WIXLIB

SonicWall Global ManagementSystem 8.7 Firewall - FlowsAdministration

Copyright 2019 SonicWall Inc. All rights reserved.SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All othertrademarks and registered trademarks are property of their respective ownersThe information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or implied,by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall products.EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, SONICWALLAND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATINGTO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT,CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS,BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IFSONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make norepresentations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to makechanges to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make anycommitment to update the information contained in this document.For more information, visit https://www.sonicwall.com/legal.End User Product AgreementTo view the SonicWall End User Product Agreement, go to: ements. Select the languagebased on your geographic location to see the EUPA that applies to your region.Open Source CodeSonicWall is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicableper license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or moneyorder in the amount of USD 25.00 payable to “SonicWall Inc.”, to:General Public License Source Code RequestSonicWall Inc. Attn: Jennifer Anderson1033 McCarthy BlvdMilpitas, CA 95035LegendWARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.SonicWall GMS Firewall - Flows AdministrationUpdated — January 2019Software Version — 8.7232-004599-00 Rev A

1ContentsPart 1. FIREWALL: FlowsPart 2. FlowsIntroduction to Flow Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6SonicWall GMS Firewall Acquisition and Flow Reporting Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6General Flow Reporting Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7General Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Real-Time Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Real-time Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Real-Time Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Dashboard Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Dashboard Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Drill-down options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13SWARM Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Reports Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Reports Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18SonicWall GMS 8.7 Administration3

SectionFIREWALL: Flows FlowsSonicWall GMS 8.7 Administration4

Part 1Flows Introduction to Flow Reporting General Flow Reporting Status Real-Time Menu Dashboard Menu Reports MenuSonicWall GMS 8.7 Administration5

1Introduction to Flow ReportingThis chapter describes how to use SonicWall Global Management System (GMS) to configure flows on the fullrange of SonicWall platforms and includes the following sections: SonicWall GMS Firewall Acquisition and Flow Reporting Setup on page 6SonicWall GMS Firewall Acquisition and FlowReporting SetupThe following are the steps required to add a unit to SonicWall GMS. For best results, you should already befamiliar with MySonicWall, GMS, and the Firewall UI.To add a unit to GMS:1 Log in to MySonicWall.com.2 Enroll into GMS Tenancy.3 Activate a GMS license for each firewall in MySonicWall.com.4 Log in to your SonicOS firewall and configure the GMS Management settings so they point to GMS. Youshould reboot the firewall after configuring its settings.5 Log in to GMS cloudgms.sonicwall.com6 Add a unit to GMS using the “Add Unit” option and by following the prompts7 Monitor the Status page to ensure unit acquisitionNOTE: GMS makes changes to the following configuration locations so the firewall can be managedand still generate reports correctly. Firewall System Administration Enable Management Using GMS Configure Firewall AppFlow Flow Reporting GMSFlow Server Firewall AppFlow GMSFlow ServerAny changes to these settings could disrupt GMS’ management and report generation capability.In addition to these settings, GMS creates a reporting tunnel between the firewall and GMS to send or transferthe reporting data securely with a prefix “SGMS- fw serial number ”. Do not make any changes to this tunnel.For additional configuration information, see the Configuration section of the GMS Getting Started Guide.SonicWall GMS 8.7 Administration6

2General Flow Reporting StatusThis chapter describes the general report flows on the full range of SonicWall platforms and includes thefollowing sections: General Status on page 7General StatusThe General Status dialog shows reporting configuration information such as: Firewall information, FlowAgents Assignment, the Data Retention Period, and other critical information such as disk storage allocation andflows collected.SonicWall GMS 8.7 Administration7

3Real-Time MenuThis chapter describes how to use SonicWall Global Management System (GMS) to configure and monitorreporting flows and includes the following sections: Real-time Monitor on page 8 Real-Time Report on page 8Real-time MonitorThis report provides a real-time view of the packets forwarded by the firewall and displayed in the form of livecharts. The charts are divided into three sections: Application bandwidth - Indicates applications that are flowing through the firewall in bits per second. Per Interface Data - Indicates the bandwidth utilization in bits per second, average packets per second,average packets size, and new connection rates in connections per second Device data - CPU utilization per core. Total active connectionsData visible on this page is limited to a maximum of 10 minutes. Individual charts can be rearranged manually bydragging and dropping the graph window. Mouse over the data in the graphs and you can drill-down to FlowReports. The appearance of the chart may be customized by using the Settings button. Mouse-over theinformation icon or question marks to see context-sensitive help. Collapse or expand individual charts using the or - icon in the upper right of each chart. Show or hide legends by clicking the Legends button.Real-Time ReportThis report provides historical views of the real-time monitor charts. You can choose and visualize real-timecharts from any time period of recorded data using the Start and End boxes and clicking the Refresh icon. Youcan also choose either a specific time range in the past using the drop-down time menu or by way of a customtime by clicking a start and a stop time on the graph. You can also select the last few hours, days, weeks, ormonths using the drop-down menu.SonicWall GMS 8.7 Administration8

Individual charts can be rearranged manually and you can drill-down to AppFlow reports, AppFlow sessions, orFlow Analytics/AppFlow monitor pages from specific charts. Hide legends by clicking the Legends buttonSonicWall GMS 8.7 Administration9

SonicWall GMS 8.7 Administration10

4Dashboard MenuThe Flows Dashboard is a customizable executive summary of your SonicWall Global Management System(GMS) deployment. The Dashboard provides powerful network visualization reporting, monitoring, and searchfiltering tools consolidated into one area of the management user interface.Topics: Dashboard Applications on page 11 Drill-down options on page 13Dashboard ApplicationsThis page provides a concise view of the Top Ten reports available based on following attributes: Top Applications based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, BotnetBlocks Top Users based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks, Botnet Blocks Top Virus based on Sessions Top Intrusions based on Sessions Top Spyware based on Sessions Top URL Ratings categories based on Sessions and Bytes Top Initiator IP addresses based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks,Botnet Blocks Top Responder IP addresses based on Sessions, Bytes, Virus, Spyware, Blocks, Intrusions, Geo-IP Blocks,Botnet Blocks Top Initiator Locations based on Sessions and Bytes Top Responder Locations based on Sessions and Bytes Top BWM Queues based on Queue type, Sessions and Bytes Top Botnets based on Sessions and BytesSonicWall GMS 8.7 Administration11

You can choose and visualize this data from any given moment using the Start and End boxes and clickingRefresh. You can also choose either a specific time range in the past by indicating a Custom Range or byselecting a drop down menu selection for the last few hours, days, weeks, or months.The Reports can be displayed in the following ways: Table View Pie Chart View - Charts can be selected to either show total data or per entry. (For example, the InitiatorIP tab by default shows the total sessions over time, total bytes over time, total intrusion over time, andso on.) You can also choose the same charts for individual IPs by selecting the Table view from the buttonbar at the top of the chart.SonicWall GMS 8.7 Administration12

Drill-down optionsTo see additional data,1 In the Top Apps response windows (shown in Pie Chart View), mouse-over any of the blue statistical dataheadings and click the heading of the data about which you would like additional drill-down information.For the Table View, click the small magnifying glass.SonicWall GMS 8.7 Administration13