About HostWatch

HostWatch is a graphical user interface that shows the connections between different Firebox interfaces. HostWatch also gives information about users, connections, ports, and other information.

The top section of the HostWatch window has two sides. You can set the left side to show one interface you want to monitor. The right side shows the connections to and from the interface selected on the left side.

The lines that connect source hosts and destination hosts use colors that show the type of connection. You can change these colors. The default colors are:

  • Red — The Firebox denies the connection.
  • Blue — The connection uses a proxy.
  • Green — The Firebox uses NAT for the connection.
  • Black — Normal connection (the connection has been accepted, and it does not use a proxy or NAT).

To indicate the type of service, these icons appear adjacent to the server entries.

Telnet icon Telnet   FTP icon FTP
HTTP icon HTTP   Email icon Other

Another WatchGuard tool you can use to see the connections through your Firebox is FireWatch. FireWatch is an interactive report tool, available in Fireware Web UI, that groups, aggregates, and filters the traffic through your Firebox in an easy-to-understand form. FireWatch includes many options to pivot, drill-down, and filter your firewall connections. For more information about FireWatch, go to FireWatch.

DNS Resolution and HostWatch

Domain name server (DNS) resolution does not occur immediately when you start HostWatch. When HostWatch is configured for DNS resolution, it replaces the IP addresses with the host or user names. If the Firebox cannot identify the host or user name, the IP address stays in the HostWatch window.

If you use DNS resolution with HostWatch, the management computer can send a large number of NetBIOS packets (UDP 137) through the Firebox. To stop this process, you must disable NetBIOS over TCP/IP in Windows.

Start HostWatch

To start the HostWatch application:

  1. Start Firebox System Manager.
  2. Click the HostWatch icon.
    Or, select Tools > HostWatch.
    The display is automatically started.

Pause and start the HostWatch display

To pause the HostWatch display:

From the HostWatch window, click the Pause icon.
Or, select File > Pause.

To start the HostWatch display:

From the HostWatch window, click the Continue icon.
Or, select File > Continue.

Related Topics

Select Connections and Interfaces to Monitor

Filter Content of the HostWatch Window

Change HostWatch Visual Properties

Visit or Block a Site from HostWatch