Representing firewall connectivity
NetContinuum monitored server stream attributes
NetContinuum application status attributes
NetContinuum application status stream attributes
Entuity Firewall include an extensive breakdown of the firewall inventory.
Entuity Firewall considers firewalls as devices, and as such they are placed as a subfolder of devices. Many of the firewall tabs are standard tabs applicable to other device types. This article outlines tabs of particular interest or specific to firewall management.
Firewall general attributes
Attributes | Description |
---|---|
Firewall SNMP Read-Only Community | community string required for the checkpoint agent. It defaults to the same as used for firewall discovery, but it is an editable field. |
Total Memory | total memory on the firewall server. |
Firewall SNMP UDP Port | port used by the IPSO agent, by default port 161. |
User Set Oper State |
expected state of the module. By default, High Availability Module status monitoring in Entuity is unconfigured, but once configured Entuity polls the status every five minutes. When the state on the device does not match the expected state as set in Entuity, a Firewall High Avail User Set Oper State Non Compliant event is raised.
|
Representing firewall connectivity
Firewalls are represented as devices in Entuity maps.
Nokia/checkpoint firewall
Entuity Firewall includes an extensive breakdown of the firewall inventory. For those firewalls that support the managed host's MIB, for example the Nokia/Checkpoint firewall, ENA Firewall collects performance and resource data.
Firewall packages
Entuity Firewall details the packages installed to Nokia/Checkpoint firewalls, including version number details useful to maintaining the security of the network. The number of packages discovered is configurable through Threshold Settings. A limit is useful when a large number of packages are installed.
Attributes | Description |
---|---|
Name | package name, including version number. |
Installed | date that the package was installed to the firewall. |
Type | type of package, e.g. Application, Operating System. |
Firewall high availability stream attributes
Attributes | Description |
---|---|
Accepted Packet Rate | rate of packets accepted per second. |
Accepted Packet Rate Daily Mean | rate of packets accepted per second, expressed as a mean average over the previous twenty-four hour day. |
Accepted Packet Rate Hourly Mean | rate of packets accepted per second expressed as a mean average over the previous hour. |
Active Sessions | number of active sessions. |
Authenticated Response Time | |
Connection Rate | |
Connections Daily Mean | mean average number of connections over the previous twenty-four hour day. |
Connections Hourly Mean | mean average number of connections over the previous hour. |
Current Connections | number of connections when polled. |
Dropped Pkt Hourly Mean | hourly mean of packets dropped. |
Dropped Pkt Rate | rate of packets dropped. |
Dropped Pkt Rate Daily mean | daily mean of packets dropped. |
External URL Response Time | |
Last SNMP Restart Time | the last time the SNMP restarted. This also indicates when SNMP counters were reset, which is useful when identifying the reasons behind data spikes. |
Maximum Connections | maximum number of connections over a five minute period. |
Maximum Number of Connections - Daily | maximum number of connections over a five minute period, recorded over the previous twenty-four hour day. |
Maximum Number of Connections - Hourly | maximum number of connections over a five minute period, recorded over the previous hour. |
Messages Received | status messages received in the last five minutes. |
New Connection Rate Daily Mean | daily mean of new connection rate. |
New Connection Rate Hourly Mean | hourly mean of new connection rate. |
Processes | number of processes. |
Rejected Packet Rate | |
Rejected Packet Rate Hourly Mean | |
TCP Connection Rate | the Transmission Control Protocol (TCP) Connection operation discovers the time it takes to connect to the target device. |
TCP Connection Setup Rate Daily Mean | daily mean of the device's TCP connection rate. |
TCP Connection Setup Rate Hourly Mean | hourly mean of the device's TCP connection rate. |
UDP Connection Rate | User Datagram Protocol connection rate. |
UDP Connection Setup Rate Daily Mean | daily mean of the User Datagram Protocol connection setup rate. |
UDP Connection Setup Rate Hourly Mean | hourly mean of the User Datagram Protocol connection setup rate |
User | number of users. |
High availability module inventory
By default, polling of a High Availability module inventory data is unconfigured. However, once User Set Oper State is changed from unconfigured, Entuity Firewall polls for inventory data daily.
Attributes | Description |
---|---|
State | operational state of the module. It is this setting that is polled every five minutes and compared with User Set Oper State, and where there are changes in compliance events are raised. |
Product Name | name of the module, i.e. High Availability |
Installed | 1 indicates the product is installed. |
Version | Version of the module. |
Started? |
Indicates whether the module has started, i.e:
|
Block State | Indicates whether the state is ok. |
Work Mode | Synchronization method for changes in State across devices in the same cluster. |
NetContinuum firewall
Entuity Firewall includes an extensive breakdown of the firewall inventory accessible through Entuity and reports.
NetContinuum firewalls are grouped with other firewalls, placed within Entuity as a subfolder of devices. Many of the firewall tabs are standard tabs applicable to other device and firewall types. This section outlines tabs specific to NetContinuum firewall management.
NetContinuum monitored server attributes
Attributes | Description |
---|---|
NetContinuum Monitored Server | name and path of the monitored web server. |
NetContinuum monitored server stream attributes
Attributes | Description |
---|---|
IP Address | IP address of the monitored web server. |
Operational Status | operational status of the web server, e.g. IN-SERVICE. |
NetContinuum application status attributes
Attributes | Description |
---|---|
NetContinuum Application Description | name and path of the monitored web application. |
NetContinuum application status stream attributes
These values are for the previous poll period, by default five minutes.
Attributes | Description |
---|---|
Denied HTTP Requests | number of times during the last polling period in which NetContinuum denied HTTP requests for this application. |
Blocked DAP | number of times during the last polling period in which NetContinuum used Dynamic Application Profiling (DAP) to block access to this application. |
Blocked Entry Control | number of times during the last polling period in which NetContinuum blocked entry control requests for this application. |
Blacklisted | number of times during the last polling period in which NetContinuum blacklisted users who were attempting to access this application. |
Blocked Methods | number of times during the last polling period in which NetContinuum blocked access to this application. |
Robots Denied | number of times during the last polling period in which NetContinuum denied robot access to this application |
Robots Allowed | number of times during the last polling period in which NetContinuum permitted robots to access this application. |
URL Encoding Errors | URL Encoding Errors. |
Slash Dot URLs Blocked | operational status of the web server, e.g. IN-SERVICE. |
Tilder URLs Blocked | blocking of access to URLs containing tildas (~). |
Character Set Encoding Errors | character set encoding errors. |
Bad Certificates | number of times that bad security certificates were identified. |
Meta Character Intrusions | name and path of the monitored web server. |
Keyword Intrusions | keyword intrusions. |
Query Length Intrusions | query length intrusions. |
Cookie Overflow Intrusions | cookie overflow intrusions. |
Header Count Intrusions | header count intrusions. |
Header Overflow Intrusions | header overflow intrusions. |
Content Overflow Intrusions | content overflow intrusions. |
Parameter Length Overflows | parameter length overflows. |
Empty Valued | empty valued. |
Comments
0 comments
Please sign in to leave a comment.