Users can check whenever the resource statistics picture of NG-UTM through system status, for example, CRM, RAM and hard disk…etc.
At the same time, it is also possible to receive real-time connection information, statistics, and historical information, it is available for managers to look up.
There are 4 main categories in System Status:
1. System Status: Display the current NG-UTM CPU load, memory usage, system load, and querying the TX/RX flow for each interface.
2. Connection Status: Recording NG-UTM connection usage situation including the number of online users, packet records, etc…
3. Flow Analysis: Query statistics based on the usage of PORT, application, or DNS.
4. Dashboard: Display various statistical information graphically Detailed introduction in Chapter 16. Dashboard
It displays all of the interfaces of NG-UTM the last 24 hours network traffic, the statistical flow is based on the interface, If there are two 1G physical lines on the interface, the interface will display to 2G flow when it fully loaded.
blue color shows Zone Out (TX) flow, which is the flow going out of the interface ; the green color Zone In (RX) flow, which is the flow coming into the interface.
NG-UTM provides the last 48 hours of online members and total session to let the administrator to get rapidly the overview of the past status, search in “History Status” for longer changes of status.
Picture15-5 The connection log for the past 48 hours¶
After the administrator selects the target and time interval for inquiry, NG-UTM will automatically display the various statistical charts for this period.
This function could enable the administrator to analyze whether there have been any issues during a certain period and identify possible solutions from those issues.
【Search Object(s)】: selects the object that you are going to search. Currently, it is available to select CPU, System Load, RAM, Interface Flow ( the system will show all of the interface flow for administrator to tick), online members and total session.
【Date】: selects the date and time you are going to search, for example: 2015-04-05 00:00~2016-04-05 23:00 representing to search one-year historical status.
Unlike “Network Traffic”, which aggregates traffic data from the past 24 hours, the interface here displays real-time traffic for the past 3 minutes.
It not only shows physical interfaces but also allows viewing real-time traffic for virtual interfaces such as IP Tunnel and PPPOE. You can monitor up to 2 interfaces simultaneously.
Traffic statistics are interface centric. For instance, if an interface has two 1G physical lines and they are fully loaded, this interface will display a maximum of 2G traffic.
blue color shows Zone Out (TX) flow, which is the flow going out of the interface ; the green color Zone In (RX) flow, which is the flow coming into the interface.
The administrator could use this feature to realize the timing load of each CPU.
For example: if they notice that the system resources are monopolizing a single CPU, navigating to “Network Settings > 3-8. Interrupt ” redistribute its network traffic to other CPUs
The connection status will record member lists, wireless member lists, and connection tracking. Experiencing administrator could use this information to determine if a particular computer has any issues.
The member list records IP address information from all interfaces under NG-UTM for the past 7 days (default value).
Connection tracking provides detailed statistics on the number of connections for each source IP address and records the actual packet communication logs.
Displaying all IP information that passing through NG-UTM interface. For intranet, it’s possible to determine whether the device is powered on and from which network interface it connected to. Click to change the sorting direction.
【The Computer List Preserve】: how many days do the IP address passing through the NG-UTM preserve, the default is 7 days. The setting range is 0~365, 0 means never delete all the recording data.
【On line】: The first menu displays the Ips detected by the interface, while the second menu categorizes them based on different subnets. You can also choose “All” to display all of it.
The numbers in parentheses indicate the number of online members out of the total members within that subnet.
For example: “All (141/220)” means that out of 220 IP addresses that have passed through the configured network interface to another interface via NG-UTM in the past 7 days, 141 IP addresses are currently online.
【Interface Display】: Selecting the interface you want to display, including physical interfaces and 802.1Q VLAN.
【Static】: In 5-1. IP Address , once you bind this IP with a MAC address, this field will display as , indicating that this device is fixed.
【Alias】: The NETBIOS name of this computer, in the management target 5-1. IP Address to customize the name.
【IP Address】: The IP address of this computer.
【MAC Address】: The MAC address of this computer.
【Interface】: The interface resource of this computer, including physical interface and 802.1Q VLAN.
【Status】: power on, power off
【Last Update Time】: All the messages of update time
Users who connected to internet through AP will be list here (In “System Setting > 2-8. AP Management” adding UTM management device), not only knowing SSID, but also determining whether the device is powered on and from which AP it connected to.
Click to change the sorting direction.
【The Computer List Preserve】: how many days do the IP address passing through the NG-UTM preserve, the default is 7 days. The setting range is 0~365, 0 means never delete all the recording data.
【On line】: How many online IP addresses accessing through AP currently.
【AP Alias】: The name of this AP.
【SSID】: The SSID AP using. The same AP might have multiple SSID.
【IP Address】: The IP address of this computer.
【MAC Address】: The MAC address of this computer.
【Status】: power on, power off.
【Last Update Time】: All the messages of update time
Analyzing and tracking through internet packet to know each user’s network behavior.
It primarily categorizes based on the source hostname and displays records of all current users, indicating IP addresses, connection numbers, TX traffic, RX traffic, and detailed logs.
• Search condition
【Display】: This table can be displayed based on either the source IP or the destination IP, meaning that the Ips shown in the connection tracking list can be either the source or destination end.
【Source IP】: Enter the source IP address that you want to view; blank means all.
【Destination IP】: Enter the destination IP address that you want to view; blank means all.
【Update】: To set that how often this page will refresh in seconds.
【Total Session】: Display the current session passing through NG-UTM / total session.
For example, 1245/1976 indicates that the total sessions passing through NG-UTM are 1976, but the statistical total for this interface are 1245 sessions, with the remaining sessions distributed across other interfaces.
【Computer Name】: Display the current NetBIOS name or the defined name of the address list of this computer. If none are defined, IP address will be displayed.
【IP Address】: The IP address of this computer
【Session】: The current number of established sessions for this computer externally.
【Zone Out (TX)/ Zone In (RX) flow bits】: The number of bits transmitted / received by the firewall for this IP.
Click on the computer information that you are going to look, then it will show up the last 3 minutes detailed packet united effort messages of this computer as below.
【Refresh】: Click to refresh the connected numbers information of communicative packets.
【Clear】: Clear all the information and revealing the communicative packets.
【Export】: Export this document.
【Protocol】: Which protocol this connection use, which usually are TCP or UDP.
【Resource IP】: The IP address of this computer.
【Destination IP】: The destination IP address of this connection
【Port】: Source and destination ports, e.g. 62506>53 means that the source PORT is 62506 and the destination PORT is 53. If the protocol is UDP, it can be presumed to be the DNS protocol.
【Zone Out (TX)/Zone In (RX) packet】: The number of packets sent/received by the firewall over this connection.
【Zone Out (TX)/Zone In (RX) Bytes】: The number of bytes sent/received by the firewall over this connection.
【Application】: Which application this connection use, NG-UTM will divide these applications based on the built-in 900 categories DPI.
【Exit Route】: Which exit lines the connection use to access the Internet.
【Control Regulation】: The control regulation this connection applied.
Flow Rank could let the administrator check each user’s situation of using the Internet and sequenced to flow usage. Click on the data in the list, detailed information such as the applications used by the user can be viewed.
【Time range for preset loading】: Click the option of Flow Rand, the system will reveal statistic information at below list according to the time range you set below, you could choose today, 1 Hour or Do Not Show.
Default is “Today” (from 00:00 ~), choose “1 Hour” means only the data from the last 1 hour will be considered for statistics. If there’s no a lot of data, it may cause a delay in opening the webpage.
Choose “Do Not Show” , then the system will not reveal any statistics number while entering in Flow Rank.
Click to switch immediately.
【Flow Direction】: Statistics based on source IP address or destination IP address of the connections, after switching, press【Search】, the result will reveal as below.
【Statistics By】: The statistics are based on either the IP address or the authenticated account for internet access. Statistics By IP is default.
【Time_Range】: Time range of statistics, options are Today or 1 Hour.
After selecting the search criteria, all statistical information on traffic through NG-UTM will be listed below. Click the column item to change the sorting direction.
【Authentication】: If this IP address has used internet authentication, the account will be displayed; otherwise, it will be blank.
【Up Flow KBytes】: The cumulative upload amount, in units of K/M/G bytes.
【Down Flow KBytes】: The cumulative download amount, in units of K/M/G bytes.
In the list, clicking on any computer or IP address data allows you to view detailed information such as the proportion of upload and download traffic occupied by which applications or protocols, as shown in the image below:
【IP Address】: Statistics based on the source or destination IP address.
【Data Type】: There are two data types: basic services and application classification.
The admin could toggle by using the switch button on the right. If “Basic Services” is displayed here, the switch button will show “Applications”, and vice versa.
: Display the region of the destination host visited by the source IP address. Clicking will switch the data type to Destination IP region.
Click the button of each data, NG-UTM displays more detailed information for this statistical item, such as upload and download traffic for each time period, the outbound route, and the enforcement policies used.
Display the total communication protocol flow rank for NG-UTM within the statistical time range. The flow rank can be sorted by upload and download traffic separately.
Click on the column item to change the sorting direction.
Display the total application flow rank for NG-UTM within the statistical time range. For example: the total usage of applications like LINE, HTTPS, and SKYPE, listed in a rank.
The flow can be sorted by upload and download traffic separately. Clicking on the column item to change the sorting direction.
By default, NG-UTM will not display unrecognized applications. If you wish to display unrecognized applications as well, checking【Reveal Unknown】.
Display the regional information of destination IP addresses for the entire NG-UTM within the statistical time range, and calculate the total usage based on regions.
The flow can be sorted by upload and download traffic separately, Clicking on the column item to change the sorting direction.
DNS is the first action in network connections. By analyzing DNS records, you could determine the destinations of outgoing connections and even identify illicit network activities.
It is available to search based on data, statistical method, and search criteria. There are three statistical methods: by domain name, by DNS server, and by source IP. The query results for these three methods are as follows :
1. By domain name: Statistics of internal-to-external DNS queries, ranked by domain name and frequency.
to change the sorting direction.
, indicating that this device is fixed.
power on, 
power off
on the computer information that you are going to look, then it will show up the last 3 minutes detailed packet united effort messages of this computer as below.
to switch immediately.
: Display the region of the destination host visited by the source IP address. Clicking will switch the data type to Destination IP region.
