Sessions: Difference between revisions
No edit summary |
No edit summary |
||
(15 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
<span style="display:none" class="helpSource session_viewer"> | <span style="display:none" class="helpSource sessions">Sessions</span> | ||
<span style="display:none" class="helpSource session_viewer">Sessions</span> | |||
Sessions provides a view of the current [https://en.wikipedia.org/wiki/Session_(computer_science)|network sessions] (also known as connections). | |||
Each row | Each row represents a single a network session/and its properties. | ||
As NG Firewall and all the apps learn more about a session, many will "attach" data to the session so it is globally visible and accessible to other apps. The Sessions view provides a view into everything that is known about each session. | |||
The Sessions view provides a real-time view into the network, and can also provide a great debugging. | |||
The controls provide a way to view the current sessions of a specific application, host, user, website, policy, etc. | |||
This can be used to view activity or to verify that traffic is being handled properly, by the proper policy, etc. | |||
= Controls = | |||
The sessions view by default shows all active session and some basic information about each session. | |||
To view all the information for a session click on the session and all attributes are displayed in the property grid on the right side. | |||
# '''Refresh''' refreshes the grid with the current active sessions. | |||
# '''Auto Refresh''' toggles automatic refreshing of the grid. | |||
# '''Reset View''' resets the view to the default view. Any changes to the default view are saved in your local browser session. | |||
# '''Filter''' provides the ability to quickly filter all sessions my many key attributes. | |||
More controls can be access by mousing over any column head and using the drowdown menu on the column header. | |||
# '''Sort Ascending''' sorts the selected column in ascending order. | |||
# '''Sort Descending''' sorts the selected column in descending order. | |||
# '''Columns''' allows the removal or addition of columns to the current view. | |||
# '''Group by this Field''' will group the session data by the selected column. | |||
# '''Filter''' provides a way to filter current data on this column with the provided value. | |||
= Columns = | |||
<blockquote style="background: white; border: 1px solid black; padding: 1em;"> | <blockquote style="background: white; border: 1px solid black; padding: 1em;"> | ||
{| border="1" cellpadding="2" | {| border="1" cellpadding="2" | ||
|+ | |||
! Property !! Description | |||
|- | |- | ||
|- | |- | ||
|'''Creation Time''' | |||
| The creation time of the session (if scanned) | |||
|- | |||
|'''Session ID''' | |||
| The session ID (if scanned) | |||
|- | |||
|'''Mark''' | |||
| The netfilter connmark | |||
|- | |- | ||
|'''Protocol''' | |'''Protocol''' | ||
|The protocol of the session (TCP | | The protocol of the session (TCP/UDP) | ||
|- | |- | ||
|'''Bypassed''' | |'''Bypassed''' | ||
|True if | | True if the session is [[Bypass Rules|bypassed]], False if it is scanned | ||
|- | |||
|- | |||
|'''Policy''' | |'''Policy''' | ||
|The policy or | | The policy handling the session (if scanned) | ||
|- | |- | ||
|'''Hostname''' | |||
| The hostname for the client address (if known) | |||
|- | |||
|'''NATd''' | |||
| True if the client address of the session was rewritten (NAT), False otherwise | |||
|- | |||
|'''Port Forwarded''' | |||
| True if the server address of the session was rewritten (port-forward), False otherwise | |||
|- | |||
|'''Tags''' | |||
| The tags attached to the session (inherited from [[Hosts]], [[Devices]], and [[Users]]) | |||
|- | |||
|'''Tags String''' | |||
| The list of all tags attached to the session. | |||
|- | |||
|'''Local Address''' | |||
| The IP address of the "local" (non-WAN) participant or the ''Client Address'' if no local address. | |||
|- | |||
|'''Remote Address''' | |||
| The IP address of the "remote" (WAN) participant or the ''Server Address'' if no remote address. | |||
|- | |||
|'''Bandwidth Control Priority''' | |||
| The priority of the session set by [[Bandwidth Control]]. | |||
|- | |||
|'''QoS Priority''' | |||
| The priority set by [[QoS]]. | |||
|- | |||
|'''Pipeline''' | |||
| The application processing order (pipeline) of the session (if scanned). | |||
|- | |||
|'''Client Interface''' | |'''Client Interface''' | ||
|The interface of the client | | The network interface of the client (source). | ||
|- | |- | ||
|'''Client (Pre-NAT)''' | |'''Client Address (Pre-NAT)''' | ||
|The | | The IP address of the client (initiator) of the session. | ||
|- | |||
|- | |||
|'''Client Port (Pre-NAT)''' | |'''Client Port (Pre-NAT)''' | ||
|The client port of | | The port of the client (initiator) of the session. | ||
|- | |- | ||
|'''Client Address (Post-NAT)''' | |||
| The IP address of the client (initiator) of the session post-NAT. | |||
|- | |||
|'''Client Port (Post-NAT)''' | |||
| The port of the client (initiator) of the session post-NAT. | |||
|- | |||
|'''Client Country''' | |||
| The country code of the client IP address. | |||
|- | |||
|'''Client Latitude''' | |||
| The latitude of the client IP address. | |||
|- | |||
|'''Client Longitude''' | |||
| The longitude of the client IP address. | |||
|- | |||
|'''Server Interface''' | |||
| The network interface of the server (destination). | |||
|- | |||
|'''Server Address (Pre-NAT)''' | |||
| The IP address of the server (receiver) of the session pre-NAT. | |||
|- | |||
|'''Server Port (Pre-NAT)''' | |'''Server Port (Pre-NAT)''' | ||
|The | | The port of the server (receiver) of the session pre-NAT. | ||
|- | |||
|'''Server Address (Post-NAT)''' | |||
| The IP address of the server (receiver) of the session. | |||
|- | |||
|- | |||
|'''Server (Post-NAT)''' | |||
|The | |||
|- | |||
|'''Server Port (Post-NAT)''' | |'''Server Port (Post-NAT)''' | ||
|The server | | The port of the server (receiver) of the session. | ||
|- | |- | ||
|''' | |'''Server Country''' | ||
|True if this session | | The country code of the server IP address. | ||
|- | |- | ||
|''' | |'''Server Latitude''' | ||
|True if this session | | The latitude of the server IP address. | ||
|- | |- | ||
|''' | |'''Server Longitude''' | ||
|True if this session | | The longitude of the server IP address. | ||
|- | |||
|'''Speed (KB/s) Client''' | |||
| The data rate of data sent by the client (updated every 60 seconds). | |||
|- | |||
|'''Speed (KB/s) Server''' | |||
| The data rate of data sent by the server (updated every 60 seconds). | |||
|- | |||
|'''Speed (KB/s) Total''' | |||
| The data rate of session (updated every 60 seconds). | |||
|- | |||
|'''Application Control Lite Protocol''' | |||
| The protocol according to [[Application Control Lite]]. | |||
|- | |||
|'''Application Control Lite Category''' | |||
| The category according to [[Application Control Lite]]. | |||
|- | |||
|'''Application Control Lite Description''' | |||
| The description of the protocol according to [[Application Control Lite]]. | |||
|- | |||
|'''Application Control Lite Matched?''' | |||
| True if [[Application Control Lite]] matched the session. | |||
|- | |||
|'''Application Control Protochain''' | |||
| The protochain of [[Application Control]] | |||
|- | |||
|'''Application Control Application''' | |||
| The application of [[Application Control]] | |||
|- | |||
|'''Application Control Category''' | |||
| The category of the application of [[Application Control]] | |||
|- | |||
|'''Application Control Detail''' | |||
| The detail of the application of [[Application Control]] | |||
|- | |||
|'''Application Control Confidence''' | |||
| The confidence of the match of [[Application Control]] | |||
|- | |||
|'''Application Control Productivity''' | |||
| The productivity of the application of [[Application Control]] | |||
|- | |||
|'''Application Control Risk''' | |||
| The risk of the application of [[Application Control]] | |||
|- | |||
|'''Web Filter Category Name''' | |||
| The category of the last web request according to [[Web Filter]] | |||
|- | |||
|'''Web Filter Category Description''' | |||
| The description of the category of the last web request according to [[Web Filter]] | |||
|- | |||
|'''Web Filter Category Flagged''' | |||
| True if this category of the web request is flagged, False if not, null otherwise | |||
|- | |||
|'''Web Filter Category Blocked''' | |||
| True if this category of the web request is blocked, False if not, null otherwise | |||
|- | |||
|'''Web Filter Flagged''' | |||
| True if the last web request is flagged, False if not, null otherwise | |||
|- | |||
|'''HTTP Hostname''' | |||
| The HTTP hostname if an HTTP session. | |||
|- | |||
|'''HTTP URL''' | |||
| The HTTP URL of the last HTTP request of this session. | |||
|- | |||
|'''HTTP User Agent''' | |||
| The HTTP User Agent of the last HTTP request of this session. | |||
|- | |||
|'''HTTP URI''' | |||
| The HTTP URI of the last HTTP request of this session. | |||
|- | |||
|'''HTTP Request Method''' | |||
| The HTTP Request Method of the last HTTP request of this session. | |||
|- | |||
|'''HTTP Request File Name''' | |||
| The HTTP Request filename of the last HTTP request of this session. | |||
|- | |||
|'''HTTP Request File Extension''' | |||
| The HTTP Request filename extension (.exe) of the last HTTP request of this session. | |||
|- | |||
|'''HTTP Request File Path''' | |||
| The HTTP Request file path of the last HTTP request of this session. | |||
|- | |||
|'''HTTP Content Type''' | |||
| The HTTP Content Type of the last HTTP response of this session. | |||
|- | |||
|'''HTTP Referrer''' | |||
| The HTTP Referrer of the last HTTP request of this session. | |||
|- | |||
|'''HTTP Response File Name''' | |||
| The HTTP Response filename of the last HTTP response of this session. | |||
|- | |||
|'''HTTP Response File Extension''' | |||
| The HTTP Response filename extension (.exe) of the last HTTP response of this session. | |||
|- | |||
|'''HTTP Content Length''' | |||
| The HTTP content length of the last HTTP response of this session. | |||
|- | |||
|'''SSL Subject DN''' | |||
| The Subject DN of the SSL certificate of this session. | |||
|- | |||
|'''SSL Issuer DN''' | |||
| The Issuer DN of the SSL certificate of this session. | |||
|- | |||
|'''SSL Inspected''' | |||
| True if SSL Inspected, False if not inspected, null otherwise. | |||
|- | |||
|'''SSL SNI Hostname''' | |||
| The SNI hostname specified in the request of this session (if specified). | |||
|- | |||
|'''FTP Filename''' | |||
| The name of the last file downloaded in this session via FTP. | |||
|- | |||
|'''FTP Data Session''' | |||
| True if this is an FTP data session, null otherwise. | |||
|} | |} | ||
</blockquote> | </blockquote> | ||
Latest revision as of 16:10, 3 May 2022
Sessions provides a view of the current sessions (also known as connections).
Each row represents a single a network session/and its properties.
As NG Firewall and all the apps learn more about a session, many will "attach" data to the session so it is globally visible and accessible to other apps. The Sessions view provides a view into everything that is known about each session.
The Sessions view provides a real-time view into the network, and can also provide a great debugging. The controls provide a way to view the current sessions of a specific application, host, user, website, policy, etc. This can be used to view activity or to verify that traffic is being handled properly, by the proper policy, etc.
Controls
The sessions view by default shows all active session and some basic information about each session. To view all the information for a session click on the session and all attributes are displayed in the property grid on the right side.
- Refresh refreshes the grid with the current active sessions.
- Auto Refresh toggles automatic refreshing of the grid.
- Reset View resets the view to the default view. Any changes to the default view are saved in your local browser session.
- Filter provides the ability to quickly filter all sessions my many key attributes.
More controls can be access by mousing over any column head and using the drowdown menu on the column header.
- Sort Ascending sorts the selected column in ascending order.
- Sort Descending sorts the selected column in descending order.
- Columns allows the removal or addition of columns to the current view.
- Group by this Field will group the session data by the selected column.
- Filter provides a way to filter current data on this column with the provided value.
Columns
Property Description Creation Time The creation time of the session (if scanned) Session ID The session ID (if scanned) Mark The netfilter connmark Protocol The protocol of the session (TCP/UDP) Bypassed True if the session is bypassed, False if it is scanned Policy The policy handling the session (if scanned) Hostname The hostname for the client address (if known) NATd True if the client address of the session was rewritten (NAT), False otherwise Port Forwarded True if the server address of the session was rewritten (port-forward), False otherwise Tags The tags attached to the session (inherited from Hosts, Devices, and Users) Tags String The list of all tags attached to the session. Local Address The IP address of the "local" (non-WAN) participant or the Client Address if no local address. Remote Address The IP address of the "remote" (WAN) participant or the Server Address if no remote address. Bandwidth Control Priority The priority of the session set by Bandwidth Control. QoS Priority The priority set by QoS. Pipeline The application processing order (pipeline) of the session (if scanned). Client Interface The network interface of the client (source). Client Address (Pre-NAT) The IP address of the client (initiator) of the session. Client Port (Pre-NAT) The port of the client (initiator) of the session. Client Address (Post-NAT) The IP address of the client (initiator) of the session post-NAT. Client Port (Post-NAT) The port of the client (initiator) of the session post-NAT. Client Country The country code of the client IP address. Client Latitude The latitude of the client IP address. Client Longitude The longitude of the client IP address. Server Interface The network interface of the server (destination). Server Address (Pre-NAT) The IP address of the server (receiver) of the session pre-NAT. Server Port (Pre-NAT) The port of the server (receiver) of the session pre-NAT. Server Address (Post-NAT) The IP address of the server (receiver) of the session. Server Port (Post-NAT) The port of the server (receiver) of the session. Server Country The country code of the server IP address. Server Latitude The latitude of the server IP address. Server Longitude The longitude of the server IP address. Speed (KB/s) Client The data rate of data sent by the client (updated every 60 seconds). Speed (KB/s) Server The data rate of data sent by the server (updated every 60 seconds). Speed (KB/s) Total The data rate of session (updated every 60 seconds). Application Control Lite Protocol The protocol according to Application Control Lite. Application Control Lite Category The category according to Application Control Lite. Application Control Lite Description The description of the protocol according to Application Control Lite. Application Control Lite Matched? True if Application Control Lite matched the session. Application Control Protochain The protochain of Application Control Application Control Application The application of Application Control Application Control Category The category of the application of Application Control Application Control Detail The detail of the application of Application Control Application Control Confidence The confidence of the match of Application Control Application Control Productivity The productivity of the application of Application Control Application Control Risk The risk of the application of Application Control Web Filter Category Name The category of the last web request according to Web Filter Web Filter Category Description The description of the category of the last web request according to Web Filter Web Filter Category Flagged True if this category of the web request is flagged, False if not, null otherwise Web Filter Category Blocked True if this category of the web request is blocked, False if not, null otherwise Web Filter Flagged True if the last web request is flagged, False if not, null otherwise HTTP Hostname The HTTP hostname if an HTTP session. HTTP URL The HTTP URL of the last HTTP request of this session. HTTP User Agent The HTTP User Agent of the last HTTP request of this session. HTTP URI The HTTP URI of the last HTTP request of this session. HTTP Request Method The HTTP Request Method of the last HTTP request of this session. HTTP Request File Name The HTTP Request filename of the last HTTP request of this session. HTTP Request File Extension The HTTP Request filename extension (.exe) of the last HTTP request of this session. HTTP Request File Path The HTTP Request file path of the last HTTP request of this session. HTTP Content Type The HTTP Content Type of the last HTTP response of this session. HTTP Referrer The HTTP Referrer of the last HTTP request of this session. HTTP Response File Name The HTTP Response filename of the last HTTP response of this session. HTTP Response File Extension The HTTP Response filename extension (.exe) of the last HTTP response of this session. HTTP Content Length The HTTP content length of the last HTTP response of this session. SSL Subject DN The Subject DN of the SSL certificate of this session. SSL Issuer DN The Issuer DN of the SSL certificate of this session. SSL Inspected True if SSL Inspected, False if not inspected, null otherwise. SSL SNI Hostname The SNI hostname specified in the request of this session (if specified). FTP Filename The name of the last file downloaded in this session via FTP. FTP Data Session True if this is an FTP data session, null otherwise.