About Dimension Reports

WatchGuard Dimension includes predefined reports that are automatically generated from the log message data from your Fireboxes, FireClusters, and WatchGuard servers. Dimension also includes reports that you can select to generate when you configure a report schedule. Not all reports can be included in a report schedule.

Many Dimension reports can be viewed and exported as a PDF or CSV file. Some reports include data that you can pivot on to see greater detail in the reports, or can be refined to see per client reports. When you export a report as a PDF or a CSV file, the time zone that appears in the file is the local time on the client computer, not UTC time.

When you view a Summary report, if a Detail report is available for that report type, the View Details link is included at the top of the report. You can click the link to open the Detail report.

If Dimension is in Anonymized Mode, you cannot see Detail reports.

For information about where to enable logging for reports in your Firebox configuration, see Where to Enable Logging for Reports.

For information about how to view a report, see View Reports.

For information about how to create a report schedule, see Schedule Reports.

Available Reports for Devices

From any Device or Group page, you can view reports that were automatically generated from the available log message data for the selected Firebox, FireCluster, or group. You can also select many of these reports when you create a report schedule. For more information about the reports you can include in a report schedule, see Schedule Reports.

Executive Summary Report

The Executive Summary Report shows a high level summary of network use and blocked threats for the selected time frame. The report can be downloaded or scheduled for export as a PDF. The Executive Summary Report includes the Report Types from the subsequent list in the report, if there is data available for that report type. To include this report in a schedule, select the Executive Summary Reports report type. You can schedule this report to be sent to a directory or to an email recipient.

You can also view some of the data that is included in the Executive Summary Report in the widgets available on the Executive Dashboard and Security Dashboard pages.

Report Type Description
Top Zero-Day Malware (APT)

The top malware that was not identified by APT Blocker until after it passed through the firewall. Includes the threat index, threat ID, content name, threat level, and number of hits.

Top Blocked Advanced Malware (APT) The advanced malware threats that APT Blocker detected and that were blocked. Includes the threat index, threat ID, content name, and number of hits.
Top Blocked Malware The malware that has been blocked on the network by Gateway AntiVirus. Includes the name of the malware and the number of hits.
Top Blocked Attacks The top intrusion attacks that were blocked by the Intrusion Prevention Service (IPS). Includes the name of the attack and the number of hits.
Top Clients

The clients on your network that generate the most traffic. Includes the client name or IP address, number of bytes, and number of hits for traffic through packet filter and proxy policies.

Top Domains

The top web domains in use on your network. Includes the domain name, number of bytes, and number of hits.

Top Blocked Botnet Sites The top botnet sites that clients on your network tried to contact.
Top Blocked Botnet Clients The top clients on your network that tried to contact a botnet site.
Top URL Categories

The top ten categories of Internet activity on your network that WebBlocker identified. Includes the category name and number of hits.

Top Applications The top applications that are in use on your network. Includes the application name, number of bytes, and number of hits.
Top Application Categories

The top categories for application traffic. Includes the application category name, number of bytes, and number of hits.

Top Blocked Applications The top applications that were blocked. Includes the application name and number of hits.
Top Blocked Application Categories The top categories of applications that were blocked. Includes the application category name and number of hits.
Top Mobile Devices The mobile devices on your network that generate the most traffic. Includes the mobile device name, number of bytes, and number of hits.

Per Client Reports

Per Client reports are divided into two categories: Summary and Detail reports. Summary reports include the top ten results in each report type available as a Summary report, and include a chart and data selection grid for each report. You can export Summary reports as a PDF file. Detail reports include all results for each report type available as a Detail report. You can export Detail reports as a CSV file.

You can navigate directly to Per Client reports, or open them from the client report pivots in some of the other reports. For information about which reports include options to view Per Client reports, see the subsequent sections.

When you run a Per Client report, you can specify this criteria:

  • User Name
  • IP Address
  • Host Name
  • Device Name (only available if the date range you specify includes log message data for mobile devices)

Criteria for DLP reports
These options are only available if the date range you specify includes log message data for DLP. You can use wildcards when you apply a filter with DLP criteria to Per Client reports.

  • Policy Name
  • Rule Name
Report Type Report Category Description
Web Activity Trend Summary Hourly trend data for websites visited by clients.
Most Popular Domains Summary Top websites visited by clients.
Application Usage Summary Summary report of application usage data for allowed connections. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available.
Data Loss Violations (DLP) Summary All Data Loss Prevention activity and actions on the Firebox.
Data Loss Violations (DLP) by Detail Detail Data Loss Prevention activity and actions on the Firebox, organized by the detail type.
URL Audit Detail Detail Detailed report of traffic through the Firebox, organized by URL. Includes the Event Time, Policy, Disposition, Destination, and Path for the traffic.
Application Usage by Category Detail Application usage data for allowed connections, by category.
Web Audit by Category Summary Summary report of web traffic by category.
Web Audit by Category Detail Detail Detailed report of web traffic by category, organized by the category details.

Traffic

You can view Traffic reports or export them as a PDF file. Some traffic reports include bandwidth data. For more information about bandwidth data in your reports, see About Bandwidth Reports.

Report Type Pivot Name Pivot Option Description Report Schedule Destination
Packet Filter Traffic Activity Trend  

Summary of packet-filter traffic data, organized by the activity.

To include this report in a schedule, select the Packet-Filter Summaries > Activity Trend report.

Email, Directory
  Source Hits, Bandwidth

Summary of packet-filter traffic data, organized by the host name.

To include this report in a schedule, select the Packet-Filter Summaries > Host Summary report.

Email, Directory
  Destination Hits, Bandwidth Summary of packet-filter traffic data, organized by the destination address.  
  Service Hits, Bandwidth

Summary of packet-filter traffic data, organized by the service name.

To include this report in a schedule, select the Packet-Filter Summaries > Service Summary report.

Email, Directory
  Session Hits, Bandwidth

Summary of packet-filter traffic data, organized by the session.

To include this report in a schedule, select the Packet-Filter Summaries > Session Summary report.

Email, Directory
Proxy Traffic Activity Trend  

Summary of proxied traffic data, organized by the activity.

To include this report in a schedule, select the Proxy Summaries > Activity Trend report.

Email, Directory
  Source Hits, Bandwidth

Summary of proxied traffic data, organized by the host name.

To include this report in a schedule, select the Proxy Summaries > Host Summary report.

Email, Directory
  Destination Hits, Bandwidth Summary of proxied traffic data, organized by the destination address.  
  Protocol Hits, Bandwidth

Summary of proxied traffic data, organized by the protocol.

To include this report in a schedule, select the Proxy Summaries > Proxy Summary report.

Email, Directory
  Session Hits, Bandwidth

Summary of proxied traffic data, organized by the session.

To include this report in a schedule, select the Proxy Summaries > Session Summary report.

Email, Directory
External Bandwidth    

Information about the bandwidth/transfer rate for external interfaces. The data sampling interval is based on the report time range. The minimum interval is 1 minute. The published report samples data every 10 minutes.

To include this report in a schedule, select the Firebox Reports > Bandwidth (for External Interfaces and VPN Tunnels report.

Email, Directory
  Data Transfer Amount   Summary of the bandwidth information on the amount of data through the external interfaces.  
  Data Transfer Rate   Summary of the bandwidth information on the rate that the data transferred through the external interfaces.  
VPN Bandwidth    

Includes information on upload and download bandwidth by rate for BOVPN and Mobile VPN tunnels. The data sampling interval is based on the report time range. The minimum interval is 1 minute. The published report samples data every 10 minutes.

To include this report in a schedule, select the Firebox Reports > Bandwidth (for External Interfaces and VPN Tunnels report.

Email, Directory
  Amount of Data Transferred   Summary of the bandwidth information on the amount of data through the VPN tunnel.  
  Rate of Data Transfer   Summary of the bandwidth information on the rate that the data transferred through the VPN tunnel.  
Top Clients   Hits, Bandwidth Summary of the clients that use the most bandwidth on your network, or have the most hits. You can refine the data in this report to see Per Client Reports data.  
  Hosts (Sent & Received)  

Summary of the bandwidth data or hits for the clients based on the host names used to send and receive the traffic.

To include this report in a schedule, select one of these reports:

  • Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)
  • Client Reports > Top Clients by Hits
Email, Directory
  Users (Sent & Received)  

Summary of the bandwidth data or hits for the clients based on the user names used to send and receive the traffic.

To include this report in a schedule, select one of these reports:

  • Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)
  • Client Reports > Top Clients by Hits
Email, Directory
  Mobile Devices (Sent & Received)  

Summary of the bandwidth data or hits for the clients based on the mobile devices used to send and receive the traffic.

To include this report in a schedule, select one of these reports:

  • Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)
  • Client Reports > Top Clients by Hits
Email, Directory
  Hosts (Sent)  

Summary of the bandwidth data or hits for the clients based on the host names used to send the traffic.

To include this report in a schedule, select one of these reports:

  • Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)
  • Client Reports > Top Clients by Hits
Email, Directory
  Users (Sent)  

Summary of the bandwidth data or hits for the clients based on the user names used to send the traffic.

To include this report in a schedule, select one of these reports:

  • Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)Top Clients by Bandwidth (Sent)
  • Client Reports > Top Clients by Hits
Email, Directory
  Mobile Devices (Sent)  

Summary of the bandwidth data or hits for the clients based on the mobile devices used to send the traffic.

To include this report in a schedule, select one of these reports:

  • Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)
  • Client Reports > Top Clients by Hits
Email, Directory
  Users (Received)  

Summary of the bandwidth data or hits for the clients based on the user names that received the traffic.

To include this report in a schedule, select one of these reports:

  • Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)
  • Client Reports > Top Clients by Hits
Email, Directory
  Hosts (Received)  

Summary of the bandwidth data or hits for the clients based on the host names that received the traffic.

To include this report in a schedule, select one of these reports:

  • Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)
  • Client Reports > Top Clients by Hits
Email, Directory
  Mobile Devices (Received)  

Summary of the bandwidth data or hits for the clients based on the mobile devices that received the traffic.

To include this report in a schedule, select one of these reports:

  • Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)
  • Client Reports > Top Clients by Hits
Email, Directory

Web

You can view Web reports or export them as a PDF file.

Report Type Pivot Name Description Report Schedule Destination
Most Active Clients Hits

Summary of the top web traffic for clients and mobile devices, by hits. You can refine the data in this report to see Per Client Reports data.

To include this report in a schedule, select the Web Traffic Reports > Most Active Clients report.

Email, Directory
  Bytes

Summary of the top web traffic for clients and mobile devices, by bytes transferred. You can refine the data in this report to see Per Client Reports data.

To include this report in a schedule, select the Web Traffic Reports > Most Active Clients report.

Email, Directory
Most Popular Domains Hits

Summary of the top websites visited by clients, by hits.

To include this report in a schedule, select the Web Traffic Reports > Most Popular Domains report.

Email, Directory, ConnectWise
  Bytes

Summary of the top websites visited by clients, by bytes transferred.

To include this report in a schedule, select the Web Traffic Reports > Most Popular Domains report.

Email, Directory, ConnectWise
Web Audit Category

Summary of the trends, active clients, most popular domains, WebBlocker details, and websites traffic for connections allowed by proxy rules, by category.

To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, by Category and Client) report.

Email, Directory
  Client

Summary of the trends, active clients, most popular domains, WebBlocker details, and websites traffic for connections allowed by proxy rules, by client.

To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, by Category and Client) report.

Email, Directory
  Mobile Device

Summary of the trends, active clients, most popular domains, WebBlocker details, and websites traffic for connections allowed by proxy rules, by mobile device.

To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, by Mobile Device) report.

Email, Directory
Web Activity Trend  

Summary of the hourly trend data for web traffic activity.

To include this report in a schedule, select the Web Traffic Reports > Activity Trend report.

Email, Directory
Web Traffic Summary  

Summary of the top websites and top web categories visited by clients.

To include this report in a schedule, select the Web Traffic Reports > Web Traffic Summary report.

Email, Directory

Mail

You can view Mail reports or export them as a PDF file.

Report Type Pivot Name Description Report Schedule Destination
SMTP Sender Summary of the SMTP proxy action records by sender.  
  Recipient Summary of the SMTP proxy action records by recipient.  
  Server Summary

Summary of the SMTP server activity (for internal and external email accounts).

To include this report in a schedule, select the SMTP Proxy > SMTP Summary (Email and Server) report.

Email, Directory
POP3 User

Summary of the POP3 user activity.

To include this report in a schedule, select the POP3 Proxy > POP3 Summary (Email and Server) report.

Email, Directory
  Server Summary

Summary of the POP3 server activity.

To include this report in a schedule, select the POP3 Proxy > POP3 Summary (Email and Server) report.

Email, Directory

Services

You can view Services reports or export them as a PDF file.

Report Type Pivot Name Description Report Schedule Destination
Application Usage Summary

Summary of application usage data for allowed connections. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available.

You can refine the data in this report type to see Per Client Reports data in a Top Clients report.

To include this report in a schedule, select the Application Control > Application Usage Summary report.

To include the Top Clients report in a schedule, select the Client Reports > Top Clients by Application Usage report.

Email, Directory
  Top Applications by User Summary of the applications with the most users, by user name.  
  Top Applications by Host Summary of the applications with the most users, organized by host name.  
  Top Applications by Mobile Device Summary of the applications with the most users, organized by mobile device.  
  Top Users by Application Summary of the users most often blocked by Application Control, organized by application.  
  Top Hosts by Application Summary of the hosts most often blocked by Application Control, organized by application.  
  Top Mobile Devices by Application Summary of the mobile devices most often blocked by Application Control, organized by application.  
Advanced Malware (APT) Advanced Malware (APT) Summary

Summary of the malware detected by APT Blocker.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Advanced Malware (APT) Summary report.

Email, Directory
  Content Name

Summary of the malware detected by APT Blocker, organized by content name. Includes allowed and denied hits.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Content Name report.

Email, Directory
  Activity Trend

Summary report of a trend of the malware that was detected by APT Blocker.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Malware Activity Trend report.

Email, Directory
  Threat ID

Summary of the malware detected by APT Blocker, organized by the Threat ID.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Threat ID report.

Email, Directory
  Malicious Activity

Summary of the malicious activity on your network that was detected by APT Blocker.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Malicious Activity report.

Email, Directory
  MIME Type

Summary of the MIME types used on your network.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by MIME Type report.

Email, Directory
  Protocol

Summary of the protocols used for malicious activity on your network that was detected by APT Blocker.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Protocol report.

Email, Directory
  Recipient/Destination

Summary of the recipient names and destination addresses for malicious activity on your network.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Destination report.

Email, Directory
  Sender/Source

Summary of the sender names and source addresses for malicious activity on your network.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Source report.

Email, Directory
  Threat Level

Summary of the threat levels assigned to malicious activity on your network.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Threat Level report.

Email, Directory
Botnet Detection By Client

Summary report of all the activity on you network related to botnet sites, by client.

Summary data shows the top 50 clients that were blocked before they connected to botnet sites. You can click the IP address in the Client column to see the detail report filtered by the selected IP address.

To include this report in a schedule, select Botnet Detection > Botnet Detection by Client.

Email, Directory
  By Activity Trend

Summary report of a trend of the sites that were scanned in relation to the number of blocked botnet sites.

To include this report in a schedule, select Botnet Detection > Activity Trend.

Email,
Directory
  By Destination

Summary report of all the activity on you network related to botnet sites, by destination.

Summary data shows the top 50 destinations that botnet sites tried to connect to and were blocked. You can click the IP address in the Destination column to see the detail report filtered by the selected IP address.

To include this report in a schedule, select Botnet Detection > Botnet Detection by Destination

Email, Directory
  Blocked Botnet Sites

Summary report of the top 50 blocked botnet sites.

You can click the IP address in the Name column to see the detail report filtered by the selected IP address.

To include this report in a schedule, select Botnet Detection > Blocked Botnet Site Summary

Email, Directory
Blocked Applications  

Summary of the applications used on your network that were blocked by Application Control. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available.

You can refine the data in this report type to see Per Client Reports data.

To include this report in a schedule, select the Application Control > Blocked Application Summary report.

Email, Directory
  Top Blocked by User Summary of the applications that were most blocked, organized by user name.  
  Top Blocked by Host Summary of the applications that were most blocked, organized by host name.  
  Top Blocked by Mobile Device Summary of the applications that were most blocked, organized by mobile device.  
  Top Users Blocked Summary of the user names that were most blocked.  
  Top Hosts Blocked Summary of the host names that were most blocked.  
  Top Mobile Devices Blocked Summary of the mobile devices that were most blocked.  
Blocked Websites Category

Summary of the websites blocked by WebBlocker, organized by category.

To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report.

Email, Directory, ConnectWise
  Activity Trend

Summary report of a trend of the sites that were scanned in relation to the number of blocked websites.

To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites Activity Trend report.

 
  Client

Summary of the websites blocked by WebBlocker, organized by client.

To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report.

Email, Directory, ConnectWise
  Mobile Device

Summary of the websites blocked by WebBlocker, organized by mobile device.

To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Mobile Devices) report.

Email, Directory, ConnectWise
Data Loss Violations (DLP)   Summary reports of the top 50 hits for Data Loss Prevention activity and actions. Includes allowed and denied violations.  
  Rules

Summary of the denied violations by rule name.

To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Rules Summary report.

Email, Directory
  Activity Trend

Summary of the traffic scanned by Data Loss Prevention. Data includes the total number of scans, the allowed violations, denied violations, and quarantined violations.

To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Activity Trend report.

Email, Directory
  Sender/Source

Summary of the denied violations by the sender or source address.

To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Source Summary report.

Email, Directory
  Recipient/Destination

Summary of the denied violations by the recipient or destination address.

To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Destination Summary report.

Email, Directory
Intrusions (IPS)  

Includes the signature name in each of the reports. Includes allowed and denied hits.

To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Summary report.

Email, Directory
  Activity Trend

Summary report of a trend of the intrusions on your network.

To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Activity Trend report.

Email, Directory
  Signatures

Summary of the IPS actions, organized by signature.

To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Signature report.

Email, Directory
  Source IP

Summary of the IPS actions, organized by the IP address where the traffic originated.

To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Source report.

 
  Threat Level

Summary of the IPS actions, organized by the threat level.

To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Threat Level report.

 
  Protocol

Summary of the IPS actions, organized by the protocol used for the traffic.

To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Protocol report.

 
Reputation Enabled Defense Action

Summary of all the Reputation Enabled Defense actions for traffic through the device.

To include this report in a schedule, select the Reputation Enabled Defense > Reputation Enabled Defense Summary report.

Email, Directory
  Activity Trend

Summary report of a trend of the URLs that were scanned and the URL responses.

To include this report in a schedule, select the Reputation Enabled Defense > RED Activity Trend report.

Email, Directory
spam spam Level

Summary of all the spamBlocker categories for mail traffic through the Firebox. Statistics include the message type, the count of email messages in each category, and the percent of email messages that the count represents.

To include this report in a schedule, select the spam Summary > spam Summary report.

Email, Directory
  Action

Summary of all the spamBlocker actions for traffic through the Firebox. Statistics include the action type, the count of email messages, and the percent of email messages that the count represents.

 
  Activity Trend

Summary report of a trend of the traffic that was scanned by spamBlocker in relation to the amount of spam that was detected.

To include this report in a schedule, select the spam Summary > spam Activity Trend report.

Email, Directory
Virus (GAV) Virus

Summary of the Gateway AntiVirus actions, organized by virus name. Includes allowed and denied hits.

To include this report in a schedule, select the Virus (GAV) Reports > Virus (GAV) Summary report.

Email, Directory
  Activity Trend

Summary report of a trend of the traffic that was scanned by GAV in relation to the number of viruses detected.

To include this report in a schedule, select the Virus (GAV) Reports > Virus (GAV) Activity Trend report.

Email, Directory
  Host (HTTP) Summary of the Gateway AntiVirus actions, organized by host name.  
  Protocol Summary of the Gateway AntiVirus actions, organized by the protocol used for the traffic.  
  Email Sender Summary of the Gateway AntiVirus actions, organized by the email address that sent the message. Available for the SMTP and POP3 proxies.  
Zero-Day Malware (APT) Zero-Day Malware (APT) Summary Summary of the zero-day malware detected by APT Blocker. This report is only available for a report schedule. Email
  Content Name Summary of the malware identified as Zero-Day Malware by APT Blocker, organized by content name.  
  Threat ID Summary of the malware identified as Zero-Day Malware by APT Blocker, organized by the Threat ID.  
  Malicious Activity Summary of the malicious activity on your network that was identified as Zero-Day Malware by APT Blocker.  
  Recipient/Destination Summary of the recipient names and destination addresses for activity on your network identified as Zero-Day Malware by APT Blocker.  
  Threat Level Summary of the threat levels assigned to activity on your network identified as Zero-Day Malware by APT Blocker.  

Device

You can view Device reports or export most reports as a PDF file.

Report Type Pivot Name Description Report Schedule Destination
Denied Packets  

Summary of all the incoming and outgoing packets that were denied access through the device. This report also includes traffic denied for users who exceed the bandwidth and time quota settings on your device.

To include this report in a schedule for reports sent to an email destination, select the Exceptions > Denied Packets Summary report.

To include this report in a schedule for reports sent to a directory destination, select the Exceptions > Denied Packets (Summary and Detail) or the Exceptions > Denied Packets by Client (Summary) reports.

Email, Directory
Denied Quota  

Summary of the denied traffic by hits for users who exceed the bandwidth and time quotas configured on your device.

Includes the name of the user, the count of user attempts to connect, and the percentage of denied connections for each user.

To include this report in a schedule, select the Exceptions > Denied Quota Summary report.

Email
Alarms  

Summary of all the alarm records generated for the device.

To include this report in a schedule, select the Exceptions > Alarms Summary Report report.

Email, Directory
Authentication Allowed

Summary of all users who successfully authenticated to the device. Includes the login time, logout time, duration, and connection method. If bandwidth and time quotas are enabled on your Firebox, the quota usage details also appear for each user.

To include this report in a schedule, select the Firebox Reports > User Authentication report.

Directory
  Denied

Summary of all users who were not allowed to authenticate to the device. Includes the date, time, and reason authentication failed.

To include this report in a schedule, select the Firebox Reports > User Authentication Denied report.

Directory
Audit Trail  

Summary of all audited configuration changes for a device. Includes the user account that made the change, the change that was made, the date and time of the change, and any comments that were added about the changes.

To include this report in a schedule, select the Firebox Reports > Audit Trail report.

Directory
Blocked Default Threats  

Summary of the packets blocked by the Fireware Default Threat Protection feature.

To include this report in a schedule, select the Firebox Reports > Blocked Default Threats report.

Directory
DHCP Lease Activity  

Summary of all activity on the device related to the DHCP lease.

To include this report in a schedule, select the Firebox Reports > DHCP Lease Activity report.

Directory
Device Statistics  

Summary of the bandwidth statistics for all interfaces on the Firebox. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available.

To include this report in a schedule for reports sent to the ConnectWise destination, select the ConnectWise > Firebox Statistics report.

To include this report in a schedule for reports sent to an email or directory destination, select the Firebox Reports > Device Statistics report.

Email, Directory, ConnectWise
Policy Usage  

Summary of all policies included in the Firebox configuration. For each policy, the policy name, number of hits, number of bytes, and the date and time the policy was last used appear. Policies that have been deleted appear in red with Deleted in the Status column.

Before you can see this report, Dimension Command must be enabled in your Firebox feature key.

You can export the Policy Usage report as a CSV file.

To include this report in a schedule, select the Firebox Reports > Policy Usage report.

Directory
Wireless Intrusion Detection Summary

Summary of all Wireless Intrusion Detection actions.

Rogue access point detection must be enabled on a device to see this information for the device.

To include this report in a schedule, select the Wireless Intrusion Detection > Wireless Intrusion Detection Summary report.

Email, Directory

Detail

Detail reports provide a textual, grid-based view of detail information. Detail reports can be viewed and exported as a CSV file.

Report Type Pivot Name Description Report Schedule Destination
Zero-Day Malware (APT) Zero-Day Malware (APT) Detail

Detailed report of all the threats identified by APT Blocker as Zero-Day Malware (not identified until after the traffic passed through the firewall). Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts.

To see more detailed information (includes MD5 and Threat Level information), click Threat Details  for each threat in the report.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Zero-Day Malware (APT) Detail report.

Directory
  Content Name

Detailed report of the malware identified as Zero-Day Malware by APT Blocker, organized by content name.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Content Type report.

Directory
  Threat ID

Detailed report of the malware identified as Zero-Day Malware by APT Blocker, organized by the Threat ID.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Threat ID report.

Directory
  Malicious Activity

Detailed report of the malicious activity on your network that was identified as Zero-Day Malware by APT Blocker.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Malicious Activity report.

Directory
  Recipient/Destination

Detailed report of the recipient names and destination addresses for activity on your network identified as Zero-Day Malware by APT Blocker.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Destination report.

Directory
  Threat Level

Detailed report of the threat levels assigned to activity on your network identified as Zero-Day Malware by APT Blocker.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Threat Level report.

Directory
Advanced Malware (APT) Advanced Malware (APT) Detail

Detailed report of all the threats identified by APT Blocker. Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts.

To see more detailed information (includes MD5 and Threat Level information), click Threat Details  for each threat in the report.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Advanced Malware (APT) Detail report.

Directory
  Content Name

Detailed report of the malware detected by APT Blocker, organized by content name. Includes allowed and denied hits.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Content Name report.

Directory
  Threat ID

Detailed report of the malware detected by APT Blocker, organized by the Threat ID.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Threat ID report.

Directory
  Malicious Activity

Detailed report of the malicious activity on your network that was detected by APT Blocker.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Malicious Activity report.

Directory
  MIME Type

Detailed report of the MIME types used on your network.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by MIME Type report.

Directory
  Protocol

Detailed report of the protocols used for malicious activity on your network that was detected by APT Blocker.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Protocol report.

Directory
  Recipient/Destination

Detailed report of the recipient names and destination addresses for malicious activity on your network.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Destination report.

Directory
  Sender/Source

Detailed report of the sender names and source addresses for malicious activity on your network.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Source report.

Directory
Alarms Threat Level

Detailed report of the threat levels assigned to malicious activity on your network. Includes the time of the event, the name of the alarm, and an informational message for each alarm event.

To include this report in a schedule, select the Exceptions > Alarms report.

Directory
Application Usage Client

Detailed report about the applications used by clients on your network, by bandwidth or hits.

To include this report in a schedule, select the Application Control > Application Usage Summary report.

Directory
  Source

Detailed report about the source IP address of applications used on your network, by bandwidth or hits.

To include this report in a schedule, select the Application Control > Application Usage Summary report.

Directory
  Mobile Device

Detailed report about the source IP address of applications used on your network, by bandwidth or hits.

To include this report in a schedule, select the Application Control > Application Usage Summary report.

Directory
  Category

Detailed report about the categories of applications used on your network, by bandwidth or hits.

To include this report in a schedule, select the Application Control > Application Usage Summary report.

Directory
  Application

Detailed report about the applications used on your network, by bandwidth or hits.

To include this report in a schedule, select the Application Control > Application Usage Summary report.

Directory
Blocked Applications Client

Detailed report about the applications used on your network that were blocked by Application Control, by client.

To include this report in a schedule, select the Application Control > Blocked Application Summary report.

Directory
  Source

Detailed report about the applications used on your network that were blocked by Application Control, by source IP address.

To include this report in a schedule, select the Application Control > Blocked Application Summary report.

Directory
  Mobile Device

Detailed report about the applications used on your network that were blocked by Application Control, by mobile device.

To include this report in a schedule, select the Application Control > Blocked Application Summary report.

Directory
  Category

Detailed report about the applications used on your network that were blocked by Application Control, by category.

To include this report in a schedule, select the Application Control > Blocked Application Summary report.

Directory
  Application

Detailed report about the applications used on your network that were blocked by Application Control, by application.

To include this report in a schedule, select the Application Control > Blocked Application Summary report.

Directory
Blocked Websites By Category

Detailed report about all websites that were blocked, organized by category.

To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report.

Directory

  By Client

Detailed report about all websites that were blocked, organized by client.

To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report.

Directory
  By Mobile Device

Detailed report about all websites that were blocked, organized by mobile device.

To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Mobile Devices) report.

Directory
Botnet Detection  

Detailed report about the traffic sent to and from a botnet address. Includes the date and time of the traffic, the source and destination addresses, the number of attempts made to send traffic to the botnet site, the protocol used, and whether the address was the source or destination. You can click the client or destination to filter the report data on that data.

To include this report in a schedule, select the Botnet Detection > Blocked Botnet Site Detail.

Directory
Data Loss Violations (DLP)  

Detailed report about all the violations of the Data Loss Prevention rules configured on your device.

To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Detail report.

Directory
Denied Packets By Detail

Detailed report of all the packets denied by your device, organized by detail.

Includes the time of the first action, the source and destination IP addresses, the number of attempts for each packet, the protocol and port, and the action.

Directory
  By Client Detail

Detailed report of all the packets denied by your device, organized by client.

Includes the IP address of the client, the first and last date/time the packet was denied, the intended packet destination, the protocol and port , and the number of attempts for each packet.

Directory
Denied Quota  

Detailed report of traffic denied because of bandwidth and time quota settings on your Firebox.

Includes the time of the first action, the source and destination of the traffic, the number of connection attempts, the protocol applied to the traffic, and the quota action applied.

 
Mobile Devices  

Detailed report of all the mobile device connections through your Firebox.

Details include the date/time, mobile device name, connection status, user name, UUID of FireClient, compliance check results, IP address of the mobile device, MAC address of the mobile device, device type, OS version of the mobile device, and VPN type.

This report can be exported to a CSV file.

To include this report in a schedule, select the Mobile Device Reports > Mobile Device Summary report.

Directory
Virus (GAV) By Detail

Detailed report of all Gateway AntiVirus actions, organized by detail.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Virus (GAV) Reports > Virus (GAV) Detail report.

Directory
  By Email Sender

Detailed report of Gateway AntiVirus actions, organized by the email address that sent the message. Available for the SMTP and POP3 proxies.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Virus (GAV) Reports > Detail by Email Sender report.

Directory
  By Host (HTTP)

Detailed report of Gateway AntiVirus actions, organized by host name.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Virus (GAV) Reports > Detail by Host (HTTP) report.

Directory
  By Protocol

Detailed report of Gateway AntiVirus actions, organized by the protocol used for the traffic.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Virus (GAV) Reports > Detail by Protocol report.

Directory
  By Virus

Detailed report of Gateway AntiVirus actions, organized by virus name. Includes allowed and denied hits.

This report is only available when you create a report schedule.

To include this report in a schedule, select the Virus (GAV) Reports > Detail by Virus report.

Directory
Intrusions (IPS)  

Detailed report of all Intrusion Prevention Service actions.

To include this report in a schedule, select the Intrusions (IPS) Reports > Intrusions (IPS) Detail report.

Directory
 

By IP-Spoofed Packets

Detailed report of Intrusion Prevention service actions, by IP-spoofed packets. This report is only available when you create a report schedule.

To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by IP-Spoofed Packets report.

Directory
 

By Protocol

Detailed report of Intrusion Prevention service actions, by protocol. This report is only available when you create a report schedule.

To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Protocol report.

Directory
 

By Signature

Detailed report of Intrusion Prevention service actions, by the signature ID. This report is only available when you create a report schedule.

To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Signature report.

Directory
 

By Source

Detailed report of Intrusion Prevention service actions, by the source address. This report is only available when you create a report schedule.

To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Source report.

Directory
 

By Threat Level

Detailed report of Intrusion Prevention service actions, by threat level. This report is only available when you create a report schedule.

To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Threat Level report.

Directory
POP3 Proxy  

Detailed report about all traffic through the POP3-proxy.

To include this report in a schedule, select the POP3 Proxy > POP3 Proxy Detail report.

Directory
SMTP Proxy  

Detailed report about all traffic through the SMTP-proxy.

To include this report in a schedule, select the SMTP Proxy > SMTP Proxy Detail report.

Directory
Web Audit By Category

Detailed report about all allowed web traffic connections through your device, organized by category.

To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, By Category and Client report.

Directory
  By Client

Detailed report about all allowed web traffic connections through your device, organized by client.

To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, By Category and Client report.

Directory
  By Mobile Device

Detailed report about all allowed web traffic connections through your device, organized by mobile device.

To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, By Mobile Device report.

Directory
AP Device Events   Detailed report of all events that occur on the AP devices connected to your Firebox. Includes the event time, the AP device name. and the event message.  
Rogue Access Points  

Detailed report of all rogue access point detection events. Includes the SSID, BSSID, and time of each rogue access point detection event.

 

Health

Health reports include statistics about the health of your connected Fireboxes. Reports can be viewed and downloaded as a PDF file, or scheduled for delivery.

Report Type Pivot Name Description Report Schedule Destination
Health Summary   Detailed statistics about memory usage, CPU usage, and the physical interfaces on the Firebox. Includes minimum, average, and maximum values. Email, Directory
Usage Summary   Detailed report with a list and a chart of the memory and CPU usage statistics. Email, Directory
Interface Summary Physical Interfaces

Detailed report with a list and a chart of the sent and received statistics for each interface.

Can pivot by byte, rate, and packets

Email, Directory

AP Devices

When you enable logging for reports in the Gateway Wireless Controller and you configure your Firebox to send log messages to Dimension, your Firebox also captures log messages for your connected AP devices and sends them to Dimension. Dimension then generates the subsequent reports about your AP devices. AP devices reports can be exported as a PDF or CSV file, dependent on the report type.

Report Type Pivot Name Description Report Export Type
AP Devices  

Summary of the AP devices connected to the selected Firebox.

Includes the AP device name, serial number, connected clients (average and maximum number of connections over the selected period), connection rate (average and maximum number of connections over the selected period), and the latest firmware version.

Includes a bar chart with the top 10 AP devices.

PDF
  Average Clients Includes the average number of connected clients over the selected period. PDF
  Max Clients Includes the maximum number of connected clients over the selected period. PDF
  Average Rate Includes the average rate of connections over the selected period. PDF
  Max Rate Includes the maximum rate of connections over the selected period. PDF
AP Device Usage   Summary report of the connected clients for an AP device over the selected period. Includes the time, clients, MB sent, MB received, and the total MBs sent through the AP device. PDF
  Bytes Includes a line graph of the AP device usage by bytes. PDF
 

Connected Clients

Includes a line graph of the AP device usage by the number of connected clients. PDF
SSID Usage   Summary report of the number of clients connected to a single SSID over the selected period. Includes the time, number of clients, bytes sent, bytes received, and total number of bytes. PDF
  Bytes Includes a chart of the SSID usage by bytes. PDF
  Clients Includes a chart of the SSID usage by the number of connected clients. PDF
Rogue Access Points   Summary report of the rogue access points detected by the Firebox. Includes the SSID and BSSID of the rogue access point, and the times and dates when the access points were first and last detected. CSV

Compliance

Compliance report groups combine other reports, but include information specific to HIPAA and PCI reports. You can view the combined report or export it as a PDF.

Report Type Pivot Name Description Report Schedule Destination
PCI  

Summary of the compliance report data related to PCI. This report is only available for a report schedule.

To include this report in a schedule, select the Compliance Reports > PCI report.

Email, Directory
  Zero-Day Malware (APT)

Detailed report of all the threats identified by APT Blocker as Zero-Day Malware (not identified until after the traffic passed through the firewall), that are relevant to PCI.

Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts.

 
  Advanced Malware (APT)

Detailed report of all the threats identified by APT Blocker, that are relevant to PCI.

Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts.

 
  Virus (GAV) Detailed report of the Gateway AntiVirus actions, that are relevant to PCI.  
  Intrusions (IPS) Detailed report of all Intrusion Prevention Service actions, that are relevant to PCI.  
  Audit Trail

Detailed report of all audited configuration changes for a device, that are relevant to PCI.

Includes the user account that made the change, the change that was made, the date and time of the change, and any comments that were added about the changes.

 
  Alarms Summary report of alarm records on the device, that are relevant to PCI.  
  User Authentication

Detailed list of users authentication to the device, that are relevant to PCI.

Includes the date, time, status (allowed or denied) and reason for authentication failure (if authentication was denied).

 
HIPAA  

Summary of the compliance report data related to HIPAA. This report is only available for a report schedule.

To include this report in a schedule, select the Compliance Reports > HIPAA report.

Email, Directory
  Intrusions (IPS) Detailed report of all Intrusion Prevention Service actions, that are relevant to HIPAA.  
  Audit Trail

Detailed report of all audited configuration changes for a device, that are relevant to HIPAA.

Includes the user account that made the change, the change that was made, the date and time of the change, and any comments that were added about the changes.

 
  Alarms Summary report of alarm records on the device, that are relevant to HIPAA.  
  User Authentication

Detailed list of users authentication to the device, that are relevant to HIPAA.

Includes the date, time, status (allowed or denied) and reason for authentication failure (if authentication was denied).

 

For more information about compliance reports see:

Available Reports for Servers

From any Server page, you can see the reports that were automatically generated from the available log message data for the selected server.

When you create a report schedule for your WatchGuard servers, you can select the Audit Summary or Authentication Audit reports.

Report Type Description Report Schedule Destination
Authentication Audit Detailed report of all authenticated users for the server. Directory
Audit Details

Detailed report of all the changes made to the server configuration.

Includes the user account that made the changes, a description of the changes, the date and time of the changes, and any comments that the user specified when the changes were saved to the server.

Directory
Audit Summary Summary report of all the changes made to the server configuration. Email, Directory

See Also

Schedule Reports

View Reports

About HIPAA Compliance Reports

About PCI Compliance Reports

Give Us Feedback     Get Support     All Product Documentation     Technical Search