Monitoring Traffic or System Counters

This sections describes how to monitor traffic or system counters.

Traffic or System Counters Solution

SmartView Monitor provides tools that enable you to monitor traffic related to specified network activities, and server, as well as the status of activities, hardware and software use of different Check Point products in real-time. With this knowledge you can:

• Block specified traffic.

• Control traffic flow on a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

• See how many tunnels are currently open, or the rate of new connections that pass through the VPN Gateway.

SmartView Monitor delivers a comprehensive solution to monitor and analyze network traffic and network usage. You can generate fully detailed or summarized graphs and charts for all connections intercepted and logged when you monitor traffic, and for numerous rates and figures when you count usage throughout the network.

Traffic

Traffic Monitoring provides in-depth details on network traffic and activity. As a network administrator you can generate traffic information to:

• Analyze network traffic pattern

  Network traffic patterns help administrators determine which services demand the most network resources.

• Audit and estimate costs of network us

  Monitoring traffic can provide information on how the use of network resources is divided among corporate users and departments. Reports that summarize customer use of services, bandwidth and time can provide a basis to estimate costs for each user or department.

• Identify the departments and users that generate the most traffic and the times of peak activity.

• Detect and monitor suspicious activity. Network administrators can produce graphs and charts that document blocked traffic, alerts, rejected connections, or failed authentication attempts to identify possible intrusion attempts.

A Traffic view can be created to monitor the Traffic types listed in the following table.

Traffic Type	Explanation
Services	Shows the current status view about Services used through the selected Security Gateway.
IPs/Network Objects	Shows the current status view about active IPs/Network Objects through the selected Security Gateway.
Security Rules	Shows the current status view about the most frequently used Access Control rules. The Name column in the legend states the rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. number as previously configured in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..
Interfaces	Shows the current status view about the Interfaces associated with the selected Security Gateway.
Connections	Shows the current status view about current connections initiated through the selected Security Gateway.
Tunnels	Shows the current status view about the Tunnels associated with the selected Security Gateway and their usage.
Virtual Link	Shows the current traffic status view between two Security Gateways (for example, Bandwidth, Bandwidth Loss, and Round Trip Time).
Packet Size Distribution	Shows the current status view about packets according to the size of the packets.
QoS	Shows the current traffic level for each QoS Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency. rule. Note - "Top QoS Rules" view in SmartView Monitor shows that almost all traffic matches the "No Match" rule when SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. is enabled on the Security Gateway. Refer to sk118720.

Traffic Legend Output

The values that you see in the legend depend on the Traffic view that you run.

All units in the view results show in configurable Intervals.

System Counters

Monitoring System Counters provides in-depth details about Check PointSoftware Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. usage and activities. As a network administrator, you can generate system status information about:

• Resource usage for the variety of components associated with the Security Gateway. For example, the average use of real physical memory, the average percent of CPU time used by user applications, free disk space, and so on.

• Security Gateway performance statistics for a variety of Firewall components. For example, the average number of concurrent CVP sessions handled by the HTTP security server, the number of concurrent IKE negotiations, the number of new sessions handled by the SMTP security server, and so on.

• Detect and monitor suspicious activity. Network administrators can produce graphs and charts that document the number of alerts, rejected connections, or failed authentication attempts to identify possible intrusion attempts.

Select and Run a Traffic or System Counters View

When a Traffic or System Counters view runs, the results show in the SmartView Monitor client. A Traffic or System Counter view can run:

• From an existing view

• When you create a new view

• When you change an existing view

To run a Traffic or System Counters view:

1. In the SmartView Monitor client, select the Traffic or System Counter branch in the Tree View.

2. Double-click the Traffic or System Counter view that you want to run.

   A list of available Security Gateways shows.

3. Select the Security Gateway, for which you want to run the selected Traffic or System Counter view.

4. Click OK.

   The results of the selected view show in the SmartView Monitor client.

Recording a Traffic or Counter View

You can save a record of the Traffic or System Counter view results.

To record a traffic or counter view:

1. Run the Traffic or System Counters view.

2. Select the Traffic menu.

3. Select Recording > Record.

   A Save As window shows.

4. Name the record.

5. Save it in the related directory.

6. Click Save.

   The word Recording shows below the Traffic or Counter toolbar. The appearance of this word signifies that the view currently running is recorded and saved.

7. To stop recording, open the Traffic menu and select Recording > Stop.

   A record of the view results is saved in the directory you selected in step 3 above.

Play the Results of a Recorded Traffic or Counter View

After you record a view, you can play it back. You can select Play or Fast Play, to see results change faster.

To play the results:

1. In the SmartView Monitor client, select Traffic > Recording > Play.

   The Select Recorded File window shows.

2. Access the directory in which the recorded file is kept and select the related record.

3. Click Open.

   The results of the selected recorded view start to run. The word Playing shows below the toolbar.

Pause or Stop the Results of a Recorded View that is Playing

• To pause the record select Traffic > Recording > Pause.

• Click Recording > Play to resume to play the Traffic or Counter view results recorded before.

• To stop the record select Traffic > Recording > Stop.