About Dimension Reports

WatchGuard Dimension includes predefined reports that are automatically generated from the log message data from your Fireboxes, FireClusters, and WatchGuard servers. Dimension also includes reports that you can select to generate when you configure a report schedule. Not all reports can be included in a report schedule.

Many Dimension reports can be viewed and exported as a .PDF or .CSV file. Some reports include data that you can pivot on to see greater detail in the reports, or can be refined to see per client reports. When you export a report as a .PDF or a .CSV file, the time zone that appears in the file is the local time on the client computer, not UTC time.

When you view a Summary report, if a Detail report is available for that report type, the View Details link is included at the top of the report. You can click the link to open the Detail report.

If Dimension is in Anonymized Mode, you cannot see Detail reports.

For information about where to enable logging for reports in your Firebox configuration, go to Where to Enable Logging for Reports.

For information about how to view a report, go to View Reports.

For information about how to create a report schedule, go to Schedule Dimension Reports.

NONE line items in proxy-based reports are the result of traffic logs for requests where the primary key data of a report (such as sni or sender) is not available. If this occurs frequently, NONE can appear as the top entry in summary reports.

Available Reports for Devices

From any Device or Group page, you can view reports that were automatically generated from the available log message data for the selected Firebox, FireCluster, or group. You can also select many of these reports when you create a report schedule. For more information about the reports you can include in a report schedule, go to Schedule Dimension Reports.

Executive Summary Report

The Executive Summary Report shows a high level summary of network use and blocked threats for the selected time frame. The report can be downloaded or scheduled for export as a .PDF. The Executive Summary Report includes the Report Types from this list in the report, if there is data available for that report type. To include this report in a schedule, select the Executive Summary Reports report type. You can schedule this report to be sent to a directory or to an email recipient.

You can also view some of the data that is included in the Executive Summary Report in the widgets available on the Executive Dashboard and Security Dashboard pages.

Report Type	Description
Top Zero-Day Malware (APT)	The top malware that was not identified by APT Blocker until after it passed through the firewall. Includes the threat index, threat ID, content name, threat level, and number of hits.
Top Blocked Advanced Malware (APT)	The advanced malware threats that APT Blocker detected and that were blocked. Includes the threat index, threat ID, content name, and number of hits.
Top Blocked Malware	The malware that has been blocked on the network by Gateway AntiVirus. Includes the name of the malware and the number of hits.
Top Blocked Attacks	The top intrusion attacks that were blocked by the Intrusion Prevention Service (IPS). Includes the name of the attack and the number of hits.
Top Clients	The top clients, including clients both inside and outside your network, that generate the most traffic. Includes the client name or IP address, number of bytes, and number of hits for traffic through packet filter and proxy policies.
Top Domains	The top web domains in use on your network. Includes the domain name, number of bytes, and number of hits.
Top Blocked Botnet Sites	The top botnet sites that clients on your network tried to contact.
Top Blocked Botnet Clients	The top clients on your network that tried to contact a botnet site.
Top URL Categories	The top ten categories of Internet activity on your network that WebBlocker identified. Includes the category name and number of hits.
Top Applications	The top applications that are in use on your network. Includes the application name, number of bytes, and number of hits.
Top Application Categories	The top categories for application traffic. Includes the application category name, number of bytes, and number of hits.
Top Blocked Applications	The top applications that were blocked. Includes the application name and number of hits.
Top Blocked Application Categories	The top categories of applications that were blocked. Includes the application category name and number of hits.
Top Mobile Devices	The mobile devices on your network that generate the most traffic. Includes the mobile device name, number of bytes, and number of hits.

Per Client Reports

Per Client reports are divided into two categories: Summary and Detail reports. Summary reports include the top ten results in each report type available as a Summary report, and include a chart and data selection grid for each report. You can export Summary reports as a .PDF file. Detail reports include all results for each report type available as a Detail report. You can export Detail reports as a .CSV file.

Per Client reports include sections from other reports that are populated from proxy traffic. If there is no proxy traffic, then the Per Client report section shows no data.

You can navigate directly to Per Client reports, or open them from the client report pivots in some of the other reports. For information about which reports include options to view Per Client reports, see the next sections.

When you run a Per Client report, you can specify this criteria:

User Name
IP Address
Host
Device Name (only available if the date range you specify includes log message data for mobile devices)

Criteria for DLP reports
These options are only available if the date range you specify includes log message data for DLP. You can use wildcards when you apply a filter with DLP criteria to Per Client reports.

Policy Name
Rule Name

Report Type	Report Category	Description
Web Activity Trend	Summary	Hourly trend data for websites visited by clients.
Most Popular Domains	Summary	Top websites visited by clients.
Application Usage	Summary	Summary report of application usage data for allowed connections. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available.
Data Loss Violations (DLP)	Summary	All Data Loss Prevention activity and actions on the Firebox.
Data Loss Violations (DLP) by Detail	Detail	Data Loss Prevention activity and actions on the Firebox, organized by the detail type.
URL Audit Detail	Detail	Detailed report of traffic through the Firebox, organized by URL. Includes the Event Time, Policy, Disposition, Destination, and Path for the traffic.
Application Usage by Category	Detail	Application usage data for allowed connections, by category.
Web Audit by Category	Summary	Summary report of web traffic by category.
Web Audit by Category Detail	Detail	Detailed report of web traffic by category, organized by the category details.

Traffic

You can view Traffic reports or export them as a .PDF file. Some traffic reports include bandwidth data. For more information about bandwidth data in your reports, go to About Bandwidth Reports.

Report Type	Pivot Name	Pivot Option	Description	Report Schedule Destination
Packet Filter Traffic	Activity Trend		Summary of packet-filter traffic data, organized by the activity. To include this report in a schedule, select the Packet-Filter Summaries > Activity Trend report.	Email, Directory
	Source	Hits, Bandwidth	Summary of packet-filter traffic data, organized by the host name. To include this report in a schedule, select the Packet-Filter Summaries > Host Summary report.	Email, Directory
	Destination	Hits, Bandwidth	Summary of packet-filter traffic data, organized by the destination address.
	Service	Hits, Bandwidth	Summary of packet-filter traffic data, organized by the service name. To include this report in a schedule, select the Packet-Filter Summaries > Service Summary report.	Email, Directory
	Session	Hits, Bandwidth	Summary of packet-filter traffic data, organized by the session. To include this report in a schedule, select the Packet-Filter Summaries > Session Summary report.	Email, Directory
Proxy Traffic	Activity Trend		Summary of proxied traffic data, organized by the activity. To include this report in a schedule, select the Proxy Summaries > Activity Trend report.	Email, Directory
	Source	Hits, Bandwidth	Summary of proxied traffic data, organized by the host name. To include this report in a schedule, select the Proxy Summaries > Host Summary report.	Email, Directory
	Destination	Hits, Bandwidth	Summary of proxied traffic data, organized by the destination address.
	Protocol	Hits, Bandwidth	Summary of proxied traffic data, organized by the protocol. To include this report in a schedule, select the Proxy Summaries > Proxy Summary report.	Email, Directory
	Session	Hits, Bandwidth	Summary of proxied traffic data, organized by the session. To include this report in a schedule, select the Proxy Summaries > Session Summary report.	Email, Directory
External Bandwidth			Information about the bandwidth/transfer rate for external interfaces. The data sampling interval is based on the report time range. The minimum interval is 1 minute. The published report samples data every 10 minutes. To include this report in a schedule, select the Firebox Reports > Bandwidth (for External Interfaces and VPN Tunnels report.	Email, Directory
	Data Transfer Amount		Summary of the bandwidth information on the amount of data through the external interfaces.
	Data Transfer Rate		Summary of the bandwidth information on the rate that the data transferred through the external interfaces.
VPN Bandwidth			Includes information on upload and download bandwidth by rate for BOVPN and Mobile VPN tunnels. The data sampling interval is based on the report time range. The minimum interval is 1 minute. The published report samples data every 10 minutes. To include this report in a schedule, select the Firebox Reports > Bandwidth (for External Interfaces and VPN Tunnels report.	Email, Directory
	Amount of Data Transferred		Summary of the bandwidth information on the amount of data through the VPN tunnel.
	Rate of Data Transfer		Summary of the bandwidth information on the rate that the data transferred through the VPN tunnel.
Top Clients		Hits, Bandwidth	Summary of the clients that use the most bandwidth on your network, or have the most hits. You can refine the data in this report to see Per Client Reports data.
	Hosts (Sent & Received)		Summary of the bandwidth data or hits for the clients based on the host names used to send and receive the traffic. To include this report in a schedule, select one of these reports: Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth) Client Reports > Top Clients by Hits	Email, Directory
	Users (Sent & Received)		Summary of the bandwidth data or hits for the clients based on the user names used to send and receive the traffic. To include this report in a schedule, select one of these reports: Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth) Client Reports > Top Clients by Hits	Email, Directory
	Mobile Devices (Sent & Received)		Summary of the bandwidth data or hits for the clients based on the mobile devices used to send and receive the traffic. To include this report in a schedule, select one of these reports: Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth) Client Reports > Top Clients by Hits	Email, Directory
	Hosts (Sent)		Summary of the bandwidth data or hits for the clients based on the host names used to send the traffic. To include this report in a schedule, select one of these reports: Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth) Client Reports > Top Clients by Hits	Email, Directory
	Users (Sent)		Summary of the bandwidth data or hits for the clients based on the user names used to send the traffic. To include this report in a schedule, select one of these reports: Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth)Top Clients by Bandwidth (Sent) Client Reports > Top Clients by Hits	Email, Directory
	Mobile Devices (Sent)		Summary of the bandwidth data or hits for the clients based on the mobile devices used to send the traffic. To include this report in a schedule, select one of these reports: Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth) Client Reports > Top Clients by Hits	Email, Directory
	Users (Received)		Summary of the bandwidth data or hits for the clients based on the user names that received the traffic. To include this report in a schedule, select one of these reports: Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth) Client Reports > Top Clients by Hits	Email, Directory
	Hosts (Received)		Summary of the bandwidth data or hits for the clients based on the host names that received the traffic. To include this report in a schedule, select one of these reports: Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth) Client Reports > Top Clients by Hits	Email, Directory
	Mobile Devices (Received)		Summary of the bandwidth data or hits for the clients based on the mobile devices that received the traffic. To include this report in a schedule, select one of these reports: Client Reports > Top Clients by Users, Host, and Mobile devices (by Bandwidth) Client Reports > Top Clients by Hits	Email, Directory

Web

You can view Web reports or export them as a .PDF file.

Report Type	Pivot Name	Description	Report Schedule Destination
Most Active Clients	Hits	Summary of the top web traffic for clients and mobile devices, by hits. You can refine the data in this report to see Per Client Reports data. To include this report in a schedule, select the Web Traffic Reports > Most Active Clients report.	Email, Directory
	Bytes	Summary of the top web traffic for clients and mobile devices, by bytes transferred. You can refine the data in this report to see Per Client Reports data. To include this report in a schedule, select the Web Traffic Reports > Most Active Clients report.	Email, Directory
Most Popular Domains	Hits	Summary of the top websites visited by clients, by hits. To include this report in a schedule, select the Web Traffic Reports > Most Popular Domains report.	Email, Directory, ConnectWise
	Bytes	Summary of the top websites visited by clients, by bytes transferred. To include this report in a schedule, select the Web Traffic Reports > Most Popular Domains report.	Email, Directory, ConnectWise
Web Audit	Category	Summary of the trends, active clients, most popular domains, WebBlocker details, and websites traffic for connections allowed by proxy rules, by category. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, by Category and Client) report.	Email, Directory
	Client	Summary of the trends, active clients, most popular domains, WebBlocker details, and websites traffic for connections allowed by proxy rules, by client. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, by Category and Client) report.	Email, Directory
	Mobile Device	Summary of the trends, active clients, most popular domains, WebBlocker details, and websites traffic for connections allowed by proxy rules, by mobile device. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, by Mobile Device) report.	Email, Directory
Web Activity Trend		Summary of the hourly trend data for web traffic activity. To include this report in a schedule, select the Web Traffic Reports > Activity Trend report.	Email, Directory
Web Traffic Summary		Summary of the top websites and top web categories visited by clients. To include this report in a schedule, select the Web Traffic Reports > Web Traffic Summary report.	Email, Directory

Mail

You can view Mail reports or export them as a .PDF file.

Report Type	Pivot Name	Description	Report Schedule Destination
SMTP	Sender	Summary of the SMTP proxy action records by sender.
	Recipient	Summary of the SMTP proxy action records by recipient.
	Server Summary	Summary of the SMTP server activity (for internal and external email accounts). To include this report in a schedule, select the SMTP Proxy > SMTP Summary (Email and Server) report.	Email, Directory
POP3	User	Summary of the POP3 user activity. To include this report in a schedule, select the POP3 Proxy > POP3 Summary (Email and Server) report.	Email, Directory
	Server Summary	Summary of the POP3 server activity. To include this report in a schedule, select the POP3 Proxy > POP3 Summary (Email and Server) report.	Email, Directory
IMAP Proxy	User	Summary of the IMAP Proxy user activity. To include this report in a schedule, select the IMAP Proxy > IMAP Summary (Email and Server) report.	Email, Directory
	Server Summary	Summary of the IMAP Proxy server activity. To include this report in a schedule, select the IMAP Proxy > IMAP Summary (Email and Server) report.	Email, Directory

Services

You can view Services reports or export them as a .PDF file.

Report Type	Pivot Name	Description	Report Schedule Destination
Application Usage	Summary	Summary of application usage data for allowed connections. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available. You can refine the data in this report type to see Per Client Reports data in a Top Clients report. To include this report in a schedule, select the Application Control > Application Usage Summary report. To include the Top Clients report in a schedule, select the Client Reports > Top Clients by Application Usage report.	Email, Directory
	Top Applications by User	Summary of the applications with the most users, by user name.
	Top Applications by Host	Summary of the applications with the most users, organized by host name.
	Top Applications by Mobile Device	Summary of the applications with the most users, organized by mobile device.
	Top Users by Application	Summary of the users most often blocked by Application Control, organized by application.
	Top Hosts by Application	Summary of the hosts most often blocked by Application Control, organized by application.
	Top Mobile Devices by Application	Summary of the mobile devices most often blocked by Application Control, organized by application.
Advanced Malware (APT)	Advanced Malware (APT) Summary	Summary of the malware detected by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Advanced Malware (APT) Summary report.	Email, Directory
	Content Name	Summary of the malware detected by APT Blocker, organized by content name. Includes allowed and denied hits. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Content Name report.	Email, Directory
	Activity Trend	Summary report of a trend of the malware that was detected by APT Blocker. To include this report in a schedule, select the Advanced Malware (APT) Reports > Malware Activity Trend report.	Email, Directory
	Threat ID	Summary of the malware detected by APT Blocker, organized by the Threat ID. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Threat ID report.	Email, Directory
	Protocol	Summary of the protocols used for malicious activity on your network that was detected by APT Blocker. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Protocol report.	Email, Directory
	Recipient/Destination	Summary of the recipient names and destination addresses for malicious activity on your network. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Destination report.	Email, Directory
	Sender/Source	Summary of the sender names and source addresses for malicious activity on your network. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Source report.	Email, Directory
	Threat Level	Summary of the threat levels assigned to malicious activity on your network. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Threat Level report.	Email, Directory
Botnet Detection	By Client	Summary report of all the activity on you network related to botnet sites, by client. Summary data shows the top 50 clients that were blocked before they connected to botnet sites. You can click the IP address in the Client column to see the detail report filtered by the selected IP address. To include this report in a schedule, select Botnet Detection > Botnet Detection by Client.	Email, Directory
	By Activity Trend	Summary report of a trend of the sites that were scanned in relation to the number of blocked botnet sites. To include this report in a schedule, select Botnet Detection > Activity Trend.	Email, Directory
	By Destination	Summary report of all the activity on you network related to botnet sites, by destination. Summary data shows the top 50 destinations that botnet sites tried to connect to and were blocked. You can click the IP address in the Destination column to see the detail report filtered by the selected IP address. To include this report in a schedule, select Botnet Detection > Botnet Detection by Destination	Email, Directory
	Blocked Botnet Sites	Summary report of the top 50 blocked botnet sites. You can click the IP address in the Name column to see the detail report filtered by the selected IP address. To include this report in a schedule, select Botnet Detection > Blocked Botnet Site Summary	Email, Directory
Blocked Applications		Summary of the applications used on your network that were blocked by Application Control. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available. You can refine the data in this report type to see Per Client Reports data. To include this report in a schedule, select the Application Control > Blocked Application Summary report.	Email, Directory
	Top Blocked by User	Summary of the applications that were most blocked, organized by user name.
	Top Blocked by Host	Summary of the applications that were most blocked, organized by host name.
	Top Blocked by Mobile Device	Summary of the applications that were most blocked, organized by mobile device.
	Top Users Blocked	Summary of the user names that were most blocked.
	Top Hosts Blocked	Summary of the host names that were most blocked.
	Top Mobile Devices Blocked	Summary of the mobile devices that were most blocked.
Blocked Websites	Category	Summary of the websites blocked by WebBlocker, organized by category. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report.	Email, Directory, ConnectWise
	Activity Trend	Summary report of a trend of the sites that were scanned in relation to the number of blocked websites. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites Activity Trend report.
	Client	Summary of the websites blocked by WebBlocker, organized by client. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report.	Email, Directory, ConnectWise
	Mobile Device	Summary of the websites blocked by WebBlocker, organized by mobile device. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Mobile Devices) report.	Email, Directory, ConnectWise
Data Loss Violations (DLP)		Summary reports of the top 50 hits for Data Loss Prevention activity and actions. Includes allowed and denied violations.
	Rules	Summary of the denied violations by rule name. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Rules Summary report.	Email, Directory
	Activity Trend	Summary of the traffic scanned by Data Loss Prevention. Data includes the total number of scans, the allowed violations, denied violations, and quarantined violations. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Activity Trend report.	Email, Directory
	Sender/Source	Summary of the denied violations by the sender or source address. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Source Summary report.	Email, Directory
	Recipient/Destination	Summary of the denied violations by the recipient or destination address. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Destination Summary report.	Email, Directory
Intrusions (IPS)		Includes the signature name in each of the reports. Includes allowed and denied hits. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Summary report.	Email, Directory
	Activity Trend	Summary report of a trend of the intrusions on your network. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Activity Trend report.	Email, Directory
	Signatures	Summary of the IPS actions, organized by signature. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Signature report.	Email, Directory
	Source IP	Summary of the IPS actions, organized by the IP address where the traffic originated. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Source report.
	Threat Level	Summary of the IPS actions, organized by the threat level. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Threat Level report.
	Protocol	Summary of the IPS actions, organized by the protocol used for the traffic. To include this report in a schedule, select the Intrusion (IPS) Reports > Intrusions (IPS) Detail by Protocol report.
Reputation Enabled Defense	Action	Summary of all the Reputation Enabled Defense actions for traffic through the device. To include this report in a schedule, select the Reputation Enabled Defense > Reputation Enabled Defense Summary report.	Email, Directory
	Activity Trend	Summary report of a trend of the URLs that were scanned and the URL responses. To include this report in a schedule, select the Reputation Enabled Defense > RED Activity Trend report.	Email, Directory
spam	spam Level	Summary of all the spamBlocker categories for mail traffic through the Firebox. Statistics include the message type, the count of email messages in each category, and the percent of email messages that the count represents. To include this report in a schedule, select the spam Summary > spam Summary report.	Email, Directory
	Action	Summary of all the spamBlocker actions for traffic through the Firebox. Statistics include the action type, the count of email messages, and the percent of email messages that the count represents.
	Activity Trend	Summary report of a trend of the traffic that was scanned by spamBlocker in relation to the amount of spam that was detected. To include this report in a schedule, select the spam Summary > spam Activity Trend report.	Email, Directory
Virus (GAV)	Virus	Summary of the Gateway AntiVirus and IntelligentAV actions, organized by virus name. Includes allowed and denied hits. To include this report in a schedule, select the Virus (GAV) Reports > Virus (GAV) Summary report.	Email, Directory
	Activity Trend	Summary report of a trend of the traffic that was scanned by Gateway AntiVirus and IntelligentAV in relation to the number of viruses detected. To include this report in a schedule, select the Virus (GAV) Reports > Virus (GAV) Activity Trend report.	Email, Directory
	Host (HTTP)	Summary of the Gateway AntiVirus actions, organized by host name.
	Protocol	Summary of the Gateway AntiVirus actions, organized by the protocol used for the traffic.
	Email Sender	Summary of the Gateway AntiVirus actions, organized by the email address that sent the message. Available for the SMTP and POP3 proxies.
Zero-Day Malware (APT)	Zero-Day Malware (APT) Summary	Summary of the zero-day malware detected by APT Blocker. This report is only available for a report schedule.	Email
	Content Name	Summary of the malware identified as Zero-Day Malware by APT Blocker, organized by content name.
	Threat ID	Summary of the malware identified as Zero-Day Malware by APT Blocker, organized by the Threat ID.
	Recipient/Destination	Summary of the recipient names and destination addresses for activity on your network identified as Zero-Day Malware by APT Blocker.
	Threat Level	Summary of the threat levels assigned to activity on your network identified as Zero-Day Malware by APT Blocker.

Device

You can view Device reports or export most reports as a .PDF file.

Report Type	Pivot Name	Description	Report Schedule Destination
Denied Packets		Summary of all the incoming and outgoing packets that were denied access through the device. This report also includes traffic denied for users who exceed the bandwidth and time quota settings on your device. To include this report in a schedule for reports sent to an email destination, select the Exceptions > Denied Packets Summary report. To include this report in a schedule for reports sent to a directory destination, select the Exceptions > Denied Packets (Summary and Detail) or the Exceptions > Denied Packets by Client (Summary) reports.	Email, Directory
Denied Quota		Summary of the denied traffic by hits for users who exceed the bandwidth and time quotas configured on your device. Includes the name of the user, the count of user attempts to connect, and the percentage of denied connections for each user. To include this report in a schedule, select the Exceptions > Denied Quota Summary report.	Email
Alarms		Summary of all the alarm records generated for the device. To include this report in a schedule, select the Exceptions > Alarms Summary Report report.	Email, Directory
Authentication	Allowed	Summary of all users who successfully authenticated to the device. Includes the login time, logout time, duration, and connection method. If bandwidth and time quotas are enabled on your Firebox, the quota usage details also appear for each user. To include this report in a schedule, select the Firebox Reports > User Authentication report.	Directory
	Denied	Summary of all users who were not allowed to authenticate to the device. Includes the date, time, and reason authentication failed. To include this report in a schedule, select the Firebox Reports > User Authentication Denied report.	Directory
Audit Trail		Summary of configuration changes for a device. Includes the user account that made the change, the change that was made, the date and time of the change, and a brief description of type of change. To include this report in a schedule, select the Firebox Reports > Audit Trail report.	Directory
Blocked Default Threats		Summary of the packets blocked by the Fireware Default Threat Protection feature. To include this report in a schedule, select the Firebox Reports > Blocked Default Threats report.	Directory
DHCP Lease Activity		Summary of all activity on the device related to the DHCP lease. To include this report in a schedule, select the Firebox Reports > DHCP Lease Activity report.	Directory
Device Statistics		Summary of the bandwidth statistics for all interfaces on the Firebox. Includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available. To include this report in a schedule for reports sent to the ConnectWise destination, select the ConnectWise > Firebox Statistics report. To include this report in a schedule for reports sent to an email or directory destination, select the Firebox Reports > Device Statistics report.	Email, Directory, ConnectWise
Policy Usage		Summary of all policies included in the Firebox configuration. For each policy, the policy name, number of hits, number of bytes, whether the policy was used appear. Policies that have been deleted appear in red with Deleted in the Status column. Before you can see this report, Dimension Command must be enabled in your Firebox feature key. The Firebox must be configured as a managed device in Dimension to generate policy usage reports about the Firebox. You can export the Policy Usage report as a .CSV file. To include this report in a schedule, select the Firebox Reports > Policy Usage report.	Directory
Wireless Intrusion Detection	Summary	Summary of all Wireless Intrusion Detection actions. Rogue access point detection must be enabled on a device to see this information for the device. To include this report in a schedule, select the Wireless Intrusion Detection > Wireless Intrusion Detection Summary report.	Email, Directory

Detail

Detail reports provide a textual, grid-based view of detail information. Detail reports can be viewed and exported as a .CSV file.

Report Type	Pivot Name	Description	Report Schedule Destination
Zero-Day Malware (APT)	Zero-Day Malware (APT) Detail	Detailed report of all the threats identified by APT Blocker as Zero-Day Malware (not identified until after the traffic passed through the firewall). Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Zero-Day Malware (APT) Detail report.	Directory
	Content Name	Detailed report of the malware identified as Zero-Day Malware by APT Blocker, organized by content name. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Content Type report.	Directory
	Threat ID	Detailed report of the malware identified as Zero-Day Malware by APT Blocker, organized by the Threat ID. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Threat ID report.	Directory
	Recipient/Destination	Detailed report of the recipient names and destination addresses for activity on your network identified as Zero-Day Malware by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Destination report.	Directory
	Threat Level	Detailed report of the threat levels assigned to activity on your network identified as Zero-Day Malware by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Zero-Day Malware (APT) Reports > Detail by Threat Level report.	Directory
Advanced Malware (APT)	Advanced Malware (APT) Detail	Detailed report of all the threats identified by APT Blocker. Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Advanced Malware (APT) Detail report.	Directory
	Content Name	Detailed report of the malware detected by APT Blocker, organized by content name. Includes allowed and denied hits. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Content Name report.	Directory
	Threat ID	Detailed report of the malware detected by APT Blocker, organized by the Threat ID. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Threat ID report.	Directory
	Protocol	Detailed report of the protocols used for malicious activity on your network that was detected by APT Blocker. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Protocol report.	Directory
	Recipient/Destination	Detailed report of the recipient names and destination addresses for malicious activity on your network. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Destination report.	Directory
	Sender/Source	Detailed report of the sender names and source addresses for malicious activity on your network. This report is only available when you create a report schedule. To include this report in a schedule, select the Advanced Malware (APT) Reports > Detail by Source report.	Directory
Alarms	Threat Level	Detailed report of the threat levels assigned to malicious activity on your network. Includes the time of the event, the name of the alarm, and an informational message for each alarm event. To include this report in a schedule, select the Exceptions > Alarms report.	Directory
Application Usage	Client	Detailed report about the applications used by clients on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report.	Directory
	Source	Detailed report about the source IP address of applications used on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report.	Directory
	Mobile Device	Detailed report about the source IP address of applications used on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report.	Directory
	Category	Detailed report about the categories of applications used on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report.	Directory
	Application	Detailed report about the applications used on your network, by bandwidth or hits. To include this report in a schedule, select the Application Control > Application Usage Summary report.	Directory
Blocked Applications	Client	Detailed report about the applications used on your network that were blocked by Application Control, by client. To include this report in a schedule, select the Application Control > Blocked Application Summary report.	Directory
	Source	Detailed report about the applications used on your network that were blocked by Application Control, by source IP address. To include this report in a schedule, select the Application Control > Blocked Application Summary report.	Directory
	Mobile Device	Detailed report about the applications used on your network that were blocked by Application Control, by mobile device. To include this report in a schedule, select the Application Control > Blocked Application Summary report.	Directory
	Category	Detailed report about the applications used on your network that were blocked by Application Control, by category. To include this report in a schedule, select the Application Control > Blocked Application Summary report.	Directory
	Application	Detailed report about the applications used on your network that were blocked by Application Control, by application. To include this report in a schedule, select the Application Control > Blocked Application Summary report.	Directory
Blocked Websites	By Category	Detailed report about all websites that were blocked, organized by category. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report.	Directory
	By Client	Detailed report about all websites that were blocked, organized by client. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Category and Client) report.	Directory
	By Mobile Device	Detailed report about all websites that were blocked, organized by mobile device. To include this report in a schedule, select the Blocked Websites Reports > Blocked Websites (Summary, by Mobile Devices) report.	Directory
Botnet Detection		Detailed report about the traffic sent to and from a botnet address. Includes the date and time of the traffic, the source and destination addresses, the number of attempts made to send traffic to the botnet site, the protocol used, and whether the address was the source or destination. You can click the client or destination to filter the report data on that data. To include this report in a schedule, select the Botnet Detection > Blocked Botnet Site Detail.	Directory
Data Loss Violations (DLP)		Detailed report about all the violations of the Data Loss Prevention rules configured on your device. To include this report in a schedule, select the Data Loss Violations (DLP) > DLP Detail report.	Directory
Denied Packets	By Detail	Detailed report of all the packets denied by your device, organized by detail. Includes the time of the first action, the source and destination IP addresses, the number of attempts for each packet, the protocol and port, and the action.	Directory
	By Client Detail	Detailed report of all the packets denied by your device, organized by client. Includes the IP address of the client, the first and last date/time the packet was denied, the intended packet destination, the protocol and port , and the number of attempts for each packet.	Directory
Denied Quota		Detailed report of traffic denied because of bandwidth and time quota settings on your Firebox. Includes the time of the first action, the source and destination of the traffic, the number of connection attempts, the protocol applied to the traffic, and the quota action applied.
Mobile Devices		Detailed report of all the mobile device connections through your Firebox. Details include the date/time, mobile device name, connection status, user name, UUID of FireClient, compliance check results, IP address of the mobile device, MAC address of the mobile device, device type, OS version of the mobile device, and VPN type. This report can be exported to a .CSV file. To include this report in a schedule, select the Mobile Device Reports > Mobile Device Summary report.	Directory
Virus (GAV)	By Detail	Detailed report of all Gateway AntiVirus actions, organized by detail. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Virus (GAV) Detail report.	Directory
	By Email Sender	Detailed report of Gateway AntiVirus actions, organized by the email address that sent the message. Available for the SMTP and POP3 proxies. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Detail by Email Sender report.	Directory
	By Host (HTTP)	Detailed report of Gateway AntiVirus actions, organized by host name. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Detail by Host (HTTP) report.	Directory
	By Protocol	Detailed report of Gateway AntiVirus actions, organized by the protocol used for the traffic. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Detail by Protocol report.	Directory
	By Virus	Detailed report of Gateway AntiVirus actions, organized by virus name. Includes allowed and denied hits. This report is only available when you create a report schedule. To include this report in a schedule, select the Virus (GAV) Reports > Detail by Virus report.	Directory
Intrusions (IPS)		Detailed report of all Intrusion Prevention Service actions. To include this report in a schedule, select the Intrusions (IPS) Reports > Intrusions (IPS) Detail report.	Directory
	By IP-Spoofed Packets	Detailed report of Intrusion Prevention service actions, by IP-spoofed packets. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by IP-Spoofed Packets report.	Directory
	By Protocol	Detailed report of Intrusion Prevention service actions, by protocol. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Protocol report.	Directory
	By Signature	Detailed report of Intrusion Prevention service actions, by the signature ID. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Signature report.	Directory
	By Source	Detailed report of Intrusion Prevention service actions, by the source address. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Source report.	Directory
	By Threat Level	Detailed report of Intrusion Prevention service actions, by threat level. This report is only available when you create a report schedule. To include this report in a schedule, select the Intrusions (IPS) Reports > Detail by Threat Level report.	Directory
POP3 Proxy		Detailed report about all traffic through the POP3-proxy. To include this report in a schedule, select the POP3 Proxy > POP3 Proxy Detail report.	Directory
SMTP Proxy		Detailed report about all traffic through the SMTP-proxy. To include this report in a schedule, select the SMTP Proxy > SMTP Proxy Detail report.	Directory
IMAP Proxy		Detailed report about all traffic through the IMAP-proxy. To include this report in a schedule, select the IMAP Proxy > IMAP Proxy Detail) report.	Directory
Web Audit	By Category	Detailed report about all allowed web traffic connections through your device, organized by category. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, By Category and Client report.	Directory
	By Client	Detailed report about all allowed web traffic connections through your device, organized by client. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, By Category and Client report.	Directory
	By Mobile Device	Detailed report about all allowed web traffic connections through your device, organized by mobile device. To include this report in a schedule, select the Web Audit Reports > Web Audit (Summary, By Mobile Device report.	Directory
AP Device Events		Detailed report of all events that occur on the AP devices connected to your Firebox. Includes the event time, the AP device name. and the event message.
Rogue Access Points		Detailed report of all rogue access point detection events. Includes the SSID, BSSID, and time of each rogue access point detection event.

Health

Health reports include statistics about the health of your connected Fireboxes. Reports can be viewed and downloaded as a .PDF file, or scheduled for delivery.

The Firebox must be configured as a managed device in Dimension to generate Health reports about the Firebox.

Report Type	Pivot Name	Description	Report Schedule Destination
Health Summary		Detailed statistics about memory usage, CPU usage, and the physical interfaces on the Firebox. Includes minimum, average, and maximum values.	Email, Directory
Usage Summary		Detailed report with a list and a chart of the memory and CPU usage statistics.	Email, Directory
Interface Summary	Physical Interfaces	Detailed report with a list and a chart of the sent and received statistics for each interface. Can pivot by byte, rate, and packets	Email, Directory

Report Type

Pivot Name

Description

Report Schedule Destination

Health Summary

Detailed statistics about memory usage, CPU usage, and the physical interfaces on the Firebox. Includes minimum, average, and maximum values.

Email, Directory

Usage Summary

Detailed report with a list and a chart of the memory and CPU usage statistics.

Email, Directory

Interface Summary

Physical Interfaces

Detailed report with a list and a chart of the sent and received statistics for each interface.

Can pivot by byte, rate, and packets

Email, Directory

AP Devices

When you enable logging for reports in the Gateway Wireless Controller, and you configure your Firebox to send log messages to Dimension, your Firebox also captures log messages for your connected AP devices and sends them to Dimension. Dimension then generates these reports about your AP devices. AP devices reports can be exported as a .PDF or .CSV file, dependent on the report type.

Report Type	Pivot Name	Description	Report Export Type
AP Devices		Summary of the AP devices connected to the selected Firebox. Includes the AP device name, serial number, connected clients (average and maximum number of connections over the selected period), connection rate (average and maximum number of connections over the selected period), and the latest firmware version. Includes a bar chart with the top 10 AP devices.	PDF
	Average Clients	Includes the average number of connected clients over the selected period.	PDF
	Max Clients	Includes the maximum number of connected clients over the selected period.	PDF
	Average Rate	Includes the average amount of data transferred over the selected period.	PDF
	Max Rate	Includes the maximum amount of data transferred over the selected period.	PDF
AP Device Usage		Summary report of the connected clients for an AP device over the selected period. Includes the time, clients, MB sent, MB received, and the total MBs sent through the AP device.	PDF
	Bytes	Includes a line graph of the AP device usage by bytes.	PDF
	Connected Clients	Includes a line graph of the AP device usage by the number of connected clients.	PDF
SSID Usage		Summary report of the number of clients connected to a single SSID over the selected period. Includes the time, number of clients, bytes sent, bytes received, and total number of bytes.	PDF
	Bytes	Includes a chart of the SSID usage by bytes.	PDF
	Clients	Includes a chart of the SSID usage by the number of connected clients.	PDF
Rogue Access Points		Summary report of the rogue access points detected by the Firebox. Includes the SSID and BSSID of the rogue access point, and the times and dates when the access points were first and last detected.	CSV

Compliance

Compliance reports combine data from other reports into a single report with data required for HIPAA and PCI compliance.

You can view the combined report or export it as a .PDF.

Report Type	Pivot Name	Description	Report Schedule Destination
PCI		Summary of the compliance report data related to PCI.	Email, Directory
	Zero-Day Malware (APT)	Detailed report of all the threats identified by APT Blocker as Zero-Day Malware (not identified until after the traffic passed through the firewall), that are relevant to PCI. Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts.
	Advanced Malware (APT)	Detailed report of all the threats identified by APT Blocker, that are relevant to PCI. Each threat includes the time, threat level, threat ID, content name, source and destination IP addresses, the policy and protocol, the host, the sender and recipient addresses, and the number of attempts.
	Virus (GAV)	Detailed report of the Gateway AntiVirus actions, that are relevant to PCI.
	Intrusions (IPS)	Detailed report of all Intrusion Prevention Service actions, that are relevant to PCI.
	Audit Trail	Detailed report of all audited configuration changes for a device, that are relevant to PCI. Includes the user account that made the change, the change that was made, the date and time of the change, and any comments that were added about the changes.
	Alarms	Summary report of alarm records on the device, that are relevant to PCI.
	User Authentication	Detailed list of users authentication to the device, that are relevant to PCI. Includes the date, time, status (allowed or denied) and reason for authentication failure (if authentication was denied).
HIPAA		Summary of the compliance report data related to HIPAA	Email, Directory
	Audit Trail	Detailed report of all audited configuration changes for a device, that are relevant to HIPAA. Includes the user account that made the change, the change that was made, the date and time of the change, and any comments that were added about the changes.
	Alarms	Summary report of alarm records on the device, that are relevant to HIPAA.
	User Authentication	Detailed list of users authentication to the device, that are relevant to HIPAA. Includes the date, time, status (allowed or denied) and reason for authentication failure (if authentication was denied).

For more information about compliance reports see:

Available Reports for Servers

From any Server page, you can see the reports that were automatically generated from the available log message data for the selected server.

When you create a report schedule for your WatchGuard servers, you can select the Audit Summary or Authentication Audit reports.

About Dimension Reports

Available Reports for Devices

Available Reports for Servers

Related Topics