SonicWALL 232-000861-00 Barcode Reader User Manual
Contents
1. e A fixed amount for any usage within the base rate X MB e A higher charge for usage between the base rate and burst max X Y MB More traditional billing is also possible for example where the end customer pays based on the 95 percentile technique Using the intuitive configuration interface any saved report in Scrutinizer can become the basis for an export To ensure the highest accuracy data is gathered from the raw flow data tables The Service Provider Module also includes the following capabilities Any NetFlow field or range within a field is saved as part of the filter within a report Both inbound and outbound flow analytics are available The entire contents of any report type can be emailed or exported in CSV format Archives of all exports can be saved for future reference Exports occur on a periodic basis Rolling the data into larger intervals is possible Exports are emailed or saved in a directory with a custom name which includes a time stamp Scheduled routines o Prepare the data for further processing o Can write the data to another server Customer Portal IT administrators can choose to provide end users are with secure login access to the flow data generated by their network devices End users can also use the customer portal to troubleshoot bandwidth usage and identify analyze odd traffic patterns Additionally automatic HTML reports can be scheduled for each end customer Furthermore serv2. Device Details report egress for sFlow Occurs when navigating to Device Details and interfaces viewing the Egress for sFlow interfaces The Status tab constantly refreshes Occurs when navigating to the Status tab Some of the Country definitions are missing Occurs when viewing the Policy Manager gt Definitions page The Top Conversations gadget does not resolve Occurs when viewing the Top Conversations addresses via DNS gadget Outbound interface reports do not show Occurs when reports are run for the outbound outbound results on the last 5 min reports interfaces The Crosscheck summary does not verify the Occurs when viewing the Crosscheck summary subnet mask properly for custom networks Some vitals may have gaps Occurs when running the Vital function SonicWALL Spyware report filters do not work Occurs when running a SonicWALL Spyware properly report The Top Countries gadget links do not work Occurs when using the Top Countries gadget properly The Security gt User Groups manageable Occurs when viewing the Security gt User gadgets are not in alphabetical order Groups page The NULL Scan Violations in Flow View may Occurs when using Null Scan Violations cause an error The user may see a timeout message related to Occurs when saving from server preferences server preferences Service Provider users might have unwanted Occurs when accessing the Service Level reports access to Service Level report
3. Required columns found in 1 Metering BiFlow sees one Cee EM Source Dest Hosts Packets Flows Domains Bw Unknown both 10 1 7 18 1 7 37 Kp 7K Dale Router 2 319 00 p 356 192 168 1 5 3 400 00 p 217 10 100 1 88 1 6 07 Kp 185 10 1 4 2 1 1 33 Kp 166 iad04501 in f132 1 100 net 2 5 19 Kp 158 10 1 31 2 82 19 Kp 157 10 1 4 254 1 722 00 p 155 10 1 4 1 1 43 54 Kp 59 10 1 4 4 1 40 00 p 43 Other What is this 8 12 Kp 570 00 COUN from conv tables 155 29 Kp 9 43 K lall e z j r re 80080ApE SONICWALL SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 Rev A Release Notes e Advanced Citrix Reporting with granular drill down capabilities including o URLs providing reporting insight into web servers and databases being accessed o Applications providing reporting insight into applications being accelerated via NetScaler o Latency providing reporting insight into the health and delay as seen by NetScaler Note Citrix NetScaler makes applications and cloud based services run five times better by offloading application and database servers accelerating application and service performance and integrating security All these features require the new Citrix Advanced Reporting Module e Device Overview Dashboards provide details on the host status and outstanding alarms o Gadgets can be imported including the real time view of application usage screen in SonicOS o Service Level Report list availabili
4. Current Filter Device Interface T steve Router 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 0202 2012 0202 2012 02 02 08 01 05 08 oan 09 10 08 21 09 28 03 31 08 28 08 41 08 48 03 51 2 X1 WAN Flow Templates 2012 22 8 00 to 2012 2 2 9 59 apply Dates View Raw Flows Inbound Tried all templates Inbound 100 00 Mb s Results 1 10 of 13 0 02s Required columns found in 1 Metering BiFlow SonicWALL Flows 874 a ii swinitCallid swRespCallid Jitter PktLoss gt Packets gt Bts 2261 10 1 3 1 140S 10 1 3 1 9 50 ms 0 00p 48 35 Kp 6 56 Kb s 2261 10 1 3 1 1S eute73 10 1 3 1 9 50 ms 0 00 p 34 53 Kp 4 68 Kbis 2361 10 1 3 1 1240 10 1 3 1 9 50 ms 0 00 p 13 11 Kp 1 78 Kbis 2361 10 1 3 1 14 ene 3 10 1 3 1 9 50 ms 0 00 p 12 45 Kp 1 69 Kbis 2361 10 1 3 1 18000 10 1 3 1 9 63 ms 0 00 p 11 62 Kp 1 58 Kb s 2361 10 1 3 1 16100 28 10 1 3 1 9 50 ms 6 00p 9 21 Kp 1 25 Kbis 2361 10 1 3 1 129m 7 10 1 3 1 9 50 ms 0 00 p 8 91 Kp 1 21 Kb s 2361 10 1 3 1 1400 1 10 1 3 1 9 50 ms 0 00 p 7 37 Kp 999 59 bis 2361 10 1 3 1 1200025 10 1 3 1 9 50 ms 0 00p 5 92 Kp 802 98 bis 2261 10 1 3 1 12 menne0 10 1 3 1 9 50 ms 0 00 p 4 01 Kp 544 27 bis Other What is this 1 82 Kp 246 37 bis Total from conv tables 157 31 Kp 21 33 Kbis Prev 2 Next SonicWALL VolP Call Filter Now Supports Partial Text Matches B Dashboard Maps Status Alarms Admin Help UOL nos eR En bouna Rate Stacked Y Auto 10 Line Y Othe
5. Prev 4 Next SONICWALL gt Release Notes e Enhanced Cisco Reporting in support of recently introduced Cisco technologies Smart Logging and Telemetry SLT is a single mechanism of logging and telemetry of traffic that is associated to a specific event on a switch for example an event triggered by an ACL permitted or ACL denied packet SLT is a threat detection technology and is intended to be used as follows An admin will configure one or more Access Control Lists ACL on the switch If an end system violates an ACL some of the packets will be captured and sent off in a NetFlow datagram with the name of the ACL that was violated Scrutinizer version 9 can collect and report on these NetFlow messages Cisco TrustSec CTS is an umbrella term for security improvements to Cisco network devices based on the capability to strongly identify users hosts and network devices within a network Each CTS Group is a secure network establishing a domain of trusted network devices Every device in the Security Group Access SGA domain is authenticated by its peer device Communication on the links between devices in the SGA domain is secured with a combination of encryption message integrity checks and data path replay protection mechanisms NetFlow reporting allows administrators to monitor the traffic from and between the different CTS groups Performance Routing PfR complements traditional routing t
6. Scrutinizer works ideal when only ingress NetFlow collection is configured on all interfaces Only egress on all interfaces is also possible Do you have any encrypted tunnels on the interface 47 GRE General Routing Encapsulation 50 ESP Encapsulating Security Payload 094 P within IP Encapsulation Protocol 97 EtherlP 98 Encapsulation Header e 99 Any private encryption scheme This can cause traffic to be counted twice on an interface In Scrutinizer go to Admin Tab gt Definitions gt Manage Exporters Click on the round icon with the When you mouse over the icon the ALT will display View the current protocol exclusions of this device Click on this and make sure the above protocols are being excluded SONICWALL lt P N 232 000861 00 RevA 21 Release Notes 6 Full Flow Cache All flows are stored in the flow cache on the router before export Once the cache is full it stops adding entries into the cache until it expires them When events such as a DDOS or a social event occur the router s cache becomes full The cache can be increased however it will use more memory and could have a negative impact on the router A loss of flows will cause Scrutinizer to understate utilization How do I find out if any updates are available for Scrutinizer In your local Scrutinizer install click the Status tab If updates are available you will see a spinning blue icon in the upper right hand corner
7. configuration changes such by disabling ports and modifying ACLs on routers switches and firewalls Scrutinizer uses configurable algorithms to analyze flow data from the entire network infrastructure or from a pre configured sub selection of devices and exporter tables to automatically send syslog messages when trouble arises Using Scrutinizer IT staff can identify RST ACK worms zero day worms SYN Floods DoS DDoS attacks NULL FIN XMAS scans port scanning P2P file sharing Excessive ICMP unreachable Excessive Multicast traffic Prohibited traffic being tunneled through allowed protocols DPI on TCP port 80 Known compromised internet hosts illegal IP addresses Policy violations and internal misuse Poorly configured or rouge devices Unauthorized application deployments The Flow Analytics Module can utilize the local DNS to resolve IP addresses in real time This allows Scrutinizer to group traffic into domains without having to define ranges of IP addresses which could otherwise quickly become a nightmare to manage With this feature Scrutinizer can be configured to monitor traffic to or from specific domains and alert an administrator when preconfigured thresholds are met or exceeded The history of repeat offenders can be easily identified through the use of a Unique Index UI to manage traffic counts In addition the Flow Analytics Module helps locate machines involved with DDoS attacks or infected with viruses worms The Flow E
8. of bits bytes packets or as a percentage of total traffic Per interface host protocol application or conversation reporting e Trend data in out or bi directionally Granular flexible reporting is the heart of the Scrutinizer product Administrators have endless possibilities for generating reports based upon general or very specific criteria Want to know which users are consuming the most bandwidth Would you like that done per bit byte or packet What about which protocols are being most heavily utilized on a particular subnet Security Easily configure DNS caching time limits See all traffic Host to Host or Subnet to Subnet Easily filter and display traffic based upon TCP flags Track flow sequence numbers to trend traffic patterns Quickly identify MITM servers on the network DNS DHCP SMB etc With all of these great features it s no wonder Scrutinizer is invaluable when it comes to security Administrators can toggle between various reports to easily identify traffic flowing from host to host or subnet to subnet Tracking flow sequence numbers and trending traffic patterns has never been easier Further Scrutinizer can quickly identify rogue servers placed on the network attempting a Man in the Middle attack against such services as DNS DHCP SMB and more SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA Release Notes Supported Protocols amp Other Technical Specificatio
9. of visibility previously not possible The network mapping feature allows administrators visibility into almost every link on the network greatly enhancing troubleshooting efforts Scrutinizer s powerful analytics engine provides users with in depth traffic analysis which was previously only available through packet based instrumentation Advanced analysis algorithms and premier industry usage of IPFIX and NBAR based technologies are at the core of Scrutinizer s impressive set of application level reporting and alerting capabilities Scrutinizer is a free tool for download by any IT professional Three of the main limitations of the free product are that it e only stores a maximum of 24 hours of data e does not include most SonicWALL specific reports e can only support up to five devices For the first 30 days after installation the free Scrutinizer product includes the Flow Analytics Module To make use of the features available in the Flow Analytics Module beyond the first 30 days you have to purchase and activate a Flow Analytics Module license There are five optional add on modules for Scrutinizer which are sold separately the Flow Analytics Module the Service Provider Module the Cisco Advanced Reporting Module the Citrix Advanced Reporting Module and the Cross Check Module SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA Release Notes Scrutinizer Base Product The base Scrutinizer produc
10. Board Occurs when navigating to the Bulletin Board Some upgrades would cause the installer to Occurs when installing an upgrade for the become unresponsive before a file copies Scrutinizer feature Some issues excluding Violators in the Alarms gt Occurs when navigating to the Alarms tab Advanced Filtering page clicking the Advanced Filters button and then excluding Violators Some minor grammar and formatting issues are Occurs when viewing the Scrutinizer management displayed in the Scrutinizer management interface interface Some users may have removed Listening Port Occurs when removing Listening Port 4739 The 4739 FlowAlyzer needs this port to function properly Users sometimes get 0 results after Flow View Occurs when launching Flow View for some is deployed alarms The date selector may vanish Occurs after running a multiple Logalot graph report Logalot debug settings do not properly hide Occurs when disabling the Debug menu after the Debug menu is disabled SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 16 Release Notes Users can use decimal places when ordering Occurs when ordering policies policies The installer displays an error message Occurs when using the Scrutinizer installer informing the user that it cannot overwrite scrut_util exe The Scrutinizer system may restart prematurely Occurs when performing a Scrutinizer update In during an upgra
11. If you have a proxy server this spinning icon will always appear Click on it to find out the latest version Users can also use the v parameter for any scrutinizer cgi bin cgi or scrutinizer bin exe file to get the current version and build for that executable Example scrut_util v Compare this to the Scrutinizer Update History have forgotten my Scrutinizer password How do find out what it is In your local Scrutinizer install type the following commands in a command prompt from the homedir bin directory scrut_util exe reset_admin_password USERNAME The USERNAME is the name of the Scrutinizer user account to modify When the command is executed it will prompt for the new password and then to re enter it Note These commands must be run from the Scrutinizer server How do setup SSL with Scrutinizer An installer with SSL support is available for eligible parties Please contact us for the SSL installer How do l use a different drive for storing data Note The following procedures will not work for remote drives based on Windows shares 1 Stop the plixer_mysq service 2 Copy the homedir Scrutinizer mysql data directory to the new drive 3 Edit the homedir Scrutinizer mysql my ini file changing the drive letter for the datadir x homedir SCRUTINIZER mysq l data entry 4 Start the plixer_mysq l service For more information on using a different drive for stored data or storing data to a remote
12. Release Notes SonicWALL Scrutinizer 9 0 1 Release Notes Contents System REQUIFCINOIUS 2 sscccccceeeeeceenseeeeeeeeeeseesaaaannesecetsccuaaaansseessbbeaaaaaenneeeseebeegsaaeeaaaeaeseeeesaecensaeenssesessaeesssseesseetons 1 Enhancements in SonicWALL Scrutinizer 9 0 1 0c cccccccecccceecccnececececnecececeusececseceusecsusevsuveveusessseceuseesueusieeesiesesueeeens 1 Key Features in SonicWALL Scrutinizer 9 0 22cccssccceccccececcennneneeeeecseecenaaeneeeeessseeaaaeeeeeeeesseceaaaneeaeeeeseetsssensienetterens 2 Scrutinizer Product OVCIVIQW 02ccc02ccc0scccesecceseccesecsesecsasscseescsasecsescsascsesscsesscsasscsananansanserooseeeTTEPETeTirioriresanaasanaasena 6 KNOWN ISSUCS ccc cccccceeccceececeececuececeeceenececaecesncesseceusecesnecesaeeesaeeeeaeeesecausecauecasecaugeceuseceegeceseceuecesecessecesseessseeesseees 15 FROSOIVEO ISSU CS ea sc sac eects csc ets cece cece ceca c opanatot eae stata oat ant eae neta tans Sees teense aenscecsdetaaseaseretscntesss aecssenssance cs 16 How to Upgrade to the Licensed Version ccccsessseccseeeeeseeennaenneeeeetsceesaanneeeeeesaeeeesaanesseeesseceesaanaaaensseeessaueessaaenes 19 FAQ aea a A nin ev se dc Dea AEE AAEE EEA A E EA 19 Related Technical Documentation 0 00ccccccccceececeececeececeececeececeececsecaueeceueeceueeseueeceueecaueeseeesaeessaeeesseesseeessessseessseees 24 System Requirements Scrutinizer 9 0 1 is supported on systems with the following Minimum System R
13. atalyst 5000 6500 and 7600 series switches Version 8 is an enhancement that adds router based aggregation schemes It was introduced to reduce resource usage and includes a choice of eleven aggregation schemes Version 9 is an enhancement to support different technologies such as Multicast Internet Protocol Security IPSec and Multi Protocol Label Switching MPLS Versions 2 3 and 4 either were not released Scrutinizer currently supports e NetFlow versions 1 5 6 7 and 9 e sFlow version 2 4 and 5 e Flexible NetFlow IPFIX JFlow and NetStream SSuaWALL SU RNS a SONICWALL P N 232 000861 00 RevA 19 Release Notes How is NetFlow different from traffic analyzers like MRTG MRTG and other such equivalent tools provide information that is largely limited to SNMP statistics NetFlow is more geared toward application level details such as hosts protocols and conversations which are an inherent part of IP traffic Is Cisco the only vendor supporting NetFlow NetFlow technology was invented by Cisco and Cisco IOS devices offer NetFlow compatibility There may be other vendors offering NetFlow support on their devices Scrutinizer has been tested on over a dozen different vendors Is a trial version of Scrutinizer available for evaluation Yes A free version of Scrutinizer can be downloaded and you can get an evaluation license to try the full version What are the differences between the free and commercial version The com
14. database with Scrutinizer version 7 or higher review this guide Why do not all of the colors print correctly when I try to print an emailed report This can be caused by an option found in some browsers and email clients In Internet Explorer 1 Open the Tools menu 2 Click Internet Options 3 Click the Advanced tab 4 Scroll down to the Printing section 5 Check Print background colors and images 6 Click OK This change will carry over to Outlook and Outloook Express SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 22 Release Notes Can Scrutinizer run in VMWare Yes but as with any virtualized environment you may experience sharp declines in performance when your server s resources are divided between many sessions How do exclude Scrutinizer in Symantec AntiVirus From within Symantec expand the Configure option from the tree menu and select File System Click the Exclusions button Click the Files Folders button Find the Scrutinizer directory and check the box next to it Click OK to finish oh ONS How do I setup integration between Scrutinizer and WhatsUp Gold Visit the WhatsUp Gold Integration page for instructions on setting up WhatsUp Gold v12 v14 and Scrutinizer to work together Why are my IPs not resolving even though I have configured my DNS properly in Windows In certain situations Scrutinizer may not be able to properly re
15. de 9 0 1 services will be disabled during upgrades to prevent restart prematurely The link to online help is broken in the Occurs when clicking the Online Help in the Dashboard tab Dashboard tab The link to the Alarms tab is not accessible from Occurs when clicking the Alarms tab in the top the top network transport gadget network transport gadget The Enter key does not perform a search only Occurs when navigating to the Alarms gt Policy the Search button works Manager page entering search criteria in the Search text field and then pressing the Enter key An error displays in the command line interface Occurs when running scrut_util update_httpd_port in the command line interface The statusAverage server preference is no The statusAverage server preference is longer relevant removed in 9 0 1 Some buttons do not have mouse over Occurs when navigating through the Scrutinizer descriptions management interface and moving the mouse over buttons to view a description Alarm reports for the Flowalyzer device display Occurs when configuring an alarm report on the no results Flowalyzer device Source and Destination Country Filter does not Occurs when there are no destination countries work Crosscheck and Service Level Reports are Occurs when SPM users are viewing the displayed incorrectly Crosscheck and Service Level reports Email notifications are not sent out Occurs when Email notificati
16. e Provider Module adds several additional features which are especially useful for Managed Service Providers MSPs and Internet Service Providers ISPs The following are some important features included in the Service Provider Module e Ability to easily modify style sheets i e to change the logos colors and fonts to match the Service Providers marketing and branding efforts To further facilitate this several default style sheets have been included with the product Ability to configure permissions per router switch or interface for each Scrutinizer login account Ability to customize a default landing page for end customers that require access to Scrutinizer Ability to integrate with third party applications URLs and mashups Customizable billing solutions based on actual network usage for invoicing purposes Ability to export reports to CSV format for easy importing to a database or MS Excel Third Party Product Integration The Scrutinizer dashboard function includes a URL mashup feature to provide third party application vendors and professional services organizations a comprehensive yet easy method to access information within the Scrutinizer database Mashups representing a combination of information from several different applications into a single easily accessible dashboard is a new class of short term or disposable applications which can be created quickly and easily Utilizing simple web technology Scrutinizer allows an
17. echnologies by using the intelligence of a Cisco IOS infrastructure to improve application performance and availability PfR enhances routing in order to select the best path based on user defined policy The PfR policy can minimize cost efficiently by distributing traffic load and or selecting the optimum performing path for applications PfR NetFlow reports provide details on active and passive traffic Active traffic is where the router makes routines connections and exports the performance results e g out of policy in NetFlow Passive traffic can also be monitored and measured for performance and metrics are exported in NetFlow MediaNet Performance Monitoring reports on top interfaces with the most jitter latency All these features require the Cisco Advanced Reporting Module New Host Destination Report B Dashboard Maps Status Alarms Admin Help ODI ned inbound Total Stacked Y Atov 10 Line Y Other M4O 7 O so 490 380 Flows DESC 1m Interval Total Report UNSAVED Update when filters change Add New Filter X Current Filter Device Interface B steve Router 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 0202 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 0202 2012 02 02 2 X1 WAN 08 01 98 08 09 11 05 16 09 21 08 28 08 31 08 38 08 41 0 Flow Templates 201222 8 00 to 2012 2 2 10 00 Apply Dates View Raw Flows Inbound Tried all templates Inbound 100 00 Mb s Results 1 10 of 134 0 56s
18. ed scrut_util does not verify proper permission Occurs when running scrut_util from the command line interface Logalot Report Manager button does not work in Occurs when navigating to the Admin tab and the Admin tab clicking the Logalot Report Manager button Users cannot run Exceeded Crosscheck Fault Occurs when trying to run Exceeded Crosscheck Index as a report Fault Index as a report Removing a report policy does not properly Occurs when removing a report policy The remove scheduled reports scheduled reports should be removed when the report policy is deleted SNMPvs credentials cannot be set as the Occurs when configuring administrator s default credentials credentials An error displays in the command line interface Occurs when running scrut_util update_plixerini_mysqlroot in the command line interface Confusion with the naming convention of Occurs when viewing or configuring Custom Custom Reports Reports To avoid confusion Custom Reports are now called Flow Reports Threats Overview and FA list alarms user Occurs when viewing the Alarms list in Threats shouldn t access Overview and FA There are some usability issues with the top Occurs when searching for addresses in the top interface gadget interface gadget The Reset Hits button does not reset all counts Occurs when navigating to the Policy Manager page and clicking the Reset Hits button Column and sorting issues in the Bulletin
19. equirements for trial installations e 4GB RAM e 50GB IDE or SATA Hard Disk e Dual Core 2GHz Processor e Windows Vista 2008 7 Operating System Recommended System Requirements for production environments e 8GB RAM e 1 TB 15k SCSI in a RAID 0 or 10 configuration Hard Disk e Quad Core 2GHz Processor e Windows 2008 Server Enhancements in SonicWALL Scrutinizer 9 0 1 Scrutinizer version 9 0 1 introduces the following new enhancements Denika Threshold Policy NBAR Application Latency Reports Open Source Method Back Up Custom Template ID Added in the Available Reports List Chinese Localization Business Hours Reports Device IP Callouts Command Line Reset SonleWALL Semtinizer90 1ReleaseNoke SONICWALL gt P N 232 000861 00 Rev A Release Notes Key Features in SonicWALL Scrutinizer 9 0 The following enhancements are new in the SonicWALL Scrutinizer 9 0 release SonicWALL Scrutinizer 9 0 1 Release Notes Enhanced Notifications and Facilitation of Automatic Remediation In version 8 6 and earlier versions Scrutinizer only sent syslogs Version 9 adds the ability to send notifications and escalate issues If the first person notified doesn t clear the alarm within a given time period a second person third person and so on can be notified via email pager and other options listed below Notifications can be sent when alarms are triggered based upon specific SonicWALL firewall security related events N
20. es Using saved Scrutinizer reports the Flow Analytics Module can monitor and send out syslogs when traffic patterns violate specified thresholds For example the Flow Analytics Module can be used to monitor an application for a certain ToS within a class A subnet e Enhanced Security Awareness o Administrators can create a list of banned applications to be alerted upon traffic identification o Detect malicious traffic such as DDoS attacks worm traffic and more o Detect numerous types of network scans such as SYN XMAS amp FIN o Detect rouge IP addresses that lie outside of predefined subnets The enhanced security functionality alone makes Scrutinizer with Flow Analytics an invaluable tool in an administrator s arsenal Know exactly what is happening on the network where traffic originated where it is going and what type of traffic it is ls someone planning an attack by scanning the corporate network Did one of the servers get infected with malware and launch a DDoS attack Scrutinizer can automatically detect these activities and alert administrators immediately upon detection At the heart of Scrutinizer s attack detection capabilities are a behavioral analysis engine and a periodically updated known threats database IT administrators can use Scrutinizer to identify and alert on threats such as DDoS attacks port scanning attacks from infected hosts behind the firewall In turn this allows the administrator to remediate threats by making
21. ew notification options include 1 Email notifications about network activity can be sent to administrators using mobile and other devices 2 SNMP Traps can be triggered allowing for greater integration with existing notification options 3 Syslog Messages allow for greater remediation when integrated with third party SIEM products such as ArcSight 4 Script execution allows for automatic remediation eliminating the need for manual intervention Scrutinizer now facilitates automatic remediation based on specific events Previous versions of Scrutinizer as do most other third party flow analytic applications only provide messages to the user when alarms are triggered By adding SNMP Traps amp Script Execution Scrutinizer now has the potential to remediate events For example SonicWALL IPS sees an attack occurring on the LAN an alarm in Scrutinizer is triggered which in turn sends an SNMP Trap to the Cisco switch to shut down the interfaced being used in the attack Advanced SonicWALL VPN Reporting with granular drilldown capabilities including Reports are available for both site to site VPN connections and remote user IPSec VPN connections i e Global VPN Client connections User Details include user name authentication method and domain for detailed reporting on specific users Reporting data can be cross referenced with the friendly VPN name the remote system s IP address and the local system s IP address New SonicWALL Sc
22. get spikes in your utilization reports Command to type ip flow cache timeout active 1 The command below ensures that flows that have finished are exported in a timely manner The default is 15 seconds you can choose any value between 10 and 600 Note however that if you choose a value that is longer than 250 seconds Scrutinizer may report traffic levels that appear low Command to type ip flow cache timeout inactive 15 NetFlow only exports IP traffic i e no IPX etc and no layer 2 broadcasts are exported by this version of NetFlow How do I setup my router to forward NetFlows to two destinations Type the ip flow export destination command twice e router name ip flow export destination 10 1 1 8 2055 e router name ip flow export destination 10 1 1 9 2055 Why are my graphs reporting over 100 utilization 1 SonicWALL Scrutinizer 9 0 1 Release Notes The interface speed is not correct Scrutinizer uses the speed specified in the SNMP OID Login to the router or switch and fix the problem or in Scrutinizer go to Device Details and manually type in the correct speed The active timeout has not been set to 1 minute on the router Login to the router or switch and fix the problem Non dedicated burstable bandwidth where the ISP allows you to use over the allocated bandwidth Both ingress and egress NetFlow collection have been enabled on the interface This can work properly if the direction bit is set in the egress flows
23. hreats Monitor e DDOS Violations e Nefarious activity If installing Scrutinizer on a machine that is already receiving flows from gt 50 devices Scrutinizer will need an extra 5 minutes to crunch the data and display all that it is receiving The performance of Scrutinizer is dependent on processing power of the machine it is installed on NOTES e VMware is often not a good platform e SAN storage can be slow e Turn Anti virus off or exclude the Scrutinizer directory Multiple CPUs mislabeled in Vitals Summary Fix coming in a future release Loading a single report in Scrutinizer consumes Solution being considered Possibly addressed in roughly 9OMB 95MB of memory future release Currently functioning as designed Issues displaying SonicWALL Scrutinizer in Internet Explorer v6 Bad formatting in report type when no data is available Pie Charts error with Graphing Error No data for selected period when results are zero SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA Internet Explorer v6 is no longer supported Please use Internet Explorer v7 or newer The latest version of any browser is highly recommended Fix coming in a future release Fix coming in a future release SONICWALL gt 15 Release Notes Resolved Issues This section contains a list of resolved issues in the 9 0 1 release Logalot creates empty and extra tables that are Occurs when using the Logalot feature not us
24. ice providers can use the portal as a message board to communicate with their customers as well as integrate other applications into the MyView interface SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 12 Release Notes Cisco Advanced Reporting Module The Scrutinizer Cisco Advanced Reporting Module is a value added performance monitoring and reporting solution for Cisco Smart Logging and Telemetry Cisco TrustSec CTS Cisco Performance Routing PfR and Cisco Medianet Scrutinizer delivers detailed reports on all traffic related to voice and video IT staff can troubleshoot QoS issues related to choppy video or delayed voice streams by using Scrutinizer to analyze the appropriate flow Scrutinizer can be configured to analyze and alert on excessive amounts of one or a combination of the following parameters Round Trip Time Latency Jitter Packet Loss Bits Bytes and Packets MAC Addresses IP Addresses VLANs Domains Applications Interface Citrix Advanced Reporting Module The SonicWALL Scrutinizer Citrix Advanced Reporting Module adds the granular drill down capabilities for e URLs providing reporting insight into web servers and databases being accessed e Applications providing reporting insight into applications being accelerated via NetScaler e Latency providing reporting insight into the health and delay as seen by NetScaler Note Citrix NetScaler makes applications and cloud based se
25. ing jitter amp latency e Easily find out where the slowness on the network is occurring e Plan for network growth Administrators can use Scrutinizer to monitor the volume of traffic on their network and analyze how it is fluctuates over time In fact Scrutinizer s network volume gadget feature can be utilized to see the number of unique hosts and well known applications being accessed This report shows trending information on the number of hosts accessing the network providing the IT administrator with insight into increases over time Additionally reports can be limited by time range such as 9am to 5pm to monitor network traffic volume during peak business hours Scrutinizer can also be used to identify bottlenecks on the network For example when streaming video or VoIP is deployed on the network automatic alerts could be configured in Scrutinizer to email the IT administrator notifying him of packet loss delays in packets arrival or packets arriving out of order This provides an IT admin the ability to proactively know of call quality degradation even before users complain of an issue Visibility e Trend analysis reports on archived data e Easily see the top 5 interface across all routers switches amp firewalls e Integrated Google Maps viewing allows for visual representations of distributed network e Flexible viewing options allow data to be seen from different angles pie bar matrix line Various viewing options
26. lication visualization reports for SonicWALL products Flexible NetFlow NBAR based application reports requires IOS v15 on Cisco routers Conversations to from host pairs and applications used Flow reports with ToS field Host flow reports to show hosts sending or receiving the most flows Host volume reports to show the volume of unique hosts per second Pair volume reports to show the volume of unique to from address pairs per second e Set It amp Forget It Alerting o Easily create alerts to notify administrators of unfinished flows or nefarious activities o Alerts can trigger email notifications SNMP traps syslog messages and script execution facilitating event remediation Alarms can be configured to alert administrators based upon specific interface utilization Administrators can be alerted based on any pre defined report Reports can be scheduled then emailed to administrators Administrators can proactively monitor QoS of RTSP traffic oo0o0o 0 The Flow Analytics add on to Scrutinizer provides administrators with greater automation control making routine advanced reporting a snap Alerts can be configured based upon everything from unfinished flows to specific interface utilization Further administrators can configure QoS thresholds to proactively be alerted of RTSP latency and jitter before end users even reports a problem SONICWALL lt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 Rev A Release Not
27. mercial version of Scrutinizer NetFlow amp sFlow Analyzer includes the Flow Analytics add on module which adds historical data retention and network behavior analysis What are the system requirements Scrutinizer s system requirements are detailed here System Requirements How do find out if my Cisco equipment supports NetFlow Review the NetFlow Services Solutions Guide to find out if you have a NetFlow compatible Cisco router or switch What if need features that Scrutinizer does not support We understand that our software needs to be flexible If you want a feature added we may be able to work with you Does it support other Languages Scrutinizer currently supports the following languages Chinese Simplified and Traditional English French German Japanese Korean Portuguese Russian and Spanish How will enabling NetFlow affect the performance of the router switch For detailed information on exactly how enabling NetFlow will affect the performance of your Cisco router or switch review the NetFlow Performance Analysis whitepaper PDF http Awww cisco com en US technologies tk543 tk812 technologies white paperO900aecd802a0eb9 html How long do have to wait before the graphs are populated Less than 5 minutes Make sure you have the NetFlow configured correctly on the router or switch Why are some interfaces labeled as lflndex2 lflndex3 or just 1 2 3 etc This happens if the interfaces did not respond to the SNMP
28. ns Granularly define reports down to specific interfaces across multiple routers switches or firewalls Easily integrate 3 party application and URLs into dashboards Integrates with LDAP servers Support for SNMPv1 SNMPv2c and SNMP v3 Support for all industry standard flow analytics IPFIX NetFlow v5 NetFlow v9 FnF sFlow J Flow Configurable to over 1000 interfaces and several hundred exporters Create filters based upon next routing hop Filter on any exported field such as VLAN id L2 Address L3 Address and latency Immediate cost savings by not requiring the purchase of an expensive Microsoft Database server e Capable of handling up to 20 000 flows per second on an unlimited number of UDP ports From a technological stand point Scrutinizer leaves similar priced flow analyzer products in the dust Scrutinizer s robust and superior features such as LDAP integration and support for every industry standard flow protocol in the market today provide enormous value When configured appropriately the Scrutinizer engine can receive up to 20 000 flows per second on over 1 000 different interfaces Customizable dashboard mashups allow for 3 party applications and URLs to be imported directly into Scrutinizer making it the only application needed to know exactly what s on the network Troubleshooting e Easily identify link failures e Easily identify specific link traffic statistics e Easily identify QoS across the network by analyz
29. ons are sent out for Rate Based triggers Launching dashboards can be slow Occurs when launching certain dashboards Device syslogs are being sent down from Occurs when Flowalyzer sends down device Flowalyzer syslogs No search results are listed for Limited SPM Occurs when using the Top Interface Gadget to Users search for Limited SPM Users A Packets column is incorrectly displayed in Occurs when viewing the Top Interfaces report Outbound Jitter reports are incorrectly showing available Occurs when viewing the Jitter reports for some Medianet exporters An incorrect status is showing up in Tree menu Occurs when viewing the Tree menu SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 17 Release Notes The Watcher is becoming unresponsive at 1 Occurs when using SNMP in conjunction with the AM Watcher Flow Direction is exported with only ingress Occurs when exporting the Flow Directions flows feature Violation reports are inaccurate Occurs when the FIN algorithm does not report violations with the correct accuracy FA Top Hosts Gadget is not render properly Occurs when using the FA Top Hosts Gadget with with less than 10 hosts less than 10 hosts An inadequate message appears in server Occurs when viewing the server preferences preferences related to listening ports issues The Alarm tab experiences delays Occurs when interrupting the column sorting process
30. over IP VoIP traffic and determine the amount of voice traffic into and out of the network over time what users are involved with the most VolP traffic the caller ID of destination and source QoS statistics such as Latency Jitter and packet loss of each call what audio codec is being utilized and whether the router is modifying DSCP values By using multiple servers to act as distributed flow data collectors Scrutinizer can be deployed as a distributed solution accessible through a single central web based interface allowing for easy scalability to support enterprise level networks Dozens of distributed collectors can be deployed and depending on the volume of flow data being received by each collector a single deployment of Scrutinizer can potentially support hundreds of firewalls routers and switches Network topology maps come to life in Scrutinizer as links change in color and thickness with variations in network utilization Clicking on a link in a network topology map brings up useful traffic statistics such as top talkers and top conversations within the last minute IT administrators can use Scrutinizer to plot network appliances such as firewalls routers and switches on a Google map embedded in the Scrutinizer application Using this geographic map as a starting point into all network analysis provides traffic details collected and organized for easy visualization in Scrutinizer Service Provider Module The Scrutinizer Servic
31. porting NetFlow data e Uses SNMP to make OID sets e Supports SNMP v1 v2c and v3 Flowalyzer NetFlow amp sFlow Communicator e Run aping or traceroute to any host e Ping via ICMP UDP or TCP protocols e Communication responses are readable in a clear response display Flowalyzer SNMP Trender Generate trend graphs for any SNMP enabled device Custom OID support allows any SNMP variable to be trended in real time Custom update period allows graphs to update as often as every second Supports SNMP v1 v2c and v3 Save multiple sets of Read Write SNMP credentials No limit to the number of simultaneous graphs SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 44 Release Notes Known Issues This section contains a list of known issues in the Scrutinizer 9 0 1 release MFSN report for some sFlow devices will occur even though no flows are being lost This can happen if multiple subagents exist on a single sFlow exporter Flow Analytics can cause the server to page memory to disk and slow down the user interface Generally occurs on underpowered machines When initially evaluating SonicWALL Scrutinizer the interface is slow and many interfaces don t immediately appear The interface of SonicWALL Scrutinizer is very sluggish and or the collector may fail and need to be restarted Fix coming in a future release Disable the following algorithms e Top Countries e Internet T
32. r sete a Bits DESC 1m Interval Rate MKO 7 f Report UNSAVED V Update when filters change Add New Filter v Current Filter Device Interface T steve Router 2 X1 WAN Flow Templates Tried all templates Required columns found in 1 SonicWALL Custom Flows 874 Domains BBW Unknown both SonicWALL URL BB imo SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 0202 2012 0202 2012 02 02 2012 02 02 201202402 201202402 2012 0242 09 01 08 06 09 11 05 16 09 21 09 20 09 31 09 38 09 41 09 48 09 51 ERS 201222900 to 201222 10 00 apply Dates View Raw Flows Inbound Inbound 100 00 Mb s Results 1 10 of 55 0 46s Metering BiFlow SonicWALL URL Packets Bits ia www cpfd convimg AboutUsicon gif 184 00 p 551 72 bis www cpfd convimg background jpg 184 00 p 551 72 bis www cpfd convimg SideShow shopping2 jpg 184 00 p 551 72 bis www cpfd com iimg SiideShow solderkids jpg 184 00 p 551 72 bis www cpfd convimg standardheaderimage jpg 184 00 p 551 72 bis www cpfd com img templatemo_button png 184 00 p 551 72 bis www_cpfd comimg DivisionMgmtheader gif 166 00 p 479 65 bis ww w cpfd convimgo MeetOurTeamHeader gif 166 00 p 479 65 bis www cpfd com img MgmTeamHeader_ gif 166 00 p 479 65 bis www cpfd convimg OurTeamPhotos DebbielMayfinal jog 166 00 p 479 65 bis Other What is this 4 78 Kp 14 01 Kb s Total from conv tables 6 55 Kp 19 24 Kb s an o
33. r of MySonicWALL Once a license file is obtained bring up the SonicWALL Scrutinizer web interface i e the Scrutinizer application itself and click on the Admin tab In the left navigation bar click Settings gt Licensing Paste the license key into the appropriate box Click the Save button FAQ What is NetFlow Cisco NetFlow technology is an embedded feature within Cisco IOS routers and high end switches e g 6500 series NetFlow data records consist of information about source and destination addresses along with the protocols and ports used in the end to end conversation Scrutinizer uses this information to generate graphs and reports on traffic patterns and bandwidth utilization More information can be found here What is sFlow Unlike NetFlow which aggregates multiple conversation streams into a single packet sFlow is a packet sample of traffic Although it offers 100 of the packet when used strictly for IP accounting it is unreliable What are the different versions of NetFlow available Version 1 is the original format supported in the initial NetFlow releases while version 5 is the standard and most common NetFlow version deployed Version 5 is an enhancement that adds Border Gateway Protocol BGP autonomous system information and flow sequence numbers Version 6 is similar to version 7 This version is not used in the new IOS releases Version 7 is an enhancement that exclusively supports NetFlow with Cisco C
34. requests sent by Scrutinizer Bring up the SNMP view that lists all the interfaces and click the Update button Please review SNMP Device View in the Scrutinizer manual Also this will occur if flow option templates to identify the interfaces have not been received SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 20 Release Notes How do enter IP to name resolutions so that Scrutinizer doesn t have to use the DNS to resolve IPs Edit this file C WINDOWS system32 drivers etc hosts and enter the IP to name translations Overall utilization on the interface appears to be understated Why would this be 1 Make sure NetFlow is enabled on all physical interfaces of the device Do not be concerned with the virtual interfaces as they will auto appear once NetFlow is enabled on the physical interface If the hardware can t keep up with sending the NetFlow packets it will drop NetFlows before they even leave the device To check to see if this is the problem login to the Cisco device Command to type Router _name gt sh ip flow export At the bottom of the export look for something like 294503 export packets were dropped due to IPC rate limiting If this counter is incrementing the hardware cannot keep up with the export demands The command below breaks up long lived flows into 1 minute segments You can choose any number of minutes between 1 and 60 if you leave the default of 30 minutes you will
35. rutinizer VPN Report Type a Dashboard Maps Status Alarms Admin Help CIOT ned Inbound Rate Stacked vl Ato v10 gt ime l omeri De Bits DESC 1m Interval Rate vaaz Na Report UNSAVED Update when filters change Add New Filter Current Filter Device Interface BD steve Router 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 02 02 2012 02 02 20120202 2012 02 02 20120202 2012 0202 2012 02 02 2 X1 WAN 08 01 08 08 08 11 08 16 09 21 08 28 08 31 08 26 08 41 08 48 09 51 Flow Templates 2012228200 to 2012 2 2 5 59 Apply Dates View Raw Flows Inbound Tried all templates Inbound 100 00 Mb s Results 1 1 of 4 0 17s Required columns found in 1 Metering BiFiow onicWAL 874 H vpn_tunnel_name Packets Bits vis RE piverven 30 50 Kp 17 10 Kb s Total from conv tables 30 50 Kp 47 40 Kb s He E SONICWALL gt P N 232 000861 00 RevA Release Notes e Enhanced SonicWALL VoIP Reporting including o SonicWALL VoIP conversations reports have been optimized o SonicWALL VolP call filtering now allows for partial text matching Enhanced SonicWALL VolP Conversation Report B Dashboard Maps 7SMO f Report UNSAVED M Update when filters change Status Alarms Admin Help EDI RON Y SonicWALL VolP Conversations Inbound v Rate v Stacked YV Auto Y 10 Line Y Other a Bits DESC 1m Interval Rate Add New Filter
36. rvices run five times better by offloading application and database servers accelerating application and service performance and integrating security Cross Check Module The SonicWALL Scrutinizer Cross Check Module provides integration with third party monitoring and flow analytic tools such as WhatsUp Gold Orion SNMPc Uptime Devices and Nimsoft This module s capabilities include e Cross Check creates central inventory of all network devices managed by other analytic tools displaying several attributes including device name IP address and status e Flowalyzer Poller continually assesses the status of devices identified by Cross Check and provides updates to Scrutinizer via IPFIX messages e Cross Check references the status of devices as known by Scrutinizer with other third party management products to monitor if flow data is arriving properly and whether devices are being polled correctly e Fault index measurements indicate device status across numerous management systems using configurable severity levels Syslog notifications can be sent out if predefined threshold levels are met e Clickable inventory allows users with direct links to integrated third party applications providing easy access to devices that are managed via these other applications e Inventory groupings can be created allowing for easy monitoring of network segments regardless of whether the appliances are managed by Scrutinizer or a third party application e Cros
37. s Some FA Configuration graphs are missing Occurs when viewing the FA Configuration historical trends graphs SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 18 Release Notes How to Upgrade to the Licensed Version Click the Scrutinizer link on the www mysonicwall com homepage to automatically register a Scrutinizer product with its own serial number The user is then directed to the Services Management page for the newly registered Scrutinizer product Upon registration SonicWALL Scrutinizer will be available from the Downloads section in mySonicWALL The free trial version of Scrutinizer can be installed immediately and does not require a license key just double click the executable and follow the installation process The new Scrutinizer product will be listed in the My Products section on mySonicWALL Click on the Scrutinizer product to bring up the Services Management page for that particular product Additional software modules and support licenses can be activated on the Services Management page either by clicking on the Buy Now button or by either entering the appropriate keys purchased from a SonicWALL reseller or distributor Upon activation of any additional licenses an email with instructions on how to download a license file will be sent to the email address associated with the mySonicWALL account The license file will be available in the My Downloads section of the Download Cente
38. s Check was created directly in response to large MSP and enterprise customer demands for third party integration All these features require the Cross Check Module SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 13 Release Notes Flowalyzer NetFlow amp sFlow Tester Separate from Scrutinizer and its add on modules SonicWALL also offers a free tool called Flowalyzer NetFlow amp sFlow Tester Flowalyzer is a free NetFlow and sFlow Tool Kit for testing and configuring hardware or software to send and receive NetFlow sFlow data Flowalyzer can help IT professionals troubleshoot hardware from vendors like Cisco and Enterasys as well as NetFlow collector software ensuring that whichever flow technology they use is configured properly on both ends Flowalyzer NetFlow amp sFlow Listener Determine which flow sending devices are sending the highest volume Listen for NetFlow on multiple ports Display packet count version of NetFlow and UDP port flows are coming in on Display the IP address and DNS name Flowalyzer NetFlow Generator e Generate NetFlow data to determine if the destination collector is accepting flows e Send NetFlow v5 NetFlow v9 and IPFIX e Determine if the destination collector is dropping NetFlow data by comparing the flows sent to what is received on the other end Flowalyzer NetFlow amp sFlow Configurator e Configure Cisco Routers or Enterasys switches for ex
39. s fingertips Easily identify the top applications being utilized on the network Easily identify the top country of origin for traffic flowing across the network Easily identify the top domains being accessed Easily identify the top subnets being utilized on the network oo 0 0 With the addition of the Flow Analytics module Scrutinizer becomes an even more powerful reporting engine offering even greater flexibility and granularity In addition to all the reporting functions provided in the base edition Scrutinizer with Flow Analytics adds advanced reporting options such as flow volume MPLS by subnet Microsoft Exchange log trending and NBAR support Administrators have with a wealth of information right at their fingertips IT administrators can create custom reports by applying filters to granularly define the specific information desired Once created custom reports can be saved for later use Custom Reports allow the user to configure detailed reports by filtering on fields such as IP Addresses ranges and subnets Port numbers and ranges Defined applications including ranges of protocols and groups of protocols Multiple interfaces from different routers and switches Any exported field available via NetFlow or IPFIX Dynamic QoS monitoring Detailed security forensic information The Flow Analytics Module adds several additional flow based traffic analysis report types Examples include but are not limited to Granular IPFIX based app
40. solve IP addresses This usually happens when there are multiple DNS servers with disparate records To deal with this Scrutinizer allows you to specify your DNS servers in a file rather than get the settings from the Windows Registry The steps are outlined below 1 Create a file in the scrutinizer html directory called dns conf 2 Open this file with a text editor like Notepad 3 Create a list of DNS servers in the file in the format below e nameserver 192 168 1 1 e nameserver 166 186 184 2 e nameserver 224 39 1 171 Now that you have created this file you should now be able to go into the Scrutinizer web interface and do lookups properly I d like to change the MySQL scrutinizer user password from the default to something more secure Is there anything else I need to do other than set the password in MySQL Update MySQL Root password via CLI using scrut_util exe located in the HOMEDIR Scrutinizer bin directory There is a two step process resetting the password then updating the plixer ini file Options reset_mysql_password Changes the MySQL root account password update_plixerini_mysqlroot Use this command to update the plixer ini database root user password Scrutinizer and the database root password must be in sync Usage Example C Program Files x86 Scrutinizer bin gt scrut_util exe reset_mysql_password Changing Password for MySQL Root Password Press lt ENTER gt to abort Note On Windows 2008 and Windo
41. t includes many great features such as Administration e Customizable Dashboards e Group Based User Permissions e Unique Dashboards per login With Scrutinizer s suite of built in administrative tools customizing specific user logins and dashboards is a breeze Administrators can create specific permissions based upon a particular user identity or create group based user permissions for entire departments The Dashboard can be customized on a per user basis to provide the information that is most relevant to each user upfront Alerting e Support for on demand email reporting e Ability to batch schedule and email reports to administrators Scrutinizer was built with ease of use in mind With Scrutinizer s alerting features administrators have set it and forget it flexibility when it comes to reporting Reports can be run based upon a specific schedule or triggered when event thresholds are exceeded Once configured reports can be automatically batched and emailed to administrator in several formats Flexible Reporting e Inthe Free version data can be archived for up to 24 hours Data can be saved longer if a commercial version is purchased Extensive Flexible NetFlow template support Granularly defined reports down to the second which can include exclude data filters Create and save templates to easily reuse for future reporting Create application group reports based upon specific ports or subnets Display data by number
42. twork troubleshoot irregular network traffic patterns and optimize network performance The Scrutinizer application is run on a Windows server and accessible through a web based Graphical User Interface GUI IT administrators use SonicWALL Scrutinizer to collect monitor and analyze data on user and application usage across the network Scrutinizer provides administrators with great insight into how the network is being used through the use of highly customized granular reporting Administrators can be alerted based upon a set threshold or on a pre determined schedule Scrutinizer supports a wide variety of flow protocols allowing compatibility with virtually every collector available in the market today In addition to SonicWALL s pioneering IPFIX implementation in SonicOS 5 8 Scrutinizer also supports Cisco s Flexible NetFlow Customers utilizing Scrutinizer receive even greater value for their investment as the software can be utilized to monitor an ever increasing number of switches and routers due to support for numerous additional industry standards such as NetFlow v5 NetFlow v9 sFlow and J Flow Additional supported hardware vendors include Enterasys Foundry Juniper Riverbed VMware Citrix ADTRAN Nortel and many others Supporting a broad range of network devices flow protocols and application types Scrutinizer is flexible enough to be utilized on virtually any network Administrators are able to leverage reports to reach a level
43. ty and latency trends on all devices polled e Scrutinizer Cross Check provides integration with third party monitoring and flow analytic tools such as WhatsUp Gold Orion SNMPc Uptime Devices and Nimsoft This new module s capabilities include o Cross Check creates central inventory of all network devices managed by other analytic tools displaying several attributes including device name IP address and status o Flowalyzer Poller continually assesses the status of devices identified by Cross Check and provides updates to Scrutinizer via IPFIX messages o Cross Check references the status of devices as known by Scrutinizer with other third party management products to monitor if flow data is arriving properly and whether devices are being polled correctly o Fault index measurements indicate device status across numerous management systems using configurable severity levels Syslog notifications can be sent out if predefined threshold levels are met o Clickable inventory allows users with direct links to integrated third party applications providing easy access to devices that are managed via these other applications o Inventory groupings can be created allowing for easy monitoring of network segments regardless of whether the appliances are managed by Scrutinizer or a third party application o Cross Check was created directly in response to large MSP and enterprise customer demands for third party integration All these features req
44. uire the Cross Check Module E Dashboard Maps Status Alarms Admin Help BOOS ad Top 25 7 Search Query interval 5minutes Thresholds 3rd Party Methods Overview by Scrutinizer gt Host Database updates every 5 min gt Denika gt Flow gt Poller gt WhatsUp gt Fault index Wizards 10 1222 Le fo 6 All Device Trends lt d i views c 67 165 73 126 hsd1 pa comcast net le c 3 CrossCheck List 101341 o w 3 CrossCheck Summary 192 168 116 j 3 Service Level Report ze 3 192 168 510 o ko 3 Top interfaces 7 Top Mail Servers c2 pixer com le 2 OZ international theDube ie 2 O Medianet 68 186 184 21 je 2 O Network Topolo 2 a 10 1 2 20 o 2 O nProbe 44 e O X Corporate Office buozita pixer com or 2 X Corporate Office 30 Cisco Trustsec E je 2 O BB Ungrouped 192 168 7 3 o 2 101223 je 2 f 7 i 101 715 Le Ko 2 1523500 plixer com eB je 2 656 186 184 178 je 2 ns1 pixer com e oad 2 e Improved SonicWALL report searching capabilities It is now possible to search on portions of a URL rather than the exact URL SSaaWALL Sau 0 RN Co a _ SONICWALL 5 P N 232 000861 00 RevA Release Notes Scrutinizer Product Overview SonicWALL Scrutinizer is a network traffic monitoring analysis and reporting tool Scrutinizer is a mature and feature rich flow analytic platform Scrutinizer is used to monitor the overall health of the ne
45. utinizer SonicOS 5 8 NetFlow Reporting Feature Module 7 Jan 2012 PEE V Product Guides 4 eine 2 of 2 ViewPoint Software J Release Notes 4 Backup amp Recovery Release Notes Content Security Management 2of2 Client Software z SonicWALL Scrutinizer 9 0 0 Release Notes 28 Feb 2012 Legacy Products Self Help Resources SonicWALL Scrutinizer 8 6 2 Release Notes 30 Sep 2011 Support Services 2 of 2 ote Professional Services Guidelines amp Policies Product Lifecycle Contact Support Training Certification Last updated 4 25 2012 SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 Rev A bx
46. within Scrutinizer such as the matrix view provide an innovative tool for better visualization of traffic flows Based on criteria established when the report is generated administrators can toggle to different views to see a graphical map of where traffic is flowing The Matrix enables administrators to easily visualize which systems a particular host has been accessing SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA Release Notes Flow Analytics Module The Flow Analytics Module brings traffic flow diagnostics to the next level by adding historical reporting for an unrestricted period of time advanced alarming with the ability to set thresholds role based administration and in depth traffic analysis algorithms to the Scrutinizer software It can easily identify top applications conversations flows protocols domains countries and subnets on the network as well as watch for and alert on suspicious or potentially hazardous network behavior patterns thereby providing administrators with greater network security awareness In addition to the base level features Scrutinizer with the add on Flow Analytics module provides several additional advanced features such as e Flexible Reporting o SonicWALL specific templates for reporting Special traffic analysis reports such as Flow Volume amp NBAR Support MPLS reporting by subnet Microsoft Exchange log trend analysis Puts information at administrator
47. ws 7 you must run this command from the Administrator Dos Prompt New Password Verify Password Attempting to login with new password PASS Password Updated for MySQL Root DONE SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 23 Release Notes Where can find the Scrutinizer manual A copy of the Scrutinizer manual is included with your product Just click any of the icons How do know how much hard drive space will need Use the NetFlow Bandwidth and Hard Drive Consumption Calculator to determine how much hard drive space your NetFlow data will consume Related Technical Documentation SonicWALL Scrutinizer reference documentation is available at the SonicWALL Technical Documentation Online Library http www sonicwall com us support 6632 html More information on NetFlow Services is available on the SonicWALL Web site SONICWALL gt s Products Solutions How to Buy Support amp Sign In Register Support Product Support Overview SS Product Documentation Scrutinizer Network Security SSL VPN Secure Remote Access Support Documents Knowledge Base Email Security Appliances and Sanwar Product Guides Management amp List View Options Reporting 2of2 Adjust the filters below to focus the resource list on items of the ee interest SonicWALL Scrutinizer 9 0 Administrator s Guide 6 Mar 2012 UMA Series Categories 7 Scr
48. xpert Window provides insight to immediate network problems as they occur to identify and resolve DoS attacks bottlenecks network scans improperly terminated connections and more Traditionally the functionality provided by this Expert Window feature has only found in packet analyzers e Supported protocols amp other technical specifications o Support for L7 application awareness by using NBAR or IPFIX o Automatic DNS resolution Tired of looking at a list of meaningless IP addresses Wouldn t it be great if the flow analyzer could perform reverse DNS lookups on those addresses in real time Want to know what specific Web 2 0 applications are being accessed on the network Scrutinizer with the Flow Analytics module can do all that Administrators running Flexible NetFlow with NBAR or IPFIX with extensions can easily identify applications such as YouTube Facebook eBay and more instead of just seeing TCP port 80 on the report SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 10 Release Notes Advanced Troubleshooting Begin capacity planning for growing networks Easily identify the volume of flows per host Easily identify the volume of traffic flowing between a pair of hosts Easily identify the volume of unique hosts per second traversing the network Peer into VoIP traffic when using IPFIX to see granular metrics such as codec amp caller ID IT administrators can use Scrutinizer to analyze Voice
49. yone to easily assemble a URL into such a mashup or third party application to directly import and display important information regarding the activity of a specific host or application on your network Scrutinizer integrates with several third party and open source applications SONICWALL gt SonicWALL Scrutinizer 9 0 1 Release Notes P N 232 000861 00 RevA 11 Release Notes Enablement of Traffic and Usage Based Billing Some customers request to be billed for their Internet connection not based on a theoretical maximum throughput of their connection but rather on actual usage To accommodate this customer demand service providers have to be able to determine actual bandwidth usage in order to bill each customer accurately and fairly The Scrutinizer Service Provider Module allows service providers to export flow data based on any flow NetFlow IPFIX sFlow etcetera field or combination of flow fields including rate per second packets total bits IP addresses ToS DSCP or BGP autonomous system number This data can then be used to invoice end customers based on actual network usage rather than simply WAN connection speed The Service Provider Module routinely exports a custom CSV file with all the required details For example it allows billing based on a flat rate versus a burst rate as well as total amount transferred per month With the data export invoicing possibilities are myriad Invoices can include but are not limited to
Download Pdf Manuals
Related Search