ZoneAlarm Z100G Router Manual PDF (Setup & Configuration Guide)

Page 166 / 428 Scroll up to view Page 161 - 165

Viewing the Event Log

152

Check Point ZoneAlarm User Guide

An event marked in

this color…

Indicates…

Green

Traffic accepted by the firewall.

By default, accepted traffic is not logged. However, such traffic may

be logged if specified by a security policy downloaded from your

Service Center, or if specified in user-defined rules. In addition,

accepted traffic may be logged if SmartDefense protections'

Action

field is set to "Track" instead of "Block".

You can create firewall rules specifying that certain types of connections should be logged,

whether the connections are incoming or outgoing, blocked or accepted. For information,

see

Using Rules

on page 172.

The logs detail the date and the time the event occurred, and its type. If the event is a

communication attempt that was rejected by the firewall, the event details include the

source and destination IP address, the destination port, and the protocol used for the

communication attempt (for example, TCP or UDP). If the event is a connection made or

attempted over a VPN tunnel, the event is marked by a lock icon in the VPN column.

This information is useful for troubleshooting. You can export the logs to an *.xls

(Microsoft Excel) file, and then store it for analysis purposes or send it to technical

support.

Note:

You can configure the ZoneAlarm router to send event logs to a Syslog server.

For information, see

Configuring Syslog Logging

on page 336.

Page 167 / 428

Viewing the Event Log

Chapter 9: Viewing Reports

153

To view the event log

1.

Click

Reports

in the main menu, and click the

Event Log

tab.

The

Event Log

page appears.

2.

If an event is highlighted in red, indicating a blocked attack on your network,

you can display the attacker’s details, by clicking on the IP address of the

attacking machine.

The ZoneAlarm router queries the Internet WHOIS server, and a window displays the

name of the entity to whom the IP address is registered and their contact information.

This information is useful in tracking down hackers.

3.

To refresh the display, click

Refresh

.

4.

To save the displayed events to an *.xls file:

a.

Click

Save

.

Page 168 / 428

Using the Traffic Monitor

154

Check Point ZoneAlarm User Guide

A standard

File Download

dialog box appears.

b.

Click

Save

.

The

Save As

dialog box appears.

c.

Browse to a destination directory of your choice.

d.

Type a name for the configuration file and click

Save

.

The *.xls file is created and saved to the specified directory.

5.

To clear all displayed events:

a.

Click

Clear

.

A confirmation message appears.

b.

Click

OK

.

All events are cleared.

Using the Traffic Monitor

You can view incoming and outgoing traffic for selected network interfaces using the

Traffic Monitor. This enables you to identify network traffic trends and anomalies.

The Traffic Monitor displays separate bar charts for incoming traffic and outgoing traffic,

and displays traffic rates in kilobits/second. If desired, you can change the number of

seconds represented by the bars in the charts, using the procedure

Configuring Traffic

Monitor Settings

on page 156.

The traffic is color-coded as described in the following table.

Table 27: Traffic Monitor Color Coding for Networks

Traffic marked in this color…

Indicates…

Blue

VPN-encrypted traffic

Red

Traffic blocked by the firewall

Green

Traffic accepted by the firewall

Page 169 / 428

Using the Traffic Monitor

Chapter 9: Viewing Reports

155

You can export a detailed traffic report for all enabled networks, using the procedure

Exporting General Traffic Reports

on page 157.

Viewing Traffic Reports

To view a traffic report

1.

Click

Reports

in the main menu, and click the

Traffic

tab.

The

Traffic Monitor

page appears.

2.

In the

Traffic Monitor Report

drop-down list, select the network interface for

which you want to view a report.

The list includes all currently enabled networks. For example, if the WLAN network

is enabled, it will appear in the list.

The selected report appears in the

Traffic Monitor

page.

3.

To refresh all traffic reports, click

Refresh

.

4.

To clear all traffic reports, click

Clear

.

Page 170 / 428

Using the Traffic Monitor

156

Check Point ZoneAlarm User Guide

Note:

The firewall blocks broadcast packets used during the normal operation of

your network. This may lead to a certain amount of traffic of the type "Traffic

blocked by firewall" that appears under normal circumstances and usually does not

indicate an attack.

Configuring Traffic Monitor Settings

You can configure the interval at which the ZoneAlarm router should collect traffic data

for network traffic reports.

To configure Traffic Monitor settings

1.

Click

Reports

in the main menu, and click the

Traffic

tab.

The

Traffic Monitor

page appears.

2.

Click

Settings

.

The

Traffic Monitor Settings

page appears.

3.

In the

Sample monitoring data every

field, type the interval (in seconds) at

which the ZoneAlarm router should collect traffic data.

The default value is one sample every 1800 seconds (30 minutes).

Rate

Popular ZoneAlarm Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share