Monitoring Traffic or System Counters
Traffic or System Counters Solution
SmartView Monitor provides you with the tools that enable you to be aware of traffic associated with specific network activities, servers, clients, etc., and the status of activities, hardware and software usage of different Check Point products in real-time. Among other things, this knowledge will enable you to:
- Block specific traffic when a threat is imposed
- Assume instant control of traffic flow on a gateway
- Learn about how many tunnels are currently opened or about the rate of new connections passing through the VPN gateway.
SmartView Monitor delivers a comprehensive solution for monitoring and analyzing network traffic and network usage. You can generate fully detailed or summarized graphs and charts for all connections intercepted and logged when monitoring traffic and for numerous rates and figures when counting usage throughout the network.
Traffic
Traffic Monitoring provides in-depth details on network traffic and activity. As a network administrator you can generate traffic information to:
- Analyze network traffic patterns
Network traffic patterns help administrators determine which services demand the most network resources.
- Audit and estimate costs of network use
Monitoring traffic can provide information on how the use of network resources is divided among corporate users and departments. Reports summarizing customer use of services, bandwidth and time can provide a basis for estimating costs per user or department.
- Identify the departments and users that generate the most traffic and the times of peak activity.
- Detect and monitor suspicious activity. Network administrators can produce graphs and charts documenting blocked traffic, alerts, rejected connections, or failed authentication attempts in order to identify possible intrusion attempts.
A Traffic view can be created to monitor the Traffic types listed in the following table.
Traffic Type
|
Explanation
|
Services
|
Displays the current status view about Services used through the selected gateway.
|
IPs/Network Objects
|
Displays the current status view about active IPs/Network Objects through the selected gateway.
|
Security Rules
|
Displays the current status view about the most frequently used Firewall rules.
The Name column in the legend states the rule number as previously configured in SmartDashboard.
|
Interfaces
|
Displays the current status view about the Interfaces associated with the selected gateway.
|
Connections
|
Displays the current status view about current connections initiated through the selected gateway.
|
Tunnels
|
Displays the current status view about the Tunnels associated with the selected gateway and their usage.
|
Virtual Link
|
Displays the current traffic status view between two gateways (for example, Bandwidth, Bandwidth Loss and Round Trip Time).
|
Packet Size Distribution
|
Displays the current status view about packets according to the size of the packets.
|
QoS
|
Displays the current traffic level for each QoS rule.
|
Traffic Legend Output
The values that you see in the legend depend on the Traffic view you are running.
All units in the view results appear in configurable Intervals.
System Counters
Monitoring System Counters provides in-depth details about Check Point Software Blade usage and activities. As a network administrator you can generate system status information about:
- Resource usage for the variety of components associated with the gateway. For example, the average use of real physical memory, the average percent of CPU time used by user applications, free disk space, etc.
- Gateway performance statistics for a variety of Firewall components. For example, the average number of concurrent CVP sessions handled by the HTTP security server, the number of concurrent IKE negotiations, the number of new sessions handled by the SMTP security server, etc.
- Detect and monitor suspicious activity. Network administrators can produce graphs and charts documenting the number of alerts, rejected connections, or failed authentication attempts in order to identify possible intrusion attempts.
Select and Run a Traffic or System Counters View
When a Traffic or System Counters view is run the results appear in the SmartView Monitor client. A Traffic or System Counter view can be run:
- from an existing view
- by creating a new view
- by changing an existing view
To run a Traffic or System Counters view:
- In the SmartView Monitor client, select the Traffic or System Counter branch in the Tree View and double click the Traffic or System Counter view that you would like to run.
A list of available gateways appears.
- Select the gateway for which you would like to run the selected Traffic or System Counter view.
- Click OK.
The results of the selected view appear in the SmartView Monitor client.
Recording a Traffic or Counter View
You can save a record of the or view results.
- Run the Traffic or System Counters view.
- Select the Traffic menu and select Recording > Record.
A Save As window appears.
- Give the record a name and save it in the relevant directory.
- Click Save.
The word Recording appears underneath the Traffic or Counter toolbar. The appearance of this word signifies that the view currently running is being recorded and saved.
- To stop recording, open the Traffic menu and select Recording > Stop.
A record of the view results is saved in the directory you selected in step 3 above. the
Play the Results of a Recorded Traffic or Counter View
After you record a view, you can play it back. You can choose Play or Fast Play, to see results change faster.
- In the SmartView Monitor client, select Traffic > Recording > Play.
The Select Recorded File window appears.
- Access the directory in which the recorded file is kept and select the relevant record.
- Click Open.
The results of the selected recorded view begin to run and the word Playing appears underneath the toolbar.
Pause or Stop the Results of a Recorded View that is Playing
|
|
