Beruflich Dokumente
Kultur Dokumente
8
What is the Visualization Dashboard?
The SonicWALL Visualization Dashboard offers administrators an effective and efficient interface to visually monitor their network in real time, providing effective flow charts of real-time data, customizable rules, and flexible interface settings. With the Visualization Dashboard, administrators can efficiently view and sort real-time network and bandwidth data in order to:
Identify applications and websites with high bandwidth demands View application usage on a per-user basis Anticipate attacks and threats encountered by the network
The App Flow Monitor and Real-Time Monitor are new features available in the SonicWALL Visualization Dashboard. Each feature contains unique, real-time data streaming qualities that improve upon the existing Visualization Dashboard. These features are found in the SonicOS left-side menu under Dashboard. The App Flow Monitor provides administrators a customizable interface to view real-time data pertaining to Applications, Users, URLs, Initiators, Responders, Threats, VoIP, VPN, Devices and Content. The Real-Time Monitor provides administrators real-time flow charts of Applications, Ingress and Egress Bandwidth traffic, Multi-Core Monitoring, and Memory Usage. This document contains the following sections:
Ingress and Egress Bandwidth Flow section on page 14 The Multi-Core Monitor Flow section on page 16 Memory Usage Flow section on page 17
Enabling Flow Collection section on page 18 Using Filtering Options section on page 19
Filter Options section on page 3 App Flow Monitor Tabs section on page 3 App Flow Monitor Toolbar section on page 4 Group Options section on page 5 Group Options section on page 5 App Flow Monitor Status section on page 6 App Flow Monitor Views section on page 7
Filter Options
The App Flow Monitor Filter Options allows the administrator to filter out incoming, real-time data. Administrators can apply, create, and delete custom filters to customize the information they wish to view. The Filter Options apply across all the Application Flow tabs. Please refer to the Using Filtering Options section on page 19.
Widget
Description Adds current selection to filter. At least 1 item must be selected in order to use the Filter Options. After doing so, all other tabs will update with information pertaining to the items in the filter.
Removes the current selection from the filter view by clicking on the X. Loads existing filter settings. Saves the current filter settings. Deletes the current filter settings.
The Applications tab displays a list of Applications currently accessing the network. The Users tab displays a list of Users currently connected to the network. The URLs tab displays a list of URLs currently accessed by Users. The Initiators tab displays details about current connection initiators. The Responders tab displays details about current connection responders. The Threats tab displays a list of threats encountered by the network. The VoIP tab displays current VoIP and media traffic. The VPN tab displays a list of VPN sessions connected to the network. The Devices tab displays a list of devices currently connected to the network. The Contents tab displays information about the type of traffic flowing through the network.
Widget
Description Adds selected items to the filter. The span of time in which data is collected. Categorizes selections according to the available grouping options which vary depending on the tab that is selected. Please refer to the Group Options section on page 5.
List View Pie Chart View Flow Chart View Export Configuration
Provides a detailed list view of the data flow. Provides a pie chart view of the data flow. Provides a flow chart view of the data flow. Exports the data flow in comma separated variable (.csv) format. Allows for customization of the display by enabling or disabling columns for Applications, Sessions, Packets, Bytes, Rate, and Threats. Also allows the administrator to enable or disable commas in numeric fields. Refreshes the real-time data. Provides status updates about App signatures, GAV Database, Spyware Database, IPS Database, Country Database, Max Flows in Database, and CFS Status. Please refer to the App Flow Monitor Status section on page 6 for more information. A green status icon signifies that all appropriate signatures and databases are active. A yellow status icon signifies that some or all signature databases are still being downloaded or could not be activated.
Widget
Description Rate at which data is refreshed. A numeric integer between 10 and 999 must be specified. If 300 is entered in the numeric field, that means the data flow will refresh every 300 seconds.
Pause/Play
Freezes and unfreezes the data flow. Doing so gives the administrator flexibility when analyzing real-time data.
Group Options
The Group option sorts data based on the specified group. Each tab contains different grouping options.
List View
In the List View, each App Flow tab is comprised of columns displaying real-time data. These columns are organized into sortable categories.
Check Box: Allows the administrator to select the line item for creation of filters. Main Column: The title of the Main Column is dependent on the selected tab. For example, if the Users Tab is the selected, then the Main Column header will read Users. In that column, the name of the Users connected to the network are shown. Clicking on the items in this column will bring up a popup with relevant information on the item displayed. Sessions: Clicking on this number will bring up a table of all active sessions. Packets: Displays the number of data packets transferred. Bytes: Displays the number of bytes transferred. Rate (KBps): Displays the rate at which data is transferred. Threats: Displays the number of threats encountered by the network. Total: Displays the total Sessions, Packets, and Bytes sent during the duration of the current interval.
Application Details
Each item listed in the Main Column provides a link to an Application Detail dialog. A display appears when the item links are clicked. The dialog provides:
a description of the item. information pertaining to the category, threat level, type of technology the item falls under, and other additional information. a Wikipedia excerpt about the selected item. Application details are particularly useful when an Administrator does not recognize the name of an Application.
Graph View
The Graph View displays the top applications and the percentage of bandwidth used. The percentage of bandwidth used is determined by taking the total amount of bandwidth used by the top applications, and dividing that total by the amount of top applications.
Widget
Description Locks the Display options for the Flow Chart interface. Unlocks the Display options for the Flow Chart interface. Displays all, multiple, or individual items in the flow chart. The list of individual items vary depending on the tab that is selected.
Scale
Allows for Auto Y-Scaling or customized scaling. The values for customized scaling must be a numeric integer. Specifying a unit is optional. If a unit is desired, these are the available options:
If a custom scale of 100Kbps is desired, then 100K should be entered. The numeric integer 100 is entered followed by the unit K.
Tooltips
Rolling over the interfaces provides tooltips with information about the current bytes, peak bytes, and percentage of bandwidth consumed.
An interesting feature that the Flow Chart View provides is the ability to roll-over plotted lines. By rolling over the lines, data about the name of the application and amount of bytes transferred are visible. The data correlates to the moment in time the data is plotted.
10
Real-Time Monitor
Real-Time Monitor
The Real-Time Monitor provides administrators an inclusive, multi-functional display with information about applications, bandwidth usage, multi-core monitoring, and memory usage. The Real-Time Monitor comprises of a toolbar and four real-time data flows which consist of Applications, Ingress and Egress Bandwidth, Multi-Core Monitor, and Memory Usage.
Using the Toolbar section on page 12 Real-Time Application Flow section on page 13 Ingress and Egress Bandwidth Flow section on page 14 The Multi-Core Monitor Flow section on page 16 Memory Usage Flow section on page 17
11
Real-Time Monitor
Widget
Description Determines the frequency at which data is refreshed. A numerical integer between 1 to 10 seconds is required. Exports the data flow into a comma separated variable (.csv) file. The default file name is sonicflow.csv. Allows for customization of the color palette for the Application Chart and Bandwidth Chart. To customize the Color Palette:
Export
Configure
Enter the desired hexadecimal color codes in the provided text fields. Select Default for a default range of colors. Select Generate to generate a random range of colors.
If a gradient is desired, select the Use Gradient box located below the text fields. Show Time & Date Displays data pertaining to a specific span of time. Displays the current time in 24-hour format (hh:mm:ss), and the current date in Month/Day format. Freezes the data flow. The time and date will also freeze. The Pause button will appear gray if the data flow has been frozen. Play Unfreezes the data flow. The time and date will refresh as soon as the data flow is updated. The Play button will appear gray if the data flow is live.
Pause
12
Real-Time Monitor
Options are available to Lock/Unlock, Display, Scale, and View the Application interface. Option Lock Unlock Application Display Widget Description Locks the Display options for the Application interface. Unlock the Display options for the Application interface. Specifies the applications displayed in the Application Flow Chart. A drop menu allows the administrator to specify Top Applications, All Applications, unclassified, or individual applications. If desired, multiple applications can be selected by clicking more than one check box.
Scale
Allows for Auto Y-Scaling or customized scaling of the Application Flow Chart. The values for customized scaling must be a numeric integer. Specifying a unit is optional. If a unit is desired, these are the available options:
If a custom scale of 100Kbps is desired, then 100K should be entered. The numeric integer 100 is entered followed by the unit K. Displays the Applications data in a bar graph format. Displays the Applications data in a flow chart format.
13
Real-Time Monitor
Available Formats
Administrators are able to view the Application flow charts in a bar graph format or flow chart format. The bar graph format displays applications individually, allowing administrators to compare applications. In this graph, the x-axis displays the name of the applications. The y-axis displays the amount of traffic for each application.
The flow chart format displays over lapping application data. In this graph, the x-axis displays the current time and the y-axis displays the traffic for each application.
14
Real-Time Monitor
Options are available to customize the Display, Scale, and View of the Ingress and Egress Bandwidth interface. Option Interface Rate Display Widget Description Specifies which Interfaces are displayed in the Bandwidth Flow Chart. A drop menu provides the administrator with options to specify All Interfaces Rate, All Interfaces, and individual interfaces. The individual interfaces vary depending on the number of interfaces on the administrators network. Multiple interfaces can be selected if desired. Scale Allows for Auto Y-Scaling or custom scaling of the Bandwidth Flow Chart. The values for customized scaling must be a numeric integer. Specifying a unit is optional. If a unit is desired, four options are available:
If a custom scale of 100Kbps is desired, then 100K should be entered. The numeric integer 100 is entered followed by the unit K. Displays the real-time Bandwidth data in a bar graph format. Displays the real-time Bandwidth data in a flow chart format.
Formats
Administrators are able to view the Ingress and Egress Bandwidth flow chart in a bar graph format or flow chart format. The bar graph format displays data pertaining to individual interfaces in a bar graph; allowing administrators to compare individual Bandwidth Interfaces. In this graph, the x-axis denotes the Interfaces whereas the y-axis denotes the Ingress and Egress Bandwidth traffic. The flow chart format overlaps the Bandwidth Interfaces; allowing administrators to view all of the Ingress and Egress Bandwidth traffic as it occurs. The x-axis displays the current time and the y-axis displays the Ingress and Egress Bandwidth traffic.
15
Real-Time Monitor
Tooltips
Rolling over the interfaces provides tooltips with information about the interface assigned zone, IP address, and current port status.
Note
The Bandwidth flow charts have no direct correlation to the Application flow charts.
If a custom scale of 100 percent is desired, then 100% should be entered. The numeric integer 100 is entered followed by the unit K.
16
Real-Time Monitor
Widget
Description Displays the Multi-Core Monitor data in a bar graph format. Displays the Multi-Core Monitor data in a flow chart format.
Formats
Administrators are able to view the Multi-Core Monitor flow chart in a bar graph format or flow chart format. The bar graph format displays data pertaining to individual Cores in a bar graph. In this graph the x-axis displays the Cores where the y-axis displays the percentage of CPU used.
The flow chart format overlaps the Multi-Core Monitor data. The x-axis displays the current time and the y-axis displays the percentage of CPU used.
17
Navigate to the Log > Flow Reporting page in the SonicOS management interface. Select the Enable Flow Reporting and Visualization checkbox.
Step 3 Step 4
Click the Accept button to save your changes and enable the feature. Navigate to the Network > Interfaces page.
Click the Configure icon for the interface you wish to enable flow reporting on. In the Advanced tab, ensure that the Enable flow reporting checkbox is selected. Click the OK button to save your changes. Repeat steps 5 through 7 for each interface you wish to monitor. For more detailed information on configuring Flow Reporting settings, refer to the SonicWALL NetFlow Feature Module.
Note
18
Log into the SonicWALL Network Security Appliance and go to Dashboard > App Flow Monitor > Applications Tab. Then select the check boxes of the applications you wish to add to the filter. In this case, BitTorrent is selected.
Step 2 Step 3
Click Filter View to add BitTorrent to the filter. Once the application is added to the filter, only BitTorrent is visible in the Applications tab. More information about Users, peer connectivity, and packets sent are visible in the App Flow Monitor tabs. The Users using BitTorrent are visible in the Users tab. The IP Addresses of these users are visible in the Initiators tab. The IP Addresses of the connected peers who are sharing packets are visible in the Responders Tab.
19
Document Version History Version Number 1 2 3 4 5 Date 10/20/10 11/5/10 12/10/10 12/29/10 01/03/11 Notes This document was created by J. Ly. Feedback incorporated by J. Ly. Updated to reflect new build by P. Lydon. Updated for final release build by P. Lydon. Incorporated screenshot feedback by A. Mendoza.
20