Firewall
Overview
This chapter describes the menus used to monitor and configure the Hybrid Security Firewall devices that acts as a security gateway in the current organization.
Nebula Device (also called Security Firewall device) refers to ZyWALL ATP / USG FLEX / USG20(W)-VPN Series devices in this chapter. The Firewall menus are shown for Security Firewall devices only.
Monitor
Use the Monitor menus to check the Nebula Device information, client information, event log messages and summary report for the Nebula Device in the selected site.
Clients
This menu item redirects to Site-Wide > Monitor > Clients, with type set to Security firewall clients. For details, see Clients.
Event Log
Use this screen to view Nebula Device log messages. You can enter a key word, select one or multiple event types, or specify a date/time or a time range to display only the log messages that match these criteria.
Select Range to set a time range or select Before to choose a specific date/time and the number of hours/minutes to display only the log messages generated within a certain period of time (before the specified date/time). Then click Search to update the list of logs based on the search criteria. The maximum allowable time range is 30 days.
Click Site-wide > Monitor > Firewall > Event log to access this screen.
Site-wide > Monitor > Firewall > Event log
VPN Connections
Use this screen to view the status of site-to-site IPSec VPN connections and L2TP VPN connections.
If the peer gateway is not a Nebula Device, go to the Firewall > Configure > Site-to-Site VPN screen to view and configure a VPN rule. See Site-to-Site VPN for more information.Click Site-wide > Monitor > Firewall > VPN connections to access this screen.
Site-wide > Monitor > Firewall > VPN connections
The following table describes the labels in this screen.
Label | Description |
|---|---|
 | Click this button to reload the data on this page. |
Connection Status | |
Configuration | This shows the number and address of the local networks behind the Nebula Device, on which the computers are allowed to use the VPN tunnel. |
Site Connectivity | |
Location | This shows the name of the site to which the Nebula peer gateway is assigned. Click the name to view the VPN usage and connectivity status screen. |
Subnet | This shows the address of the local networks behind the Nebula peer gateway. |
Status | This shows whether the VPN tunnel is connected or disconnected. |
Last heartbeat | This shows the last date and time a heartbeat packet is sent to determine if the VPN tunnel is up or down. |
Non-Nebula VPN peers connectivity | |
Location | This shows the name of the site to which the Non-Nebula peer gateway (Zyxel or non-Zyxel IPSec VPN gateway and Cloud VPN (Azure VPN or AWS VPN)) is assigned. Click the name to go to the Site-wide > Configure > Firewall > Site-to-Site VPN screen, where you can modify the VPN settings. |
Subnet | This shows the address of the local networks behind the Non-Nebula peer gateway. |
Status | This shows whether the VPN tunnel is connected or disconnected. |
Inbound | This shows the amount of traffic that has gone through the VPN tunnel from the Non-Nebula peer gateway to the Nebula Device since the VPN tunnel was established. |
Outbound | This shows the amount of traffic that has gone through the VPN tunnel from the Nebula Device to the Non-Nebula peer gateway since the VPN tunnel was established. |
Tunnel up time | This shows how many seconds the VPN tunnel has been active. |
Last heartbeat | This shows the last date and time a heartbeat packet was sent to determine if the VPN tunnel is up or down. |
Remote AP VPN | |
Name | This shows the name of the remote access point (AP). |
Status | This shows whether the VPN tunnel is connected or disconnected. |
Inbound | This shows the amount of traffic that has gone through the VPN tunnel from the remote AP to the Nebula Device since the VPN tunnel was established. |
Outbound | This shows the amount of traffic that has gone through the VPN tunnel from the Nebula Device to the remote AP since the VPN tunnel was established. |
Tunnel up time | This shows how many seconds the VPN tunnel has been active. |
Last heartbeat | This shows the last date and time a heartbeat packet is sent to determine if the VPN tunnel is up or down. |
Client to site VPN login account | |
User Name | This shows the remote user’s login account name. |
Hostname | This shows the name of the computer that has this L2TP VPN connection with the Nebula Device. |
Tunnel up time | This shows how many seconds the VPN tunnel has been active. |
Assigned IP | This shows the IP address that the Nebula Device assigned for the remote user’s computer to use within the L2TP VPN tunnel. |
Public IP | This shows the public IP address that the remote user is using to connect to the Internet. |
SecuReporter
Click Site-wide > Monitor > Firewall > SecuReporter to open SecuReporter for the current organization and site. SecuReporter allows you to view statistics for the following Nebula Security Services (NSS): Content filtering, Intrusion Detection and Prevention (IDP), application patrol, anti-virus, anti-malware, URL threat filter.
For more details, see the SecuReporter User’s Guide.Site-wide > Monitor > Firewall > SecuReporter
Summary Report
This screen displays network statistics for the Nebula Device of the selected site, such as WAN usage, top applications and/or top clients.
Click Site-wide > Monitor > Firewall > Summary report to access this screen.
Site wide > Monitor > Firewall > Summary report
The following table describes the labels in this screen.
Label | Description |
|---|---|
Security gateway – Summary report | Select to view the report for the past day, week or month. Alternatively, select Custom range... to specify a time period the report will span. You can also select the number of results you want to view in a table.  |
Email report | Click this button to send summary reports by email, change the logo and set email schedules. |
WAN usage | |
y-axis | The y-axis shows the transmission speed of data sent or received through the WAN connection in kilobits per second (Kbps). |
x-axis | The x-axis shows the time period over which the traffic flow occurred. |
VPN usage | |
y-axis | The y-axis shows the transmission speed of data sent or received through the VPN tunnel in kilobits per second (Kbps). |
x-axis | The x-axis shows the time period over which the traffic flow occurred. |
Nebula VPN usage | |
y-axis | The y-axis shows the transmission speed of data sent or received through the VPN tunnels, in kilobits per second (Kbps). |
x-axis | The x-axis shows the time period over which the traffic flow occurred. |
Non-Nebula VPN usage | |
y-axis | The y-axis shows the transmission speed of data sent or received through VPN tunnels, in kilobits per second (Kbps). |
x-axis | The x-axis shows the time period over which the traffic flow occurred. |
Remote AP VPN usage | |
y-axis | The y-axis shows the transmission speed of data sent or received through the VPN tunnel between the Nebula Device and remote APs, in kilobits per second (Kbps). |
x-axis | The x-axis shows the time period over which the traffic flow occurred. |
Security gateway by usage | |
This shows the index number of the Nebula Device. | |
Name | This shows the descriptive name of the Nebula Device. |
Model | This shows the model number of the Nebula Device. |
Usage | This shows the amount of data that has been transmitted through the Nebula Device’s WAN port. |
Client | This shows the number of clients currently connected to the Nebula Device. |
Location This shows the location of the Nebula Devices on the map. | |
Top applications by usage | |
This shows the index number of the application. | |
Application | This shows the application name. |
Category | This shows the name of the category to which the application belongs. |
Usage | This shows the amount of data consumed by the application. |
% Usage | This shows the percentage of usage for the application. |
Top ports by usage | |
This shows the top ten applications/services and the ports that identify a service. | |
Name | This shows the service name and the associated port numbers. |
Usage | This shows the amount of data consumed by the service. |
% Usage | This shows the percentage of usage for the service. |
Clients per day | |
y-axis | The y-axis represents the number of clients. |
x-axis | The x-axis represents the date. |
Top clients by usage | |
This shows the index number of the client. | |
Description | This shows the descriptive name or MAC address of the client. |
Usage | This shows the total amount of data transmitted and received by the client. |
% Usage | This shows the percentage of usage for the client. |
Top operating systems by usage | |
This shows the index number of the operating system. | |
OS | This shows the operating system of the client device. |
# Client | This shows how many client devices use this operating system. |
% Client | This shows the percentage of top client devices which use this operating system. |
% Usage | This shows the percentage of usage for top client devices which use this operating system. |
Top client device manufacturers by usage | |
This shows the index number of the client device. | |
Manufacturer | This shows the manufacturer name of the client device. |
Client | This shows how many client devices are made by the manufacturer. |
% Client | This shows the percentage of top client devices which are made by the manufacturer. |
Usage | This shows the total amount of data transmitted and received by the client device. |
% Usage | This shows the percentage of usage for the client device. |
CPU usage | |
y-axis | The y-axis shows what percentage of the Nebula Device’s processing capability is currently being used. |
x-axis | The x-axis shows the time period over which the traffic flow occurred. |
Memory usage | |
y-axis | The y-axis shows what percentage of the Nebula Device’s RAM is currently being used. |
x-axis | The x-axis shows the time period over which the traffic flow occurred. |
Sessions usage | |
y-axis | The y-axis shows how many sessions, both established and non-established, that were create from, to, or within the Nebula Device, or passed through the Nebula Device. |
x-axis | The x-axis shows the time period over which the traffic flow occurred. |