You can see the connection details of IPv4 traffic by the application, username, and source IP address.
You can see the data transferred from the time the connection was established, the live data transfer, the number of connections, and traffic details.
An application's upstream and downstream bandwidth is calculated by dividing the total number of bytes transferred by the time period.
The time period is the elapsed time since the connection was created. A connection is active longer than the application's use of the connection. So, the average bandwidth shown is always lower than the total sum of the bandwidth averages.
The live connections table shows the following information:
|Application||Shows the names of applications currently connected. |
Other applications lists unrecognized applications along with the rule ID of the applied firewall rule. It also lists system-generated traffic between Sophos Firewall and any zone. The rule ID is set to zero because firewall rules don't apply to system-generated traffic.
Example: DNS queries and replies when Sophos Firewall is the DNS server, signature downloads, traffic accessing the appliance consoles, DNAT traffic.
DNS lists DNS traffic to which firewall rules apply.
Example: Traffic between an internal source and external DNS servers.
System-generated DNS traffic is listed in both these categories: DNS and Other applications. You can identify this traffic by the firewall rule ID.
|Source IP address||Shows the source IP address currently connected.|
|User||Shows the username of the currently connected user.|
|Upload transfer||Shows the total amount of data uploaded, in bytes, since the connection was established.|
|Download transfer||Shows the total amount of data downloaded, in bytes, since the connection was established.|
|Upstream bandwidth||Shows the total upstream bandwidth used, in bytes, since the connection was established.|
|Downstream bandwidth||Shows the total downstream bandwidth used, in bytes, since the connection was established.|
|Characteristics||Shows the application details such as application category and usage.|
|Total connections||Shows the total number of connections made. Click the number to see the connection details, such as the start time, inbound and outbound interfaces, source and destination ports and IP addresses, protocols, firewall, and NAT rule IDs, in addition to the total and live data transfer. This information opens in a new tab in your browser.|
- To see the number of current connections, see Live connections at the upper-left corner of the section.
To see the live connection details, select the following objects from the drop-down list:
- Source IP address
The first column shows the object you've selected. - To see all the items in a group, click Expand . - To refresh the connection details automatically, select the Automatic refresh interval. - To refresh the details manually, click Refresh. - To sort a column, click its heading. - To apply a filter, click Filter , select a modifier, and enter the search phrase. You can apply one filter at a time. To clear an existing filter, click Clear.