Tools Help O 9 28 0 Pe row Qu 018 2509 Address http 10 0 14 250 sams auth ma Gateway m PRO 13 ma PRO 179 ma SOHO 46 ma TELE3 15 ma Wireless Bes eo Bes SONICWALL Fk Globalview Console Panel P SGMS Settings use 120 OOO Aa Ead Vs INE lt lt X MI SonicWALL Global Management System Standard Edition 4 To enable GMS Reporting select the Enable Reporting check box To disable it deselect the Enable Report ing check box default Enabled 5 When you are finished click Update 10 Standalone ViewPoint Standalone ViewPoint Guide Configuring the Syslog Event Rate To configur
108. or 5 ma Simulatori ma Simulator2 Web Usage Summary for April 19 2002 Simulator3 m New York m South Dakota s Utah CE Bos z 0 7 11 1 0 12 14 5 9 5 0 5 9 5 5 6 5 63 5 9 319 51 SonicWALL Global Management System Standard Edition pone A NI 5 The bar graph displays the amount of HTTP bandwidth transferred during each hour of the day SONICWALL 6 The table contains the following information Hour when the sample was taken e Events number of events or hits MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of HTTP data was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 7 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 20 Figure 20 Report Settings Dialog Box YiewPoint Settings Microsof AE SONICWALL Sun Mon Tue Wed Thu h 2 b m le la ho la 15 he 17 a1 22 23 24 8 za 0 8 Select the year month and day that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected day 28 Standalone ViewPoint St
109. or3 m New York m South Dakota s Utah BaDB a Bos 10 0 8 9 10 0 31 98 10 0 39 45 10 0 14 140 10 0 5 22 10 0 21 77 10 0 30 37 10 0 39 52 10 0 9 6 10066 z 100 0 Report produced for timezone GMT SonicwALLs Polises Reports SonicWALL Global Management System SONICWALL ace andard Edition Done TT lone 5 5 The graph provides a graphical display of the percentage of bandwidth transferred by each of the top users over the specified time period 6 The table contains the following information e Users the IP address of the user e Hits number of hits MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during the period and 200 megabytes was transferred by the top user the of MBytes field will display 20 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 31 Figure 31 Report Settings Dialog Box ViewPoint Date Range Selector Micr Ri ES SONICWALL February 22 2000 February 22 2000 February 21 2000 February 21 2000 February 20 2000 February 20 2000 February 19 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Mod
110. oring its information as summarized data It repeats this process for every file ending with the extension unp After it processes a file it changes its extension to PRD If you choose to use the Distributed Scheduler you will need to periodically delete files with the PRD extension to prevent your disk from filling Additionally the Distributed Scheduler does not store raw data so no information will appear in the log viewer General Report Settings Periodically the SonicWALL appliances send their syslog files to the Agent At the interval you specify the Agent s Summarizer will process those files and store the data in the raw and summary databases To configure Summarizer settings follow these steps 1 Za 3 Start and log into ViewPoint Click the Console tab Select a SonicWALL appliance Expand the Reports tree and click Summarizer The Summarizer page appears Figure 3 Standalone ViewPoint Standalone ViewPoint Guide Figure 3 Summarizer Page F SonicWALL GMS Microsoft Internet Explorer File Edit View Favorites Tools Help Q x fa JO search sig Favorites Area R US Address http 10 0 14 250 sgms auth v Eco R Globalview Console Panel Summarizer user admin Logout ma Gatewa Ready A Milbank High Milbank Middle E ee les AE O Enable Distributed Summarizer update PRO 179 ma Tele3 15 z Summary Interval for SonicWALLs ma Wireless 129 Log Viewer
111. ort click Settings The Reporting Date Range Selector dialog box appears Figure 55 54 Standalone ViewPoint Standalone ViewPoint Guide Figure 55 Report Settings Dialog Box y ViewPoint Date Range Selector Hicr SONICWALL February 20 2000 February 19 2000 Aen 18 2002 April 16 2002 February 22 2000 February 21 2000 February 20 2000 February 19 2000 BE Ei 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing the Top Users of FTP Bandwidth Over Time The Top Users Over Time report displays the users who used the most FTP bandwidth for the specified time period To view the Top Users Over Time report follow these steps 1 2 Click the Reports tab 3 4 Expand the FTP Usage tree and click Top Users Over Time The Top Users Over Time page appears Start and log into ViewPoint Select a SonicWALL appliance Figure 56 Figure 56 Top Users Over Time Page Ej SonicWALL GMS Microsoft File Edit View Favorites Tools Help ternet Explorer provide nic WALL INC Back O A A Qsearch Favorites meda 4 B GA El By SonicWALL Q amp Engineering 4 PRO 164 Q sj Marketing wit SOHO 162 m TZ 167 SONICWALL Address http 10 0 14 2
112. orts 43 Figure 40 By User Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Help SBak O A Qseach Favorites iwy Er SEO READ Address E htp 64 221 224 98 8000 sgms auth Links GQYFree AOL amp Unlimited Intemet q9 RealPlayer EL StateByDepartment LL Simulator 4 By User i Logout ma California ma Engineering Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 Top Filtered Sites By User for April 19 2002 _ settings J Displaying records 1 10 of 12 oon Site 10 014153 10 0 0 2 Simulator3 m New York m South Dakota s Utah 10 0 0 74 255 255 255 255 0 0 0 0 255 255 255 255 10 0 0 66 10 0 0 2 10 0 200 84 255 255 255 255 a 10 0 8 9 216 7 64 9 10 0 31 98 38 144 185 11 a 10 0 0 102 10 0 0 2 Bos 10 0 200 140 255 255 255 255 a 10 0 39 45 209 61 152 205 Report produced for timezone GMT eS Repo SonicWALL Global Management System SONICWALL TE Lote andard Edition poe fig internet 5 The table contains the following information User the IP address of the user e Site the top five sites visited by the user e Attempts number of attempts the user made to access each web site 6 By default the GMS Reporting Module shows today s report a pie chart and the ten top users To change these sett
113. p please manually set to backup LAN IP Error updating HA peer configuration Fraudulent Microsoft Certificate Blocked VPN TCP SYN VPN TCP FIN VPN TCP PSH Content filter subscription expired New firmware available Successful administrator login from the CLI Administrator login failed incorrect password from the CLI L2TP Tunnel Negotiation Started L2TP Session Negotiation Started L2TP Max Retransmission Exceeded L2TP Tunnel Established L2TP Tunnel Disconnect from Remote L2TP Session Established L2TP Session Disconnect from Remote L2TP PPP Negotiation Started L2TP LCP Down L2TP PPP Session Up L2TP PPP Down L2TP PPP Authentication Failed L2TP LCP Up L2TP Disconnect Initiated by the User Disconnecting L2TP Tunnel due to traffic timeout L2TP Connect Initiated by the User L2TP PPP link down Primary WAN link down Primary going Idle Backup WAN link down Primary going Active Primary WAN link down Backup going Active Primary WAN link up preempting Backup DHCP RELEASE relayed to Central Gateway DHCP lease relayed to local device DHCP RELEASE received from remote device DHCP lease relayed to remote device DHCP lease to LAN device conflicts with remote device deleting remote IP entry WARNING DHCP lease relayed from Central Gateway conflicts with IP in Static Devices list DHCP lease dropped Lease from Central Gateway conflicts with Relay IP IP spoof detected on packet to Central Gateway packet dropped Reques
114. page appears Figure 5 14 Standalone ViewPoint Standalone ViewPoint Guide Figure 5 Log Viewer Settings Page E SonicWALL GMS Microsoft Internet Explorer File Edit View Favorites Tools Help Q O BAG Pe wu Que Sale Address http 10 0 14 250 sgms auth Fm Globalview ma Gateway PRO 13 ma PRO 179 ma SOHO 46 mu TELE3 15 ma Wireless Console Panel Email Archive EmaiVArchive Time Settings a SONICWALL Logout 05 13 2003 SonicWALL Global Management System Standard Edition This page shows when the next scheduled archive time will occur and when the last weekly and monthly reports were sent To set the next archive time enter the date and time in the Next Scheduled Email Archive Time fields and click Update To specify when the next weekly report will be sent enter the date and time in the Weekly Reports Last Sent fields and click Update To specify when the next monthly report will be sent enter the date and time in the Monthly Reports Last Sent fields and click Update Configuring GMS Reporting Settings 15 16 Standalone ViewPoint Standalone ViewPoint Guide CHAPTER 3 Viewing Reports This chapter describes how to generate reports using Standalone ViewPoint ViewPoint Reporting Module Select from the following reports e To view general bandwidth usage reports see Viewing Bandwidth Reports on page 17 e To view bandwidth reports by service se
115. ped Lease from Central Gateway conflicts with Remote Management IP SonicOS 1 0 SonicWALL activated Log Cleared Log successfully sent via email Log full deactivating SonicWALL New URL List loaded No new URL List available Problem loading the URL List check Filter settings Problem loading the URL List check your DNS server Problem sending log email check log settings Restarting SonicWALL dumping log to email Web site blocked Newsgroup blocked Web site accessed Newsgroup accessed ActiveX blocked Java blocked ActiveX or Java archive blocked Cookie removed Ping of death blocked IP spoof detected Illegal LAN address in use Possible SYN flood attack Probable SYN flood attack Land Attack Dropped Fragmented Packet Dropped Successful administrator login Administrator login failed incorrect password Successful local user login User login failed incorrect password Unknown user attempted to log in Login screen timed out 111 Attempted administrator login from s TCP connection dropped UDP packet dropped ICMP packet dropped PPTP packet dropped IPSec packet dropped Unknown protocol dropped IPSec packet dropped waiting for pending IPSec connection IPSec connection interrupt NAT could not remap incoming packet ARP timeout Broadcast packet dropped No ICMP redirect sent Out of order command packet dropped Failure to add data channel RealAudio decode failure Duplicate packet dropped No HOST
116. per page from the Results Per Page field 12 Click Generate Report The Log Viewer Results page appears Figure 97 86 Standalone ViewPoint Standalone ViewPoint Guide Figure 97 Log Viewer Results Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Address E http 64 221 224 98 8000 sgms auth o Links QYFree AOL amp Unlimited Internet RealPlayer RM StateByDepartment Simulator 4 Search user admin e California m Engineering Log Search Results for April 19 2002 Message Category Connections ma Simulator 4 Simulators Displaying records 1 500 of 10291 Simulatori Simulator2 Time ce ination zo ZEM 22 08 22 10 0 30 103 6448 24 m New York 22 08 17 10083 206 252 131 235 sg South Dakota 22 08 10 10 088 206 252 131 235 3311 80 LAN sg Utah 22 08 07 10 088 1240016111 3101 80 LAN 5 22 08 02 10 0 0 2 212 117 206 66 udp 500 500 LAN 22 07 44 10 0 31 98 204 202 129 200 http 1647 80 LAN Search 22 07 44 10 0 30 170 66 26 105 100 tep 3551 6346 LAN Log Vie tting 22 07 32 10 002 63 201 228 51 udp 500 500 LAN 22 07 27 10 0 39 45 216 165 161 17 http 3634 80 LAN 22 07 24 10 0 30 170 212 181 95 13 tcp 3932 6346 LAN 22 07 23 10066 216 52 4 50 http 1234 80 LAN 22 07 22 10 088 206 252 131 235 http 1192 80 LAN 22 07 20 10 0 30 103 64 48 24 http 4160 80 LAN 22 07 19 10 0 74 2 207 46 230 218 tepihttp 14045 80 LAN 22 07 1
117. r the selected date range Note These settings will stay in effect for all reports during your active login session 56 Standalone ViewPoint Standalone ViewPoint Guide Viewing Mail Usage Reports Mail usage reports provide information on the amount of mail usage that occurs through the selected SonicWALL appliance s Mail usage reports can be used to view mail bandwidth usage by the hour day or over a period of days Addition ally you can view the top users of mail bandwidth Note Mail usage reports include SMTP POP3 and IMAP traffic General bandwidth reports do not always provide a complete picture of network bandwidth usage If a large amount of mail traffic occurs during peak times you might want to take some of the following actions e Add bandwidth e Upgrade network equipment e Ask employees to use compression or transfer large files during non peak times e Ask employees to place large files on an FTP site rather than sending them as mail attachments Note All reports appear in Universal Time Coordinated UTC or Greenwich Mean Time GMT Select from the following e To view a summary of the daily mail usage see Viewing the Mail Usage Summary Report on page 57 e To view the users who consume the most mail bandwidth see Viewing the Top Users of Mail Bandwidth on page 59 e To view mail usage over a period of time see Viewing Mail Usage Over Time on page 60 e To view the users who consume
118. ruary 21 2000 February 20 2000 February 19 2000 8 Select the starting and ending dates that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing Reports 61 Viewing the Top Users of Mail Bandwidth Over Time The Top Users Over Time report displays the users who sent and received the most mail during the specified time period To view the Top Users Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Mail Usage tree and click Top Users Over Time The Top Users Over Time page appears Figure 64 Figure 64 Top Users Over Time Page E SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favores Tools Help Bak gt A A Qseach Favorites hitoy HG O LADY Address E htp 64 221 224 98 8000 sgms auth Links GQYFree AOL amp Unlimited Intemet q9 RealPlayer ek StateByDepartment rts UL simulator 4 Top Users Over Time 1 Logout ma California ma Engineering Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York sg South Dakota s Utah z D 3 Top Users of Mail from April 13 2002 to April 19 2002 _ settings J 000005 A
119. s during your active login session Viewing the Top Blocked Site Users Over Time The Web Filter Top Users Over Time report displays the users who made the most attempts to access blocked sites during the specified time period To view the Top Users Over Time report follow these steps Start and log into ViewPoint Click the Reports tab 1 2 3 Select a SonicWALL appliance 4 Expand the Web Filter tree and click Top Users Over Time The Top Users Over Time page appears Figure 46 Viewing Reports 47 Figure 46 Top Users Over Time Page ZJ SonicWALL GMS Microsoft Internet Explorer provided by Home Fie Edt View Favores Tools Help Back gt A A Qseach Favorites lt Hisoy Ey 4 W JQ RAP Address E htp 64 221 224 98 8000 sgms auth Links GQYFree AOL amp Unlimited Intemet q9 RealPlayer EL StateByDepartment rts UL simulator 4 Top Users Over Time user admin Logout ma California a ma Engineering sa Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 Simulator3 m New York m South Dakota s Utah a D 3 3 Top Blocked Web Users from April 13 2002 to April 19 2002 settings J ooon ooon Attempts of Attempts Bos 10 0 14 153 10 0 0 74 0 0 0 0 10 0 0 66 10 0 200 84 10 0 31 98 10 0 8 9 10 0 200 173 10 0 0 102 10 0 200 140 gt 53 88 o joja u 100 0 Report produced
120. sage tree and click Over Time The Over Time page appears Figure 26 Figure 26 Over Time Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help EBax gt A A Qseah Favorites Brito E JM E O RAD address E rup 64 221 224 98 og nah 6 Links Free AOL amp Unlimited Internet RealPlayer Rh StateByDepartment tL Simulator 4 Over Time user admin ma California ma Engineering R Web Activity from April 13 2002 to April 19 2002 ma Simulator 4 H ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota m Utah 5005005005 a 4119 Total Report produced for timezone GMT SonicwaLLs E ICIS Reports SonicWALL Global Management System SONICWALL AEA andard Edition 5 The bar graph displays the amount of HTTP bandwidth transferred during each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Connections number of connections or hits MBytes number of megabytes transferred e of Usage percentage of megabytes transferred during this day compared to the time period For exam ple if 100 000 megabytes of data was transferred during the time period and 25 000 megabytes was trans ferred on one day the of Usage field will display 25 7 To change the date range of the report
121. services reports from the global or group view Monitoring Service Usage in Real Time The Services Monitor displays service usage for the selected SonicWALL appliance in real time To view the Service Monitor follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Services tree and click Monitor The Monitor page appears Figure 15 Figure 15 Monitor Page Z SonicWALL GMS soft Internet Explorer p fle Edt View Favorites Tools Hep Back gt G A Seach Favorites lt Histoy Ey E Address 48 http 64 221 224 98 8000 sgms auth Links Free AOL amp Unlimited Intenet qp RealPlayer StateByDepartment ma California ma Engineering ma Simulator 4 ma Simulator 5 ma Simulator Simulator2 SUMA ma Simulator3 sg New York m South Dakota sg Utah Monitor coa Seece a RE Reporta Conecte SonicWALL Global Management System Standard Edition SONICWALL E Done ln FP 0 Intemet 7 5 The Services Monitor shows the amount of data transferred for each service during each sampling period for the last five minutes The sampling period is 15 seconds 24 Standalone ViewPoint Standalone ViewPoint Guide Viewing the Services Summary Report The Services Summary report displays the amount of traffic handled by each service during each hour of the speci fied day To view the Services Sum
122. steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the VPN Usage tree and click Top Users Over Time The Top Users Over Time page appears Figure 72 Figure 72 Top Users Over Time Page ZJ SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help a Bak gt Q A A QSearch Favorites Bhistoy Er S fal 1 R Alo Address E htp 64 221 224 88 8000 sgms auth Go Links Free AOL Unlimited Internet RealPlayer a D EL StateByDepartment rts UL simulator 4 Top Users Over Time user admin Logout ma California 3 ma Engineering ma Simulator 4 Simulator 5 ma Simulatori ma Simulator ma Simulator3 m New York m South Dakota sg Utah Top Users of VPN from April 13 2002 to April 19 2002 _ settings J 0000005 10 0 200 97 192 168 5 2 10 0 0 95 10 50 190 6 192 168 2 160 10 0 62 210 10 0 0 68 192 168 236 2 10 0 0 38 10 0 0 66 100 0 Report produced for timezone GMT SoniewaLts oS Reports SonicWALL Global Management System SONICWALL Se andard Edition Done TP lore 7 68 Standalone ViewPoint Standalone ViewPoint Guide 5 The pie chart displays the VPN connections for the top VPN users 6 The table contains the following information e Users the IP address of the user e Connections
123. t for Relay IP Table from Central Gateway 105 Requesting Relay IP Table from Remote Gateway Sent Relay IP Table to Central Gateway Obtained Relay IP Table from Remote Gateway Failed to synchronize Relay IP Table Successful administrator login Successful administrator login Successful remote user login Successful remote user login NAT Discovery NAT Discovery NAT Discovery NAT Discovery Peer IPSec Security Gateway behind a NAT NAPT Device Local IPSec Security Gateway behind a NAT NAPT Device No NAT NAPT device detected between IPSec Security gateways Peer IPSec Security Gateway doesn t support VPN NAT Traversal User login failed RADIUS authentication failure User login failed RADIUS server timeout User login failed RADIUS configuration error User login failed User has no privileges for login from that location IPSec packet from an illegal host Forbidden E Mail attachment deleted IKE Responder IKE Responder IKE Responder IKE Responder IKE Responder IKE Responder IKE Responder IKE Responder IKE Responder IKE Responder IKE Responder IKE Responder Mode d not tunnel mode No matching Phase 1 ID found for proposed remote network Proposed remote network is 0 0 0 0 but not DHCP relay nor default route No match for proposed remote network address Default LAN gateway is set but peer is not proposing to use this SA as a default route Tunnel terminates outside firewall but propose
124. t gp RealPlayer ma StateByDepartment ma California ma Engineering ma Simulator 4 ma Simulator 5 ma Simulator ma Simulator2 ma Simulator3 m New York m South Dakota m Utah a D gt LL Simulator 4 Errors amp Exceptions user Dropped Packets 8 Exceptions for April 19 2002 aa a Ba aa SonicWALLs E SONICWALL ae 6 Dore O meme A SonicWALL Global Management System Standard Edition 5 The bar graph displays the packets that were dropped during each hour of the day 6 The table contains the following information Hour when the sample was taken Packets number of dropped packets of Packets percentage of packets dropped during this hour compared to the day For example if 1 000 packets were dropped during the day and 100 packets were dropped during the 1 00 time period the of Packets field will display 10 7 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 81 Figure 81 Report Settings Dialog Box ViewPoint Settings Microsof 101 SONICWALL Sun Mon Tue Wed Thu Fri Sat h ek 8 k 5 b m b la ho lu hz h3 lia as fe 17 18 19 20 jai 22 23 24 25 26 27 28 29 s0 8 Select the year month and day that you would like to view 9 Wh
125. th o Links YFree AOL Unlimited Intemet RealPlayer a D gt la StateByDepartment rts LL Simulator 4 Over Time u Q fornia Q m Engineering ma Simulator 4 ma Simulator 5 ma Simulator ma Simulator2 ma Simulator3 m New York Mail Usage from April 13 2002 to April 19 2002 oon Ba m South Dakota m Utah IE LH 505505005 Total Report produced for timezone GMT SonicWALLs EJ SONICWALL boas E Dore I Fl tnternet A SonicWALL Global Management System Standard Edition 5 The bar graph displays the amount of mail sent and received during each day of the specified time period 6 The table contains the following information Date when the sample was taken Connections number of mail messages e KBytes number of kilobytes transferred of Usage percentage of kilobytes transferred during this day compared to the time period For exam ple if 10 000 kilobytes of mail was transferred during the time period and 2 500 kilobytes of mail was transferred on one day the of Usage field will display 25 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 63 Figure 63 Report Settings Dialog Box ViewPoint Date Range Selector Micr ES SONICWALL February 22 2000 February 21 2000 February 20 2000 February 19 2000 February 22 2000 Feb
126. the IP Spoof makes up 500 of the attacks its of Attacks field will display 10 7 By default the GMS Reporting Module shows today s report a pie chart and the ten top categories To change these settings click Settings The Report Settings dialog box appears Figure 77 Figure 77 Report Settings Dialog Box E VEA Settings Microsof L x SONICWALL Report Display Settings Sun Mon Tue Wed Thu i 2 fla m b la ho m fia 5 he a7 fs jar 22 23 24 25 28 29 30 8 Select the number of categories that will be displayed from the Number of Categories list box 72 Standalone ViewPoint Standalone ViewPoint Guide 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session Viewing the Attacks by Source The Attacks by Source report displays the top sources of attacks To view the Attacks by Source report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Attacks tree and click By Source The By Source page appears Figure 78 Figure 78 By Source Page E SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help
127. the font in the title bar TITLE BAR FONT SIZE 2 Size of the Font in the title bar CHART BG COLOR FFFFFF Background color of the chart CHART PLOT COLOR D7E1B2 Color of the bar in the bar graphs PIE PLOT COLOR FFFFFF Color of the pie in pie graphs TABLE HEADING COLOR 003399 Color of the table heading TABLE EVEN ROW_COLOR FFFFFF Color of the even numbered rows TABLE ODD ROW COLOR E8EEF4 Color of the odd numbered rows TABLE TOTAL ROW COLOR 003399 Color of the total row FOOTER_FONT_COLOR 000000 Color of the footer font FOOTER _FONT_ SIZE 1 Size of the footer font The following figure shows the report elements as they are displayed Customizing Report Elements 97 Figure 103 Report Elements 2 mhtmI file C SonicWALL sgms 2 5 source Attacks_ Exceptions_OverTime mhtml Fie Edt view Favorites Tocs Help J gt lt lx 2 P dm Hz Fannie Ore 2 2 JD E C Sorvc WALL sgns 2 Sleour ve Attacks_Exceptiors_OverTime mbitni Using SONICWALL MPREHENSIVE INTERNET SECURITY SonicWALL GMS Reports Scheduled Report lor SonicWALL Group MojView Summary of Exceptions Over Time from 2003 6 22 to 2003 6 28 Errors amp Exceptions by Group the Reporting Customization Tool This section describes how to use the Reporting Customization Tool You can use the tool to create multiple tem plates After creating a template you can apply it to one some or all reports To use the Reportin
128. the most mail bandwidth over time see Viewing the Top Users of Mail Band width Over Time on page 62 Viewing the Mail Usage Summary Report The Mail Usage Summary report contains information on the amount of mail handled by a SonicWALL appliance or group of SonicWALL appliances during the specified day To view the Mail Usage Summary report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Mail Usage tree and click Summary The Summary page appears Figure 58 Viewing Reports 57 Figure 58 Summary Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Help Back gt O A A Qseach Favorites Bristow Ey G W TO RAP Address E htp 64 221 224 98 8000 sgms auth 6 Links Free AOL Unlimited Intemet RealPlayer o StateByDepartment ma California ma Engineering sa Simulator 4 ma Simulator 5 sa Simulatori ma Simulator2 a D 3 3 LL Simulator 4 Summary u Mail Usage for April 19 2002 000500 Simulator3 m New York m South Dakota sg Utah Boe as 1 6 2 2 6 5 3 3 7 8 6 7 37 22 4 0 3 9 7 0 5 7 F 5 SonicWALL Global Management System Standard Edition SONICWALL 5 The bar graph displays the amount of mail sent and received dur
129. the number of times users attempt to access blocked sites during each hour e Web Filter Top Sites displays the top blocked web sites that users attempted to access e Web Filter Top Users displays the users who made the most attempts to access blocked sites e Web Filter Sites By User displays a list of all users their top sites and the number of attempts that were made to access each site e FTP Usage Summary amount of FTP bandwidth handled by the SonicWALL appliance e FTP Usage Top Users displays the users who used the most FTP bandwidth e Mail Usage Summary amount of mail handled by the SonicWALL appliance e Mail Usage Top Users displays the users who sent and received the most mail e Attacks Summary number of attack attempted on the SonicWALL appliance e Attacks By Category displays the attacks that occurred sorted by category e Attacks By Source displays the top sources of attacks e Attacks Dropped Packets number of dropped packets on the SonicWALL appliance 13 When you are finished click Add The new report will appear in the list on the Scheduled Reports page Scheduling a Weekly or Monthly Report Weekly reports are sent out every Sunday at 03 00 GMT and contain information for the previous week Monthly reports are sent out on the first day of every month at 03 00 GMT and contain information for the previous month To configure a new weekly or monthly report follow these steps 1 From the Sch
130. the user Connections number of events or hits MBytes number of megabytes of MBytes percentage of megabytes transferred by this user compared to all users For example if 1000 megabytes of data was transferred during the day and 200 megabytes was transferred by the top user the of MBytes field will display 20 7 By default the GMS Reporting Module shows today s report a pie chart and the ten top users To change these settings click Settings The Report Settings dialog box appears Figure 10 Report Settings Dialog Box y ViewPoint Settings Microsof AE SONICWALL Report Display Settings Select Report Date Sun Mon Tue wed Thu i 2 Bb M k ls la ito m la 5 he a7 fs za 22 23 24 25 28 29 30 20 Standalone ViewPoint Standalone ViewPoint Guide 8 Select the number of users that will be displayed from the Number of Users list box 9 Select the type of chart from the Chart Type list box 10 Select the year month and day that you would like to view 11 When you are finished click Close The GMS Reporting Module displays the report for the selected day Note These settings will stay in effect for all reports during your active login session Viewing Bandwidth Usage Over Time The Bandwidth Over Time report displays the daily amount of traffic handled by a SonicWALL appliance or a group of SonicWALL appliances for the specified time period To
131. thentication Failure L2TP Server Radius server not assigned IP address L2TP Server No IP address available in the Local IP Pool L2TP Server L2TP Tunnel Disconnect from the Remote L2TP Server L2TP Session Disconnect from the Remote L2TP Server L2TP Remote terminated the PPP session L2TP Server Local Authentication Success L2TP Server Radius Authentication Success L2TP Server Keep alive Failure Closing Tunnel PPP Dial Up Manual intervention needed Check profile or disconnect or redial PPP Dial Up Trying to failover but Primary Profile is manual 117 PPP Dial Up Startup without Ethernet cable will try to dial on outbound traffic PPP Dial Up Dial initiated by s The current WAN interface is not ready to route packets Probing failure on s PPP Dial Up Maximum connection time exceeded disconnecting Adminstrator name changed User login failure rate exceeded source address locked out PPP Dial Up The profile in use disabled VPN networking PPP Dial Up VPN networking restored s Ethernet Port Up s Ethernet Port Down L2TP Server Call Disconnect from Remote L2TP Server Tunnel Disconnect from Remote L2TP Server Deleting the Tunnel L2TP Server Deleting the L2TP active Session L2TP Server Retransmission Timeout Deleting the Tunnel NAT translated packet exceeds size limit packet dropped HTTP management port has changed HTTPS management port has changed IKE Responder Mode d not transport mode
132. to senos Send Email SMTP 25 6 Services Email Archive Lowe a Port Range S Protocol TCP 6 v Ada oon a Summarize Now_ icies Reports Console SonicWALL Global Management System SONICWALL 3 Standard Edition 4 To add a known service select it from the Known Services list box and click Add 5 To add a custom service enter a name in the Name field enter the service s port range and select the protocol that it uses from the Protocol list box Click Add 6 To delete a service select it and click Delete 26 Standalone ViewPoint Standalone ViewPoint Guide Viewing Web Usage Reports Web usage reports provide information on the amount of web usage that occurs through the selected SonicWALL appliance s Web usage reports can be used to view web bandwidth usage by the hour day or over a period of days Addition ally you can view the top users of web bandwidth and view the most visited sites Note All reports appear in Universal Time Coordinated UTC or Greenwich Mean Time GMT Select from the following e To view a summary of the daily web bandwidth usage see Viewing the Web Usage Summary Report on page 27 e To view a list of the top visited sites see Viewing the Top Sites on page 29 e To view the users who consume the most web bandwidth see Viewing the Top Users of HTTP Bandwidth on page 30 e To view the top sites visited by each user see Viewing
133. tp 64 221 224 98 8000 sgms auth Links GQYFree AOL amp Unlimited Intemet q9 RealPlayer m StateByDepartment ma California ma Engineering sa Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 Simulator3 m New York m South Dakota m Utah a D 3 3 LL Simulator 4 Summary us Web Fitter Summary for April 19 2002 ooon ooon 11 1 2 1 3 0 5 1 0 5 3 5 5 6 0 5 7 5 6 4 9 61 59 SonicWALL Global Management System Standard Edition SONICWALL 5 The bar graph displays the number of blocked sites that users attempted to access during each hour of the day 6 The table contains the following information e Hour time when the sample was taken e Attempts number of attempts to access blocked sites e of Attempts percentage of attempts during this hour compared to the day For example if 100 attempts occurred during the day and 20 attempts occurred at the 12 00 time period the of Attempts field will display 20 7 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 35 Figure 35 Report Settings Dialog Box ETT Settings Microsof Br SONICWALL Sun Mon Tue Wed Thu Fri Sat ah k b le a ho jis 16 17 l22 23 24 8 29 30 8 Select the year month and da
134. uest Received IKE SA delete request Received notify INVALID_COOKIES Received notify RESPONDER_LIFETIME Received notify INVALID_SPI PKI Error IKE Responder Proposed local network is 0 0 0 0 but SA has no LAN Default Gateway 119 RIP disabled on LAN interface RIPv1 enabled on LAN interface RIPv2 enabled on LAN interface RIPv2 compatibility broadcast mode enabled on LAN interface RIP disabled on DMZ interface RIPv1 enabled on DMZ interface RIPv2 enabled on DMZ interface RIPv2 compatibility broadcast mode enabled on DMZ interface IPSecTunnel status changed Source routed IP packet dropped No response from server to Echo Requests disconnecting PPTP Tunnel No response from PPTP server to control connection requests No response from PPTP server to call requests PPTP server rejected control connection PPTP server rejected the call request PPP Dial Up Trying to failover but Alternate Profile is manual Failback initiated by s Probing succeeded on s E Mail fragment dropped Locked out user re enabled lockout period expired Locked out user re enabled by admin Access Rule added Access Rule modified Access Rule deleted Access Rules restored to defaults PPTP Server is not responding check if the server is UP and running IKE Initiator Accepting peer lifetime Phase 1 FTP PASV response spoof attack dropped PKI Failure PKI Failure Output buffer too small PKI Failure Cannot alloc memory PKI Failure R
135. uide e Mail Usage Overtime displays the daily amount of mail handled by the SonicWALL appliance for the week or month e Attacks Overtime displays the daily number of attacks attempted during the week or month e Drop Packets Overtime displays the number of packet errors during the week or month e VPN Overtime displays daily number of VPN connections during the week or month 14 When you are finished click Add The new report will appear in the list on the Scheduled Reports page Scheduling GMS Reporting 95 96 Standalone ViewPoint Standalone ViewPoint Guide CHAPTER 5 Customizing Report Elements The GMS Reporting Module contains many elements that can be customized to meet the look and feel of your orga nization s corporate image The elements that can be customized include Table 1 Custom Elements Element Default Description PAGE BG COLOR FFFFFF Page background color HEADING lt font color red size 4 gt Son Heading Color and Title icWALL GMS Reports lt font gt LOGO images mainLogo2 gif Main logo at top of page LOGO_DESCRIPTION SonicWALL GMS Reports Logo description LOGO_HREF http www sonicwall com The location to which the user is taken when he or she clicks the logo LOGO_TABLE BG COLOR FFFFFF Background color of the table in which the logo resides TITLE_BAR BG COLOR CCCCCC Color of the title bar TITLE BAR FONT COLOR 000000 Color of
136. ule displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session 36 Standalone ViewPoint Standalone ViewPoint Guide Viewing Bandwidth Usage By User Over Time The By User Over Time report displays a list of all users their top sites the number of hits to each site and the amount of data transferred for the specified time period To view the By User Over Time report follow these steps 1 2 3 4 Start and log into ViewPoint Click the Reports tab Select a SonicWALL appliance Expand the Web Usage tree and click By User Over Time The By User Over Time page appears Figure 32 Figure 32 By User Over Time Page Ele Edt View Favoites Tools Help SBak gt Q A A Qseach Favorites Gristoy Er S A EQ RAP Address e http 64 221 224 98 8000 sgms auth Go Links Free AOL Unlimited Intemet RealPlayer RL StateByDepartment LL Simulator 4 By Users Over Time user admin Q California Engineering ma Simulator 4 ma Simulator 5 ma Simulatori ma Simulator2 Top Sites by User from April 13 2002 to April 19 2002 Displaying records 1 10 of 27 Site 195 19 14 125 ma Simulator3 8361 11 64 28 64 22 4382 12 m New York 216 105 160 13 2807 02 m South Dakota 204 95 248 100 2217 56 m Utah 206 252 131 235 2209 12 216 105 160 28 2122 33 64 41 185 18
137. uring the specified time period To view the By User Over Time report follow these steps 1 Start and log into ViewPoint Click the Reports tab 2 3 Select a SonicWALL appliance 4 Expand the Web Filter tree and click By User Over Time The By User Over Time page appears Figure 40 Figure 48 By User Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favoites Tools Help Address a http 764 221 224 98 8000 sgms auth 20 Links GNFtee AOL amp Unlimited Intemet p RealPlayer a StateByDepartment California Q m Engineering ma Simulator 4 ma Simulator 5 ma Simulator ma Simulator2 ma Simulator3 m New York m South Dakota m Utah z D gt oon 5005005 SonicwALLs EET SONICWALL Gz Simulator 4 By Users Over Time Top Blocked Sites by User from April 13 2002 to April 19 2002 Displaying records 1 10 of 12 10 0 14 153 Site 10 0 0 2 Attempts 10 0 0 74 255 255 255 255 0 0 0 0 255 255 255 255 10 0 0 66 10 0 0 2 10 0 200 84 255 255 255 255 10 0 8 9 216 7 64 9 10 0 31 98 38 144 185 11 10 0 0 102 10 0 0 2 10 0 200 173 255 255 255 255 10 0 200 140 Report produced for timezone GMT 255 255 255 255 Logout settings J SonicWALL Global Management System Standard Edition Babe 1
138. uring the specified time period To view the Sources Over Time report follow these steps 1 Start and log into ViewPoint Click the Reports tab 2 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Attacks tree and click Sources Over Time The Categories Over Time page appears Figure 86 Figure 88 Catagories Over Time Page Z SonicWALL GMS Microsoft Internet Explorer provided by Home m SonicWALL Engineering ma PRO 164 Marketing SOHO 162 12167 SONICWALL Adminview e TZ 167 Sources Over Time c Logout Top Attack Sources from July 20 2002 to July 26 2002 _settings_ Report produced for timezone Pacific Time US amp Canada GMT 8 00 SonicWALL Global Management System Standard Edition 5 The bar graph displays the number of attacks attempted each day of the specified time period 6 The table contains the following information e Source source of the attack e Attacks number of attacks e of Attacks percentage of attacks from this source compared to other sources For example if 2 000 attacks occurred during the time period and 1 000 attacks occurred from a source its of Attacks field will display 50 7 To change the date range of the report click Settings The Reporting Date Range Selector dialog box appears Figure 87 80 Standalone ViewPoint Standalone ViewPoint Guide Figure 89 Report Settings Dialog
139. view the Bandwidth Over Time report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select the global icon a group or a SonicWALL appliance 4 Expand the Bandwidth tree and click Over Time The Over Time page appears Figure 11 Figure 11 Over Time Page E SonicWALL GMS Microsoft Intemet Explore provided by Home Eie Edt View Favorites Tools Help Address E ttp 7 64 221 224 98 8000 sgmszauth CCC 6 Links Free AOL amp Unlimited Intemet 4 RealPlayer fak StateByDepartment LI Simulator 4 Over Time user admin Logout ma California Engineering ma Simulator 4 Bandwidth Usage from April 13 2002 to April 19 2002 Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York sg South Dakota sg Utah Boog 50050505 Date 418 419 Total Report produced for timezone GMT SonicwaLts Policies Reports SonicWALL Global Management System SONICWALL RA andard Edition 5 The bar graph displays the amount of bandwidth transferred during each day of the specified time period 6 The table contains the following information e Date when the sample was taken e Connections number of hits MBytes number of megabytes transferred e of Usage percentage of megabytes transferred during this day compared to the time period For exam ple if 100 000 megabytes of data was transferred during the ti
140. y 22 2000 February 21 2000 February 20 2000 February 19 2000 8 Select the starting and ending dates that you would like to view February 22 2000 February 21 2000 February 20 2000 February 19 2000 9 When you are finished click Close The GMS Reporting Module displays the report for the selected date range Note These settings will stay in effect for all reports during your active login session Viewing Reports 23 Viewing Service Usage Reports Service reports provide information on the amount of data transmitted through the selected SonicWALL appliance by each service Service reports are useful for revealing inappropriate usage of bandwidth and can help determine network policies For example if there is a large spike of bandwidth usage you can determine whether this is caused by regular web access someone using FTP to transfer large files an attempted Denial of Service DoS attack or another service Note All reports appear in Universal Time Coordinated UTC or Greenwich Mean Time GMT The GMS Reporting Module can monitor known services as well as custom services To add a service to monitor see Adding a Service on page 26 Select from the following e To view service bandwidth usage in real time see Monitoring Service Usage in Real Time on page 24 e To view a summary of the daily service bandwidth usage see Viewing the Services Summary Report on page 25 Note You cannot view
141. y for April 19 2002 w pr PLAN WAWANW ZZ ZZA WA ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota m Utah 0000000 l Report produced for timezone GMT Policies Report SonicWALL Global Management System SONICWALL Senant ye andard Edition E Done _ inene 5 The bar graph displays the number of attacks attempted during each hour of the day The table contains the fol lowing information e Hour when the sample was taken Attacks number of attack attempts 70 Standalone ViewPoint Standalone ViewPoint Guide e of Attacks percentage of attacks during this hour compared to the day For example if 1 000 attacks occurred during the day and 100 attacks occurred during the 2 00 time period the of Attacks field will display 10 6 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 75 Figure 75 Report Settings Dialog Box E ViewPoint Settings Microsof PE X SONICWALL 7 Select the year month and day that you would like to view 8 When you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing the Attacks by Category The Attacks by Category report displays the attacks that occurred on the specifie
142. y that you would like to view 9 When you are finished click Close The GMS Reporting Module displays the report for the selected day Viewing the Web Filter Top Sites Report The Web Filter Top Sites report displays the top blocked web sites that users attempted to access on the specified date 40 Standalone ViewPoint Standalone ViewPoint Guide To view the Top Sites report follow these steps 1 Start and log into ViewPoint 2 Click the Reports tab 3 Select a SonicWALL appliance 4 Expand the Web Filter tree and click Top Sites The Top Sites page appears Figure 36 Figure 36 Top Sites Page Zj SonicWALL GMS Microsoft Internet Explorer provided by Home Ele Edt View Favorites Tools Help Back Dl Aseach G Favorites HHistow Fr wW J RAD Address E hup 64 221 224 38 8000 sgms auth Go Links QYFree AOL amp Unlimited Intemet 4 RealPlayer StateByDepartment rts LL Simulator 4 Top Sites user adn Logout Q California ma Engineering ma Simulator 4 za D Top Filtered Web Sites for April 19 2002 _ settings J onon ma Simulator 5 ma Simulatori ma Simulator2 ma Simulator3 m New York m South Dakota m Utah 500505 Attempts gt 10 0 0 2 255 255 255 255 216 7 64 9 38 144 185 11 209 61 152 205 206 244 69 51 Total 100 0 Report produced for timezone GMT SonicWALLs SONICWALL i Son
143. yDepartment LL Simulator 4 Summary u ma California ma Engineering sa Simulator 4 ma Simulator 5 sa Simulatori ma Simulator2 y Simulator3 t cc New York n sg South Dakota s Utah Bandwidth Summary for April 19 2002 ooon 00505005 SonicWALL Global Management System Standard Edition E Done ln FB nene Z SONICWALL 5 The bar graph displays the amount of bandwidth transferred during each hour of the day 6 The table contains the following information e Hour when the sample was taken e Events number of events or hits MBytes number of megabytes transferred e of MBytes percentage of megabytes transferred during this hour compared to the day For example if 1000 megabytes of data was transferred during the day and 100 megabytes was transferred at the 12 00 time period the of MBytes field will display 10 7 The GMS Reporting Module shows today s report To change the date of the report click Settings The Report Settings dialog box appears Figure 7 Figure 7 Report Settings Dialog Box E ViewPoint Settings Microsof SONICWALL Sun Mon Tue Wed Thu Fri Sat hn 2 b la 5 6 m le la ho lu hz 13 lia hs he 17 8 ho zo za 22 23 24 25 26 27 ze 29 0 8 Select the year month and day that you would like to view 9 When you are finished
Download Pdf Manuals
Related Search