FireWatch

FireWatch is a real-time, interactive report tool, available in Fireware XTM Web UI, that groups, aggregates, and filters statistics about the traffic through your Firebox or XTM device in an easy-to-understand form. FireWatch includes many options to pivot, refine, and filter information about your firewall traffic. Some of the information you can see at a glance includes:

You can use FireWatch to see:

The FireWatch page is separated into tabs of data that is presented in a Treemap Visualization. The treemap is a widget that proportionally sizes blocks in the display to represent the data for that tab. The largest blocks on the tab represent the largest data users. The data is sorted by the tab you select and the type you select from the drop-down list at the top right of the page.

FireWatch includes these tabs:

Source

On the Source tab, you can see all the user and host addresses where traffic through the device originates. You can pivot the data on the Bytes or Connections.

Destination

On the Destination tab, you can see all the addresses where the traffic through the device terminates. You can pivot the data on the Bytes or Connections.

Application

On the Application tab, you can see an aggregate view of all the applications currently in use. You can view the data based on the number of connections.

Policy

On the Policy tab, you can see an aggregate view of all policies that are applied to the current traffic through the device. You can view the data based on the number of connections.

Interface (In)

On the Interface (In) tab, you can see all the connections through the active inbound interfaces on the device.

Interface (Out)

On the Interface (Out) tab, you can see all the connections through the active outbound interfaces on the device.

On each FireWatch tab, you can pivot the data on the Rate, Bytes, Connections, or Duration.

See Connection Details

On any FireWatch tab, you can see detailed information for any active connection. The number of active connections for the data type you select appears at the top right of the FireWatch page, adjacent to the data type selection drop-down list and refresh button.

To see details for active connections to your device:

  1. In the Dashboard section, select FireWatch.
    The FireWatch page appears, with the Source tab selected by default.
  2. Select a tab.
    The current connections appear.

Screen shot of the FireWatch Source tab

  1. To change the type of data that appears in the selected tab, from the drop-down list at the top right of the page, select an option:

Not all options are available for all connection types.
The data in the display is updated based on the option you selected.

  1. To see details about any item in the treemap, place your cursor over the item.
    The connection details dialog box appears.

Screen shot of the FireWatch Source tab with connection details dialog box

  1. To see all connections for an item, in the connection details dialog box, click View connections.
    The connections dialog box appears.

Screen shot of the Connections dialog box

  1. To update the list of connections, click Refresh.
    The connections list is updated with the most recent data.
  2. To filter the information that appears in the treemap by the selected connection, in the connection details dialog box, click Filter.
    The treemap data is updated based on the selected filter.

Delete a Connection

  1. To delete a connection from the treemap, in the connection details dialog box, click Delete connections.
    The Delete Connections dialog box appears.

  1. Verify that the details in the Delete Connections dialog box are correct.
  2. In the Configuration Passphrase text box, type the configuration passphrase for the device.
  3. Click Delete connections.
    All connection data for the specified connection is removed from the treemap.

Block a Site

From the Source or Destination tabs, you can temporarily add a connection that you have selected in the treemap to the Blocked Sites list. The selected connection remains on the Blocked Sites list for the amount of time that you specify.

For more information about the Blocked Sites list, see Blocked Sites.

To block a connection:

  1. In the connection details dialog box, click Block Site.
    The Block Site dialog box appears for the selected connection.

Screen shot of the Block Site dialog box

  1. In the Timeout text box, type the length of time to keep the selected connection on the Blocked Sites list.
  2. in the Configuration Passphrase text box, type the read-write passphrase for the device.
  3. Click Block Site.

Refresh FireWatch Data

By default, the data in the FireWatch treemaps refresh dynamically at the optimum rate for the data type on the selected tab. You can also manually refresh the data in the treemap.

To refresh the data in a treemap:

  1. Select a tab and a sort method for the data.
  2. Click the Refresh button.
    The data in the treemap is updated and the display blocks refresh to display the new data.

See Also

About the Dashboard and System Status Pages

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base