Application Usage Report

Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes

The Application Usage report shows a summary of application usage data for allowed connections. The report includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available.

This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.

How to Use this Report

This report can help you analyze how applications use your network resources. Here are some ways to use this report:

  • Select the Top Users pivot sorted by Bandwidth to identify which users consume the most bandwidth on your network. In the Authenticated User column, click arrows next to user names to show which applications they use.
  • Select the Application (User) pivot sorted by Bandwidth to identify which applications consume the most bandwidth on your network. In the Application column, click arrows next to applications to show the names of the top users.

View the Report

This report is available in WatchGuard Cloud and in Dimension.

Pivots

You can use pivots to change the view of the data on the report.

To switch to a different view, select a pivot from the drop-down list above the report.

This report includes these pivots:

Application (User)

Summary of the applications with the most users, by user name.

Application (Host)

Summary of the applications with the most users, organized by host name.

Top Hosts

Summary of the top hosts on the network, organized by application.

Top Users

Summary of the top users on the network, organized by application.

Application Usage Report Detail View

To view a detailed report of all connections used by applications on your network, click View Details at the top of the report.

Screen shot of View Details link in a report

The Application Usage Detail report includes a row for each connection used by an application on your network:

Column Description
Event Time Date and time that an application event occurred
Client IP address of the client device
Source IP address of the traffic source
Destination IP address of the traffic destination
Policy Name of the Firebox policy that examined the traffic
Protocol Protocol used to send the traffic
Category Application Control category the application is assigned to
Application Application type or name
Disposition Action taken by the Firebox for this traffic, such as Allowed or Denied
Bytes (MB) Amount of data in MB
Hits Number of hits

Enable Logging for this Report

Logging for cloud-managed Fireboxes is automatically enabled. For locally-managed Fireboxes, you must manually enable logging in Fireware Web UI or Policy Manager. For more information, see Set Logging and Notification Preferences.

To collect the data required for this report for locally-managed Fireboxes, in Fireware Web UI or Policy Manager:

  • In the Logging and Notification settings for all packet filters, select Send a log message for reports.
  • In the General Settings for all proxy actions, select Enable logging for reports.

Related Topics

WatchGuard Cloud Device Reports List