About Bandwidth Reports
From Dimension, you can view several reports that include bandwidth data for your Firebox. These reports include:
- External bandwidth reports
- VPN bandwidth reports
- Packet filter reports
- Proxy action reports
This topic includes details about how to read the log data in these reports and how to enable your Firebox to generate log messages for these reports. For more information about these and other reports you can view in Dimension, see About Dimension Reports.
External Bandwidth Report
The bandwidth data for the External Bandwidth report is based on the interface statistics for the external network interfaces on your Firebox. This includes connections that are dropped or denied by policy or default threat prevention rules. This includes received (RX) and transmitted (TX) data, but not packets dropped or lost at the interface.
Example of log data , with bandwidth information in bold:
<FWStatus d="2016-12-06T18:58:44" orig="chelan_52_51" cname="" seq="114705" device="wan" unix_time="1394132324.646141" in_octets="40448339" out_octets="89135571" log_type="pe"/>
VPN Bandwidth Report
The VPN Bandwidth report includes bandwidth data for each branch office VPN and all connected mobile VPN with IPSec clients. Traffic through other types of VPN clients, such as mobile VPN with SSL, is not included in the VPN Bandwidth report.
The data for VPN Bandwidth reports is based on the VPN tunnel statistics, which includes connections that are received from a remote site over the VPN but denied by policy or default threat prevention rules.
Example of log data, with bandwidth information in bold:
<FWStatus d="2016-12-06T18:58:41" orig="chelan_52_51" cname="" seq="114704" device="tunnel" unix_time="1394132321.642441" in_octets="0" out_octets="0" log_type="pe"/>
Packet Filter Report
To create reports that include bandwidth data for traffic managed by packet filter policies, after you enable your Firebox to generate log messages of bandwidth data, you must also enable each packet filter policy to send log messages.
Example of log data, with bandwidth information in bold:
2016-12-16 16:36:11 Allow 100.100.100.2 188.8.131.52 http/tcp 54495 80 2-WGRD-TECH 0-External HTTP request (HTTP-proxy_reporting2-00) HTTP-Client.20 proc_id="http-proxy" rc="525" msg_id="1AFF-0024" proxy_act="HTTP-Client.20" op="GET" dstname="cdn.optimizely.com" sent_bytes="446" rcvd_bytes="403" elapsed_time="0.028528 sec(s)" reputation="1" Traffic
Proxy Action Report
FWAllowEnd, , pri=6, disp=Allow, policy=HTTPS_Bypass_100.100.100.2-00, protocol=https/tcp, src_ip=100.100.100.2, src_port=51424, dst_ip=184.108.40.206, dst_port=443, src_intf=2-WGRD-TECH, dst_intf=0-External, rc=106, duration=11; sent_bytes=1323; rcvd_bytes=456
Log messages that begin with FWAllow or FWAllowEnd appear in Log Manager but not in Traffic Monitor. These log messages note the start and end of connections for the purpose of bandwidth reports.
When two commas appear consecutively in a log message, a section of log data was not included in the log message because there was no data for that section. For example, in the previous log message, the log message is for the end of a connection that was not allowed or denied. This is indicated by the two consecutive commas that appear in the log message after FWAllowEnd. If the connection had been allowed or denied, that detail would have appeared in the log message after FWAllowEnd, between the two consecutive commas.
Bandwidth Numbers in Reports
The total bytes of bandwidth data included in the External Bandwidth and VPN Bandwidth reports are never the same as the total bytes of bandwidth data included in the reports for packet filter and proxy policies. This is because the values are calculated differently. Reports for packet filter policies and proxy actions do not include connections that were not completed successfully, or that were denied because of default threat prevention rules.
The External Bandwidth report also does not include any connections between internal hosts on different Firebox interfaces, or connections to the Firebox from internal hosts.
Enable Logging for Bandwidth Data in your Firebox Configuration
Because you can only see reports in Dimension for the log message data that your Firebox sends to Dimension, before you can see these reports of bandwidth details in Dimension, you must configure your Firebox to generate log messages with this bandwidth data.
To enable your Firebox to generate log messages of bandwidth statistics:
- From Fireware Web UI, select System > Logging > Settings and select the Send external interface and VPN bandwidth statistics to log file check box.
- From Policy Manager, select Setup > Logging > Performance Statistics and select the External Interface and VPN bandwidth statistics check box.
For more information about bandwidth statistics, see Include Performance Statistics in Log Messages (WSM).
To generate the full range of reports for VPN and bandwidth statistics, you must also enable logging in the packet filter policies and proxy actions that control traffic through your Firebox.
To enable logging in your packet filter policies:
- From Fireware Web UI, edit the packet filter policy, select the Settings tab, and select the Send log messages check box.
- From Policy Manager, edit the packet filter policy, select the Properties tab, click Logging, and select the Send log message check box.
For more information about how to enable logging for packet filter policies, see Configure Logging and Notification for a Policy.
To enable logging in your proxy actions:
- From Fireware Web UI, edit the proxy action, select the General tab, and select the Enable logging for reports check box.
- From Policy Manager, edit the proxy action, select the General category, and select the Enable logging for reports check box.
For more information about how to enable logging for proxy actions, see About Proxy Actions.