You can monitor Enhanced Firewall Services (EFS) Threats based on the metrics collected using the EFS Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) for a specific Edge or an Enterprise.
Monitor EFS - Edge View
- In the SD-WAN service of the Enterprise portal, click Monitor > Edges. The list of Edges associated with the Enterprise appears.
- Select an Edge by clicking the link to an Edge. The Network Overview page (default page view) appears.
- Click the Security Overview tab.
The Security Overview page appears. In addition, you can select the time frame for the overview page by 12 hours, 24 hours, and so on.
The Security Overview page is a graphical representation of cumulative data of the following EFS Threats details, based on the metrics collected using the EFS (IDS/IPS) for the selected Edge.
- Total count of Threats Detected
- Total count of Threats Prevented
- Top Threats Detected filtered "By Count" (Default) or "By Impact"
- Top Threat Origins filtered By "IP Address" (Default) or "By Country"
- Top Impacted Clients filtered By "IP Address" (Default) or "By Country"
- Histogram Trend of Threats for selected time frame.
Under each graphical representation, clicking the View Details link displays detailed EFS information for the selected Edge, based on the selected metric type.
Monitor EFS - Enterprise View
To view the EFS Threats details for an Enterprise, click Monitor > Security Overview.
The Security Overview page is a graphical representation of Threat distribution based on the metrics collected using the EFS (IDS/IPS) for all Edges within an Enterprise. You can view the Threat distribution of all the Edges using the following two views:
- Impacted Edge Distribution – Represents a map view of all the EFS Impacted Edges (by severity) and Protected Edges. The page graphically displays the following EFS Threats details for an Enterprise:
- Total count of Edges Impacted
- Total count of Edges Protected
- Top Threats Detected filtered "By Count" (Default) or "By Impact"
- Top Threat Origins filtered By "IP Address" (Default) or "By Country"
- Top Impacted Edges filtered By "IP Edge Name" (Default) or "IP Address"
- Top Impacted Clients filtered By "IP Address" (Default) or "By Country"
- Impacted Edge List – Represents a tabular view of all the EFS impacted Edges along with Threat details. The page displays the following details: Name and Description of the impacted Edge, Name of the Profile to which the impacted Edge is associated with, Threat Type, Threat Impact on Edge, and Status of impacted Edge.