Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Next

Monitoring Traffic or System Counters

Related Topics

Traffic or System Counters Solution

Traffic or System Counters Configuration

Traffic or System Counters Solution

SmartView Monitor provides you with the tools that enable you to be aware of traffic associated with specific network activities, servers, clients, etc., and the status of activities, hardware and software usage of different Check Point products in real-time. Among other things, this knowledge will enable you to:

  • Block specific traffic when a threat is imposed
  • Assume instant control of traffic flow on a gateway
  • Learn about how many tunnels are currently opened or about the rate of new connections passing through the VPN gateway.

SmartView Monitor delivers a comprehensive solution for monitoring and analyzing network traffic and network usage. You can generate fully detailed or summarized graphs and charts for all connections intercepted and logged when monitoring traffic and for numerous rates and figures when counting usage throughout the network.

Traffic

Traffic Monitoring provides in-depth details on network traffic and activity. As a network administrator you can generate traffic information to:

  • Analyze network traffic patterns

    Network traffic patterns help administrators determine which services demand the most network resources.

  • Audit and estimate costs of network use

    Monitoring traffic can provide information on how the use of network resources is divided among corporate users and departments. Reports summarizing customer use of services, bandwidth and time can provide a basis for estimating costs per user or department.

  • Identify the departments and users that generate the most traffic and the times of peak activity.
  • Detect and monitor suspicious activity. Network administrators can produce graphs and charts documenting blocked traffic, alerts, rejected connections, or failed authentication attempts in order to identify possible intrusion attempts.

A Traffic view can be created to monitor the Traffic types listed in the following table.

Traffic Type

Explanation

Services

Displays the current status view about Services used through the selected gateway.

IPs/Network Objects

Displays the current status view about active IPs/Network Objects through the selected gateway.

Security Rules

Displays the current status view about the most frequently used Firewall rules.

The Name column in the legend states the rule number as previously configured in SmartDashboard.

Interfaces

Displays the current status view about the Interfaces associated with the selected gateway.

Connections

Displays the current status view about current connections initiated through the selected gateway.

Tunnels

Displays the current status view about the Tunnels associated with the selected gateway and their usage.

Virtual Link

Displays the current traffic status view between two gateways (for example, Bandwidth, Bandwidth Loss and Round Trip Time).

Packet Size Distribution

Displays the current status view about packets according to the size of the packets.

QoS

Displays the current traffic level for each QoS rule.

Traffic Legend Output

The values that you see in the legend depend on the Traffic view you are running.

All units in the view results appear in configurable Intervals.

System Counters

Monitoring System Counters provides in-depth details about Check Point Software Blade usage and activities. As a network administrator you can generate system status information about:

  • Resource usage for the variety of components associated with the gateway. For example, the average use of real physical memory, the average percent of CPU time used by user applications, free disk space, etc.
  • Gateway performance statistics for a variety of firewall components. For example, the average number of concurrent CVP sessions handled by the HTTP security server, the number of concurrent IKE negotiations, the number of new sessions handled by the SMTP security server, etc.
  • Detect and monitor suspicious activity. Network administrators can produce graphs and charts documenting the number of alerts, rejected connections, or failed authentication attempts in order to identify possible intrusion attempts.

Traffic or System Counters Configuration

The following pages contain a number of different sets of steps that will instruct you on how to configure Traffic or System Counters views.

To obtain an explicit understanding about the fields, text boxes, drop-down lists, etc., in each window refer to SmartView Monitor Online Help.

Select and Run a Traffic or System Counters View

When a Traffic or System Counters view is run the results appear in the SmartView Monitor client. A Traffic or System Counter view can be run:

  • from an existing view
  • by creating a new view
  • by changing an existing view

To run a Traffic or System Counters view:

  1. In the SmartView Monitor client, select the Traffic or System Counter branch in the Tree View and double click the Traffic or System Counter view that you would like to run.

    A list of available gateways appears.

  2. Select the gateway for which you would like to run the selected Traffic or System Counter view.
  3. Click OK.

    The results of the selected view appear in the SmartView Monitor client.

Run a Specific View at Startup

With SmartView Monitor you can select the view that will first appear when you launch SmartView Monitor.

  1. Right-click the view that should be run as soon as SmartView Monitor is launched.
  2. Select Run at Startup.

Create a New Traffic or System Counters Results View

A View is the output that is displayed when changing an existing view. The new View is not automatically saved in the Custom branch of the Tree View.

For example purposes, we will create a real-time Traffic view for Services.

  1. Double-click the view you would like to change and select the gateway for which you are creating the view.
  2. Select the View Properties button on the view toolbar. The Query Properties window appears.
  3. Select Real-Time.

    Real-Time provides information about currently monitored traffic or system counters.

    Select History for previously logged information.

  4. Select the topic about which you would like to create a Real-Time traffic view in the drop-down list provided. For example purposes select Services.

    Note - The remaining tabs in the Query Properties window change according to the type of view you are creating and the selection you made in the Real-Time drop-down list.
  5. Select the Target of this Custom Traffic view.

    The Target is the gateway for which you would like to monitor traffic.

  6. Click the Monitor by Services tab.
  7. Select Specific Services and the Services for which you would like to create a custom Traffic view.
  8. Click the Filter tab and make the relevant selections.
  9. Click the Settings tab and make the relevant selections.
  10. Click OK when you are done with your selections

    The Select Gateway/Interface window appears.

  11. Select the gateway or interface for which you would like to create/run this new view.
  12. Click the Save to Tree button on the toolbar and enter a name for the new view.
  13. Click OK.

    The new view is saved in the Custom branch.

Create a Real-Time Custom Traffic or Counter View

  1. In the SmartView Monitor client, click the Custom branch of the Tree View.

    For example purposes we will create a real-time Traffic view for Services.

  2. Right click the Custom branch and select New Traffic View.

    The Query Properties window appears.

  3. Select Real-Time.

    Real-Time provides information about currently monitored traffic or system counters.

  4. Select the topic (for example purposes Services) about which you would like to create a Real-Time traffic view in the drop-down list provided.

    Note - The remaining tabs in the Query Properties window change according to the type of view you are creating and the selection you made in the Real-Time drop-down list.
  5. Select the Target of this Custom Traffic view.

    The Target is the gateway or cluster for which you would like to monitor traffic.

  6. Click the Monitor by Services tab.
  7. Select the Services for which you would like to create a custom traffic view.
  8. Click the Filter tab and make the relevant selections.
  9. Click the Settings tab and make the relevant selections.
  10. Click Save.

    The Select Gateway/Interface window appears.

  11. Select the gateway or interface for which you would like to create this new view.
  12. Click OK.
  13. Type the name of the new Custom view in the Custom branch and press Enter.

Create a History Traffic or Counter View

  1. In the SmartView Monitor client, click the Custom branch of the Tree View.

    For example purposes we will create a real-time Traffic view for Services.

  2. Right click the Custom branch and select New Traffic View.

    The Query Properties window appears.

  3. Select History in the Type section.

    History provides information about previously monitored traffic or system counters.

  4. Select the Target of this custom Traffic or Counter view.

    The Target is the gateway for which you would like to view previously monitored traffic.

  5. Click the Traffic History tab or the Counter tab, depending on the type of view you are creating.
  6. In the Time Frame drop-down list, select the period of time for which you would like to view previously monitored traffic or system counters.
  7. In the Select history report list, select the topic for which you are interested in viewing previously monitored information.
  8. Click Save.

    The Select Gateway window appears.

  9. Select the gateway for which you would like to create this new view.
  10. Click OK.
  11. Type the name of the new Custom view in the Custom branch and press Enter.

Edit a System Counter or Traffic View

You cannot change a view in the Tree View. Therefore, when you change a view's properties you will need to save the view in the Custom branch of the Tree View in order to preserve those changes.

  1. In the SmartView Monitor client, click the Traffic or Counter view that you would like to edit.

    The Select Gateway/Interface window appears.

  2. Select the gateway or interface for which you would like to create this new view.
  3. Click OK.
  4. Click the View Properties button on the view specific toolbar.

    The Query Properties window appears.

  5. Make the necessary changes in the tabs provided and click Ok

    The Save to Tree window appears.

    The Select Gateway/Interface window appears.

  6. Select the gateway for which you would like to create this new view.
  7. Click OK.
  8. Enter a name for the new Custom view in the Custom branch and press Enter.

    The new view is run and can be viewed in the SmartView Monitor client and the changes will be preserved in a new view in the Custom branch of the Tree View.

Edit a Custom Traffic or System Counter View

  1. In the SmartView Monitor client, select the Custom branch of the Tree View.
  2. Click the Traffic or Counter view that you would like to edit.

    The Select Gateway/Interface window appears.

  3. Select the gateway or interface for which you would like to create this new view.
  4. Click OK.
  5. Click the View Properties button on the view specific toolbar.

    The Query Properties window appears.

  6. Make the necessary changes in the tabs provided and click Ok to preserve your changes.

    The Select Gateway/Interface window appears.

  7. Select the gateway for which you would like to create this new view.
  8. Click OK.
  9. Enter a name for the new Custom view in the Custom branch and press Enter.

    The new view is run and the changes to the selected view are saved in the Custom branch of the Tree View.

Copy a Traffic or System Counter View

  1. In the SmartView Monitor client, right-click the Traffic or System Counters view you would like to copy.
  2. Select Copy.

    The Save to Tree window appears.

  3. Give the view a new name and click Save.

    A copy of the view appears under the Custom branch of the Tree View.

Rename a Custom Traffic or Counter View

  1. In the SmartView Monitor client, select the Custom branch of the Tree View.
  2. Right-click the Traffic or System Counters view you would like to rename.
  3. Select Rename.
  4. Type the new name and press Enter.

Delete a Custom Traffic or Counter View

  1. In the SmartView Monitor client, select the Custom branch of the Tree View.
  2. Right-click the Traffic or System Counters view you would like to delete.
  3. Select Delete.
  4. Select Yes to delete the selected Custom view.

Export a Custom Traffic or Counter View

  1. In the SmartView Monitor client, right-click the Traffic or System Counters view you would like to export.
  2. Select Export Properties.
  3. Select the directory in which you would like to save the exported view settings and click Save. A file with an svm_setting extension is created

Recording a Traffic or Counter View

When recording a Traffic or Counter view you are saving a record of the Traffic or Counter view results.

  1. In the SmartView Monitor client, run the Traffic or System Counters view you would like to record

    Refer to Select and Run a Traffic or System Counters View for additional information.

  2. Select the Traffic menu and select Recording > Record.

    A Save As window appears.

  3. Give the record a name and save it in the relevant directory.
  4. Click Save.

    The word Recording appears underneath the Traffic or Counter toolbar. The appearance of this word signifies that the view currently running is being recorded and saved.

  5. To stop recording, open the Traffic menu and select Recording > Stop.

    A record of the view results is saved in the directory you selected in step 3 above. the

Play the Results of a Recorded Traffic or Counter View

  1. In the SmartView Monitor client, select Traffic > Recording > Play.

    The Select Recorded File window appears.

  2. Access the directory in which the recorded file is kept and select the relevant record.
  3. Click Open.

    The results of the selected recorded view begin to run and the word Playing appears underneath the toolbar.

Note - The difference between Play and Fast Play in the Recording menu is that Fast Play runs the recorded view results at a faster rate

Pause or Stop the Results of a Recorded View that is Playing

  • To pause the record select Traffic > Recording > Pause.

    Click Recording > Play to resume playing the previously recorded Traffic or Counter view results.

  • To stop the record select Traffic > Recording > Stop.
  
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print