Security Gateway
Overview
This chapter discusses the menus that you can use to monitor the Nebula managed Security Gateways in your network and configure settings even before a gateway is deployed and added to the site.
Nebula Device refers to Nebula NSG devices in this chapter. The Security gateway menus are shown for Nebula NSG devices only.
Monitor
Use the Monitor menus to check the Nebula Device information, client information, event log messages and summary report for the Nebula Device in the selected site.
Event Log
Use this screen to view Nebula Device log messages. You can enter a key word, select one or multiple event types, or specify a date/time or a time range to display only the log messages that match these criteria.
Select Range to set a time range or select Before to choose a specific date/time and the number of hours/minutes to display only the log messages generated within a certain period of time (before the specified date/time). Then click Search to update the list of logs based on the search criteria. The maximum allowable time range is 30 days.
Click Site-wide > Monitor > Security gateway > Event log to access this screen.
Site-wide > Monitor > Security gateway > Event log
VPN Connections
Use this screen to view the status of site-to-site IPSec VPN connections and L2TP VPN connections.
*If the peer gateway is not a Nebula Device, go to the Site-wide > Configure > Security gateway > Site-to-Site VPN screen to view and configure a VPN rule. See Site-to-Site VPN for more information.
Click Site-wide > Monitor > Security gateway > VPN Connections to access this screen.
Site-wide > Monitor > Security gateway > VPN Connections
The following table describes the labels in this screen.
Site-wide > Monitor > Security gateway > VPN Connections 
Label
Description
Click this button to reload the data-related frames on this page.
Connection Status
Configuration
This shows the number and address of the local networks behind the Nebula Device, on which the computers are allowed to use the VPN tunnel.
NAT Type
This shows the public IP address or the domain name that is configured and mapped to the Nebula Device on the NAT router.
Site Connectivity
Location
This shows the name of the site to which the peer gateway is assigned.
Click the name to go to the Site-wide > Configure > Security gateway > Site-to-Site VPN screen, where you can modify the VPN settings.
Subnet(s)
This shows the address of the local networks behind the Nebula Device.
Status
This shows whether the VPN tunnel is connected or disconnected.
Inbound (Bytes)
This shows the amount of traffic that has gone through the VPN tunnel from the remote IPSec router to the Nebula Device since the VPN tunnel was established.
Outbound (Bytes)
This shows the amount of traffic that has gone through the VPN tunnel from the Nebula Device to the remote IPSec router since the VPN tunnel was established.
Tunnel up time
This shows how many seconds the VPN tunnel has been active.
Last heartbeat
This shows the last date and time a heartbeat packet is sent to determine if the VPN tunnel is up or down.
Client to site VPN login account
User Name
This shows the remote user’s login account name.
Hostname
This shows the name of the computer that has this L2TP VPN connection with the Nebula Device.
Assigned IP
This shows the IP address that the Nebula Device assigned for the remote user’s computer to use within the L2TP VPN tunnel.
Public IP
This shows the public IP address that the remote user is using to connect to the Internet.
NSS Analysis Report
Use this screen to view the statistics report for NSS (Nebula Security Service), such as content filtering, Intrusion Detection and Prevention (IDP), application patrol, and anti-virus. The screen varies depending on the service type (Application, Content Filtering, or Anti-Virus) you select.
Click Site-wide > Monitor > Security gateway > NSS analysis report to access this screen.
Site-wide > Monitor > Security gateway > NSS Analysis Report
The following table describes the labels in this screen.
Site-wide > Monitor > Security gateway > NSS Analysis Report 
Label
Description
Security Appliance – NSS Analysis
Select to view the report for the past day, week or month. Alternatively, select Custom range... to specify a time period the report will span. You can also select the number of results you want to view in a table.
 
Select the type of service for which you want to view the statistics report.
Email report
Click this button to send summary reports by email, change the logo and set email schedules.
Application
The following fields displays when you select to view the application statistics. Click an application name to view information about the clients who use that application. Click Top Application under the chart to switch back to the previous screen.
y-axis
The y-axis shows the amount of the application’s traffic which has been transmitted or received.
x-axis
The x-axis shows the time period over which the traffic flow occurred.
Application
This shows the name of the application. Click an application name to view the IPv4 addresses of the clients who used the application.
Description
This shows the name of the client who used the application.
This field is available when you click the application name. Click the name to display the individual client statistics. See Event Log.
IPv4 Address
This shows the IPv4 address of the client who used the application.
This field is available when you click the application name.
MAC Address
This shows the MAC address of the client who used the application.
This field is available when you click the application name.
Category
This shows the name of the category to which the application belongs.
Usage
This shows the total amount of data consumed by the application used by all or a specific IPv4 address.
% Usage
This shows the percentage of usage for the application used by all or a specific IPv4 address.
Content Filtering
The following fields display when you select to view the content filtering statistics. Click a website URL to view information about the clients who tried to access that web page. Click Content Filtering under the chart to switch back to the previous screen.
y-axis
The y-axis shows the number of hits on web pages that the Nebula Device’s content filter service has blocked.
x-axis
The x-axis shows the time period over which the web page is checked.
Website
This shows the URL of the web page to which the Nebula Device blocked access. Click a website URL to view the IPv4 addresses of the clients who tried to access the web page.
Description
This shows the name of the client who tried to access the web page.
This field is available when you click the website URL. Click the name to display the individual client statistics. See Event Log.
IPv4 Address
This shows the IPv4 address of the client who tried to access the web page.
This field is available when you click the website URL.
MAC Address
This shows the MAC address of the client who tried to access the web page.
This field is available when you click the website URL.
Category
This shows the name of the category to which the web page belongs.
Hits
This shows the number of hits on the web page visited by all or a specific IPv4 address.
% Hits
This shows the percentage of the hit counts for the web page visited by all or a specific IPv4 address.
Anti-Virus
The following fields are displayed when you select Anti-Virus. Click a virus name to view information about the clients who sent the virus. Click the number in the center of the donut chart or Anti-Virus under the chart to switch back to the previous screen.
y-axis
The y-axis shows the total number of viruses that the gateway has detected.
x-axis
The x-axis shows the time period over which the virus is detected.
Virus Name
This shows the name of the virus that the Nebula Device has detected and blocked. Click a virus name to view the IPv4 addresses of the clients who sent the virus.
Description
This shows the name of the client who sent the virus.
This field is available when you click the virus name. Click the name to display the individual client statistics. See Event Log.
IPv4 Address
This shows the IPv4 address of the virus sender.
This field is available when you click the virus name.
MAC Address
This shows the MAC address of the virus sender.
This field is available when you click the virus name.
Hits
This shows how many times the gateway has detected the virus sent by all or a specific IPv4 address.
% Hits
This shows the percentage of the hit counts for the virus sent by all or a specific IPv4 address.
Intrusion Detection / Prevention
The following fields are displayed when you select Intrusion Detection / Prevention.
The donut chart shows the number of potential network attacks detected by the Intrusion Detection and Prevention (IDP) service, if any. The number in the center of the donut chart indicates the number of network attacks blocked by the IDP service.
Signature Name
The name of the IDP signature that triggered the hit. The signature name identifies the type of intrusion pattern
Hits
This shows the total number of network attacks blocked by the IDP service.
% Hits
This shows the number of network attacks blocked as a percentage of the total number of network requests scanned by the IDP service.
Summary Report
This screen displays network statistics for the Nebula Device of the selected site, such as WAN usage, top applications and/or top clients.
Click Site-wide > Monitor > Security gateway > Summary report to access this screen.
Site-wide > Monitor > Security gateway > Summary report
The following table describes the labels in this screen.
Site-wide > Monitor > Security gateway > Summary report 
Label
Description
Security gateway – Summary report
Select to view the report for the past day, week or month. Alternatively, select Custom range... to specify a time period the report will span. You can also select the number of results you want to view in a table.
Email report
Click this button to send summary reports by email, change the logo and set email schedules.
WAN1/WAN2 usage
y-axis
The y-axis shows the transmission speed of data sent or received through the WAN connection in kilobits per second (Kbps).
x-axis
The x-axis shows the time period over which the traffic flow occurred.
VPN usage
y-axis
The y-axis shows the transmission speed of data sent or received through the VPN tunnel in kilobits per second (Kbps).
x-axis
The x-axis shows the time period over which the traffic flow occurred.
Security gateway by usage
 
This shows the index number of the Nebula Device.
Name
This shows the descriptive name of the Nebula Device.
Model
This shows the model number of the Nebula Device.
Usage
This shows the amount of data that has been transmitted through the Nebula Device’s WAN port.
Client
This shows the number of clients currently connected to the Nebula Device.
Location
This shows the location of the Nebula Devices on the map.
Top applications by usage
 
This shows the index number of the application.
Application
This shows the application name.
Category
This shows the name of the category to which the application belongs.
Usage
This shows the amount of data consumed by the application.
% Usage
This shows the percentage of usage for the application.
Top ports by usage
This shows the top ten applications/services and the ports that identify a service.
Name
This shows the service name and the associated port numbers.
Usage
This shows the amount of data consumed by the service.
% Usage
This shows the percentage of usage for the service.
Clients per day
y-axis
The y-axis represents the number of clients.
x-axis
The x-axis represents the date.
Top operating systems by usage
 
This shows the index number of the operating system.
OS
This shows the operating system of the client device.
# Client
This shows how many client devices use this operating system.
% Client
This shows the percentage of top client devices which use this operating system.
# Usage
This shows the amount of data consumed by the client device on which this operating system is running.
% Usage
This shows the percentage of usage for top client devices which use this operating system.
Top clients by usage
 
This shows the index number of the client.
Description
This shows the descriptive name or MAC address of the client.
Usage
This shows the total amount of data transmitted and received by the client.
% Usage
This shows the percentage of usage for the client.
Top client device manufacturers by usage
 
This shows the index number of the client device.
Manufacturer
This shows the manufacturer name of the client device.
Client
This shows how many client devices are made by the manufacturer.
% Client
This shows the percentage of top client devices which are made by the manufacturer.
Usage
This shows the total amount of data transmitted and received by the client device.
% Usage
This shows the percentage of usage for the client device.