Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 191 / 944 Scroll up to view Page 186 - 190

Chapter 9 Monitor

ZyWALL USG 50 User’s Guide

191

The following table describes the labels in this screen.

9.11

The IPSec Monitor Screen

You can use the

IPSec Monitor

screen to display and to manage active IPSec

SAs. To access this screen, click

Monitor > VPN Monitor

>

IPSec

. The following

screen appears. Click a column’s heading cell to sort the table entries by that

column’s criteria. Click the heading cell again to reverse the sort order.

Figure 135

Monitor > VPN Monitor > IPSec

Table 39

Monitor > AppPatrol Statistics > Service

LABEL

DESCRIPTION

Service Name

This is the application.

Rule Statistics

This table displays the statistics for each of the service’s application

patrol rules.

#

This field is a sequential value, and it is not associated with a specific

rule.

Inbound Kbps

This is the incoming bandwidth usage for traffic that matched this

protocol rule, in kilobits per second. This is the protocol’s traffic that the

ZyWALL sends to the initiator of the connection. So for a connection

initiated from the LAN to the WAN, the traffic sent from the WAN to the

LAN is the inbound traffic.

Outbound

Kbps

This is the outgoing bandwidth usage for traffic that matched this

protocol rule, in kilobits per second. This is the protocol’s traffic that the

ZyWALL sends out from the initiator of the connection. So for a

connection initiated from the LAN to the WAN, the traffic sent from the

LAN to the WAN is the outbound traffic.

Forwarded

Data (KB)

This is how much of the application’s traffic the ZyWALL has sent (in

kilobytes).

Dropped Data

(KB)

This is how much of the application’s traffic the ZyWALL has discarded

without notifying the client (in kilobytes). This traffic was dropped

because it matched a policy set to “drop”.

Rejected Data

(KB)

This is how much of the application’s traffic the ZyWALL has discarded

and notified the client that the traffic was rejected (in kilobytes). This

traffic was rejected because it matched a policy set to “reject”.

Cancel

Click

Cancel

to close this screen.

Page 192 / 944

Chapter 9 Monitor

ZyWALL USG 50 User’s Guide

192

Each field is described in the following table.

9.11.1

Regular Expressions in Searching IPSec SAs

A question mark (?) lets a single character in the VPN connection or policy name

vary. For example, use “a?c” (without the quotation marks) to specify abc, acc and

so on.

Table 40

Monitor > VPN Monitor > IPSec

LABEL

DESCRIPTION

Name

Enter the name of a IPSec SA here and click

Search

to find it (if it is

associated). You can use a keyword or regular expression. Use up to

30 alphanumeric and _+-.()!$*^:?|{}[]<>/ characters. See

Section

9.11.1 on page 192

for more details.

Policy

Enter the IP address(es) or names of the local and remote policies for

an IPSec SA and click

Search

to find it. You can use a keyword or

regular expression. Use up to 30 alphanumeric and _+-

.()!$*^:?|{}[]<>/ characters. See

Section 9.11.1 on page 192

for

more details.

Search

Click this button to search for an IPSec SA that matches the

information you specified above.

Disconnect

Select an IPSec SA and click this button to disconnect it.

Total Connection

This field displays the total number of associated IPSec SAs.

connection per

page

Select how many entries you want to display on each page.

Page x of x

This is the number of the page of entries currently displayed and the

total number of pages of entries. Type a page number to go to or use

the arrows to navigate the pages of entries.

#

This field is a sequential value, and it is not associated with a specific

SA.

Name

This field displays the name of the IPSec SA.

Encapsulation

This field displays how the IPSec SA is encapsulated.

Policy

This field displays the content of the local and remote policies for this

IPSec SA. The IP addresses, not the address objects, are displayed.

Algorithm

This field displays the encryption and authentication algorithms used in

the SA.

Up Time

This field displays how many seconds the IPSec SA has been active.

This field displays

N/A

if the IPSec SA uses manual keys.

Timeout

This field displays how many seconds remain in the SA life time, before

the ZyWALL automatically disconnects the IPSec SA. This field displays

N/A

if the IPSec SA uses manual keys.

Inbound (Bytes)

This field displays the amount of traffic that has gone through the

IPSec SA from the remote IPSec router to the ZyWALL since the IPSec

SA was established.

Outbound

(Bytes)

This field displays the amount of traffic that has gone through the

IPSec SA from the ZyWALL to the remote IPSec router since the IPSec

SA was established.

Refresh

Click

Refresh

to update the information in the display.

Page 193 / 944

Chapter 9 Monitor

ZyWALL USG 50 User’s Guide

193

Wildcards (*) let multiple VPN connection or policy names match the pattern. For

example, use “*abc” (without the quotation marks) to specify any VPN connection

or policy name that ends with “abc”. A VPN connection named “testabc” would

match. There could be any number (of any type) of characters in front of the “abc”

at the end and the VPN connection or policy name would still match. A VPN

connection or policy name named “testacc” for example would not match.

A * in the middle of a VPN connection or policy name has the ZyWALL check the

beginning and end and ignore the middle. For example, with “abc*123”, any VPN

connection or policy name starting with “abc” and ending in “123” matches, no

matter how many characters are in between.

The whole VPN connection or policy name has to match if you do not use a

question mark or asterisk.

9.12

The SSL Connection Monitor Screen

The ZyWALL keeps track of the users who are currently logged into the VPN SSL

client portal. Click

Monitor > VPN Monitor > SSL

to display the user list.

Use this screen to do the following:

•

View a list of active SSL VPN connections.

•

Log out individual users and delete related session information.

Once a user logs out, the corresponding entry is removed from the

Connection

Monitor

screen.

Figure 136

Monitor > VPN Monitor > SSL

The following table describes the labels in this screen.

Table 41

Monitor > VPN Monitor > SSL

LABEL

DESCRIPTION

Disconnect

Select a connection and click this button to terminate the user’s

connection and delete corresponding session information from the

ZyWALL.

#

This field displays the index number.

Page 194 / 944

Chapter 9 Monitor

ZyWALL USG 50 User’s Guide

194

9.13

The Anti-Virus Statistics Screen

Click

Monitor > Anti-X Statistics > Anti-Virus

to display the following screen.

This screen displays anti-virus statistics.

Figure 137

Monitor > Anti-X Statistics > Anti-Virus: Virus Name

User

This field displays the account user name used to establish this SSL VPN

connection.

Access

This field displays the name of the SSL VPN application the user is

accessing.

Login Address

This field displays the IP address the user used to establish this SSL VPN

connection.

Connected

Time

This field displays the time this connection was established.

Inbound

(Bytes)

This field displays the number of bytes received by the ZyWALL on this

connection.

Outbound

(Bytes)

This field displays the number of bytes transmitted by the ZyWALL on

this connection.

Refresh

Click

Refresh

to update this screen.

Table 41

Monitor > VPN Monitor > SSL (continued)

LABEL

DESCRIPTION

Page 195 / 944

Chapter 9 Monitor

ZyWALL USG 50 User’s Guide

195

The following table describes the labels in this screen.

The statistics display as follows when you display the top entries by source.

Figure 138

Monitor > Anti-X Statistics > Anti-Virus: Source IP

Table 42

Monitor > Anti-X Statistics > Anti-Virus

LABEL

DESCRIPTION

Collect

Statistics

Select this check box to have the ZyWALL collect anti-virus statistics.

The collection starting time displays after you click

Apply

. All of the

statistics in this screen are for the time period starting at the time

displayed here. The format is year, month, day and hour, minute, second.

All of the statistics are erased if you restart the ZyWALL or click

Flush

Data

. Collecting starts over and a new collection start time displays.

Apply

Click

Apply

to save your changes back to the ZyWALL.

Reset

Click

Reset

to return the screen to its last-saved settings.

Refresh

Click this button to update the report display.

Flush Data

Click this button to discard all of the screen’s statistics and update the

report display.

Total Viruses

Detected

This field displays the number of different viruses that the ZyWALL has

detected.

Infected Files

Detected

This field displays the number of files in which the ZyWALL has detected a

virus.

Top Entry By

Use this field to have the following (read-only) table display the top anti-

virus entries by

Virus Name

,

Source IP

or

Destination IP

.

Select

Virus

Name

to list the most common viruses that the ZyWALL has

detected.

Select

Source IP

to list the source IP addresses from which the ZyWALL

has detected the most virus-infected files.

Select

Destination IP

to list the most common destination IP addresses

for virus-infected files that ZyWALL has detected.

#

This field displays the entry’s rank in the list of the top entries.

Virus name

This column displays when you display the entries by

Virus Name

. This

displays the name of a detected virus.

Source IP

This column displays when you display the entries by

Source.

It shows

the source IP address of virus-infected files that the ZyWALL has

detected.

Destination IP

This column displays when you display the entries by

Destination.

It

shows the destination IP address of virus-infected files that the ZyWALL

has detected.

Occurrences

This field displays how many times the ZyWALL has detected the event

described in the entry.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share