Document toolboxDocument toolbox

Firewall tab

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
3 min read

Here you can find a summary of the firewall activity of your company and detect conflicts, denied traffic and firewall distribution.

Using the time travel option at the top, it is possible to apply a time filter to the widgets in the tab in order to inspect activity at an earlier date. You can select a specific period or day using the time buttons and the calendar. Then select Apply interval and all widgets will be updated immediately.

Alternatively, you can select either a single day or a time period using the time travel filter controls. There are buttons for selecting recent periods or calendar controls to select specific dates.

Firewall traffic

You can check the history and evolution of firewall traffic in this area. The heat map shows the history of firewall traffic over the last 12 months, and the line chart shows the evolution and trend of daily accepted and denied firewall traffic since the first day of the current year.

Navigation behavior

Select the Expand section option to see the following widgets:

Anonymous traffic

This tree map shows anonymous traffic. Customers can easily check all communications from their servers to Internet anonymous proxies. This type of connections must be monitored because of the dangerous nature of the networks they access. Here we have represented all outgoing traffic to the Dark Web, so we can see real destination IPs and ports, but source IPs are hided by Tor. 

Peer-to-peer destination ports

These two column charts show a daily and hourly breakdown of the peer to peer destination ports accessed.

Denied traffic

Select the Expand section option to see the following widgets:

Denied traffic overview

The Voronoi diagram shows denied firewall traffic over the last 24 hours, grouped by country, ISP, destination service and protocol. The map plots the geographic sources of denied traffic over the last 24 hours. It also allows to see an animation of the last 24 hours selecting Play.

Rejected IP addresses

You can analyze the rejected IP addresses through these widgets. The Sankey diagram at the left shows the most rejected IP addresses by public and private servers over the last 24 hours. The table next to it lists the most rejected source IPs over the last 24 hours.

Rules behavior

Select the Expand section option to see the following widgets:

Firewall and rule identification

These widgets help you identify each firewall by their type and amount of traffic they handle, and also detect the most and least used firewall rules.

The column chart and the table show the most and least used firewall rules over the last 7 days. The Voronoi diagram has a single layer of cells, each representing a firewall. By default, the size of the cell is based on the number of rules the firewall has, and the color is based on the amount of firewall traffic. You can customize these settings using the widget Size by and Color by options.Â