Difference between revisions of "Sessions"

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
Line 206: Line 206:
 
|'''HTTP Response File Extension'''
 
|'''HTTP Response File Extension'''
 
| The HTTP Response filename extension (.exe) of the last HTTP response of this session.
 
| The HTTP Response filename extension (.exe) of the last HTTP response of this session.
|-
 
|'''HTTP Content Length'''
 
| The HTTP content length of the last HTTP response of this session.
 
<span style="display:none" class="helpSource sessions">Sessions</span>
 
<span style="display:none" class="helpSource session_viewer">Sessions</span>
 
 
Sessions provides a view of the current [https://en.wikipedia.org/wiki/Session_(computer_science)|network sessions] (also known as connections)
 
 
Each row represents a single a network session/and its properties.
 
 
As Untangle and all the apps learn more about a session, many will "attach" data to the session so it is globally visible and accessible via other apps. The Sessions view provides a view into everything that is known about a session.
 
 
The Sessions view provides a real-time view into whats going on in the network, and can also provide a great debugging tool to verify that sessions are being processed by the correct policies and hantdled correctly.
 
 
<blockquote style="background: white; border: 1px solid black; padding: 1em;">
 
 
{| border="1" cellpadding="2"
 
|-
 
|width="30%"|'''Column Header'''
 
|width="70%"| Property Description
 
|-
 
|-
 
|'''Creation Time'''
 
| The creation time of the session (if scanned)
 
|-
 
|'''Session ID'''
 
| The session ID (if scanned)
 
|-
 
|'''Mark'''
 
| The netfilter connmark
 
|-
 
|'''Protocol'''
 
| The protocol of the session (TCP/UDP)
 
|-
 
|'''Bypassed'''
 
| True if the session is [[Bypass Rules|bypassed]], False if it is scanned
 
|-
 
|'''Policy'''
 
| The policy handling the session (if scanned)
 
|-
 
|'''Hostname'''
 
| The hostname for the client address (if known)
 
|-
 
|'''NATd'''
 
| True if the client address of the session was rewritten (NAT), False otherwise
 
|-
 
|'''Port Forwarded'''
 
| True if the server address of the session was rewritten (port-forward), False otherwise
 
|-
 
|'''Tags'''
 
| The tags attached to the session (inherited from [[Hosts]], [[Devices]], and [[Users]])
 
|-
 
|'''Tags String'''
 
| The list of all tags attached to the session.
 
|-
 
|'''Local Address'''
 
| The IP address of the "local" (non-WAN) participant or the ''Client Address'' if no local address.
 
|-
 
|'''Remote Address'''
 
| The IP address of the "remote" (WAN) participant or the ''Server Address'' if no remote address.
 
|-
 
|'''Bandwidth Control Priority'''
 
| The priority of the session set by [[Bandwidth Control]].
 
|-
 
|'''QoS Priority'''
 
| The priority set by [[QoS]].
 
|-
 
|'''Pipeline'''
 
| The application processing order (pipeline) of the session (if scanned).
 
|-
 
|'''Client Interface'''
 
| The network interface of the client (source).
 
|-
 
|'''Client Address (Pre-NAT)'''
 
| The IP address of the client (initiator) of the session.
 
|-
 
|'''Client Port (Pre-NAT)'''
 
| The port of the client (initiator) of the session.
 
|-
 
|'''Client Address (Post-NAT)'''
 
| The IP address of the client (initiator) of the session post-NAT.
 
|-
 
|'''Client Port (Post-NAT)'''
 
| The port of the client (initiator) of the session post-NAT.
 
|-
 
|'''Client Country'''
 
| The country code of the client IP address.
 
|-
 
|'''Client Latitude'''
 
| The latitude of the client IP address.
 
|-
 
|'''Client Longitude'''
 
| The longitude of the client IP address.
 
|-
 
|'''Server Interface'''
 
| The network interface of the server (destination).
 
|-
 
|'''Server Address (Pre-NAT)'''
 
| The IP address of the server (receiver) of the session pre-NAT.
 
|-
 
|'''Server Port (Pre-NAT)'''
 
| The port of the server (receiver) of the session pre-NAT.
 
|-
 
|'''Server Address (Post-NAT)'''
 
| The IP address of the server (receiver) of the session.
 
|-
 
|'''Server Port (Post-NAT)'''
 
| The port of the server (receiver) of the session.
 
|-
 
|'''Server Country'''
 
| The country code of the server IP address.
 
|-
 
|'''Server Latitude'''
 
| The latitude of the server IP address.
 
|-
 
|'''Server Longitude'''
 
| The longitude of the server IP address.
 
|-
 
|'''Speed (KB/s) Client'''
 
| The data rate of data sent by the client (updated every 60 seconds).
 
|-
 
|'''Speed (KB/s) Server'''
 
| The data rate of data sent by the server (updated every 60 seconds).
 
|-
 
|'''Speed (KB/s) Total'''
 
| The data rate of session (updated every 60 seconds).
 
|-
 
|'''Application Control Lite Protocol'''
 
| The protocol according to [[Application Control Lite]].
 
|-
 
|'''Application Control Lite Category'''
 
| The category according to [[Application Control Lite]].
 
|-
 
|'''Application Control Lite Description'''
 
| The description of the protocol according to [[Application Control Lite]].
 
|-
 
|'''Application Control Lite Matched?'''
 
| True if [[Application Control Lite]] matched the session.
 
|-
 
|'''Application Control Protochain'''
 
| The protochain of [[Application Control]]
 
|-
 
|'''Application Control Application'''
 
| The application of [[Application Control]]
 
|-
 
|'''Application Control Category'''
 
| The category of the application of [[Application Control]]
 
|-
 
|'''Application Control Detail'''
 
| The detail of the application of [[Application Control]]
 
|-
 
|'''Application Control Confidence'''
 
| The confidence of the match of [[Application Control]]
 
|-
 
|'''Application Control Productivity'''
 
| The productivity of the application of [[Application Control]]
 
|-
 
|'''Application Control Risk'''
 
| The risk of the application of [[Application Control]]
 
|-
 
|'''Web Filter Category Name'''
 
| The category of the last web request according to [[Web Filter]]
 
|-
 
|'''Web Filter Category Description'''
 
| The description of the category of the last web request according to [[Web Filter]]
 
|-
 
|'''Web Filter Category Flagged'''
 
| True if this category of the web request is flagged, False if not, null otherwise
 
|-
 
|'''Web Filter Category Blocked'''
 
| True if this category of the web request is blocked, False if not, null otherwise
 
|-
 
|'''Web Filter Flagged'''
 
| True if the last web request is flagged, False if not, null otherwise
 
|-
 
|'''HTTP Hostname'''
 
| The HTTP hostname if an HTTP session.
 
|-
 
|'''HTTP URL'''
 
| The HTTP URL of the last HTTP request of this session.
 
|-
 
|'''HTTP User Agent'''
 
| The HTTP User Agent of the last HTTP request of this session.
 
|-
 
|'''HTTP URI'''
 
| The HTTP URI of the last HTTP request of this session.
 
|-
 
|'''HTTP Request Method'''
 
| The HTTP Request Method of the last HTTP request of this session.
 
|-
 
|'''HTTP Request File Name'''
 
| The HTTP Request filename of the last HTTP request of this session.
 
|-
 
|'''HTTP Request File Name Extension'''
 
| The HTTP Request filename extension (.exe) of the last HTTP request of this session.
 
|-
 
|'''HTTP Request File Path'''
 
| The HTTP Request file path of the last HTTP request of this session.
 
|-
 
|'''HTTP Content Type'''
 
| The HTTP Content Type of the last HTTP response of this session.
 
|-
 
|'''HTTP Referer'''
 
| The HTTP Referer of the last HTTP request of this session.
 
 
|-
 
|-
 
|'''HTTP Content Length'''
 
|'''HTTP Content Length'''

Revision as of 20:21, 18 May 2017

Sessions provides a view of the current sessions (also known as connections)

Each row represents a single a network session/and its properties.

As Untangle and all the apps learn more about a session, many will "attach" data to the session so it is globally visible and accessible via other apps. The Sessions view provides a view into everything that is known about a session.

The Sessions view provides a real-time view into whats going on in the network, and can also provide a great debugging tool to verify that sessions are being processed by the correct policies and hantdled correctly.

Column Header Property Description
Creation Time The creation time of the session (if scanned)
Session ID The session ID (if scanned)
Mark The netfilter connmark
Protocol The protocol of the session (TCP/UDP)
Bypassed True if the session is bypassed, False if it is scanned
Policy The policy handling the session (if scanned)
Hostname The hostname for the client address (if known)
NATd True if the client address of the session was rewritten (NAT), False otherwise
Port Forwarded True if the server address of the session was rewritten (port-forward), False otherwise
Tags The tags attached to the session (inherited from Hosts, Devices, and Users)
Tags String The list of all tags attached to the session.
Local Address The IP address of the "local" (non-WAN) participant or the Client Address if no local address.
Remote Address The IP address of the "remote" (WAN) participant or the Server Address if no remote address.
Bandwidth Control Priority The priority of the session set by Bandwidth Control.
QoS Priority The priority set by QoS.
Pipeline The application processing order (pipeline) of the session (if scanned).
Client Interface The network interface of the client (source).
Client Address (Pre-NAT) The IP address of the client (initiator) of the session.
Client Port (Pre-NAT) The port of the client (initiator) of the session.
Client Address (Post-NAT) The IP address of the client (initiator) of the session post-NAT.
Client Port (Post-NAT) The port of the client (initiator) of the session post-NAT.
Client Country The country code of the client IP address.
Client Latitude The latitude of the client IP address.
Client Longitude The longitude of the client IP address.
Server Interface The network interface of the server (destination).
Server Address (Pre-NAT) The IP address of the server (receiver) of the session pre-NAT.
Server Port (Pre-NAT) The port of the server (receiver) of the session pre-NAT.
Server Address (Post-NAT) The IP address of the server (receiver) of the session.
Server Port (Post-NAT) The port of the server (receiver) of the session.
Server Country The country code of the server IP address.
Server Latitude The latitude of the server IP address.
Server Longitude The longitude of the server IP address.
Speed (KB/s) Client The data rate of data sent by the client (updated every 60 seconds).
Speed (KB/s) Server The data rate of data sent by the server (updated every 60 seconds).
Speed (KB/s) Total The data rate of session (updated every 60 seconds).
Application Control Lite Protocol The protocol according to Application Control Lite.
Application Control Lite Category The category according to Application Control Lite.
Application Control Lite Description The description of the protocol according to Application Control Lite.
Application Control Lite Matched? True if Application Control Lite matched the session.
Application Control Protochain The protochain of Application Control
Application Control Application The application of Application Control
Application Control Category The category of the application of Application Control
Application Control Detail The detail of the application of Application Control
Application Control Confidence The confidence of the match of Application Control
Application Control Productivity The productivity of the application of Application Control
Application Control Risk The risk of the application of Application Control
Web Filter Category Name The category of the last web request according to Web Filter
Web Filter Category Description The description of the category of the last web request according to Web Filter
Web Filter Category Flagged True if this category of the web request is flagged, False if not, null otherwise
Web Filter Category Blocked True if this category of the web request is blocked, False if not, null otherwise
Web Filter Flagged True if the last web request is flagged, False if not, null otherwise
HTTP Hostname The HTTP hostname if an HTTP session.
HTTP URL The HTTP URL of the last HTTP request of this session.
HTTP User Agent The HTTP User Agent of the last HTTP request of this session.
HTTP URI The HTTP URI of the last HTTP request of this session.
HTTP Request Method The HTTP Request Method of the last HTTP request of this session.
HTTP Request File Name The HTTP Request filename of the last HTTP request of this session.
HTTP Request File Extension The HTTP Request filename extension (.exe) of the last HTTP request of this session.
HTTP Request File Path The HTTP Request file path of the last HTTP request of this session.
HTTP Content Type The HTTP Content Type of the last HTTP response of this session.
HTTP Referer The HTTP Referer of the last HTTP request of this session.
HTTP Response File Name The HTTP Response filename of the last HTTP response of this session.
HTTP Response File Extension The HTTP Response filename extension (.exe) of the last HTTP response of this session.
HTTP Content Length The HTTP content length of the last HTTP response of this session.
SSL Subject DN The Subject DN of the SSL certificate of this session.
SSL Issuer DN The Issuer DN of the SSL certificate of this session.
SSL Inspected True if SSL Inspected, False if not inspected, null otherwise.
SSL SNI Hostname The SNI hostname specified in the request of this session (if specified).
FTP Filename The name of the last file downloaded in this session via FTP.
FTP Data Session True if this is an FTP data session, null otherwise.