Sessions

From Edge Threat Management Wiki - Arista
Revision as of 01:11, 19 May 2017 by Dmorris (talk | contribs)
Jump to navigationJump to search

Sessions provides a view of the current sessions (also known as connections)

Each row represents a single a network session/and its properties.

As Untangle and all the apps learn more about a session, many will "attach" data to the session so it is globally visible and accessible to other apps. The Sessions view provides a view into everything that is known about each session.

The Sessions view provides a real-time view into the network, and can also provide a great debugging. The controls provide a way to view the current sessions of a specific application, host, user, website, policy, etc. This can be used to view activity or to verify that traffic is being handled properly, by the proper policy, etc.

Controls

The sessions view by default shows all active session and some basic information about each session. To view all the information for a session click on the session and all attributes are displayed in the property grid on the right side.

  1. Refresh refreshes the grid with the current active sessions.
  2. Auto Refresh toggles automatic refreshing of the grid.
  3. Reset View resets the view to the default view. Any changes to the default view are saved in your local browser session.
  4. Filter provides the ability to quickly filter all sessions my many key attributes.

More controls can be access by mousing over any column head and using the drowdown menu on the column header.

  1. Sort Ascending sorts the selected column in ascending order.
  2. Sort Descending sorts the selected column in descending order.
  3. Columns allows the removal or addition of columns to the current view.
  4. Group by this Field will group the session data by the selected column.
  5. Filter provides a way to filter current data on this column with the provided value.

Columns

Property Description
Creation Time The creation time of the session (if scanned)
Session ID The session ID (if scanned)
Mark The netfilter connmark
Protocol The protocol of the session (TCP/UDP)
Bypassed True if the session is bypassed, False if it is scanned
Policy The policy handling the session (if scanned)
Hostname The hostname for the client address (if known)
NATd True if the client address of the session was rewritten (NAT), False otherwise
Port Forwarded True if the server address of the session was rewritten (port-forward), False otherwise
Tags The tags attached to the session (inherited from Hosts, Devices, and Users)
Tags String The list of all tags attached to the session.
Local Address The IP address of the "local" (non-WAN) participant or the Client Address if no local address.
Remote Address The IP address of the "remote" (WAN) participant or the Server Address if no remote address.
Bandwidth Control Priority The priority of the session set by Bandwidth Control.
QoS Priority The priority set by QoS.
Pipeline The application processing order (pipeline) of the session (if scanned).
Client Interface The network interface of the client (source).
Client Address (Pre-NAT) The IP address of the client (initiator) of the session.
Client Port (Pre-NAT) The port of the client (initiator) of the session.
Client Address (Post-NAT) The IP address of the client (initiator) of the session post-NAT.
Client Port (Post-NAT) The port of the client (initiator) of the session post-NAT.
Client Country The country code of the client IP address.
Client Latitude The latitude of the client IP address.
Client Longitude The longitude of the client IP address.
Server Interface The network interface of the server (destination).
Server Address (Pre-NAT) The IP address of the server (receiver) of the session pre-NAT.
Server Port (Pre-NAT) The port of the server (receiver) of the session pre-NAT.
Server Address (Post-NAT) The IP address of the server (receiver) of the session.
Server Port (Post-NAT) The port of the server (receiver) of the session.
Server Country The country code of the server IP address.
Server Latitude The latitude of the server IP address.
Server Longitude The longitude of the server IP address.
Speed (KB/s) Client The data rate of data sent by the client (updated every 60 seconds).
Speed (KB/s) Server The data rate of data sent by the server (updated every 60 seconds).
Speed (KB/s) Total The data rate of session (updated every 60 seconds).
Application Control Lite Protocol The protocol according to Application Control Lite.
Application Control Lite Category The category according to Application Control Lite.
Application Control Lite Description The description of the protocol according to Application Control Lite.
Application Control Lite Matched? True if Application Control Lite matched the session.
Application Control Protochain The protochain of Application Control
Application Control Application The application of Application Control
Application Control Category The category of the application of Application Control
Application Control Detail The detail of the application of Application Control
Application Control Confidence The confidence of the match of Application Control
Application Control Productivity The productivity of the application of Application Control
Application Control Risk The risk of the application of Application Control
Web Filter Category Name The category of the last web request according to Web Filter
Web Filter Category Description The description of the category of the last web request according to Web Filter
Web Filter Category Flagged True if this category of the web request is flagged, False if not, null otherwise
Web Filter Category Blocked True if this category of the web request is blocked, False if not, null otherwise
Web Filter Flagged True if the last web request is flagged, False if not, null otherwise
HTTP Hostname The HTTP hostname if an HTTP session.
HTTP URL The HTTP URL of the last HTTP request of this session.
HTTP User Agent The HTTP User Agent of the last HTTP request of this session.
HTTP URI The HTTP URI of the last HTTP request of this session.
HTTP Request Method The HTTP Request Method of the last HTTP request of this session.
HTTP Request File Name The HTTP Request filename of the last HTTP request of this session.
HTTP Request File Extension The HTTP Request filename extension (.exe) of the last HTTP request of this session.
HTTP Request File Path The HTTP Request file path of the last HTTP request of this session.
HTTP Content Type The HTTP Content Type of the last HTTP response of this session.
HTTP Referer The HTTP Referer of the last HTTP request of this session.
HTTP Response File Name The HTTP Response filename of the last HTTP response of this session.
HTTP Response File Extension The HTTP Response filename extension (.exe) of the last HTTP response of this session.
HTTP Content Length The HTTP content length of the last HTTP response of this session.
SSL Subject DN The Subject DN of the SSL certificate of this session.
SSL Issuer DN The Issuer DN of the SSL certificate of this session.
SSL Inspected True if SSL Inspected, False if not inspected, null otherwise.
SSL SNI Hostname The SNI hostname specified in the request of this session (if specified).
FTP Filename The name of the last file downloaded in this session via FTP.
FTP Data Session True if this is an FTP data session, null otherwise.