About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the Vantage Report using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
Page 4
• Knowledge Base If you have a specific question about your product, the answer may be here. This is a collection of answers to previously asked questions about ZyXEL products. • Forum This contains discussions on ZyXEL products. Learn from others who use ZyXEL products and share your experiences as well.
Syntax Conventions • The version number on the title page is the version of Vantage Report that is documented in this User’s Guide. • Enter means for you to type one or more characters and press the carriage return.
Page 6
Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. Vantage Report User’s Guide...
1.3 Hardware Requirements ...................... 20 Chapter 2 The Vantage Report Server ....................23 2.1 Starting and Stopping the Vantage Report Server ............... 23 2.2 E-Mail in the Vantage Report Server ................... 24 2.3 Time in the Vantage Report Server ..................25 2.4 ZyXEL Device Configuration and Source Data ..............
Page 10
5.2.4 Top Web Hosts Drill-Down ..................115 5.2.5 Top Web Users ......................117 5.2.6 Top Web Users Drill-Down ..................120 5.3 FTP Traffic ......................... 122 5.3.1 Top FTP Sites ......................122 5.3.2 Top FTP Sites Drill-Down ..................125 Vantage Report User’s Guide...
Page 11
6.1.14 Top VPN Users Drill-Down ..................197 6.1.15 Top VPN Destinations .................... 198 6.1.16 Top VPN Destinations Drill-Down ................201 6.2 VPN Remote Access (IPSec) .................... 203 6.2.1 VPN User Status ...................... 203 6.2.2 VPN User Status Drill-Down ..................206 Vantage Report User’s Guide...
Page 12
7.2.5 Top Intrusion Sources ....................275 7.2.6 Top Intrusion Sources Drill-Down ................278 7.2.7 Top Intrusion Destinations ..................280 7.2.8 Top Intrusion Destinations Drill-Down ..............283 7.2.9 Intrusion Severities ....................285 7.2.10 Intrusion Severities Drill-Down ................288 Vantage Report User’s Guide...
Page 13
8.4.2 Web Allowed Summary Drill-Down ................353 8.4.3 Top Allowed Web Sites .................... 355 8.4.4 Top Allowed Web Sites Drill-Down ................358 8.4.5 Top Allowed Web Hosts ................... 359 8.4.6 Top Allowed Web Hosts Drill-Down ................362 Vantage Report User’s Guide...
Page 15
Appendix B Setting up Your Computer’s IP Address............473 Appendix C ZyNOS Log Descriptions .................. 481 Appendix D ZyWALL 1050 and ZyWALL USG Series Log Descriptions......507 Appendix E Open Software Announcements ............... 553 Appendix F Legal Information ....................591 Index............................593 Vantage Report User’s Guide...
Page 16
Table of Contents Vantage Report User’s Guide...
In this example, you use the web configurator (A) to set up the Vantage Report server (B). You also configure the ZyXEL devices (C) to send their logs and traffic statistics to the Vantage Report Server. The Vantage Report server collects this information.
Chapter 1 Introducing Vantage Report The Vantage Report server can also send statistical reports to you by e-mail. 1.2 License Versions This is independent from the version number, 3.1 for example. There are two versions of Vantage Report, the basic version and the full version. When you install Vantage Report, you get the basic version.
Page 21
Chapter 1 Introducing Vantage Report • 8 GB free hard disk space The following table shows the recommended hardware specifications. The more powerful your computer, the more devices you can manage. Table 2 Hardware Specification Recommendations MEMOR NUMBER LOG HANDLING...
2.1 Starting and Stopping the Vantage Report Server Note: Make sure the port Vantage Report uses for web services is not used by other applications, especially web servers. The Vantage Report server runs as a service on the Vantage Report server. By default, this service starts automatically when you log in to the Vantage Report server.
Select Start or Stop to start or stop the Vantage Report service. Select Properties to configure the service. 2.2 E-Mail in the Vantage Report Server Note: Before the Vantage Report server can send e-mail to anyone, you have to configure the SMTP mail server. See Section 13.2 on page 428 for more information.
(log entries or traffic statistics) from the ZyXEL devices, not the time the device puts in the entry. As soon as the Vantage Report server receives information, it replaces device times with the current time in the Vantage Report server.
Page 26
* - The names of categories may be different for different devices. Use the category that is appropriate for each device. ** - The log viewers display whatever log entries the ZyXEL devices record, including log entries that may not be used in other reports.
Page 27
* - The names of categories may be different for different devices. Use the category that is appropriate for each device. ** - The log viewers display whatever log entries the ZyXEL devices record, including log entries that may not be used in other reports.
See the Quick Start Guide for detailed instructions. • Log Settings - If ZyXEL devices do not record some categories of log entries, Vantage Report does not have any information to display either. For example, if you want to look at VPN traffic for a particular device, the device has to record log entries for IPSec.
Incoming VPN Traffic A diagram is referred to in following figure. In this example, incoming VPN traffic is encrypted data that the ZyXEL Device receives from VPN tunnels (A) and the traffic sent back (B). Figure 4 Incoming VPN Traffic Outgoing VPN Traffic A diagram is referred to in following figure.
Page 30
Chapter 2 The Vantage Report Server Table 7 Common Icons ICON DESCRIPTION The Pie View icon displays the statistical report in a pie chart. The Bar View icon displays the statistical report in a bar chart. The Refresh icon updates the information in the screen.
The web configurator is a browser-based interface that you can use to set up, manage, and use Vantage Report. You can run it on the Vantage Report server or on a different computer. Your web browser should meet the following requirements: •...
Page 32
Figure 6 Web Configurator Login Screen Note: If you forget your password, enter your user name, and click Forget Password?. Vantage Report sends your password to the e-mail address (if any) for your User Name. See Section 2.2 on page 24...
Page 33
• The main menu bar (A) - contains main menus and some icons that are useful anytime. • The device window (B) - displays and organizes the ZyXEL devices that can provide information to Vantage Report. • The submenu window (C) - lists the reports you can generate and organizes these reports into categories.
Vantage Report, and remove devices from Vantage Report. Note: You have to add the device to the device window if you want Vantage Report to store log or traffic information from this device. If the Vantage Report server receives logs or traffic information from a device that is not in this list, it discards the logs.
Page 35
Each numbered section above is described in the following table. Table 9 Device Window SECTION DESCRIPTION To add a device to Vantage Report, • right click on root, and select Add Device. The Add Device screen appears in the device window. (See Figure 11.)
Page 36
You can click the magnifying glass again to look for another match. When you add a device to Vantage Report, you can specify the name, MAC address, type, and any notes for the device. When you click on the device, this information is displayed in the report and setting window (see Section 3.6.1 on...
Page 37
1-28 characters long. This name is used to refer to the device (or folder) in Vantage Report, and it has to be different than other device (or folder) names in Vantage Report. You can use the system name of a device as the name for that device.
Table 11 expands the menu panel and introduces each monitor, statistical report, and screen. In addition, it also indicates if you can drill down into each statistical report. Vantage Report User’s Guide...
Page 39
Note: Not every report (or fields in a report) is available with every model of device and firmware version. See Table 209 on page 467 for a list of which items Vantage Report supports with various firmware versions of various devices. Table 11 Menu Panel LEVEL 1/2 LEVEL 3...
Page 40
Top Users Use this report to look at the top sources of mail traffic by user. You can also use this report to look at the top destinations of mail traffic for any top user. Vantage Report User’s Guide...
Page 41
Use this report to look at the remote VPN users who sent the most VPN traffic. You can also use this report to look at the services sent through VPN from or to a top user. Vantage Report User’s Guide...
Page 42
VPN tunnels. Network Use these reports to look at Denial-of-Service (DoS) attacks that Attack were detected by the ZyXEL device’s firewall. Attack Summary Use this report to look at the number of DoS attacks by time interval. You can also use this report to look at the top categories of DoS attacks in a specific time interval.
Page 43
Use this report to look at the users from which the device blocked Access Blocked the most traffic. Control Top Packets Use this report to look at the firewall rule that blocked the most Blocked packets. Vantage Report User’s Guide...
Page 44
Use this screen to look at who successfully logged into the ZyXEL Login device (for management or monitoring purposes). Failed Login Use this screen to look at who tried to log in into the ZyXEL device (for management or monitoring purposes) but failed. Vantage Report User’s Guide...
Page 45
XML file, or you can add devices stored in XML format to Vantage Report. Upgrade Use this screen to install new releases of Vantage Report. Do not use this screen to upgrade to the full version. Vantage Report User’s Guide...
Page 46
Table 11 Menu Panel LEVEL 1/2 LEVEL 3 FUNCTION Registration Use this screen to get the trial version, upgrade to the full version, or increase the number of devices Vantage Report supports. User The Vantage Report supports multiple groups and users. Management Group Use this screen to manage (create, delete, edit) groups.
Click About Adobe Flash Player 9... to get information about the current version of Flash. 3.6 Report and Setting Window The report and setting window displays the monitor, statistical report, or screen that you select in the device window and the menu panel. Vantage Report User’s Guide...
You can create multiple layers of folders for devices. This field displays the Path name used to refer to the device in Vantage Report and the folders that the device is in. For example, if the device path is “folder1/folder2/myZW5”, “folder1”...
For other screens, the layout is different for each one. Typical examples of monitors and statistical reports are shown in Figure Figure 16 Report and Setting Window: Monitor and Statistical Report Examples Monitor Statistical Report Vantage Report User’s Guide...
Page 50
See Section 2.3 on page 25 for more information about clock time in Vantage Report. The Y-axis (vertical) depends on the type of monitor you select. In Figure 17, the Y-axis is the amount of traffic in kilobytes the ge1 Ethernet interface has transmitted and received in the past one hour.
Page 51
Figure 18 Report and Setting Window Right-Click Menu Click Settings... if you want to change the Flash settings on the Vantage Report server. In most cases, this is unnecessary. Click About Adobe Flash Player 9... to get information about the current version of Flash.
Page 52
Table 15 Typical Statistical Report Features SECTION DESCRIPTION Device Path, MAC: These fields display the path you added the ZyXEL device in the Vantage Report and the device’s MAC address. Print icon: Click this icon to print the current screen.
Figure 20 Report and Setting Window Right-Click Menu Click Settings... if you want to change the Flash settings on the Vantage Report server. In most cases, this is unnecessary. Click About Adobe Flash Player 9... to get information about the current version of Flash.
Chapter 3 The Web Configurator 3.7 System Dashboard When you log into the Vantage Report, the System Dashboard is the first screen displayed. The screen summarizes the Vantage Report system, license, log received and system settings information. You can also click the Dashboard button at the right top corner to open this screen when you are in another screen.
Page 55
This field displays the amount of memory size available for Java Size applications. Log Receiver Information Total Log Number This field displays the total number of log entries the Vantage Report stores. Total Number of This field displays the total number of log entries the Vantage Report Today has received today.
Page 56
LABEL DESCRIPTION Web Port This field displays the port number the Vantage Report listens for user’s web interface access. Click the edit icon to take you to the System Setting > Server Configuration screen where you can change the setting.
Page 57
Chapter 3 The Web Configurator Vantage Report User’s Guide...
Page 58
Chapter 3 The Web Configurator Vantage Report User’s Guide...
Table 17 Monitor (Folder) LABEL DESCRIPTION Refresh Select how often (1 Minute, 5 Minutes, 10 Minutes) the Vantage Report Interval updates the information in this screen. Select None to not to update this screen. Click Refresh Now to update the screen immediately.
Type up to 29 alphanumeric characters for the name of the monitor item. Underscore (_) is allowed. Click this to add the monitor item to the list table below and save the changes to the Vantage Report. Vantage Report User’s Guide...
Monitor menu to open the screen for the device. You get to pre-configure a list of reports or monitors you want the Vantage Report to display first. The dashboard is available with the full version of Vantage Report.
Page 64
Select a monitor or summary report to display for each. Note: The available monitor and summary report options shown in the list box may vary depending on the selected ZyXEL device. Figure 27 Dashboard Select Device and Monitor or Summary...
Click the magnifying glass icon at the right bottom of each monitor or report to go to the corresponding monitor screen. The dashboard is available with the full version of Vantage Report. See Section 3.6.1 on page 48 for the field descriptions shown in the screen.
Table 19 Monitor > Bandwidth LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.
Table 20 Monitor > CPU Usage LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. The Vantage Report automatically calculates the start time depending on the period you selected in the Period field.
Table 21 Monitor > Memory Usage LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. The Vantage Report automatically calculates the start time depending on the period you selected in the Period field.
4.7 Session Usage Monitor Click Monitor > Session Usage to open this screen. Use this screen to monitor the number of sessions change at various times through the selected ZyXEL device. A session is a TCP/IP connection through the selected ZyXEL device.
Rx to display received traffic throughput statistics in KBytes per second. Alternatively, select Tx-Rx to display both. Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph.
Period field. 4.9 Interface Usage Monitor Click Monitor > Interface Usage to open this screen. Use this screen to monitor the throughput statistics on a selected device’s interface. Figure 34 Monitor > Interface Usage Vantage Report User’s Guide...
Page 72
Rx to display received traffic throughput statistics in KBytes per second. Alternatively, select Tx-Rx to display both. Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph.
SSL VPN - Look at the amount of traffic generated by SSL/VPN services. Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph.
Table 26 Monitor > Attack LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.
Table 27 Monitor > Intrusion LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.
Table 28 Monitor > AntiVirus LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.
Table 29 Monitor > AntiSpam LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.
Page 78
The graph shows how the status changes over time. Y-axis (vertical): displays the number of spam messages stopped by the selected device at various times. X-axis (horizontal): displays a date or time depending on the length of time you choose in the Period field. Vantage Report User’s Guide...
FTP, POP3/SMTP, and other protocols. 5.1 Bandwidth These reports look at how much traffic was handled by ZyXEL devices, who used the most bandwidth in a ZyXEL device, and which protocols were used. You can also look at traffic in various directions.
Page 80
Chapter 5 Traffic Click Report > Traffic > Bandwidth > Summary to open this screen. Figure 40 Report > Traffic > Bandwidth > Summary Vantage Report User’s Guide...
Page 81
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 82
MBytes This field displays how much traffic (in megabytes) the device Transferred handled in each time interval. Vantage Report User’s Guide...
Use this report to look at the top services in a specific time interval. Click on a specific time interval in Report > Traffic > Bandwidth > Summary to open this screen. Figure 41 Report > Traffic > Bandwidth > Summary > Drill-Down Vantage Report User’s Guide...
Back Click this to return to the main report. 5.1.3 Bandwidth Top Protocols Use this report to look at the top services generating traffic through the selected device. Vantage Report User’s Guide...
Page 85
Chapter 5 Traffic Click Report > Traffic > Bandwidth > Top Protocols to open this screen. Figure 42 Report > Traffic > Bandwidth > Top Protocols Vantage Report User’s Guide...
Page 86
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 87
Service Settings screen. Click on a service to look at the top sources of traffic for the selected service. Color This field displays what color represents each service in the graph. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the services above. 5.1.4 Bandwidth Top Protocols Drill-Down Use this report to look at the top sources of traffic for any top service. Vantage Report User’s Guide...
Page 89
Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each source in the graph. Vantage Report User’s Guide...
Back Click this to return to the main report. 5.1.5 Top Bandwidth Hosts Use this report to look at the top sources of traffic in the selected device. Vantage Report User’s Guide...
Page 91
Chapter 5 Traffic Click Report > Traffic > Bandwidth > Top Hosts to open this screen. Figure 44 Report > Traffic > Bandwidth > Top Hosts Vantage Report User’s Guide...
Page 92
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 93
System > General Configuration, the table displays the host name, if identifiable, with the IP address. Click on a source to look at the top services by amount of traffic for the selected source. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.1.6 Top Bandwidth Hosts Drill-Down Use this report to look at the top services used by any top source. Vantage Report User’s Guide...
Page 95
Service Settings screen. Color This field displays what color represents each service in the graph. Sessions This field displays the number of traffic events the selected source generated using each service. Vantage Report User’s Guide...
Use this report to look at the selected device’s logged-in users with the most traffic. Click Report > Traffic > Bandwidth > Top Users to open this screen. Figure 46 Report > Traffic > Bandwidth > Top Users Vantage Report User’s Guide...
Page 97
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 98
Each user is identified by user name. Click a user name to look at the top services by amount of traffic for the selected user. Color This field displays what color represents each user in the graph. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the users above. 5.1.8 Top Bandwidth Users Drill-Down Use this report to look at the top services used by any top bandwidth user. Vantage Report User’s Guide...
Page 100
Service Settings screen. Color This field displays what color represents each service in the graph. Sessions This field displays the number of traffic events the selected user generated using each service. Vantage Report User’s Guide...
Back Click this to return to the main report. 5.1.9 Top Bandwidth Destinations Use this report to look at the destination IP addresses to which the selected device sent the most traffic. Vantage Report User’s Guide...
Page 102
Chapter 5 Traffic Click Report > Traffic > Bandwidth > Top Destinations to open this screen. Figure 48 Report > Traffic > Bandwidth > Top Destinations Vantage Report User’s Guide...
Page 103
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 104
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
This entry displays the totals for the users above. 5.1.10 Top Bandwidth Destinations Drill-Down Use this report to look at the services that were used the most (on the selected device) to access the top destination IP addresses. Vantage Report User’s Guide...
Page 106
This field displays what percentage of the selected destination’s total number of traffic events was sent from each source. MBytes This field displays how much traffic (in megabytes) there was for the Transferred selected destination from each source. Vantage Report User’s Guide...
Click this to return to the main report. 5.2 Web Traffic These reports look at the top destinations and sources of web traffic. 5.2.1 Top Web Sites Use this report to look at the top destinations of web traffic. Vantage Report User’s Guide...
Page 108
Chapter 5 Traffic Click Report > Traffic > WEB > Top Sites to open this screen. Figure 50 Report > Traffic > WEB > Top Sites Vantage Report User’s Guide...
Page 109
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 5.2.2 Top Web Sites Drill-Down Use this report to look at the top sources of web traffic for any top destination. Vantage Report User’s Guide...
Page 111
IP address. Color This field displays what color represents each source in the graph. Sessions This field displays the number of traffic events from each source to the selected destination. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.2.3 Top Web Hosts Use this report to look at the top sources of web traffic. Vantage Report User’s Guide...
Page 113
Chapter 5 Traffic Click Report > Traffic > WEB > Top Hosts to open this screen. Figure 52 Report > Traffic > WEB > Top Hosts Vantage Report User’s Guide...
Page 114
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.2.4 Top Web Hosts Drill-Down Use this report to look at the top destinations of web traffic for any top source. Vantage Report User’s Guide...
Page 116
Each destination is identified by its IP address. If DNS Reverse is enabled in System > General Configuration, the table displays the domain name, if identifiable, with the IP address (for example, “www.yahoo.com/200.100.20.10”). Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.2.5 Top Web Users Use this report to look at the users that send the most web traffic. Vantage Report User’s Guide...
Page 118
Chapter 5 Traffic Click Report > Traffic > WEB > Top Users to open this screen. Figure 54 Report > Traffic > WEB > Top Users Vantage Report User’s Guide...
Page 119
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.2.6 Top Web Users Drill-Down Use this report to look at the top destinations of web traffic for any top user. Vantage Report User’s Guide...
Page 121
Each destination is identified by its IP address. If DNS Reverse is enabled in System > General Configuration, the table displays the domain name, if identifiable, with the IP address (for example, “www.yahoo.com/200.100.20.10”). Vantage Report User’s Guide...
Click this to return to the main report. 5.3 FTP Traffic These reports look at the top destinations and sources of FTP traffic. 5.3.1 Top FTP Sites Use this report to look at the top destinations of FTP traffic. Vantage Report User’s Guide...
Page 123
Chapter 5 Traffic Click Report > Traffic > FTP > Top Sites to open this screen. Figure 56 Report > Traffic > FTP > Top Sites Vantage Report User’s Guide...
Page 124
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 5.3.2 Top FTP Sites Drill-Down Use this report to look at the top sources of FTP traffic for any top destination. Vantage Report User’s Guide...
Page 126
Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each source in the graph. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.3.3 Top FTP Hosts Use this report to look at the top sources of FTP traffic. Vantage Report User’s Guide...
Page 128
Chapter 5 Traffic Click Report > Traffic > FTP > Top Hosts to open this screen. Figure 58 Report > Traffic > FTP > Top Hosts Vantage Report User’s Guide...
Page 129
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.3.4 Top FTP Hosts Drill-Down Use this report to look at the top destinations of FTP traffic for any top source. Vantage Report User’s Guide...
Page 131
Each destination is identified by its IP address. If DNS Reverse is enabled in System > General Configuration, the table displays the domain name, if identifiable, with the IP address (for example, “www.yahoo.com/200.100.20.10”). Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.3.5 Top FTP Users Use this report to look at the users that send the most FTP traffic. Vantage Report User’s Guide...
Page 133
Chapter 5 Traffic Click Report > Traffic > FTP > Top Users to open this screen. Figure 60 Report > Traffic > FTP > Top Users Vantage Report User’s Guide...
Page 134
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.3.6 Top FTP Users Drill-Down Use this report to look at the top destinations of FTP traffic for any top user. Vantage Report User’s Guide...
Page 136
Each destination is identified by its IP address. If DNS Reverse is enabled in System > General Configuration, the table displays the domain name, if identifiable, with the IP address (for example, “www.yahoo.com/200.100.20.10”). Vantage Report User’s Guide...
Click this to return to the main report. 5.4 Mail Traffic These reports look at the top destinations and sources of mail traffic. 5.4.1 Top Mail Sites Use this report to look at the top destinations and sources of mail traffic. Vantage Report User’s Guide...
Page 138
Chapter 5 Traffic Click Report > Traffic > MAIL > Top Sites to open this screen. Figure 62 Report > Traffic > MAIL > Top Sites Vantage Report User’s Guide...
Page 139
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 5.4.2 Top Mail Sites Drill-Down Use this report to look at the top sources of mail traffic for any top destination. Vantage Report User’s Guide...
Page 141
Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each source in the graph. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.4.3 Top Mail Hosts Use this report to look at the top sources of mail traffic. Vantage Report User’s Guide...
Page 143
Chapter 5 Traffic Click Report > Traffic > MAIL > Top Hosts to open this screen. Figure 64 Report > Traffic > MAIL > Top Hosts Vantage Report User’s Guide...
Page 144
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.4.4 Top Mail Hosts Drill-Down Use this report to look at the top destinations of mail traffic for any top source. Vantage Report User’s Guide...
Page 146
Each destination is identified by its IP address. If DNS Reverse is enabled in System > General Configuration, the table displays the domain name, if identifiable, with the IP address (for example, “www.yahoo.com/200.100.20.10”). Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.4.5 Top Mail Users Use this report to look at the users that send the most mail traffic. Vantage Report User’s Guide...
Page 148
Chapter 5 Traffic Click Report > Traffic > MAIL > Top Users to open this screen. Figure 66 Report > Traffic > MAIL > Top Users Vantage Report User’s Guide...
Page 149
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.4.6 Top Mail Users Drill-Down Use this report to look at the top destinations of mail traffic for any top user. Vantage Report User’s Guide...
Page 151
Each destination is identified by its IP address. If DNS Reverse is enabled in System > General Configuration, the table displays the domain name, if identifiable, with the IP address (for example, “www.yahoo.com/200.100.20.10”). Vantage Report User’s Guide...
Click Report > Traffic > Customization > Customization to open the Platform Selection screen. Figure 68 Report > Traffic > Customization > Customization (Platform Selection) Use this screen to select the ZyXEL firmware platform that the device uses. Then click Next. Vantage Report User’s Guide...
Other Traffic reports. These services appear in the Customized Services drop-down box. You can use services that are pre-defined in Vantage Report, or you can create new services. If you create new services, you have to specify the protocol and port number(s) for the service.
Use this report to look at the top destinations of other services’ traffic. Click Report > Traffic > Customization > Top Destinations to open this screen. Figure 70 Report > Traffic > Customization > Top Destinations Vantage Report User’s Guide...
Page 155
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
This entry displays the totals for the destinations above. 5.5.4 Top Destinations of Other Traffic Drill-Down Use this report to look at the top sources of other services’ traffic for any top destination. The service is selected in the main report. Vantage Report User’s Guide...
Page 157
This field displays what percentage each source’s number of traffic events makes out of the total number of traffic events for the selected destination. MBytes This field displays how much traffic (in megabytes) was sent from Transferred each source to the selected destination. Vantage Report User’s Guide...
Use this report to look at the top sources of other services’ traffic. Click Report > Traffic > Customization > Top Sources to open this screen. Figure 72 Report > Traffic > Customization > Top Sources Vantage Report User’s Guide...
Page 159
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
This entry displays the totals for the sources above. 5.5.6 Top Sources of Other Traffic Drill-Down Use this report to look at the top destinations of other services’ traffic for any top source. The service is selected in the main report. Vantage Report User’s Guide...
Page 161
This field displays what percentage each destination’s number of traffic events makes out of the total number of traffic events for the selected source. MBytes This field displays how much traffic (in megabytes) was generated Transferred from the selected source to each destination. Vantage Report User’s Guide...
Use this report to look at the users that send the most other services’ traffic. Click Report > Traffic > Customization > Top Users to open this screen. Figure 74 Report > Traffic > Customization > Top Users Vantage Report User’s Guide...
Page 163
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
This entry displays the totals for the sources above. 5.5.8 Top Users of Other Traffic Drill-Down Use this report to look at the top destinations of other services’ traffic for any top user. The service is selected in the main report. Vantage Report User’s Guide...
Page 165
This field displays the number of traffic events from the selected user to each destination. % of Sessions This field displays what percentage of the selected user’s total number of traffic events went to each destination. Vantage Report User’s Guide...
Page 166
View Logs Click this icon to see the logs that go with the record. Back Click this to return to the main report. Vantage Report User’s Guide...
Note: To look at VPN usage reports, each ZyXEL device must record forwarded IPSec VPN traffic in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure IPSec is enabled.
Page 168
Click First, Last, or a specific page number to look at the sites on that page. Some choices are not available, depending on the number of pages.s Enter the page number you want to see, and click Go. Vantage Report User’s Guide...
This field displays the clock time (in 24-hour format) of the earliest traffic statistics in the graph. End Time This field displays the clock time (in 24-hour format) of the latest traffic statistics in the graph. Vantage Report User’s Guide...
Use this report to look at the top destinations of VPN traffic. The device must be a ZyNOS based ZyWALL in order to view this report. Click Report > VPN > Site-to-Site > Top Peer Gateways to open this screen. Figure 78 Report > VPN > Site-to-Site > Top Peer Gateways Vantage Report User’s Guide...
Page 171
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 6.1.4 Top VPN Peer Gateways Drill-Down Use this report to look at the top sources of VPN traffic for any top destination. Vantage Report User’s Guide...
Page 173
Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each source in the graph. Vantage Report User’s Guide...
This entry displays the totals for the sources above. It only displays the top 10 sources in the screen. Back Click this to return to the main report. 6.1.5 Top VPN Sites Use this report to look at the peer IPSec routers with the most VPN traffic. Vantage Report User’s Guide...
Page 175
Chapter 6 VPN Click Report > VPN > Site-to-Site > Top Sites to open this screen. Figure 80 Report > VPN > Site-to-Site > Top Sites Vantage Report User’s Guide...
Page 176
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 6.1.6 Top VPN Sites Drill-Down Use this report to look at the top sources of VPN traffic for any top destination. Vantage Report User’s Guide...
Page 178
Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each source in the graph. Vantage Report User’s Guide...
Back Click this to return to the main report. 6.1.7 Top VPN Tunnels Use this report to look at the VPN tunnels with the most VPN traffic. Vantage Report User’s Guide...
Page 180
Select which direction of traffic, you want to view statistics. Both - all VPN traffic the devices sent or received. Incoming - all traffic the devices received through VPN tunnel. Outgoing - all traffic the devices sent out through VPN tunnel. Vantage Report User’s Guide...
Page 181
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 6.1.8 Top VPN Tunnels Drill-Down Use this report to look at the top senders or receivers of VPN traffic for a top VPN tunnel. Vantage Report User’s Guide...
Page 183
VPN tunnel, sorted by the amount of traffic attributed to each one. Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Vantage Report User’s Guide...
TopN setting in Settings. Back Click this to return to the main report. 6.1.9 Top VPN Protocols Use this report to look at the top services generating VPN traffic through the selected device. Vantage Report User’s Guide...
Page 185
Select which direction of traffic, you want to view statistics. Both - all VPN traffic the devices sent or received. Incoming - all traffic the devices received through VPN tunnel. Outgoing - all traffic the devices sent out through VPN tunnel. Vantage Report User’s Guide...
Page 186
These fields reset to the default values when you click a menu item in the menu panel (including the menu item for the same report). The fields do not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the protocols above. 6.1.10 Top VPN Protocols Drill-Down Use this report to look at the top senders or receivers of any top service through VPN. Vantage Report User’s Guide...
Page 188
Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Vantage Report User’s Guide...
10 hosts are displayed. You can change the number of hosts to be displayed through the TopN setting in Settings. Back Click this to return to the main report. 6.1.11 Top VPN Hosts Use this report to look at the top senders or receivers of VPN traffic. Vantage Report User’s Guide...
Page 190
This field is not available with all models. Tunnel Select a VPN tunnel. Select All to display the total traffic for the device’s VPN tunnels with the selected site (or all sites). This field is not available with all models. Vantage Report User’s Guide...
Page 191
These fields reset to the default values when you click a menu item in the menu panel (including the menu item for the same report). The fields do not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the hosts above. 6.1.12 Top VPN Hosts Drill-Down Use this report to look at the services sent through VPN from a top sender or to a top receiver. Vantage Report User’s Guide...
Page 193
This field displays the number of traffic events of each protocol. % of Sessions This field displays what percentage each protocol’s number of traffic events makes out of the total number of traffic events for the selected VPN traffic. Vantage Report User’s Guide...
Use this report to look at the users that send or receive the most VPN traffic. Click Report > VPN > Site-to-Site > Top Users to open this screen. Figure 88 Report > VPN > Site-to-Site > Top Users Vantage Report User’s Guide...
Page 195
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 196
Each user is identified by user name. Click on a user to look at where the user sent the most VPN traffic. Color This field displays what color represents each user in the graph. Vantage Report User’s Guide...
Use this report to look at the services sent through VPN from or to a top user. Click on a specific source in Report > VPN > Site-to-Site > Top Users to open this screen. Figure 89 Report > VPN > Site-to-Site > Top Users > Drill-Down Vantage Report User’s Guide...
TopN setting in Settings. Back Click this to return to the main report. 6.1.15 Top VPN Destinations Use this report to look at the destinations with the most VPN traffic. Vantage Report User’s Guide...
Page 199
Select which direction of traffic, you want to view statistics. Both - all VPN traffic the devices sent or received. Incoming - all traffic the devices received through VPN tunnel. Outgoing - all traffic the devices sent out through VPN tunnel. Vantage Report User’s Guide...
Page 200
These fields reset to the default values when you click a menu item in the menu panel (including the menu item for the same report). The fields do not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 6.1.16 Top VPN Destinations Drill-Down Use this report to look at the services sent through VPN from or to a top destination. Vantage Report User’s Guide...
Page 202
Chapter 6 VPN Click on a specific destination in Report > VPN > Site-to-Site > Top Destinations to open this screen. Figure 91 Report > VPN > Site-to-Site > Top Destinations > Drill-Down Vantage Report User’s Guide...
VPN tunnel. The VPN remote access screens display statistics for remote users that use dynamic VPN tunnels and have been authenticated by xauth. 6.2.1 VPN User Status Use this report to see statistics about the device’s remote VPN users. Vantage Report User’s Guide...
Page 204
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 205
Click the title of this column to sort the list of users by how long they have been logged in. This field displays the user's IP address. Click the title of this column to sort the list of users by IP address. Vantage Report User’s Guide...
Total This entry displays the total number of users on each page of the report. 6.2.2 VPN User Status Drill-Down Use this report to look at the services transferred through the device by any top users. Vantage Report User’s Guide...
Page 207
Select which direction of traffic, you want to view statistics. Both - all VPN traffic the devices sent or received. Incoming - all traffic the devices received through VPN tunnel. Outgoing - all traffic the devices sent out through VPN tunnel. Vantage Report User’s Guide...
TopN setting in Settings. Back Click this to return to the main report. 6.2.3 Top VPN Protocols Use this report to display which services the remote access users sent or received the most. Vantage Report User’s Guide...
Page 209
Select which direction of traffic, you want to view statistics. Both - all VPN traffic the devices sent or received. Incoming - all traffic the devices received through VPN tunnel. Outgoing - all traffic the devices sent out through VPN tunnel. Vantage Report User’s Guide...
Page 210
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 6.2.4 Top VPN Protocols Drill-Down Use this report to look at the top remote access senders or receivers of any top service. Vantage Report User’s Guide...
Page 212
Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Vantage Report User’s Guide...
10 hosts are displayed. You can change the number of hosts to be displayed through the TopN setting in Settings. Back Click this to return to the main report. 6.2.5 Top VPN Destinations Use this report to look at the destinations with the most remote access VPN traffic. Vantage Report User’s Guide...
Page 214
Select which direction of traffic, you want to view statistics. Both - all VPN traffic the devices sent or received. Incoming - all traffic the devices received through VPN tunnel. Outgoing - all traffic the devices sent out through VPN tunnel. Vantage Report User’s Guide...
Page 215
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 6.2.6 Top VPN Destinations Drill-Down Use this report to look at the remote access hosts that sent the most traffic to the selected top destination. Vantage Report User’s Guide...
Page 217
Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Vantage Report User’s Guide...
TopN setting in Settings. Back Click this to return to the main report. 6.2.7 VPN Top Users Use this report to look at the users that send or receive the most VPN traffic. Vantage Report User’s Guide...
Page 219
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 220
Click on a user to look at the services of VPN traffic sent or received the most by the selected user. Color This field displays what color represents each destination in the graph. Sessions This field displays the number of traffic events for each destination. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 6.2.8 VPN Top Users Drill-Down Use this report to look at the services transferred the most through VPN remote access by any top users. Vantage Report User’s Guide...
Page 222
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this to return to the main report. 6.3 VPN Remote Access (SSL) SSL VPN tunnels are HTTPS connections via the ZyXEL devices. Only remote hosts can initiate SSL VPN tunnels. Devices authenticates remote users (by username and password) when they try to initiate a SSL VPN tunnel. The VPN remote access screens display statistics for remote users that use SSL VPN tunnels and have been authenticated.
Page 224
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 225
This field displays the amount of VPN traffic sent or received by the (MBytes) user and routed through the device. Click the title of this column to sort the list of users by the amount of traffic routed through the device. Vantage Report User’s Guide...
Use this report to look at the services transferred through the device by any top users. Click on a specific user in Report > VPN > Remote Access (SSL) > User Status to open this screen. Figure 101 Report > VPN > Remote Access (SSL) > User Status > Drill-Down Vantage Report User’s Guide...
This entry displays the totals for the service above. The entry is just for top 10 services for the selected user. Back Click this to return to the main report. 6.3.3 Top VPN Protocols Use this report to display which services the remote access users used the most. Vantage Report User’s Guide...
Page 228
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 229
Each protocol is identified by its name. Click on a protocol to look at the top senders or receivers of the service through VPN. Color This field displays what color represents each protocol in the graph. Sessions This field displays the number of traffic events for each protocol. Vantage Report User’s Guide...
Click on a specific service in Report > VPN > Remote Access (SSL) > Top Protocols to open this screen. Figure 103 Report > VPN > Remote Access (SSL) > Top Protocols > Drill-Down Vantage Report User’s Guide...
TopN setting in Settings. Back Click this to return to the main report. 6.3.5 Top VPN Destinations Use this report to look at the destinations with the most remote access VPN traffic. Vantage Report User’s Guide...
Page 232
Select which direction of traffic, you want to view statistics. Both - all VPN traffic the devices sent or received. Incoming - all traffic the devices received through VPN tunnel. Outgoing - all traffic the devices sent out through VPN tunnel. Vantage Report User’s Guide...
Page 233
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Total This entry displays the traffic summary for the destination hosts. 6.3.6 Top VPN Destinations Drill-Down Use this report to look at the remote access hosts that sent the most traffic to the selected top destination. Vantage Report User’s Guide...
Page 235
% of MBytes This field displays what percentage of VPN traffic the device handled Transferred for each user. View Logs Click this icon to see the logs that go with the record. Vantage Report User’s Guide...
Use this report to look at the applications with the most remote access VPN traffic. Click Report > VPN > Remote Access (SSL) > Top Applications to open this screen. Figure 106 Report > VPN > Remote Access (SSL) > Top Applications Vantage Report User’s Guide...
Page 237
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 238
VPN traffic for the selected application. Type This field displays what kind of service the internal server provides. Color This field displays what color represents each application in the graph. Vantage Report User’s Guide...
VPN application. Click on a specific application in Report > VPN > Remote Access (SSL) > Top Applications to open this screen. Figure 107 Report > VPN > Remote Access (SSL) > Top Applications > Drill-Down Vantage Report User’s Guide...
Page 240
TopN setting in Settings. Back Click this to return to the main report. 6.3.9 VPN Top Users Use this report to look at the users that send or receive the most VPN traffic. Vantage Report User’s Guide...
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 242
This field displays the number of traffic events for each user. % of Sessions This field displays what percentage each user’s number of traffic events makes out of the total number of traffic events that match the settings you displayed in this report. Vantage Report User’s Guide...
Use this report to look at the services sent the most through VPN by the selected user. Click on a specific user in Report > VPN > Remote Access (SSL) > Top Users to open this screen. Figure 109 Report > VPN > Remote Access (SSL) > Top Users > Drill-Down Vantage Report User’s Guide...
Devices can use xauth to authenticate remote users (by username and password) when they try to initiate a dynamic IPSec VPN tunnel. Use these screens to display records of successful and unsuccessful logins to the device’s IPSec VPN tunnels. Vantage Report User’s Guide...
Use this report to monitor the total number of users that have successfully logged in to use one of the device’s VPN tunnels. Click Report > VPN > Xauth > Successful Login to open this screen. Figure 110 Report > VPN > Xauth> Successful Login Vantage Report User’s Guide...
Page 246
6.4.2 VPN Failed Login Use this report to monitor the total number of users that have made unsuccessful attempts to log in to use one of the device’s VPN tunnels. Vantage Report User’s Guide...
Store Log Days in System > General Configuration. Click Apply to update the report immediately, or click Cancel to close this screen. Time This column displays when the user last failed to log in. The entries are sorted in chronological order. Vantage Report User’s Guide...
Page 248
Total This entry displays the total number of users on the current page of the report. If you want to see a different page of the report, type the number of the page in the field. Vantage Report User’s Guide...
Use this report to look at the number of DoS attacks by time interval. Note: To look at attack reports, each ZyXEL device must record DoS attacks in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs >...
Page 251
This field displays what percentage of all DoS attacks was handled in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...
Use this report to look at the top categories of DoS attacks in a specific time interval. Click on a specific time interval in Report > Network Attack > Attack > Summary to open this screen. Figure 113 Report > Network Attack > Attack > Summary > Drill-Down Vantage Report User’s Guide...
Use this report to look at the top kinds of DoS attacks by number of attacks. Note: To look at attack reports, each ZyXEL device must record DoS attacks in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs >...
Page 254
Chapter 7 Network Attack Click Report > Network Attack > Attack > Top Attacks to open this screen. Figure 114 Report > Network Attack > Attack > Top Attacks Vantage Report User’s Guide...
Page 255
Color This field displays what color represents each category in the graph. Attacks This field displays how many DoS attacks from each category occurred in the selected time interval. Vantage Report User’s Guide...
Use this report to look at the top categories of DoS attacks for any top source. Click on a specific source in Report > Network Attack > Attack > Top Attacks to open this screen. Figure 115 Report > Network Attack > Attack > Top Attacks > Drill-Down Vantage Report User’s Guide...
Use this report to look at the top sources of DoS attacks by number of attacks. Note: To look at attack reports, each ZyXEL device must record DoS attacks in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs >...
Page 258
Chapter 7 Network Attack Click Report > Network Attack > Attack > Top Sources to open this screen. Figure 116 Report > Network Attack > Attack > Top Sources Vantage Report User’s Guide...
Page 259
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 7.1.6 Top Attack Sources Drill-Down Use this report to look at the top categories of DoS attacks for any top source. Vantage Report User’s Guide...
Page 261
Color This field displays what color represents each category in the graph. Attacks This field displays the number of DoS attacks from each category that occurred from the selected source. Vantage Report User’s Guide...
Use this report to look at the categories of DoS attacks by number of attacks. Note: To look at attack reports, each ZyXEL device must record DoS attacks in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs >...
Page 263
This field displays what percentage of all DoS attacks come from each category. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the categories above. Vantage Report User’s Guide...
Use this report to look at the sources of DoS attacks for any top category. Click on a specific category in Report > Network Attack > Attack > By Type to open this screen. Figure 119 Report > Network Attack > Attack > By Type > Drill-Down Vantage Report User’s Guide...
They are detected by the selected device’s IDP feature. Note: To look at intrusion reports, each ZyXEL device must record intrusions in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs >...
Page 267
This field displays what percentage of all intrusions was made in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...
Use this report to look at the intrusion signatures in a specific time interval. Click on a specific time interval in Report > Network Attack > Intrusion > Summary to open this screen. Figure 121 Report > Network Attack > Intrusion > Summary > Drill-Down Vantage Report User’s Guide...
Page 269
This field displays the severity of each intrusion signature. Type This field displays what kind of intrusion each intrusion signature is. This corresponds to IDP > Signature > Attack Type in most ZyXEL devices. Intrusions This field displays how many intrusions occurred in the selected time interval.
The following screen is displayed. Figure 122 Security Issue Details 7.2.3 Top Intrusion Signatures Use this report to look at the top intrusion signatures by number of intrusions. Vantage Report User’s Guide...
Page 271
Chapter 7 Network Attack Click Report > Network Attack > Intrusion > Top Intrusions to open this screen. Figure 123 Report > Network Attack > Intrusion > Top Intrusions Vantage Report User’s Guide...
Page 272
Click on an intrusion signature to look at the top sources for the selected signature. Color This field displays what color represents each intrusion signature in the graph. Vantage Report User’s Guide...
This field displays the severity of each intrusion signature. Type This field displays what kind of intrusion each intrusion signature is. This corresponds to IDP > Signature > Attack Type in most ZyXEL devices. Intrusions This field displays the number of intrusions by each intrusion signature.
Page 274
Chapter 7 Network Attack Click on a specific intrusion signature in Report > Network Attack > Intrusion > Top Intrusions to open this screen. Figure 124 Report > Network Attack > Intrusion > Top Intrusions > Drill-Down Vantage Report User’s Guide...
Back Click this to return to the main report. 7.2.5 Top Intrusion Sources Use this report to look at the top sources of intrusions by number of intrusions. Vantage Report User’s Guide...
Page 276
Chapter 7 Network Attack Click Report > Network Attack > Intrusion > Top Sources to open this screen. Figure 125 Report > Network Attack > Intrusion > Top Sources Vantage Report User’s Guide...
Page 277
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 7.2.6 Top Intrusion Sources Drill-Down Use this report to look at the top intrusion signatures for any top source. Vantage Report User’s Guide...
Page 279
This field displays the top intrusion signatures from the selected Signature source, sorted by the number of intrusions by each one. Color This field displays what color represents each intrusion signature in the graph. Severity This field displays the severity of each intrusion signature. Vantage Report User’s Guide...
LABEL DESCRIPTION Type This field displays what kind of intrusion each intrusion signature is. This corresponds to IDP > Signature > Attack Type in most ZyXEL devices. Intrusions This field displays the number of intrusions by the selected source using each intrusion signature.
Page 281
Chapter 7 Network Attack Click Report > Network Attack > Intrusion > Top Destinations to open this screen. Figure 127 Report > Network Attack > Intrusion > Top Destinations Vantage Report User’s Guide...
Page 282
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 7.2.8 Top Intrusion Destinations Drill-Down Use this report to look at the top intrusion signatures for any top destination. Vantage Report User’s Guide...
Page 284
This field displays the top intrusion signatures sent to the selected Signature destination, sorted by the number of intrusions at each one. Color This field displays what color represents each intrusion signature in the graph. Severity This field displays the severity of each intrusion signature. Vantage Report User’s Guide...
LABEL DESCRIPTION Type This field displays what kind of intrusion each intrusion signature is. This corresponds to IDP > Signature > Attack Type in most ZyXEL devices. Intrusions This field displays the number of intrusions of each intrusion signature sent to the selected destination.
Page 286
Chapter 7 Network Attack Click Report > Network Attack > Intrusion > By Severity to open this screen. Figure 129 Report > Network Attack > Intrusion > By Severity Vantage Report User’s Guide...
Page 287
This field displays what percentage of all intrusions are at each level of severity. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the severities above. Vantage Report User’s Guide...
Click on a slice in the pie chart to move it away from the pie chart a little. Intrusion This field displays the intrusion signatures of the selected severity, Signature sorted by the number of intrusions by each one. Vantage Report User’s Guide...
Note: To look at anti-virus reports, each ZyXEL device must record anti-virus messages in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Anti- Virus is enabled.
Page 291
This field displays what percentage of all occurrences was made in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...
Use this report to look at the viruses in a specific time interval. Click on a specific time interval in Report > Network Attack > AntiVirus > Summary to open this screen. Figure 132 Report > Network Attack > AntiVirus > Summary > Drill-Down Vantage Report User’s Guide...
Back Click this to return to the main report. 7.3.3 Top Viruses Use this report to look at the top viruses by number of occurrences. Vantage Report User’s Guide...
Page 294
Chapter 7 Network Attack Click Report > Network Attack > AntiVirus > Top Viruses to open this screen. Figure 133 Report > Network Attack > AntiVirus > Top Viruses Vantage Report User’s Guide...
Page 295
Click on a virus to look at the top sources for the selected virus. Color This field displays what color represents each virus in the graph. Occurrences This field displays the number of occurrences of each virus. Vantage Report User’s Guide...
Use this report to look at the top sources of any top virus. Click on a specific virus in Report > Network Attack > AntiVirus > Top Viruses to open this screen. Figure 134 Report > Network Attack > AntiVirus > Top Viruses > Drill-Down Vantage Report User’s Guide...
Back Click this to return to the main report. 7.3.5 Top Virus Sources Use this report to look at the top sources of virus occurrences by number of occurrences. Vantage Report User’s Guide...
Page 298
Chapter 7 Network Attack Click Report > Network Attack > AntiVirus > Top Sources to open this screen. Figure 135 Report > Network Attack > AntiVirus > Top Sources Vantage Report User’s Guide...
Page 299
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 7.3.6 Top Virus Sources Drill-Down Use this report to look at the top viruses for any top source. Vantage Report User’s Guide...
Page 301
% of Occurrences This field displays what percentage of all occurrences from the selected source was made by each virus. View Logs Click this icon to see the logs that go with the record. Vantage Report User’s Guide...
Use this report to look at the top destinations of virus occurrences by number of occurrences. Click Report > Network Attack > AntiVirus > Top Destinations to open this screen. Figure 137 Report > Network Attack > AntiVirus > Top Destinations Vantage Report User’s Guide...
Page 303
Each destination is identified by its IP address. Color This field displays what color represents each destination in the graph. Vantage Report User’s Guide...
Use this report to look at the top viruses for any top destination. Click on a specific destination in Report > Network Attack > AntiVirus > Top Destinations to open this screen. Figure 138 Report > Network Attack > AntiVirus > Top Destinations > Drill-Down Vantage Report User’s Guide...
Note: To look at anti-spam reports, each ZyXEL device must record anti-spam messages in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Anti- Spam is enabled.
Page 307
This field displays what percentage of all spam messages was made in Spams each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...
SMTP server. Click on a specific time interval in Report > Network Attack > AntiSpam > Summary to open this screen. Figure 140 Report > Network Attack > AntiSpam > Summary > Drill-Down Vantage Report User’s Guide...
Use this report to look at the top combinations of senders of spam messages and the first SMTP server to which the sender sends spam. For example, if a sender sends spam through two SMTP servers, there are two entries for the sender, one with each SMTP server. Vantage Report User’s Guide...
Page 310
Chapter 7 Network Attack Click Report > Network Attack > AntiSpam > Top Senders to open this screen. Figure 141 Report > Network Attack > AntiSpam > Top Senders Vantage Report User’s Guide...
Page 311
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Click this icon to see the logs that go with the record. Total This entry displays the totals for the senders above. 7.4.4 Top Spam Sources Use this report to look at the top sources of spam messages by number of messages. Vantage Report User’s Guide...
Page 313
Chapter 7 Network Attack Click Report > Network Attack > AntiSpam > Top Sources to open this screen. Figure 142 Report > Network Attack > AntiSpam > Top Sources Vantage Report User’s Guide...
Page 314
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Use this report to look at the scores calculated for spam messages by number of messages. Click Report > Network Attack > AntiSpam > By Score to open this screen. Figure 143 Report > Network Attack > AntiSpam > By Score Vantage Report User’s Guide...
Page 316
This field displays what percentage of all spam messages had each Spams score. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the scores above. Vantage Report User’s Guide...
Note: To look at firewall access control reports, each ZyXEL device must record blocked packets and users in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Access Control is enabled.
Page 318
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 319
View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the users above. Vantage Report User’s Guide...
Note: To look at firewall access control reports, each ZyXEL device must record blocked packets and users in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Access Control is enabled.
Page 321
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
8.2 Application Access Control These screens display the most-often blocked applications. Note: To look at application access control reports, each ZyXEL device must record allowed applications and blocked applications and users in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs >...
Page 323
Chapter 8 Security Policy Click Report > Security Policy > Application Access Control > Top Applications Blocked to open this screen. Figure 146 Report > Security Policy > Application Access Control > Top Applications Blocked Vantage Report User’s Guide...
Page 324
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Use this report to look at the users for which the device blocked the most connections. Note: To look at security policy reports, each ZyXEL device must record users blocked by the application patrol in its log. See the User’s Guide for each ZyXEL device for more information.
Page 326
Chapter 8 Security Policy Click Report > Security Policy > Application Access Control > Top Users Blocked to open this screen. Figure 147 Report > Security Policy > Application Access Control > Top Users Blocked Vantage Report User’s Guide...
Page 327
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Note: To look at security policy reports, each ZyXEL device must record forwarded applications in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Application Patrol is enabled.
Page 329
Chapter 8 Security Policy Click Report > Security Policy > Application Access Control > Top Applications Allowed to open this screen. Figure 148 Report > Security Policy > Application Access Control > Top Applications Allowed Vantage Report User’s Guide...
Page 330
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
These reports look at the number of attempts to access blocked web sites by time interval as well as top blocked sites and hosts. Note: To look at security policy reports, each ZyXEL device must record blocked web packets and blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information.
Page 332
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
This entry displays the totals for the time intervals above. 8.3.2 Web Block Summary Drill-Down Use this report to look at the top sources of attempts to access blocked web sites in a specific time interval. Vantage Report User’s Guide...
Page 334
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Use this report to look at the top destinations of blocked web traffic. Note: To look at security policy reports, each ZyXEL device must record blocked web packets and blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information.
Page 336
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 337
This field displays what percentage of all attempts to access blocked web sites was made to each destination. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. Vantage Report User’s Guide...
Use this report to look at the top sources for any top destination of blocked web traffic. Click on a specific destination in Report > Security Policy > WEB Blocked > Top Sites to open this screen. Figure 152 Report > Security Policy > WEB Blocked > Top Sites > Drill-Down Vantage Report User’s Guide...
Use this report to look at the top sources of blocked web traffic. Note: To look at security policy reports, each ZyXEL device must record forwarded web packets and blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information.
Page 340
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 341
This field displays the number of web site access attempts the device blocked from each source. % of Attempts This field displays what percentage of all attempts to access blocked web sites was made from each source. Vantage Report User’s Guide...
Use this report to look at the top destinations for any top source of blocked web traffic. Click on a specific source in Report > Security Policy > WEB Blocked > Top Hosts to open this screen. Figure 154 Report > Security Policy > WEB Blocked > Top Hosts > Drill-Down Vantage Report User’s Guide...
Use this report to look at the users for which the device blocked the most web site access attempts. Note: To look at security policy Web blocked reports, each ZyXEL device must record forwarded web packets and blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information.
Page 344
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 345
This field displays what percentage the user had of all blocked attempts to access web sites. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. Vantage Report User’s Guide...
Click on a specific source in Report > Security Policy > WEB Blocked > Top Users to open this screen. Figure 156 Report > Security Policy > WEB Blocked > Top Users > Drill-Down Vantage Report User’s Guide...
Use this report to look at the categories of blocked web traffic. Note: To look at security policy reports, each ZyXEL device must record forwarded web packets and blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information.
Page 348
Chapter 8 Security Policy Click Report > Security Policy > WEB Blocked > By Category to open this screen. Figure 157 Report > Security Policy > WEB Blocked > By Category Vantage Report User’s Guide...
Page 349
This field displays what percentage of all attempts to access blocked web sites belong to each category. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the categories above. Vantage Report User’s Guide...
This field displays the destinations of blocked web traffic that belongs to the selected category, sorted by the number of attempts to each one. Each destination is identified by its domain name. Color This field displays what color represents each destination in the graph. Vantage Report User’s Guide...
These reports look at the number of attempts to access allowed web sites by time interval as well as top allowed sites and hosts. Note: To look at security policy reports, each ZyXEL device must record forwarded web packets and blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information.
Page 352
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
This entry displays the totals for the time intervals above. 8.4.2 Web Allowed Summary Drill-Down Use this report to look at the top sources of attempts to access allowed web sites in a specific time interval. Vantage Report User’s Guide...
Page 354
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Use this report to look at the top destinations of forwarded web traffic. Note: To look at security policy reports, each ZyXEL device must record forwarded web packets and blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information.
Page 356
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 357
This field displays what percentage of all attempts to access allowed web sites was made to each destination. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. Vantage Report User’s Guide...
Use this report to look at the top sources for any top destination of forwarded web traffic. Click on a specific destination in Report > Security Policy > WEB Allowed > Top Sites to open this screen. Figure 162 Report > Security Policy > WEB Allowed > Top Sites > Drill-Down Vantage Report User’s Guide...
Use this report to look at the top sources of forwarded web traffic. Note: To look at security policy reports, each ZyXEL device must record forwarded web packets and blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information.
Page 360
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 361
Attempts This field displays how times the device allowed each source to access web sites. % of Attempts This field displays what percentage of all attempts to access allowed web sites was made from each sources. Vantage Report User’s Guide...
Use this report to look at the top destinations for any top source of forwarded web traffic. Click on a specific source in Report > Security Policy > WEB Allowed > Top Hosts to open this screen. Figure 164 Report > Security Policy > WEB Allowed > Top Hosts > Drill-Down Vantage Report User’s Guide...
Use this report to look at the top users for which the device forwarded web traffic. Note: To look at security policy reports, each ZyXEL device must record forwarded web packets and blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information.
Page 364
This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
Page 365
This field displays what percentage of all attempts to access allowed web sites was made by each user. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. Vantage Report User’s Guide...
Use this report to look at the top destinations for any top source of forwarded web traffic. Click on a specific source in Report > Security Policy > WEB Allowed > Top Users to open this screen. Figure 166 Report > Security Policy > WEB Allowed > Top Users > Drill-Down Vantage Report User’s Guide...
Page 367
Back Click this to return to the main report. Vantage Report User’s Guide...
9.1 Successful Logins Use this screen to look at who successfully logged into the ZyXEL device. See Section 2.4 on page 25 for more information about the source data used by the report.
Page 370
(including the menu item for the same report). It does not reset when you open or close drill-down reports. Time This field displays the time the Vantage Report server received the log entry from the ZyXEL device, not the time the user logged into the device.
Chapter 9 Event 9.2 Failed Logins Use this screen to look at who tried to log in into the ZyXEL device (for management or monitoring purposes) but failed. See Section 2.4 on page 25 more information about the source data used by the report.
Use this screen to see which hosts have most frequently gone over the maximum number of NAT sessions per host. Note: To use this screen, the ZyXEL device must record instances of hosts exceeding the maximum number of NAT sessions in its log. See the User’s Guide for each ZyXEL device for more information.
Page 373
Chapter 9 Event Click Report > Event > Session Per Host > Top Hosts to open this screen. Figure 169 Report > Event > Session Per Host > Top Hosts Vantage Report User’s Guide...
Page 374
Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...
Use this screen to see which users have most frequently gone over the maximum number of NAT sessions per host. Note: To use this screen, the ZyXEL device must record instances of users exceeding the maximum number of NAT sessions in its log. See the User’s Guide for each ZyXEL device for more information.
Page 376
Chapter 9 Event Click Report > Event > Session Per Host > Top Users to open this screen. Figure 170 Report > Event > Session Per Host > Top Users Vantage Report User’s Guide...
Page 377
NAT sessions per host, sorted by the number of occurrences for each one. If the number of users is less than the maximum number of records displayed in this table, every user is displayed. Each user is identified by user name. Vantage Report User’s Guide...
Page 378
View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the users above. Vantage Report User’s Guide...
• Personal firewall installation and activation • Anti-virus installation and activation • Windows registry settings • Processes that the endpoint must execute • Processes that the endpoint cannot execute • The size and version of specific files Vantage Report User’s Guide...
This field displays the description about whether users’ computers passed all the EPS checking items or failed a specific checking item on the selected device. Color This field displays what color represents each EPS checking result in the graph. Vantage Report User’s Guide...
Time This field displays the time the Vantage Report server received the log entry from the ZyXEL device, not the time the user tried to access the protected network. Total Count This field displays how many records there are for the specified search criteria.
Page 382
Click First, Last, or a specific page number to look at the records on that page. Some choices are not available, depending on the number of pages. Enter the page number you want to see, and click Go. Back Click this to close this screen. Vantage Report User’s Guide...
Attached Files option in any of the Customize ... Report screens for more information. If you do not have Vantage Report send the attachments you can still view the reports. The Vantage Report server backs up all scheduled reports in the <vrpt_home>\vrpt\data\scheduler folder.
Customize Scheduled Report screen appears. Delete Click this to delete the selected scheduled report. 11.2 Customize Daily Report Screen Use this screen to configure the Vantage Report to maintain and send daily reports. Vantage Report User’s Guide...
Page 385
Chapter 11 Schedule Report Click Report > Schedule Report > Summary. Either click on the index number of the entry you want to edit or click Add. Choose Daily Report in the Report Type. The following screen appears. Vantage Report User’s Guide...
Page 390
Vantage Report sends. The body must be 1-255 printable ASCII characters long. E-mail Attached Select this if you want Vantage Report to send the selected report(s) Files as attachment(s). Vantage Report also saves the selected report(s) on the Vantage Report server. If you do not select this, Vantage Report only saves the selected report(s) on the Vantage Report server.
Click this to close the screen without saving any changes. 11.3 Customize Weekly Report Screen Use this screen to configure the Vantage Report to maintain and send weekly reports. Click Report > Schedule Report > Summary. Either click on the index number of the entry you want to edit or click Add.
Page 392
Vantage Report sends. The body must be 1-255 printable ASCII characters long. E-mail Attached Select this if you want Vantage Report to send the selected report(s) Files as attachment(s). Vantage Report also saves the selected report(s) on the Vantage Report server. If you do not select this, Vantage Report only saves the selected report(s) on the Vantage Report server.
Chapter 11 Schedule Report 11.4 Customize Overtime Report Screen Use this screen to configure the Vantage Report to maintain and send reports during a specified period of time. Click Report > Schedule Report > Summary. Either click on the index number of the entry you want to edit or click Add.
Page 394
Vantage Report sends. The body must be 1-255 printable ASCII characters long. E-mail Attached Select this if you want Vantage Report to send the selected report(s) Files as attachment(s). Vantage Report also saves the selected report(s) on the Vantage Report server. If you do not select this, Vantage Report only saves the selected report(s) on the Vantage Report server.
Name This is the name that identifies the template inside Vantage Report. Click it to edit the template. Device Type This field displays which device this template can be generated for.
Chapter 11 Schedule Report 11.6 Template Add/Edit Use this screen to customize a scheduled report template for a particular ZyXEL Device. To access this screen, click Add in the Report > Schedule Report > Configure Template screen. Figure 178 Report > Schedule Report > Configure Template > Add Each field is described in the following table.
Template Name This is the name that identifies the template inside Vantage Report. Click it to edit the template. Template Title This field displays the title that appears at the top of the reports generated using this template.
Page 398
Click this button to view a sample of a report in PDF format. Template Use this section of the screen to configure the template’s name and Configuration the report title and upload a logo to display on the reports. Vantage Report User’s Guide...
Page 399
LABEL DESCRIPTION Template Name Enter a name to identify the template inside Vantage Report. Numbers (0-9), letters (a-z, A-Z), periods (.) and the underscore (_) are allowed. Spaces are not allowed. The name must start with a number or letter. Use up to 28 characters.
Appendix D on page 507 for information on the logs. 12.1 Log Viewer Use this screen to view logs that devices send to Vantage Report. Click Logs > Log Viewer > All Logs to look at all log entries. The screen is shown next.
Page 402
Day. End Time Enter the time of the latest log entries you want to see, if you select Day. Days Select this if you want to look at log entries for a specific range of days. Vantage Report User’s Guide...
Page 403
Select this to display logs with the domain name of hosts instead of their IP addresses. If you select this and Vantage Report does not find the domain name of a host, it will display the IP address. This feature might increase the amount of time it takes to display log entries, however.
Page 404
Click More Info to view an on-line help page about downloading files. Time This field displays the time the Vantage Report server received the log entry, not the time the log entry was generated. Source:Port This field displays the source IP address and port (if any) of the event that generated the entry.
12.2.1 By Day (Summary) Use this screen to look at the total number of logs that Vantage Report received by day. It also displays how many logs Vantage Report processed per second (on average).
Page 406
12.2.1.1 Log Receiver > By Day (Summary) > By Device Screen Use this screen to look at the total number of logs that Vantage Report received from each registered device on a particular day.
Page 407
12.2.1.1.1 Log Receiver By Day (Summary) > By Device > By Category Screen Use this screen to look at the number of logs that Vantage Report received according to the category of log (i.e., log type such as Login, Traffic log, etc.) from an individual device on a particular day.
This field displays what percent of the day’s total logs came from each category. 12.3 By Device Use this screen to look at the number of logs that Vantage Report received from each device over a selected range of days. Vantage Report User’s Guide...
Page 409
They are sorted according to the number of logs received by each, in descending order. Click a device's MAC address to see details about the categories of logs that the device sent to Vantage Report on the selected days. Vantage Report User’s Guide...
12.3.1 Log Receiver > By Device > By Category Screen Use this screen to look at the number of logs that Vantage Report received according to the category of log (i.e., log type such as Login, Traffic log, etc.) from an individual device over a selected range of days.
Page 411
Chapter 12 Logs Click Logs > Log Viewer > VRPT System Logs. The following screen displays. Figure 188 Logs > VRPT System Logs Vantage Report User’s Guide...
Page 412
Select what category type of log entries you want to see. You can also select All Categories. The categories are as follows: • System - See information about Vantage Report’s disk space. • Device - Check which devices were added, edited or removed in the Vantage Report.
These screens allow you to archive past logs to a preferred location (local directory, FTP or network server) as a ZIP file. You can set the day(s) or time interval when Vantage Report performs this task. You can view, import/export, or delete log archives for a particular device.
Page 414
DESCRIPTION Enable Archiving Click this to enable Vantage Report to archive log files. Zip Creation Interval: Set every which day or the time interval the Vantage Report archives the generated log files for record keeping. every... Days (1-7) Enable Encryption Select this if you want to encrypt archive files.
Figure 191 on page 416 for descriptions of other table fields found in this screen. 12.5.1.2 Storage Server Use this screen to store archive files on a storage server, such as a Network Attached Storage (NAS) server. Vantage Report User’s Guide...
12.5.2 View Archived Files Use this screen to view archived logs for a particular day or range of days. Vantage Report imports the archived logs from the location where they are stored and enables you to view them in the web browser.
Page 417
Refresh Archive Files Click this to update the screen and see the latest log files immediately. Device This refers to the ZyXEL Device the logs are generated for. File Name This is the file name of the log archive. Start Date This is the date of the earliest log entry in the archive.
Click a Transfer icon next to an archive entryin the Logs > Log Archiving > View Archived Files screen. The following screen displays. Figure 193 Logs > Log Archiving > View Archived Files Vantage Report User’s Guide...
Click this to send this mail to the specified e-mail addresses. 12.6 Log Remove Use this screen to purge logs collected over a specified period of time. This helps clear up space in Vantage Report. Click Logs > Log Remove. The following screen displays. Figure 194 Logs > Log Remove Each field is described in the following table.
• Export the current device panel to XML and import devices from XML • Upgrade to a new software release of Vantage Report • Register Vantage Report (You have to register Vantage Report if you want to get the trial version, upgrade to the full version, or increase the number of devices Vantage Report supports.)
Page 424
Vantage Report sends a notification to the e-mail address (if any) for the user account. root Stored Log Days Enter the number of days you want to store logs in Vantage Report before removing them. Language Choose Choose the language for the Vantage Report. Apply Click this to save your settings.
Configure any software firewalls installed on the host computers to allow NetBIOS packets from the Vantage server. Set the ZyXEL device to allow NetBIOS traffic between interfaces. You need to configure both the individual interface screens (like LAN, WAN, DMZ) and the firewall to allow NetBIOS packets from the Vantage server.
Page 426
For Windows Vista, click View status next to the Connection field. A screen appears and then click Properties. For Windows 7, click Local Area Connection and then click Properties. Figure 198 Windows XP: Control Panel: Network Connections: Properties Vantage Report User’s Guide...
Page 427
For Windows 2000, the Internet Protocol TCP/IP Properties window opens. Click Advanced and then the WINS tab. In Windows Vista/7, The Internet Protocol Version 4 (TCP/IPv4) Properties window opens, click Advanced and then the WINS tab. Figure 200 Windows XP: Advanced TCP/IP Settings: WINS Vantage Report User’s Guide...
OK. Click OK (and Close) to close the previously opened windows. Turn on your ZyXEL device and restart your computer (if prompted). 13.2 Server Configuration Screen Note: Only the root account or accounts in the 'super' group can open this screen.
Send Test E-mail Note: You should click Apply before you click Test. to Administrator Click this to send a test message from the Vantage Report account to the e-mail address, if any, for the user account. root...
Backup Click this to look at or save the current settings in the General Configuration, Server Configuration, User Management, and Device List screens. Vantage Report saves the current settings in XML format. File Name / Enter the XML file name that contains the settings you want to Browse restore.
You can use this screen to export the current device panel to an XML file, or you can add devices stored in XML format to Vantage Report. To access this screen, click System Setting > Data Maintenance > Device List.
Chapter 13 System Setting Use this screen to install new releases of Vantage Report. Do not use this screen to upgrade to the full version. To access this screen, click System Setting > Upgrade. Figure 204 System Setting > Upgrade Each field is described in the following table.
To access this screen, click System Setting > Registration. Figure 205 System Setting > Registration The fields in this screen depend on what version (basic or full) of Vantage Report you have and whether or not you have used the registration screens to log into myZyXEL.com.
Otherwise, the Registration screen appears. 13.5.2 Registration > Upgrade Screen Note: The Vantage Report server must be connected to the Internet to use this screen. To access this screen, click Trial or Upgrade in System Setting > Registration.
13.6 Notification Use this screen to manage your Vantage Report notifications. Based on the monitoring data collected and the notifications you set, Vantage Report can send e-mail, E-mail SMS, and/or Web SMS notifications to you when events happen in monitored devices.
Page 436
Some choices are not available, depending on the number of pages. Enter the page number you want to see, and click Go. Click this to add the rule to the Vantage Report. Delete Select the check box(es) of the rule(s) you want to delete and then click this button.
Use this screen to create or edit a notification. Click Add or click a notification’s name in the System Setting > Notification screen to open the following screen. Figure 208 System Setting > Notification > Add/Edit Vantage Report User’s Guide...
Page 438
This shows the basic information for the notification. Email Email Status Select Active to enable the Vantage Report to send this type of notification to the configured e-mail address(es) in the Destination E-mail Address field. Alternatively, select Paused to disable it.
Click this to exit this screen without saving any changes. 13.7 Rule-Based Alert Use this screen to manage your Vantage Report alert system. Based on the monitoring data collected and the rules you set, Vantage Report can send e-mail notifications and keep you in the loop on events happening in monitored devices.
Some choices are not available, depending on the number of pages. Enter the page number you want to see, and click Go. Click this to add the rule to the Vantage Report. Delete Select the check box(es) of the rule(s) you want to delete and then click this button.
Page 441
Note: These condition filters only apply to the ZLD platform type. In case you want to know how much of the system resources are being used by the monitored devices, use this screen to configure a rule for CPU, memory and session usage conditions. Vantage Report User’s Guide...
Page 442
Click this if you want all criteria to apply before Vantage Report sends following out a notification. Match any of the Click this if you want Vantage Report to send out a notification even if following only one criteria has been met. Alert Setting Vantage Report sends out a notification immediately as soon as conditions set in the rule are detected.
Page 443
Table 194 System Setting > Rule-based Alert > Add/Edit > CPU/Memory/Session Usage LABEL DESCRIPTION Second Alert Specify when you want Vantage Report to send a second e-mail after.. minutes notification. Enter the number of minutes between 1 to 60. Enter 0 to disable this. Third alert after..
Page 444
Using the previous example, you can set the period to 5 minutes. This means that if the device reaches or exceeds 100 KByte/s of outgoing port traffic for 5 minutes, Vantage Report sends out an alert. Section Table 194 on page 442 for descriptions of other table fields found in this screen.
Page 445
Using the previous example, you can set the period to 5 minutes. This means that if the device reaches or exceeds 100 KByte/s of interface traffic for 5 minutes, Vantage Report sends out an alert. Section Table 194 on page 442 for descriptions of other table fields found in this screen.
Page 446
Table 197 System Setting > Rule-based Alert > Add/Edit > Service LABEL DESCRIPTION Condition Select Service in this field. Interface Type Select which service type you want to monitor. Choose one of the following. • WEB • FTP • MAIL • IPSec VPN • SSL VPN Vantage Report User’s Guide...
Page 447
For example, choose MAIL,select >= and set the percentage value to 100 KByte/s. This means Vantage Report sends an alert once a monitored device uses or exceeds 100 KBytes for mail for a set time (see Period.. minutes field below).
Page 448
For example, choose Attack,select >= and set the percentage value to 5. This means Vantage Report sends an alert once a monitored device receives 5 attacks for a set time (see Period..
Page 449
For example, select >= and set the percentage value to 100 KByte/s. This means Vantage Report sends an alert once a monitored device uses or exceeds 100 KBytes/s bandwidth for a set time (see Period.. minutes field below).
Page 450
Chapter 13 System Setting Vantage Report User’s Guide...
The root account or accounts in the 'super' group can use these screens to view, add, edit, or remove Vantage Report groups and users. Other users can only use these screens to look at and edit their user settings, including their password. The screens are the same except where noted below.
This field displays the type of the user group. • Super displays if the group has read/write/execute permissions for all Vantage Report screens. • Normal displays if the group has read/write permissions for the Monitor, Report and Logs > Log Reviewer screens.
Click this to return to the previous screen without saving any changes. 14.2 Account Screen Use the Account screen to manage user accounts for Vantage Report. Click User Management > Account to open the Account screen. Figure 218 User Management > Account...
Click this to delete the user accounts that are selected in Index field. If a user is currently logged in, the user is kicked out of the system the next time the session accesses the Vantage Report server. 14.2.1 Account > Add/Edit User Account Screen Use this screen to add or edit a user account.
Page 455
Apply Click this to save your settings and close the screen. Reset Click this to change the settings in this screen to the last-saved values. Cancel Click this to close the screen without saving any changes. Vantage Report User’s Guide...
Page 456
Chapter 14 User Management Vantage Report User’s Guide...
Page 457
Chapter 14 User Management Vantage Report User’s Guide...
Page 458
Chapter 14 User Management Vantage Report User’s Guide...
H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. I cannot start the Vantage Report sever. Make sure the following system variables are defined. PATH=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem Do the following to check these variables in different operating systems.
Page 460
Vantage Report server, especially if the Vantage Report server runs behind a NAT or firewall. Check the amount of available disk space on the Vantage Report server. If it is less than the value in...
Page 461
• In Firefox, click Tools > Options > Privacy > Cache > Clear Cache Now. • In Mozilla, click Edit > Preferences > Privacy > Cache > Clear. Close your browser and open a new web configurator session. The version number should be updated. Vantage Report User’s Guide...
Appendices and Index Product Specifications (465) Setting up Your Computer’s IP Address (473) ZyNOS Log Descriptions (481) ZyWALL 1050 and ZyWALL USG Series Log Descriptions (507) Open Software Announcements (553) Legal Information (591) Index (593)
Maximum number of logs for each device 15,000,000 Warning: Maximum number of logs for each device 10,000,000 Minimum amount of free disk space required to run Vantage Report 800 MB Warning: Minimum amount of free disk space required to run Vantage Per Low free disk Report Mark.
Page 466
Monitor the status of all your ZyXEL devices in one application. Logs You can also look at the logs for all your ZyXEL devices in Vantage Report. In normal operation, this information should be no older than five minutes, worst-case.
Page 467
Appendix A Product Specifications The following table lists which features Vantage Report supports with various firmware versions of various devices. Table 209 VRPT 3.5 Device and Feature Support ZYWALL ZYWALL ZYWALL ZYWALL ZYWALL ZYWALL 1050 / P-662 2 PLUS /...
Page 468
Top Sites Top Tunnels Top Protocols Top Hosts Top Users Destinations Remote Access (IPSec) User Status Top Protocols Destinations Top Users Remote Access (SSL) User Status Top Protocols Destinations Applications Top Users Xauth Successful Login Failed Login Vantage Report User’s Guide...
Page 469
Top Sources Destinations AntiSpam Summary (N/A for ZyWALL P1) Top Senders (N/A for ZyWALL P1) Top Sources (N/A for ZyWALL P1) Report > Security Policy Firewall Access Control Top Users Blocked Top Packets Blocked Application Access Control Vantage Report User’s Guide...
Top Sites Top Hosts Top Users Report > Event Login Successful Login Failed Login Sessions Per Host Top Hosts Top Users Report > Report > Schedule Report Summary Configure Template Logo Template Logs Log Viewer Log Receiver Vantage Report User’s Guide...
Page 471
VRPT System Logs Log Archiving File Archiving Settings View Archived Files Log Remove A. ZyWALL USG series includes ZyWALL 100 / 200 / 300 / 1000 / 2000. B. Only for the firmware version 2.20 and above. Vantage Report User’s Guide...
Page 472
Appendix A Product Specifications Vantage Report User’s Guide...
"communicate" with your network. If you manually assign IP information instead of using dynamic assignment, make sure that your computers have IP addresses that place them in the same subnet as the Prestige’s LAN port. Vantage Report User’s Guide...
Page 474
Appendix B Setting up Your Computer’s IP Address Windows 2000/NT/XP For Windows XP, click start, Control Panel. In Windows 2000/NT, click Start, Settings, Control Panel. Figure 220 Windows XP: Start Menu Vantage Report User’s Guide...
Page 475
For Windows XP, click Network Connections. For Windows 2000/NT, click Network and Dial-up Connections. Figure 221 Windows XP: Control Panel Right-click Local Area Connection and then click Properties. Figure 222 Windows XP: Control Panel: Network Connections: Properties Vantage Report User’s Guide...
Page 476
Properties. Figure 223 Windows XP: Local Area Connection Properties The Internet Protocol TCP/IP Properties window opens (the General tab in Windows XP). • If you have a dynamic IP address click Obtain an IP address automatically. Vantage Report User’s Guide...
Page 477
Gateway. To manually configure a default metric (the number of transmission hops), clear the Automatic metric check box and type a metric in Metric. • Click Add. • Repeat the previous three steps for each default gateway you want to add. • Click OK when finished. Vantage Report User’s Guide...
Page 478
Click OK to close the Internet Protocol (TCP/IP) Properties window. Click OK to close the Local Area Connection Properties window. 10 Turn on your ZyXEL device and restart your computer (if prompted). Verifying Settings Click Start, All Programs, Accessories and then Command Prompt.
Page 479
Appendix B Setting up Your Computer’s IP Address Vantage Report User’s Guide...
Page 480
Appendix B Setting up Your Computer’s IP Address Vantage Report User’s Guide...
Time initialized by Time server The router got the time and date from the NTP server. Time initialized by NTP server The router was not able to connect to the Daytime Connect to Daytime server server. fail Vantage Report User’s Guide...
Page 482
The myZyXEL.com service registration failed due to the error listed. If you are unable to register for services at myZYXEL.com, the error message displayed in this log may be useful when contacting customer support. Vantage Report User’s Guide...
Page 483
[ TCP | UDP | IGMP | ESP | GRE | OSPF ] The router blocked a packet that didn't have a Packet without a NAT table entry corresponding NAT table entry. blocked: [ TCP | UDP | IGMP | ESP | GRE | OSPF ] Vantage Report User’s Guide...
Page 484
UDP idle timeout: 3 minutes TCP connection (three way handshaking) timeout: 270 seconds TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in the TCP header). TCP idle (established) timeout (s): 150 minutes TCP reset timeout: 10 seconds Vantage Report User’s Guide...
Page 485
The firewall does not support this kind of ICMP Unsupported/out-of-order ICMP: packets or the ICMP packets are out of order. ICMP The router sent an ICMP reply packet to the Router reply ICMP packet: ICMP sender. Vantage Report User’s Guide...
Page 486
The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is ppp:IPCP Closing closing. Table 218 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall. UPnP pass through Firewall Vantage Report User’s Guide...
Page 487
The Vantage Report cannot get the IP address of the external DNS resolving failed content filtering via DNS query. Creating socket failed The Vantage Report cannot issue a query because TCP/IP socket creation failed, port:port number. The connection to the external content filtering server failed.
Page 488
ICMP Time Exceed ICMP The firewall detected an ICMP Destination Unreachable ICMP Destination attack. Unreachable ICMP The firewall detected an ICMP ping of death attack. ping of death. ICMP The firewall detected an ICMP smurf attack. smurf ICMP Vantage Report User’s Guide...
Page 489
The MAC filter blocked a wireless station from connecting WLAN MAC Filter Fail to the device. The MAC filter allowed a wireless station to connect to WLAN MAC Filter Success the device. A wireless station associated with the device. WLAN STA Association Vantage Report User’s Guide...
Page 490
2 SAs has been exceeded reached. Phase 2 Quick Mode has started. Start Phase 2: Quick Mode The connection failed during IKE phase 2 because the Verifying Remote ID failed: router and the peer’s Local/Remote Addresses don’t match. Vantage Report User’s Guide...
Page 491
Mode request from <IP> The router started negotiation with the peer. Send <Main or Aggressive> Mode request to <IP> The peer’s “Local IP Address” is invalid. Invalid IP <Peer local> / <Peer local> Vantage Report User’s Guide...
Page 492
Rule[%d] Phase 1 negotiation match between the router and the peer. mode mismatch The listed rule’s IKE phase 1 encryption algorithm did Rule [%d] Phase 1 encryption not match between the router and the peer. algorithm mismatch Vantage Report User’s Guide...
Page 493
The listed rule’s IKE phase 1 did not match between Rule [%d] phase 1 mismatch the router and the peer. The listed rule’s IKE phase 2 did not match between Rule [%d] phase 2 mismatch the router and the peer. Vantage Report User’s Guide...
Page 494
IP [%s] is changed to %s" address. The IP address for the domain name of the Vantage New My Vantage Report Addr in Report in the listed rule changed to the listed IP rule [%s] is changed to %s address.
Page 495
Certificate was revoked by a CRL. Certificate was not added to the cache. Certificate decoding failed. Certificate was not found (anywhere). Certificate chain looped (did not find trusted root). Certificate contains critical extension that was not handled. Vantage Report User’s Guide...
Page 496
The router logged out a user who ended the User logout because of user session. deassociation. The router logged out a user from which there was User logout because of no no authentication response. authentication response from user. Vantage Report User’s Guide...
Page 497
(L to L/ZW) LAN to LAN/ ACL set for packets travelling from the LAN to the Vantage Report LAN or the Vantage Report. (W to W/ZW) WAN to WAN/ ACL set for packets travelling from the WAN to the Vantage Report WAN or the Vantage Report.
Page 498
ACL set for packets travelling from the WLAN to the DMZ. (WL to WL) WLAN to WLAN/ ACL set for packets travelling from the WLAN to Vantage Report the WLAN or the Vantage Report. Table 229 ICMP Notes TYPE CODE DESCRIPTION Echo Reply...
Page 499
The device attempted to check for the latest available signature Check signature version. %s gives details. Either the check was unsuccessful due version - %s. to the server being busy or the device is already using the latest available firmware. Vantage Report User’s Guide...
Page 500
Internet. %s describes the reason for the error. You may need to update - %s! provide the error message when contacting customer support if you are repeatedly unable to download the signature file from the update server. Vantage Report User’s Guide...
Page 501
Spam Score:%d Mail than or equal to the spam score threshold. From:%EMAIL_ADDRESS% Subject:%MAIL_SUBJECT%!%MAIL_DIRECTIO The number of concurrent mail sessions Exceed maximum mail sessions went over the limit (%d). (%d).%MAIL_DIRECTION% Vantage Report User’s Guide...
Page 502
(D to D) (D to W2) (D to WL) WAN2 (W2 to L) (W2 to (W2 to D) (W2 to W2) (W2 to WLAN (WL to L) (WL to (WL to D) (WL to W2) (WL to Vantage Report User’s Guide...
Page 503
"Traffic Log". The "proto" field lists the service msg="Traffic Log" name. The "dir" field lists the incoming and outgoing note="Traffic Log" devID="<mac interfaces ("LAN:LAN", "LAN:WAN", "LAN:DMZ", address>" cat="Traffic Log" "LAN:DEV" for example). duration=seconds sent=sentBytes rcvd=receiveBytes dir="<from:to>" protoID=IPProtocolID proto="serviceName" trans="IPSec/Normal" Vantage Report User’s Guide...
Page 504
The definition of dst="<dstIP:dstPort>" messages and notes are defined in the IDP ob="<0|1>" ob_mac="<mac categories. address>" msg="<msg>" note="<note>" devID="<mac address>" cat="IDP" class="<idp class>" act="<idp action>" sid="<idp sid> count="1" Vantage Report User’s Guide...
Page 505
Please refer to the RFC for detailed information on each type. Table 236 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID Vantage Report User’s Guide...
%s: website host The device allowed access to a web site. The content filtering %s: Service is not service is unregistered and the default policy is not set to registered block. %s: website host Vantage Report User’s Guide...
Page 508
The web site contains Java applet and access was blocked %s: Contains Java according to a profile. applet %s: website host The web site contains a cookie and access was blocked %s: Contains cookie according to a profile. %s: website host Vantage Report User’s Guide...
Page 509
The specified user was signed out by the device due to a re- %s %s from %s has been authentication timeout. logged out (re-auth timeout) 1st %s: Administrator|Limited-Admin|User|Ext-User|Guest 2nd %s: username 3rd %s: service name (HTTP/HTTPS, FTP, telnet, SSH, console) NOTE field: %s means username. Vantage Report User’s Guide...
Page 510
The device blocked a login because the maximum Failed %s login simultaneous login capacity for the administrator or access attempt (reach the account has already been reached. maximum number of simultaneous logon) %s: service name Vantage Report User’s Guide...
Page 511
Standard service activation failed, this log will append an error Standard service message returned by the MyZyXEL.com server. activation has failed:%s. %s: error message returned by the myZyXEL.com server Standard service activation has succeeded. Standard service activation has succeeded. Vantage Report User’s Guide...
Page 512
The device sent packets to the MyZyXEL.com server, but did Get server response not receive a response. The root cause may be that the has failed. connection is abnormal. Vantage Report User’s Guide...
Page 513
%d: retry times (1~3) The device could not resolve the myZyXEL.com server's FQDN Resolve server IP has to an IP address through gethostbyname(). failed. The device could not connect to the MyZyXEL.com server. Connect to MyZyXEL.com server has failed. Vantage Report User’s Guide...
Page 514
MyZyXEL.com server or by the device’s own count. The device only supports SSLv3 protocol. %d: SSL version Unknown TLS/SSL assigned by client. version: %d. Vantage Report User’s Guide...
Page 515
System internal error. Get IDP engine activation flag failed. System internal error. Detect IDP engine status failed. Enable IDP engine activation flag failed. System internal error. Enable IDP failed. Disable IDP engine activation flag failed. System internal error.Disable IDP failed. Vantage Report User’s Guide...
Page 516
<line>, sid <sid>, <error_message>. Custom signature replacing failed. Error line number of file, Custom signature sid and message will be shown replace error: line <line>, sid <sid>, <error_message>. Vantage Report User’s Guide...
Page 518
Application patrol zysh initialization failed. Protocol file import System fatal error: error. 60005001. Application patrol zysh initialization failed. Shared memory System fatal error: failed. 60005002. Application patrol zyio failed. Fail to do zyio operation. System fatal error: 60005017. Vantage Report User’s Guide...
Page 519
System fatal error: 60018014. Fail to retrieve user event from uamd. System fatal error: 60018015. Application patrol daemon (process) shared memory generate System fatal error: failed. 60018016. Fail to get share memory. System fatal error: 60018017. Vantage Report User’s Guide...
Page 520
Table 244 IKE Logs LOG MESSAGE DESCRIPTION %s:%s is the peer IP:Port. Peer has not announced capability. %s:%s has not announced DPD capability Cannot find SA according to the cookie. [COOKIE] Invalid cookie, no sa found Vantage Report User’s Guide...
Page 521
[SA] : Tunnel [%s] was not a ISKAMP packet in the protocol field. Phase 1 invalid protocol %s is the tunnel name. When negotiating Phase-1, the [SA] : Tunnel [%s] transform ID was invalid. Phase 1 invalid transform Vantage Report User’s Guide...
Page 522
Could not dial manual dialed. key tunnel "%s" When receiving a DPD response with invalid ID ignored. DPD response with invalid ID When receiving a DPD response with no active query. DPD response with no active request Vantage Report User’s Guide...
Page 523
%s is the tunnel name. The device received an IKE request. Tunnel [%s] Recving IKE request %s is the tunnel name. The device sent an IKE request. Tunnel [%s] Sending IKE request Vantage Report User’s Guide...
Page 524
Sending IKE request The variables represent the tunnel name and the SPI of a Tunnel [%s:0x%x] is tunnel that was disconnected. disconnected %s is the tunnel name. The tunnel was rekeyed successfully. Tunnel [%s] rekeyed successfully Vantage Report User’s Guide...
Page 525
3rd is the to zone, 4th is the service name, 5th is ACCEPT/ DROP/REJECT. Firewall is dead, trace to %s is which file, %d is which line, %s %s:%d: in %s(): is which function %s is enabled/disabled Firewall has been %s. Vantage Report User’s Guide...
Page 526
%d is maximum sessions per host. Maximum sessions per host (%d) was exceeded. Table 248 Policy Route Logs LOG MESSAGE DESCRIPTION Policy routing can't activate BWM feature. Cann't open bwm_entries Policy routing can't detect link up/down status. Cann't open link_down Vantage Report User’s Guide...
Page 527
1st %d: the original policy route rule number 2nd %d: the new policy route rule number Rule is deleted. Policy-route rule %d was deleted. %d: the policy route rule number Policy routing rules are cleared. Policy-route rules were flushed. Vantage Report User’s Guide...
Page 528
FTP port has been changed to port %s. %s is port number assigned by user An administrator changed the port number for FTP back to the FTP port has been default (21). changed to default port. Vantage Report User’s Guide...
Page 529
An administrator added a new rule. DNS access control rule %u of DNS has %u is rule number been appended. An administrator inserted a new rule. DNS access control rule %u has been %u is rule number inserted. Vantage Report User’s Guide...
Page 530
32. The maximum number of allowable rules has been reached. Access control rules of %s have reached the %s is HTTP/HTTPS/SSH/SNMP/FTP/TELNET. maximum number of %u %u is the maximum number of access control rules. Vantage Report User’s Guide...
Page 531
A daemon (process) is gone (was killed by the operating %s is dead at %s system). 1st %s: Daemon Name, 2nd %s: date+time The count of the listed process is incorrect. %s process count is incorrect at %s 1st %s: Daemon Name, 2nd %s: date+time Vantage Report User’s Guide...
Page 532
IP address. arp response packets for the requested IP address The ARP cache was cleared successfully. Clear arp cache successfully. A client MAC address is not an Ethernet address. Client MAC address is not an Ethernet address Vantage Report User’s Guide...
Page 533
2nd %s is the FQDN of the profile. has failed because the FQDN %s was blocked for abuse. Try to update profile, but failed, because of authentication fail, Update the profile %s %s is the profile name. has failed because of authentication fail. Vantage Report User’s Guide...
Page 534
The profile is paused by device-HA, because the VRRP status The profile %s has of that iface is standby, %s is the profile name. been paused because the VRRP status of WAN interface was standby. Vantage Report User’s Guide...
Page 535
Disable DDNS. Disable DDNS has succeeded. Enable DDNS. Enable DDNS has succeeded. Rename DDNS profile, 1st %s is the original profile name, 2nd DDNS profile %s has %s is the new profile name. been renamed as %s. Vantage Report User’s Guide...
Page 536
%s: the connectivity module, currently only ICMP available. The connectivity check process can't get socket to send Create socket error packet. The connectivity check process can't get IP address of Can't get IP address interface. of %s interface %s: interface name. Vantage Report User’s Guide...
Page 537
An VRRP group has been modified, %s: the name of VRRP Device HA VRRP group group. %s has been modified. An VRRP group has been deleted, %s: the name of VRRP Device HA VRRP group group. %s has been deleted. Vantage Report User’s Guide...
Page 538
Master. A Backup device only version can not be synchronizes from the Master if the Master and the Backup recognized. Stop have the same firmware versions. syncing from Master. Vantage Report User’s Guide...
Page 539
%s has succeeded. %s: IP or FQDN of Master One of VRRP groups has became active. Device HA Sync has aborted from Master %s. Master configuration file does not exist. Skip updating ZySH Startup Configuration. Vantage Report User’s Guide...
Page 540
RIP md5 authentication id and key have been changed. RIP md5 authentication id and key have been changed. RIP global version has been changed to version 1 or 2. RIP global version has been changed to %s. Vantage Report User’s Guide...
Page 541
%s. 1st %s: Interface Name, 2nd %s: RIP interface %s has been reset to current global version %s. RIP v2-broadcast on interface %s has been disabled. %s: RIP v2-broadcast on Interface Name interface %s has been disabled. Vantage Report User’s Guide...
Page 542
The FTP Application Layer Gateway (ALG) has been turned on %s FTP ALG has or off. succeeded. %s: Enable or Disable Extra FTP ALG port has been changed. Extra signal port of FTP ALG has been modified. Vantage Report User’s Guide...
Page 543
X509certifiate "%s" successfully The router was not able to create an X509 format certificate Generate X509 with the specified name. See Table 256 on page 546 certificate "%s" details about the error number. failed, errno %d Vantage Report User’s Guide...
Page 544
Certificates. %s is the certificate request name. certificate "%s" into "My Certificate" successfully The device imported a PKCS#7 format certificate into My Import PKCS#7 Certificates. %s is the certificate request name. certificate "%s" into "My Certificate" successfully Vantage Report User’s Guide...
Page 545
"%s" with name. incorrect password %s is the subject. Cert trusted: %s %d is an error number (see Table 256 on page 546), %s is the Due to %d, cert not certificate subject. trusted: %s Vantage Report User’s Guide...
Page 546
CRL is not currently valid, but in the future. CRL contains duplicate serial numbers. Time interval is not continuous. Time information not available. Database method failed due to timeout. Database method failed. Path was not verified. Maximum path length reached. Vantage Report User’s Guide...
Page 547
An administrator added a new interface. %s: interface name. Interface %s has been added. An administrator enabled an interface. %s: interface name. Interface %s is enabled. An administrator disabled an interface. %s: interface name. Interface %s is disabled. Vantage Report User’s Guide...
Page 548
MS-CHAP authentication failed (the server must support MS- Interface %s connect CHAP and verify that the authentication failed, this does not failed: MS-CHAP include cases where the server does not support MS-CHAP). authentication failed. %s: interface name. Vantage Report User’s Guide...
Page 549
A user changed an ISP account profile’s options. changed. 1st %s: profile type, 2nd %s: profile name. Account %s %s has been A user added a new ISP account profile. added. 1st %s: profile type, 2nd %s: profile name. Vantage Report User’s Guide...
Page 550
Force user authentication will be turned off because HTTP Force User server was turned off. Authentication will be disabled due to http server is disabled. Force User Authentication may not work properly! Vantage Report User’s Guide...
Page 551
An EPS pofile was modified. %s is the EPS profile name. EPS profile %s has been modified. An administrator reset EPS signatures back to the factory 'EPS' signature file defaults. is replaced with default one. Vantage Report User’s Guide...
Page 552
Operating System. A user’s computer failed to pass an EPS checking item about Windows version check the Windows version. fail in %s A user’s computer passed all the EPS checking items. EPS checking result is pass. Vantage Report User’s Guide...
No part may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, except the express written permission of ZyXEL Communications Corporation. This Product includes MySQL and Anomic under GNU GENERAL PUBLIC...
Page 554
To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. Vantage Report User’s Guide...
Page 555
Section 1 above, provided that you also meet all of these conditions: a. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. Vantage Report User’s Guide...
Page 556
3.You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: Vantage Report User’s Guide...
Page 557
Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. Vantage Report User’s Guide...
Page 559
WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/ OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, Vantage Report User’s Guide...
Page 560
"copyright" line and a pointer to where the full notice is found. ONE LINE TO GIVE THE PROGRAM'S NAME AND A BRIEF IDEA OF WHAT IT DOES. Copyright (C) YYYY NAME OF AUTHOR Vantage Report User’s Guide...
Page 561
You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Vantage Report User’s Guide...
Page 562
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. Vantage Report User’s Guide...
Page 563
Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Vantage Report User’s Guide...
Page 564
For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/ Linux operating system. Vantage Report User’s Guide...
Page 565
For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Vantage Report User’s Guide...
Page 566
You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. Vantage Report User’s Guide...
Page 567
General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Vantage Report User’s Guide...
Page 568
When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if Vantage Report User’s Guide...
Page 569
Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) Vantage Report User’s Guide...
Page 570
7. You may place library facilities that are a work based on the Library side-by- side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate Vantage Report User’s Guide...
Page 571
(whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations Vantage Report User’s Guide...
Page 572
Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you Vantage Report User’s Guide...
Page 573
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Vantage Report User’s Guide...
Page 574
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. Vantage Report User’s Guide...
Page 575
SELECT THE "DECLINE" BUTTON AT THE BOTTOM OF THE AGREEMENT AND THE DOWNLOAD OR INSTALL PROCESS WILL NOT CONTINUE. 1. DEFINITIONS. "Software" means the identified above in binary form, any other machine readable materials (including, but not limited to, libraries, source files, Vantage Report User’s Guide...
Page 576
This limited warranty gives you specific legal rights. You may have others, which vary from state to state. 5. DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A Vantage Report User’s Guide...
Page 577
("Sun Marks"), and you agree to comply with the Sun Trademark and Logo Usage Requirements currently located at http://www.sun.com/policies/trademarks. Any use you make of the Sun Marks inures to Sun's benefit. Vantage Report User’s Guide...
Page 578
Binary Code License Agreement. These Supplemental Terms shall supersede any inconsistent or conflicting terms in the Binary Code License Agreement, or in any license contained within the Software. Vantage Report User’s Guide...
Page 579
Agreement, (vi) you agree to defend and indemnify Sun and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that Vantage Report User’s Guide...
Page 580
Software and/or the Publication. Your obligation to provide indemnification under this section shall arise provided that Sun: (i) provides you prompt notice of the claim; (ii) gives you sole control of the defense and Vantage Report User’s Guide...
Page 581
All source code, binaries, documentation and other files distributed with Quartz Enterprise Job Scheduler are subject to the following license terms, and are held under the following copyright, unless otherwise noted within the individual files. Copyright James House (c) 2001-2004 Vantage Report User’s Guide...
Page 582
This product uses and includes within its distribution, software developed by the Apache Software Foundation (http://www.apache.org/) This Product includes Stuts and Tomcat under Apache License Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION Vantage Report User’s Guide...
Page 583
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). Vantage Report User’s Guide...
Page 584
Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution Vantage Report User’s Guide...
Page 585
Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. Vantage Report User’s Guide...
Page 586
License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Vantage Report User’s Guide...
Page 587
TERMS CAREFULLY BEFORE COMPLETING THE INSTALLATION PROCESS AS INSTALLING THE SOFTWARE WILL INDICATE YOUR ASSENT TO THEM. IF YOU DO NOT AGREE TO THESE TERMS, THEN ZyXEL, INC. IS UNWILLING TO LICENSE THE SOFTWARE TO YOU, IN WHICH EVENT YOU SHOULD RETURN THE UNINSTALLED SOFTWARE AND PACKAGING TO THE PLACE FROM WHICH IT WAS ACQUIRED, AND YOUR MONEY WILL BE REFUNDED.
Page 588
Software as long as this License Agreement remains in full force and effect. Ownership of the Software, Documentation and all intellectual property rights therein shall remain at all times with ZyXEL. Any other use of the Software by any other entity is strictly forbidden and is a violation of this License Agreement.
Page 589
AND NO WARRANTIES SHALL APPLY AFTER THAT PERIOD. 7.Limitation of Liability IN NO EVENT WILL ZyXEL BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES FOR LOSS OF...
Page 590
Software and Documentation in your possession or under your control. ZyXEL may terminate this License Agreement for any reason, including, but not limited to, if ZyXEL finds that you have violated any of the terms of this License Agreement. Upon notification of termination, you agree to destroy or return to ZyXEL all copies of the Software and Documentation and to certify in writing that all known copies, including backup copies, have been destroyed.
553. Disclaimer ZyXEL does not assume any liability arising out of the application or use of any products, or software described herein. Neither does it convey any license under its patent rights nor the patent rights of others. ZyXEL further reserves the right to make changes in any products described herein without notice.
Page 592
ZyXEL's and its suppliers' entire liability and your exclusive remedy shall be, at ZyXEL's option, either (a) return of the price paid, if any, or (b) repair or replacement of the SOFTWARE that does not meet ZyXEL's Limited Warranty and which is returned to ZyXEL with a copy of your receipt.
Page 595
33, 34 operation system support main screen other service traffic parts of configure customized service field memory usage statistical reports monitors minimum hardware requirements monitors anti-spam anti-virus attacks password bandwidth default value 61, 66 Vantage Report User’s Guide...
Page 596
52, 424, 466 anti-virus reverse DNS lookup attacks basic vs. full version dates reverse hostname default chart type 52, 424 reverse hostname lookup FTP traffic basic vs. full version graph graph type last x days mail traffic Vantage Report User’s Guide...
Page 597
Vantage Report users. See users. 395, 396 time version clock time license processing time differences full title bar trial...
Page 598
Xauth ZLD-based ZyXEL devices ZyNOS ZyNOS-based ZyXEL devices ZyWALL 1050 feature support ZyWALL USG series feature support ZyXEL device corresponding configuration device type setting edit basic information feature support MAC setting 37, 48 model name move Vantage Report User’s Guide...