Monitoring connections, blacklists, VPN SAs, users, routing, SSL VPNs, and neighbors

Firewalls track allowed connections, active VPN SAs, active users, routing, SSL VPN sessions, and directly connected neighbors in the network. Firewall, Layer 2 Firewall, and IPS engines also track combinations of IP addresses, ports, and protocols that are blacklisted.

You can monitor in the following ways:

You can view currently open connections, enforced blacklist entries, active VPN SAs, active users, routing, SSL VPNs, and directly connected neighbors in the network.
You can save, view and compare snapshots of currently open connections, enforced blacklist entries, active VPN SAs, active users, routing, and SSL VPN sessions.

Note: To monitor LLDP neighbors, LLDP must be enabled for the NGFW Engine. If LLDP is not enabled, the Neighbor Monitoring view only shows ARP and IPv6 neighbor discovery protocol (NDP) entries.

To monitor users by name, you must enable the logging of user information in the Firewall IPv4 and IPv6 Access rules. When monitoring users, you can only monitor the users connected to a particular NGFW Engine. To see a summary of the activity of all active users, enable showing users in the Home view.