You work with firewall data types and filters to define the firewall traffic information that you want to view in a dashboard or report widget or when analyzing charts in Analytics > Firewall Insights.

When you add or edit a widget in a dashboard or report and select Firewall in the Widget Settings dialog, you select a data type to view from the Data Type menu and apply filters that you choose from the Add Filter menu.

In the Analytics > Firewall Insights page, you select a data type to view from the menu above the chart and apply filters that you choose from the Add Filter menu on the left pane.

Following are the firewall data types and their associated filters. Click a data type to learn more about it and its associated filters.

Action

Displays data about the action that the service took on your organization's traffic. You can view either the number of sessions or bytes. You can apply the following filters:

  • Action: Use this filter to view data about traffic that the service either allowed or blocked due to the firewall policy.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • Network Application: Use this filter to limit the data to specific applications. Choose the applications from the list.
  • Network Service: Use this filter to limit the data to specific network services. Choose the network services from the list.
  • Rule name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

Client Source IP

Displays data on the traffic associated with a specific source IP address. You can apply the following filters:

  • Action: Use this filter to limit the data to traffic that was either allowed or blocked due to the firewall policy.
  • Client Destination IP: Use this filter to limit the data to traffic associated with a specific client destination IP address.
  • Client Destination Name: Use this filter to limit the data to traffic associated with a specific destination FQDN. (Available with advanced firewall subscription)
  • Client Destination Port: Use this filter to limit the data to traffic associated with a specific client destination port.
  • Client Tunnel IP: Use this filter to limit the data to traffic associated with a specific client tunnel IP address.
  • Client Tunnel Port: Use this filter to limit the data to traffic associated with a specific client tunnel port.
  • Country: Use this filter to limit the data to traffic associated with a specific country.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • DNAT Destination Name: Use this filter to limit the data to traffic associated with a specific NAT destination FQDN. (Available with advanced firewall subscription)
  • Inbound Bytes: Use this filter to limit the data to packets sent from the server to the client that were within a specific size range. Choose a predefined range or specify a custom range.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • NAT Action: Use this filter to limit the data to specific NAT actions that were performed on the session.
  • Network Application: Use this filter to limit the data to specific applications. Choose the applications from the list.
  • Network Service: Use this filter to limit the data to specific network services. Choose the network services from the list.
  • Outbound Bytes: Use this filter to limit the data to packets that were received by the server within a specific size range. Choose a predefined range or specify a custom range.
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • Server Destination IP: Use this filter to limit the data to traffic associated with a specific server destination IP address.
  • Server Destination Port: Use this filter to limit the data to traffic associated with a specific server destination IP port.
  • Server IP Category: Use this filter to limit the data to traffic associated with the URL category corresponding to the server IP address.
  • Server Source IP: Use this filter to limit the data to traffic associated with a specific server source IP address.
  • Server Source Port: Use this filter to limit the data to traffic associated with a specific server source port.
  • Session Duration (ms): Use this filter to limit the data to traffic based on the session time.
  • Traffic Forwarding: Use this filter to limit the data to traffic associated with a specific traffic forwarding mechanism.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

 

Department

Displays data about the web traffic of each department in your organization. You can apply the filters listed below.

  • Action: Use this filter to limit the data to traffic that was either allowed or blocked due to the firewall policy.
  • Client Destination IP: Use this filter to limit the data to traffic associated with a specific client destination IP address.
  • Client Destination Name: Use this filter to limit the data to traffic associated with a specific destination FQDN. (Available with advanced firewall subscription)
  • Client Destination Port: Use this filter to limit the data to traffic associated with a specific client destination port.
  • Client Tunnel IP: Use this filter to limit the data to traffic associated with a specific client tunnel IP address.
  • Client Tunnel Port: Use this filter to limit the data to traffic associated with a specific client tunnel port.
  • Country: Use this filter to limit the data to traffic associated with a specific country.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • DNAT Destination Name: Use this filter to limit the data to traffic associated with a specific NAT destination FQDN. (Available with advanced firewall subscription)
  • Inbound Bytes: Use this filter to limit the data to packets sent from the server to the client that were within a specific size range. Choose a predefined range or specify a custom range.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • NAT Action: Use this filter to limit the data to specific NAT actions that were performed on the session.
  • Network Application: Use this filter to limit the data to specific applications. Choose the applications from the list.
  • Network Service: Use this filter to limit the data to specific network services. Choose the network services from the list.
  • Outbound Bytes: Use this filter to limit the data to packets that were received by the server within a specific size range. Choose a predefined range or specify a custom range.
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • Server Destination IP: Use this filter to limit the data to traffic associated with a specific server destination IP address.
  • Server Destination Port: Use this filter to limit the data to traffic associated with a specific server destination IP port.
  • Server IP Category: Use this filter to limit the data to traffic associated with a specific URL category.
  • Server Source IP: Use this filter to limit the data to traffic associated with a specific server source IP address.
  • Server Source Port: Use this filter to limit the data to traffic associated with a specific server source port.
  • Session Duration (ms): Use this filter to limit the data to traffic based on the session time.
  • Traffic Forwarding: Use this filter to limit the data to traffic associated with a specific traffic forwarding mechanism.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

Location

Displays data about a location's traffic. You can apply the filters listed below.

  • Action: Use this filter to limit the data to traffic that was either allowed or blocked due to the firewall policy.
  • Client Destination IP: Use this filter to limit the data to traffic associated with a specific destination IP address.
  • Client Destination Port: Use this filter to limit the data to traffic associated with a specific destination port.
  • Client Destination Name: Use this filter to limit the data to traffic associated with a specific destination FQDN. (Available with advanced firewall subscription)
  • Client Tunnel IP: Use this filter to limit the data to traffic associated with a specific tunnel IP address.
  • Client Tunnel Port: Use this filter to limit the data to traffic associated with a specific tunnel port.
  • Country: Use this filter to limit the data to traffic associated with a specific country.
  • DNAT Destination Name: Use this filter to limit the data to traffic associated with a specific NAT destination FQDN. (Available with advanced firewall subscription)
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • Inbound Bytes: Use this filter to limit the data to packets sent from the server to the client that were within a specific size range. Choose a predefined range or specify a custom range.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • NAT Action: Use this filter to limit the data to specific NAT actions that were performed on the session.
  • Network Application: Use this filter to limit the data to specific applications. Choose the applications from the list.
  • Network Service: Use this filter to limit the data to specific network services. Choose the network services from the list.
  • Outbound Bytes: Use this filter to limit the data to packets that were received by the server within a specific size range. Choose a predefined range or specify a custom range.
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • Server Destination IP: Use this filter to limit the data to traffic associated with a specific server destination IP address.
  • Server Destination Port: Use this filter to limit the data to traffic associated with a specific server destination IP port.
  • Server IP Category: Use this filter to limit the data to traffic associated with a specific URL category.
  • Server Source IP: Use this filter to limit the data to traffic associated with a specific server source IP address.
  • Server Source Port: Use this filter to limit the data to traffic associated with a specific server source port.
  • Session Duration (ms): Use this filter to limit the data to traffic based on the session time.
  • Traffic Forwarding: Use this filter to limit the data to traffic associated with a specific traffic forwarding mechanism.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

Network Application

Displays data about traffic associated with a specific network application.

  • Action: Use this filter to limit the data to traffic that was either allowed or blocked due to the firewall policy.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • Network Application: Use this filter to limit the data to specific applications. Choose the applications from the list.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

Network Service

Displays data about traffic associated with a specific network service.

  • Action: Use this filter to limit the data to traffic that was either allowed or blocked due to the firewall policy.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • Network Service: Use this filter to limit the data to specific services. Choose the services from the list.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

Rule Name

Displays data about traffic associated with specific rules in the firewall policy. You can apply the filters listed below.

  • Action: Use this filter to limit the data to traffic that was either allowed or blocked due to the firewall policy.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

User

Displays data about traffic associated with a specific user. You can apply the filters listed below.

  • Action: Use this filter to limit the data to traffic that was either allowed or blocked due to the firewall policy.
  • Client Destination IP: Use this filter to limit the data to traffic associated with a specific destination IP address.
  • Client Destination Name: Use this filter to limit the data to traffic associated with a specific destination FQDN. (Available with advanced firewall subscription)
  • Client Destination Port: Use this filter to limit the data to traffic associated with a specific destination port.
  • Client Tunnel IP: Use this filter to limit the data to traffic associated with a specific tunnel IP address.
  • Client Tunnel Port: Use this filter to limit the data to traffic associated with a specific tunnel port.
  • Country: Use this filter to limit the data to traffic associated with a specific country.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • DNAT Destination Name: Use this filter to limit the data to traffic associated with a specific NAT destination FQDN. (Available with advanced firewall subscription)
  • Inbound Bytes: Use this filter to limit the data to packets sent from the server to the client that were within a specific size range. Choose a predefined range or specify a custom range.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • NAT Action: Use this filter to limit the data to specific NAT actions that were performed on the session.
  • Network Application: Use this filter to limit the data to specific applications. Choose the applications from the list.
  • Network Service: Use this filter to limit the data to specific network services. Choose the network services from the list.
  • Outbound Bytes: Use this filter to limit the data to packets that were received by the server within a specific size range. Choose a predefined range or specify a custom range.
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • Server Destination IP: Use this filter to limit the data to traffic associated with a specific server destination IP address.
  • Server Destination Port: Use this filter to limit the data to traffic associated with a specific server destination IP port.
  • Server IP Category: Use this filter to limit the data to traffic associated with a specific URL category.
  • Server Source IP: Use this filter to limit the data to traffic associated with a specific server source IP address.
  • Server Source Port: Use this filter to limit the data to traffic associated with a specific server source port.
  • Session Duration (ms): Use this filter to limit the data to traffic based on the session time.
  • Traffic Forwarding: Use this filter to limit the data to traffic associated with a specific traffic forwarding mechanism.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.
    If applicable, enable Exclude Location to limit the data to only users. By default, user-related widgets include locations and users.