Page 116 / 234 Scroll up to view Page 111 - 115
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
7-12
Managing Your Network
May 2004, 202-10030-02
Viewing Attached Devices
The Attached Devices menu contains a table of all IP devices that the firewall has discovered on
the local network. From the main menu of the browser interface, under the Maintenance heading,
select Attached Devices to view the table, shown in
Figure 7-7
.
Figure 7-7:
Attached Devices menu
For each device, the table shows the IP address, Device Name (NetBIOS Host Name, if available),
and the Ethernet MAC address. Select the check box if you want to enable NetBIOS detection. If
the NetBIOS name is not available, “Unknown” is listed as the Device Name.
Table 7-2.
Router Statistics Fields
Field
Description
System up Time
The time elapsed since the last power cycle or reset.
WAN or LAN Port
The statistics for the WAN (Internet) and LAN (local) ports. For each port, the screen
displays:
Status
The link status of the port.
TxPkts
The number of packets transmitted on this port since reset or manual clear.
RxPkts
The number of packets received on this port since reset or manual clear.
Collisions
The number of collisions on this port since reset or manual clear.
Tx B/s
The current line utilization—percentage of current bandwidth used on this port.
Rx B/s
The average line utilization —average CLU for this port.
Up Time
The time elapsed since this port acquired the link.
Poll Interval
Specifies the intervals at which the statistics are updated in this window. Click Stop to
freeze the display. Click Set Interval to set the polling refresh interval.
Page 117 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Managing Your Network
7-13
May 2004, 202-10030-02
If the firewall is rebooted, the table data is lost until the firewall rediscovers the devices. To force
the firewall to look for attached devices, click the Refresh button.
Viewing, Selecting, and Saving Logged Information
The firewall logs security-related events such as denied incoming service requests, hacker probes,
and administrator logins. If you enabled content filtering in the Block Sites menu, the Logs page
shows you when someone on your network tries to access a blocked site. If you enabled e-mail
notification, you will receive these logs in an e-mail message. If you do not have e-mail
notification enabled, you can view the logs here. An example is shown below.
Figure 7-8:
Security Logs menu
Page 118 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
7-14
Managing Your Network
May 2004, 202-10030-02
Log entries are described below:
Log action buttons are described below:
Changing the Include in Log Settings
You can choose to log additional information. Those optional selections are as follows:
Known DoS attacks and Port Scans
Attempted access to blocked sites
All Web sites and news groups visited
All Incoming TCP/UDP/ICMP traffic
Table 7-9:
Security Log entry descriptions
Field
Description
Date and Time
The date and time the log entry was recorded.
Description or
Action
The type of event and what action was taken if any.
Source IP
The IP address of the initiating device for this log entry.
Source port and
interface
The service port number of the initiating device, and whether it
originated from the LAN or WAN.
Destination
The name or IP address of the destination device or Web site.
Destination port
and interface
The service port number of the destination device, and whether
it’s on the LAN or WAN.
Table 7-10:
Security Log action buttons
Field
Description
Refresh
Click this button to refresh the log screen.
Clear Log
Click this button to clear the log entries.
Send Log
Click this button to e-mail the log immediately.
Apply
Click this button to apply any changed settings.
Cancel
Click this button to clear any changed settings.
Page 119 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Managing Your Network
7-15
May 2004, 202-10030-02
All Outgoing TCP/UDP/ICMP traffic
Other IP traffic — if selected, all other traffic (IP packets which are not TCP, UDP, or ICMP)
is logged
Router operation (start up, get time, etc.) — if selected, Router operations, such as starting up
and getting the time from the Internet Time Server, are logged.
Connection to the Web-based interface of this Router
Other connections and traffic to this Router — if selected, this will log traffic sent to this
Router (rather than through this Router to the Internet).
Allow duplicate log entries — if selected, events or packets that fall within more than one (1)
category above will have a log entry for each category in which they belong. This will
generate a large number of log entries.
If not selected, then events or packets will only be logged once. Usually, you should not allow
duplicate log entries.
Enabling the Syslog Feature
You can choose to write the logs to a computer running a SYSLOG program. To use this feature,
check the box under Syslog and enter the IP address of the server where the log file will be written.
Then click Apply to activate the Syslog feature.
For a detailed description of the log files, see
Appendix D, “Firewall Log Formats”
.
Enabling Security Event E-mail Notification
In order to receive logs and alerts by e-mail, you must provide your e-mail information in the
E-mail menu:
Page 120 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
7-16
Managing Your Network
May 2004, 202-10030-02
Figure 7-11:
E-mail notification menu
To enable E-mail notification, configure the following fields:
Turn e-mail notification on
Select this check box if you want to receive e-mail logs and alerts from the firewall.
Your outgoing mail server
Enter the name or IP address of your ISP’s outgoing (SMTP) mail server (such as
mail.myISP.com
). You may be able to find this information in the configuration menu of your
e-mail program. If you leave this box blank, log and alert messages will not be sent via e-mail.
Send to this e-mail address
Enter the e-mail address to which logs and alerts will be sent. This e-mail address will also be
used as the From address. If you leave this box blank, log and alert messages will not be sent
via e-mail.
You can specify that logs are automatically sent to the specified e-mail address with these options:
Send alert immediately
Select this check box if you want immediate notification of a significant security event, such
as a known attack, abnormal TCP flag, or attempted access to a blocked site.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top