ZyXEL Communications Vantage Report User Manual
  1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Software
  5. VANTAGE REPORT -
  6. User manual

ZyXEL Communications Vantage Report User Manual

User guide
Hide thumbs Also See for Vantage Report:
1
2
3
4
5
6
Table Of Contents
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual
Vantage Report
Default Login Details
IP Address
http://{Vantage
Report server's IP
address}:8080/
User Name
Password
Software Version 3.6
www.zyxel.com
Edition 1, 5/2011
www.zyxel.com
vrpt
root
root
Copyright © 2011
ZyXEL Communications Corporation

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Vantage Report and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for ZyXEL Communications Vantage Report

Summary of Contents for ZyXEL Communications Vantage Report

  • Page 1 Vantage Report Default Login Details IP Address http://{Vantage Report server’s IP address}:8080/ vrpt User Name root Password root Software Version 3.6 www.zyxel.com Edition 1, 5/2011 www.zyxel.com Copyright © 2011 ZyXEL Communications Corporation...

  • Page 3: About This User's Guide

    About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the Vantage Report using the web configurator. You should have at least a basic knowledge of TCP/IP networking concepts and topology.
  • Page 4 • Product model and serial number. • Warranty Information. • Date that you received your device. • Brief description of the problem and the steps you took to solve it. Vantage Report User’s Guide...

  • Page 5: Document Conventions

    Syntax Conventions • The version number on the title page is the version of Vantage Report that is documented in this User’s Guide. • Enter means for you to type one or more characters and press the carriage return.
  • Page 6 Your product is marked with this symbol, which is known as the WEEE mark. WEEE stands for Waste Electronics and Electrical Equipment. It means that used electrical and electronic products should not be mixed with general waste. Used electrical and electronic equipment should be treated separately. Vantage Report User’s Guide...

  • Page 7: Table Of Contents

    Contents Overview Contents Overview Introduction ..........................19 Introducing Vantage Report ....................... 21 The Vantage Report Server ....................... 23 The Web Configurator ....................... 33 Monitors, Reports and Logs ....................63 Monitor ............................65 Network Traffic ........................... 95 Secure Remote Access ......................183 Network Security ........................
  • Page 8 Contents Overview Vantage Report User’s Guide...

  • Page 9: Table Of Contents

    1.3 Hardware Requirements ...................... 22 Chapter 2 The Vantage Report Server ....................23 2.1 Starting and Stopping the Vantage Report Server ............... 23 2.2 E-Mail in the Vantage Report Server ................... 24 2.3 Time in the Vantage Report Server ..................25 2.4 Common Terms ........................
  • Page 10 5.1.3 Bandwidth Top Protocols ..................100 5.1.4 Bandwidth Top Protocols Drill-Down ................ 104 5.1.5 Top Bandwidth Hosts ....................106 5.1.6 Top Bandwidth Hosts Drill-Down ................110 5.1.7 Top Bandwidth Users ....................112 5.1.8 Top Bandwidth Users Drill-Down ................115 Vantage Report User’s Guide...
  • Page 11 6.1.3 Top VPN Peer Gateways ..................186 6.1.4 Top VPN Peer Gateways Drill-Down ................ 189 6.1.5 Top Secure Remote Access Sites ................191 6.1.6 Top Secure Remote Access Sites Drill-Down ............194 6.1.7 Top Secure Remote Access Tunnels ............... 196 Vantage Report User’s Guide...
  • Page 12 7.1.1 Top Users Blocked ....................269 7.1.2 Top Packets Blocked ....................272 7.2 Attack ..........................275 7.2.1 Attack Summary ....................... 275 7.2.2 Attack Summary Drill-Down ..................278 7.2.3 Top Attacks ....................... 279 7.2.4 Top Attacks Drill-Down ..................... 282 Vantage Report User’s Guide...
  • Page 13 8.2 Spam ..........................349 8.2.1 Spam Summary ......................349 8.2.2 Spam Summary Drill-Down ..................352 8.2.3 Top Spam Senders ....................353 8.2.4 Top Spam Sources ....................356 8.2.5 Spam Scores ......................359 8.3 Intrusion Hits ........................361 Vantage Report User’s Guide...
  • Page 14 9.3.5 Top Intrusion Hits Sources ..................428 9.3.6 Top Intrusion Hits Sources Drill-Down ..............431 9.3.7 Top Intrusion Hits Destinations ................. 433 9.3.8 Top Intrusion Hits Destinations Drill-Down ............... 436 9.3.9 Intrusion Hits Severities ..................438 Vantage Report User’s Guide...
  • Page 15 10.4.3 Top Applications Allowed ..................494 Chapter 11 Event ............................499 11.1 Successful Logins ......................499 11.2 Failed Logins ........................501 11.3 Top Sessions Per Host ..................... 502 11.4 Top Sessions Per User ....................505 Chapter 12 Schedule Report ........................509 Vantage Report User’s Guide...
  • Page 16 14.5 Registration Screens ....................... 558 14.5.1 Registration Summary Screen ................559 14.5.2 Registration > Upgrade Screen ................560 14.6 Notification ........................561 14.6.1 Add/Edit a Notification .................... 563 14.7 Rule-Based Alert ......................565 14.7.1 Add/Edit a Rule-based Alert ................... 566 Vantage Report User’s Guide...
  • Page 17 Appendix A Product Specifications..................589 Appendix B ZyWALL USG Series and ZyWALL 1050 Log Descriptions ......599 Appendix C ZyNOS Log Descriptions .................. 645 Appendix D Open Software Announcements ............... 671 Appendix E Legal Information ....................709 Index............................711 Vantage Report User’s Guide...
  • Page 18 Table of Contents Vantage Report User’s Guide...

  • Page 19: Introduction

    Introduction Introducing Vantage Report (21) The Vantage Report Server (23) The Web Configurator (33)

  • Page 21: Introducing Vantage Report

    In this example, you use the web configurator (A) to set up the Vantage Report server (B). You also configure the ZyXEL devices (C) to send their logs and traffic statistics to the Vantage Report Server. The Vantage Report server collects this information. Then, you can •...

  • Page 22: License Versions

    Vantage Report, you get the basic version. Note: This User’s Guide discusses the features in the full version. Register Vantage Report to use the full version to manage one device. Purchase E- Vantage Report license keys to add more devices. See Section 14.5 on page 558...

  • Page 23: The Vantage Report Server

    2.1 Starting and Stopping the Vantage Report Server Note: Make sure the port Vantage Report uses for web services is not used by other applications, especially web servers. The Vantage Report server runs as a service on the Vantage Report server. By default, this service starts automatically when you log in to the Vantage Report server.

  • Page 24: E-Mail In The Vantage Report Server

    Select Start or Stop to start or stop the Vantage Report service. Select Properties to configure the service. 2.2 E-Mail in the Vantage Report Server Note: Before the Vantage Report server can send e-mail to anyone, you have to configure the SMTP mail server. See Section 14.2 on page 554 for more information.

  • Page 25: Time In The Vantage Report Server

    (log entries or traffic statistics) from the ZyXEL devices, not the time the device puts in the entry. As soon as the Vantage Report server receives information, it replaces device times with the current time in the Vantage Report server.
  • Page 26 Chapter 2 The Vantage Report Server TERM DESCRIPTION Drill-down Report Click a link in a report to display details in another screen. For example, click Secure Remote Access > Client-to-Site (IPSec) > User Status, then click a user’s link to display a report of the services for which the user sent the most traffic.

  • Page 27: Common Icons

    Chapter 2 The Vantage Report Server 2.5 Common Icons The following table describes common icons. Table 4 Common Icons ICON DESCRIPTION The View Detail icon (in the Dashboard) lets you focus on an individual monitor report. The Settings icons open a screen where you can modify the report display settings.
  • Page 28 Chapter 2 The Vantage Report Server Table 5 ZLD-based (USG Series and ZyWALL 1050) Configuration Requirements by Menu Item USG SERIES AND ZYWALL 1050 VANTAGE REPORT MENU ITEM(S) SOURCE ADDITIONAL DATA SETTINGS* Monitor > Secure Remote Access > Client- log entries...
  • Page 29 Chapter 2 The Vantage Report Server Table 5 ZLD-based (USG Series and ZyWALL 1050) Configuration Requirements by Menu Item USG SERIES AND ZYWALL 1050 VANTAGE REPORT MENU ITEM(S) SOURCE ADDITIONAL DATA SETTINGS* Report > Network Security > Intrusion log entries Hits Report >...
  • Page 30 • Log Settings - If ZyXEL devices do not record some categories of log entries, Vantage Report does not have any information to display either. For example, if you want to look at VPN traffic for a particular device, the device has to record log entries for IPSec.
  • Page 31 Chapter 2 The Vantage Report Server Vantage Report User’s Guide...
  • Page 32 Chapter 2 The Vantage Report Server Vantage Report User’s Guide...

  • Page 33: The Web Configurator

    The web configurator is a browser-based interface that you can use to set up, manage, and use Vantage Report. You can run it on the Vantage Report server or on a different computer. Your web browser should meet the following requirements: •...
  • Page 34 Figure 6 Web Configurator Login Screen Note: If you forget your password, enter your user name, and click Forget Password?. Vantage Report sends your password to the e-mail address (if any) for your User Name. See Section 2.2 on page 24...
  • Page 35 Click the Login button. The System Dashboard screen appears. See Section 3.6.1 on page 53 for the field descriptions in this screen. Figure 7 Dashboard Manually add a device to Vantage Report. See Table 8 on page 38 for how to add a device. Vantage Report User’s Guide...
  • Page 36 • The report and setting window (D) - shows the selected report for the selected device(s) or the related setting screens. Note: For security reasons, Vantage Report automatically times out after fifteen minutes of inactivity. Log in again if this happens.

  • Page 37: Main Menu Bar

    Vantage Report, and remove devices from Vantage Report. Note: You have to add the device to the device window if you want Vantage Report to store log or traffic information from this device. If the Vantage Report server receives logs or traffic information from a device that is not in this list, it discards the logs.
  • Page 38 Each numbered section above is described in the following table. Table 8 Device Window SECTION DESCRIPTION To add a device to Vantage Report, • right click on root, and select Add Device. The Add Device screen appears in the device window. (See Figure 11.)
  • Page 39 You can click the magnifying glass again to look for another match. When you add a device to Vantage Report, you can specify the name, MAC address, type, and any notes for the device. When you click on the device, this information is displayed in the report and setting window (see Section 3.6.1 on...
  • Page 40 1-28 characters long. This name is used to refer to the device (or folder) in Vantage Report, and it has to be different than other device (or folder) names in Vantage Report. You can use the system name of a device as the name for that device.

  • Page 41: Menu Panel

    Table 10 expands the menu panel and introduces each monitor, statistical report, and screen. In addition, it also indicates if you can drill down into each statistical report. Vantage Report User’s Guide...
  • Page 42 Note: Not every report (or fields in a report) is available with every model of device and firmware version. See Table 267 on page 591 for a list of which items Vantage Report supports with various firmware versions of various devices. Table 10 Menu Panel LEVEL 1/2 LEVEL 3...
  • Page 43 Top Users Use this report to look at the top users generating traffic through the selected device. You can also use this report to look at the top services used by any top bandwidth user. Vantage Report User’s Guide...
  • Page 44 Use this report to look at the top sources of traffic for other services. You can also use this report to look at the top destinations of other services’ traffic for any top user. The service is selected in the main report. Vantage Report User’s Guide...
  • Page 45 Use this report to look at the remote VPN users who sent the most VPN traffic. You can also use this report to look at the services sent through VPN from or to a top user. Client-to-Site (SSL) Vantage Report User’s Guide...
  • Page 46 Use this report to look at the top categories of DoS attacks by number of attacks. You can also use this report to look at the top sources of DoS attacks for any top category. Intrusion Hits Vantage Report User’s Guide...
  • Page 47 Use this report to look at the top destinations of virus occurrences Destination by number of occurrences. You can also use this report to look at the top viruses for any top destination. Spam Vantage Report User’s Guide...
  • Page 48 Use this report to look at the top sources of attempts to access unsafe web sites by number of attempts. You can also use this report to look at the top destinations in attempts to access unsafe web sites for any top source. Vantage Report User’s Guide...
  • Page 49 Security Policy Enforcement Use this screen to see which users’ computers complied or failed to comply with defined corporate policies before they can access the network. Content Filter(All) Vantage Report User’s Guide...
  • Page 50 Use this report to look at the applications for which the device Applications blocked the most connections. Blocked Top Users Use this report to look at the users for which the device blocked Blocked the most connections. Vantage Report User’s Guide...
  • Page 51 Use these screens to look at the total number of logs that Vantage Report has received per day or per device. VRPT Use this screen to look at the Vantage Report’s system logs. System Logs Use these screens to archive historical logs regularly and store in Archiving a preferred location.

  • Page 52: Report And Setting Window

    XML file, or you can add devices stored in XML format to Vantage Report. Upgrade Use this screen to install new releases of Vantage Report. Do not use this screen to upgrade to the full version. Registration Use this screen to upgrade to the full version, or increase the number of devices Vantage Report supports.

  • Page 53: Device Information Screen

    You can create multiple layers of folders for devices. This field displays the Path name used to refer to the device in Vantage Report and the folders that the device is in. For example, if the device path is “folder1/folder2/myZW5”, “folder1”...

  • Page 54: Monitors And Statistical Reports

    For other screens, the layout is different for each one. Typical examples of monitors and statistical reports are shown in Figure Figure 16 Report and Setting Window: Monitor and Statistical Report Examples Statistical Report Monitor Vantage Report User’s Guide...
  • Page 55 SECTION DESCRIPTION Device Path, MAC: These fields display the path you added the ZyXEL device in the Vantage Report and the device’s MAC address. Print icon: Click this icon to print the current screen. This field shows the menu items you selected to open this monitor.
  • Page 56 Figure 18 Report and Setting Window Right-Click Menu Click Settings... if you want to change the Flash settings on the Vantage Report server. In most cases, this is unnecessary. Click About Adobe Flash Player 9... to get information about the current version of Flash.
  • Page 57 SECTION DESCRIPTION Device Path, MAC: These fields display the path you added the ZyXEL device in the Vantage Report and the device’s MAC address. Print icon: Click this icon to print the current screen. This field shows the menu items you selected to open this statistical report.
  • Page 58 Figure 20 Report and Setting Window Right-Click Menu Click Settings... if you want to change the Flash settings on the Vantage Report server. In most cases, this is unnecessary. Click About Adobe Flash Player 9... to get information about the current version of Flash.

  • Page 59: View Logs

    3.7 System Dashboard When you log into the Vantage Report, the System Dashboard is the first screen displayed. The screen summarizes the Vantage Report system, license, log Vantage Report User’s Guide...
  • Page 60 Free JVM Memory This field displays the amount of memory size available for Java Size applications. Log Receiver Information Total Log Number This field displays the total number of log entries the Vantage Report stores. Vantage Report User’s Guide...
  • Page 61 Table 14 System Dashboard LABEL DESCRIPTION Total Number of This field displays the total number of log entries the Vantage Report Today has received today. Max Log Number This field displays the number of a device’s log entries and the of Single Device device’s name which sends the most number of logs to the Vantage...
  • Page 62 Chapter 3 The Web Configurator Vantage Report User’s Guide...

  • Page 63: Monitors, Reports And Logs

    Monitors, Reports and Logs Monitor (65) Network Traffic (95) Secure Remote Access (183) Network Security (269) Security Policy Enforcement (443) Event (499) EPS (459) Schedule Report (509) Logs (527)

  • Page 65: Monitor

    Table 15 Monitor (Folder) LABEL DESCRIPTION Refresh Select how often (1 Minute, 5 Minutes, 10 Minutes) the Vantage Report Interval updates the information in this screen. Select None to not to update this screen. Click Refresh Now to update the screen immediately.

  • Page 66: Customize The Column Fields

    Type up to 29 alphanumeric characters for the name of the monitor item. Underscore (_) is allowed. Click this to add the monitor item to the list table below and save the changes to the Vantage Report. This field displays the index number of the monitor item. Monitor Name This field displays the name of the monitor item.

  • Page 67: Dashboard

    Monitor menu to open the screen for the device. You get to pre-configure a list of reports or monitors you want the Vantage Report to display first. The dashboard is available with the full version of Vantage Report.
  • Page 68 Then it takes you to the following screen where you can configure up to 4 monitors and/or reports shown in the device dashboard at one time. Figure 26 Dashboard Configuration Select a monitor or summary report to display for each. Vantage Report User’s Guide...

  • Page 69: Dashboard

    The dashboard looks as follows when you finish configuring it. Click the magnifying glass icon at the right bottom of each monitor or report to go to the corresponding monitor screen. The dashboard is available with the full Vantage Report User’s Guide...
  • Page 70 Chapter 4 Monitor version of Vantage Report. See Section 3.6.1 on page 53 for the field descriptions shown in the screen. Figure 28 Dashboard Configured If you want to change a dashboard monitor or report, click the icon at the top right corn.

  • Page 71: Cpu Usage Monitor

    Table 17 Monitor > Hardware Status > CPU Usage LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. The Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 72: Memory Usage Monitor

    Table 18 Monitor > Hardware Status > Memory Usage LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. The Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 73: Session Usage Monitor

    Table 19 Monitor > Network Traffic > Session Usage LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 74: Port Usage Monitor

    Rx to display received traffic throughput statistics in KBytes per second. Alternatively, select Tx-Rx to display both. Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph.

  • Page 75: Interface Usage Monitor

    Click Monitor > Network Traffic > Bandwidth > Interface Usage to open this screen. Use this screen to monitor the throughput statistics on a selected device’s interface. Figure 33 Monitor > Network Traffic > Bandwidth > Interface Usage Vantage Report User’s Guide...
  • Page 76 Rx to display received traffic throughput statistics in KBytes per second. Alternatively, select Tx-Rx to display both. Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph.

  • Page 77: Web Monitor

    Table 22 Monitor > Network Traffic > Web LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 78: Ftp Monitor

    Table 23 Monitor > Network Traffic > FTP LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 79: E-Mail Monitor

    Table 24 Monitor > Network Traffic > Mail LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 80: Site To Site (Ipsec) Vpn Monitor

    Table 25 Monitor > Secure Remote Access > Site-to-Site(IPSec) LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 81: Client To Site (Ipsec) Vpn Monitor

    Table 26 Monitor > Secure Remote Access > Client-to-Site(IPSec) LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 82: Client To Site (Ssl) Vpn Monitor

    Table 27 Monitor > Secure Remote Access > Client-to-Site(SSL) LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 83: Firewall Access Control Monitor

    Table 28 Monitor > Network Security > Firewall Access Control LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph.

  • Page 84: Attack Monitor

    Table 29 Monitor > Network Security > Attack LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 85: Intrusion Hits

    Table 30 Monitor > Network Security > Intrusion Hits LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 86: Anti-Virus Monitor

    Table 31 Monitor > Network Security > AntiVirus LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 87: E-Mail Virus Found Monitor

    Table 32 Monitor > E-Mail Security > Virus Found LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 88: Spam Monitor

    Table 33 Monitor > E-Mail Security > Spam LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 89: E-Mail Intrusion Hits Monitor

    Table 34 Monitor > E-Mail Security > Intrusion Hits LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 90: Web Security - Security Threat Monitor

    Table 35 Monitor > Web Security > Security Threat LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 91: Web Security Virus Found Monitor

    Table 36 Monitor > Web Security > Virus Found LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 92: Web Security Intrusion Hits Monitor

    Table 37 Monitor > Web Security > Intrusion Hits LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph. Vantage Report automatically calculates the start time depending on the period you selected in the Period field.

  • Page 93: Content Filter Monitor

    Table 38 Monitor > Security Policy Enforcement > Content Filter LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph.

  • Page 94: Application Patrol Monitor

    Table 39 Monitor > Security Policy Enforcement > App Patrol LABEL DESCRIPTION Period Select the length of time for which Vantage Report should display statistics. Start Time This field displays the date and time of the earliest traffic statistics in the graph.

  • Page 95: Network Traffic

    ZyXEL device, and which protocols were used. You can also look at traffic in various directions. 5.1.1 Bandwidth Summary Use this report to look at the amount of traffic handled by the selected device by time interval. Vantage Report User’s Guide...
  • Page 96 Chapter 5 Network Traffic Click Report > Network Traffic > Bandwidth > Summary to open this screen. Figure 52 Report > Network Traffic > Bandwidth > Summary Vantage Report User’s Guide...
  • Page 97 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 98 MBytes This field displays how much traffic (in megabytes) the device Transferred handled in each time interval. Vantage Report User’s Guide...

  • Page 99: Bandwidth Summary Drill-Down

    Use this report to look at the top services in a specific time interval. Click on a specific time interval in Report > Network Traffic > Bandwidth > Summary to open this screen. Figure 53 Report > Network Traffic > Bandwidth > Summary > Drill-Down Vantage Report User’s Guide...

  • Page 100: Bandwidth Top Protocols

    Back Click this to return to the main report. 5.1.3 Bandwidth Top Protocols Use this report to look at the top services generating traffic through the selected device. Vantage Report User’s Guide...
  • Page 101 Chapter 5 Network Traffic Click Report > Network Traffic > Bandwidth > Top Protocols to open this screen. Figure 54 Report > Network Traffic > Bandwidth > Top Protocols Vantage Report User’s Guide...
  • Page 102 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 103 These services may be different than the ones you manage in the Service Settings screen. Click on a service to look at the top sources of traffic for the selected service. Vantage Report User’s Guide...

  • Page 104: Bandwidth Top Protocols Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the services above. 5.1.4 Bandwidth Top Protocols Drill-Down Use this report to look at the top sources of traffic for any top service. Vantage Report User’s Guide...
  • Page 105 Chapter 5 Network Traffic Click on a specific service in Report > Network Traffic > Bandwidth > Top Protocols to open this screen. Figure 55 Report > Network Traffic > Bandwidth > Top Protocol > Drill-Down Vantage Report User’s Guide...

  • Page 106: Top Bandwidth Hosts

    Back Click this to return to the main report. 5.1.5 Top Bandwidth Hosts Use this report to look at the top sources of traffic in the selected device. Vantage Report User’s Guide...
  • Page 107 Chapter 5 Network Traffic Click Report > Network Traffic > Bandwidth > Top Hosts to open this screen. Figure 56 Report > Network Traffic > Bandwidth > Top Hosts Vantage Report User’s Guide...
  • Page 108 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 109 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 110: Top Bandwidth Hosts Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.1.6 Top Bandwidth Hosts Drill-Down Use this report to look at the top services used by any top source. Vantage Report User’s Guide...
  • Page 111 This field displays the top services used by the selected source, sorted by the amount of traffic attributed to each one. These services may be different than the ones you manage in the Service Settings screen. Vantage Report User’s Guide...

  • Page 112: Top Bandwidth Users

    Back Click this to return to the main report. 5.1.7 Top Bandwidth Users Use this report to look at the selected device’s logged-in users with the most traffic. Vantage Report User’s Guide...
  • Page 113 Direction Select which kind of traffic, by direction, you want to look at. Bi-dir - all traffic, regardless of direction Rx - all traffic received on the device Tx - all traffic sent from the device Vantage Report User’s Guide...
  • Page 114 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 115: Top Bandwidth Users Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the users above. 5.1.8 Top Bandwidth Users Drill-Down Use this report to look at the top services used by any top bandwidth user. Vantage Report User’s Guide...
  • Page 116 This field displays the top services used by the selected user, sorted by the amount of traffic attributed to each one. These services may be different than the ones you manage in the Service Settings screen. Vantage Report User’s Guide...

  • Page 117: Top Bandwidth Destinations

    Back Click this to return to the main report. 5.1.9 Top Bandwidth Destinations Use this report to look at the destination IP addresses to which the selected device sent the most traffic. Vantage Report User’s Guide...
  • Page 118 Chapter 5 Network Traffic Click Report > Network Traffic > Bandwidth > Top Destinations to open this screen. Figure 60 Report > Network Traffic > Bandwidth > Top Destinations Vantage Report User’s Guide...
  • Page 119 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 120 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 121: Top Bandwidth Destinations Drill-Down

    This entry displays the totals for the users above. 5.1.10 Top Bandwidth Destinations Drill-Down Use this report to look at the services that were used the most (on the selected device) to access the top destination IP addresses. Vantage Report User’s Guide...
  • Page 122 Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each source in the graph. Vantage Report User’s Guide...

  • Page 123: Web Traffic

    Click this to return to the main report. 5.2 Web Traffic These reports look at the top destinations and sources of web traffic. 5.2.1 Top Web Sites Use this report to look at the top destinations of web traffic. Vantage Report User’s Guide...
  • Page 124 Chapter 5 Network Traffic Click Report > Network Traffic > WEB > Top Sites to open this screen. Figure 62 Report > Network Traffic > WEB > Top Sites Vantage Report User’s Guide...
  • Page 125 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 126: Top Web Sites Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 5.2.2 Top Web Sites Drill-Down Use this report to look at the top sources of web traffic for any top destination. Vantage Report User’s Guide...
  • Page 127 Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each source in the graph. Vantage Report User’s Guide...

  • Page 128: Top Web Hosts

    Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.2.3 Top Web Hosts Use this report to look at the top sources of web traffic. Vantage Report User’s Guide...
  • Page 129 Chapter 5 Network Traffic Click Report > Network Traffic > WEB > Top Hosts to open this screen. Figure 64 Report > Network Traffic > WEB > Top Hosts Vantage Report User’s Guide...
  • Page 130 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 131: Top Web Hosts Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.2.4 Top Web Hosts Drill-Down Use this report to look at the top destinations of web traffic for any top source. Vantage Report User’s Guide...
  • Page 132 Each destination is identified by its IP address. If DNS Reverse is enabled in System > General Configuration, the table displays the domain name, if identifiable, with the IP address (for example, “www.yahoo.com/200.100.20.10”). Vantage Report User’s Guide...

  • Page 133: Top Web Users

    Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.2.5 Top Web Users Use this report to look at the users that send the most web traffic. Vantage Report User’s Guide...
  • Page 134 Chapter 5 Network Traffic Click Report > Network Traffic > WEB > Top Users to open this screen. Figure 66 Report > Network Traffic > WEB > Top Users Vantage Report User’s Guide...
  • Page 135 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 136: Top Web Users Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.2.6 Top Web Users Drill-Down Use this report to look at the top destinations of web traffic for any top user. Vantage Report User’s Guide...
  • Page 137 Chapter 5 Network Traffic Click on a specific source in Report > Network Traffic > WEB > Top Users to open this screen. Figure 67 Report > Network Traffic > WEB > Top Users > Drill-Down Vantage Report User’s Guide...

  • Page 138: Ftp Traffic

    Click this to return to the main report. 5.3 FTP Traffic These reports look at the top destinations and sources of FTP traffic. 5.3.1 Top FTP Sites Use this report to look at the top destinations of FTP traffic. Vantage Report User’s Guide...
  • Page 139 Chapter 5 Network Traffic Click Report > Network Traffic > FTP > Top Sites to open this screen. Figure 68 Report > Network Traffic > FTP > Top Sites Vantage Report User’s Guide...
  • Page 140 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 141: Top Ftp Sites Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 5.3.2 Top FTP Sites Drill-Down Use this report to look at the top sources of FTP traffic for any top destination. Vantage Report User’s Guide...
  • Page 142 Chapter 5 Network Traffic Click on a specific destination in Report > Network Traffic > FTP > Top Sites to open this screen. Figure 69 Report > Network Traffic > FTP > Top Sites > Drill-Down Vantage Report User’s Guide...

  • Page 143: Top Ftp Hosts

    Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.3.3 Top FTP Hosts Use this report to look at the top sources of FTP traffic. Vantage Report User’s Guide...
  • Page 144 Chapter 5 Network Traffic Click Report > Network Traffic > FTP > Top Hosts to open this screen. Figure 70 Report > Network Traffic > FTP > Top Hosts Vantage Report User’s Guide...
  • Page 145 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 146: Top Ftp Hosts Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.3.4 Top FTP Hosts Drill-Down Use this report to look at the top destinations of FTP traffic for any top source. Vantage Report User’s Guide...
  • Page 147 Chapter 5 Network Traffic Click on a specific source in Report > Network Traffic > FTP > Top Hosts to open this screen. Figure 71 Report > Network Traffic > FTP > Top Hosts > Drill-Down Vantage Report User’s Guide...

  • Page 148: Top Ftp Users

    Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.3.5 Top FTP Users Use this report to look at the users that send the most FTP traffic. Vantage Report User’s Guide...
  • Page 149 Chapter 5 Network Traffic Click Report > Network Traffic > FTP > Top Users to open this screen. Figure 72 Report > Network Traffic > FTP > Top Users Vantage Report User’s Guide...
  • Page 150 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 151: Top Ftp Users Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.3.6 Top FTP Users Drill-Down Use this report to look at the top destinations of FTP traffic for any top user. Vantage Report User’s Guide...
  • Page 152 This field displays the number of traffic events from the selected user to each destination. % of Sessions This field displays what percentage of the selected user’s total number of traffic events went to each destination. Vantage Report User’s Guide...

  • Page 153: Mail Traffic

    Click this to return to the main report. 5.4 Mail Traffic These reports look at the top destinations and sources of mail traffic. 5.4.1 Top Mail Sites Use this report to look at the top destinations and sources of mail traffic. Vantage Report User’s Guide...
  • Page 154 Chapter 5 Network Traffic Click Report > Network Traffic > MAIL > Top Sites to open this screen. Figure 74 Report > Network Traffic > MAIL > Top Sites Vantage Report User’s Guide...
  • Page 155 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 156: Top Mail Sites Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 5.4.2 Top Mail Sites Drill-Down Use this report to look at the top sources of mail traffic for any top destination. Vantage Report User’s Guide...
  • Page 157 Chapter 5 Network Traffic Click on a specific destination in Report > Network Traffic > MAIL > Top Sites to open this screen. Figure 75 Report > Network Traffic > MAIL > Top Sites > Drill-Down Vantage Report User’s Guide...

  • Page 158: Top Mail Hosts

    Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.4.3 Top Mail Hosts Use this report to look at the top sources of mail traffic. Vantage Report User’s Guide...
  • Page 159 Chapter 5 Network Traffic Click Report > Network Traffic > MAIL > Top Hosts to open this screen. Figure 76 Report > Network Traffic > MAIL > Top Hosts Vantage Report User’s Guide...
  • Page 160 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 161: Top Mail Hosts Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.4.4 Top Mail Hosts Drill-Down Use this report to look at the top destinations of mail traffic for any top source. Vantage Report User’s Guide...
  • Page 162 Chapter 5 Network Traffic Click on a specific source in Report > Network Traffic > MAIL > Top Hosts to open this screen. Figure 77 Report > Network Traffic > MAIL > Top Hosts > Drill-Down Vantage Report User’s Guide...

  • Page 163: Top Mail Users

    Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.4.5 Top Mail Users Use this report to look at the users that send the most mail traffic. Vantage Report User’s Guide...
  • Page 164 Chapter 5 Network Traffic Click Report > Network Traffic > MAIL > Top Users to open this screen. Figure 78 Report > Network Traffic > MAIL > Top Users Vantage Report User’s Guide...
  • Page 165 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 166: Top Mail Users Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 5.4.6 Top Mail Users Drill-Down Use this report to look at the top destinations of mail traffic for any top user. Vantage Report User’s Guide...
  • Page 167 Chapter 5 Network Traffic Click on a specific source in Report > Network Traffic > MAIL > Top Users to open this screen. Figure 79 Report > Network Traffic > MAIL > Top Users > Drill-Down Vantage Report User’s Guide...

  • Page 168: Other Traffic

    Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.5 Other Traffic These reports look at the top sources and destinations of any kind of traffic. Vantage Report User’s Guide...

  • Page 169: Platform Selection

    Other Traffic reports. These services appear in the Customized Services drop-down box. You can use services that are pre-defined in Vantage Report, or you can create new services. If you create new services, you have to specify the protocol and port number(s) for the service.

  • Page 170: Top Destinations Of Other Traffic

    5.5.3 Top Destinations of Other Traffic Use this report to look at the top destinations of other services’ traffic. Vantage Report User’s Guide...
  • Page 171 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 172 This field displays the number of traffic events for each destination. % of Sessions This field displays what percentage each destination’s number of traffic events makes out of the total number of traffic events that match the settings you displayed in this report. Vantage Report User’s Guide...

  • Page 173: Top Destinations Of Other Traffic Drill-Down

    The service is selected in the main report. Click on a specific destination in Report > Network Traffic > Customization > Top Destinations to open this screen. Figure 83 Report > Network Traffic > Customization > Top Destinations > Drill-Down Vantage Report User’s Guide...

  • Page 174: Top Sources Of Other Traffic

    Back Click this to return to the main report. 5.5.5 Top Sources of Other Traffic Use this report to look at the top sources of other services’ traffic. Vantage Report User’s Guide...
  • Page 175 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 176 Click on a source to look at the top destinations of the selected service’s traffic for the selected source. Color This field displays what color represents each source in the graph. Sessions This field displays the number of traffic events for each source. Vantage Report User’s Guide...

  • Page 177: Top Sources Of Other Traffic Drill-Down

    The service is selected in the main report. Click on a specific source in Report > Network Traffic > Customization > Top Sources to open this screen. Figure 85 Report > Network Traffic > Customization > Top Sources > Drill-Down Vantage Report User’s Guide...

  • Page 178: Top Other Traffic Users

    Click this icon to see the logs that go with the record. Back Click this to return to the main report. 5.5.7 Top Other Traffic Users Use this report to look at the users that send the most other services’ traffic. Vantage Report User’s Guide...
  • Page 179 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 180 This field displays the number of traffic events for each user. % of Sessions This field displays what percentage each user’s number of traffic events makes out of the total number of traffic events for the time range of the report. Vantage Report User’s Guide...

  • Page 181: Top Users Of Other Traffic Drill-Down

    The service is selected in the main report. Click on a specific user in Report > Network Traffic > Customization > Top Users to open this screen. Figure 87 Report > Network Traffic > Customization > Top Users > Drill-Down Vantage Report User’s Guide...
  • Page 182 View Logs Click this icon to see the logs that go with the record. Back Click this to return to the main report. Vantage Report User’s Guide...

  • Page 183: Secure Remote Access

    Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure IPSec is enabled. 6.1.1 Secure Remote Access Link Status Use this report to see which of the device’s Secure Remote Access tunnels are connected. Vantage Report User’s Guide...
  • Page 184 A tunnel’s status icon is red when the Secure Remote Access tunnel is not connected. Total Count This field displays how many sites are recorded. Total Page This field displays how many screens it takes to display all the sites. Vantage Report User’s Guide...

  • Page 185: Secure Remote Access Traffic Monitor

    Table 76 Report > Secure Remote Access > Site-to-Site (IPSec) > Traffic Monitor LABEL DESCRIPTION Site Select a peer IPSec router. Tunnel Select a Secure Remote Access tunnel. Select All to display the total traffic for the device’s Secure Remote Access tunnels with the selected site. Vantage Report User’s Guide...

  • Page 186: Top Vpn Peer Gateways

    Start Time and End Time. 6.1.3 Top VPN Peer Gateways Use this report to look at the top destinations of VPN traffic. The device must be a ZyNOS based ZyWALL in order to view this report. Vantage Report User’s Guide...
  • Page 187 Chapter 6 Secure Remote Access Click Report > VPN > Site-to-Site > Top Peer Gateways to open this screen. Figure 90 Report > VPN > Site-to-Site > Top Peer Gateways Vantage Report User’s Guide...
  • Page 188 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 189: Top Vpn Peer Gateways Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 6.1.4 Top VPN Peer Gateways Drill-Down Use this report to look at the top sources of VPN traffic for any top destination. Vantage Report User’s Guide...
  • Page 190 Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each source in the graph. Vantage Report User’s Guide...

  • Page 191: Top Secure Remote Access Sites

    10 sources in the screen. Back Click this to return to the main report. 6.1.5 Top Secure Remote Access Sites Use this report to look at the peer IPSec routers with the most Secure Remote Access traffic. Vantage Report User’s Guide...
  • Page 192 Chapter 6 Secure Remote Access Click Report > Secure Remote Access > Site-to-Site (IPSec) > Top Sites to open this screen. Figure 92 Report > Secure Remote Access > Site-to-Site (IPSec) > Top Sites Vantage Report User’s Guide...
  • Page 193 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 194: Top Secure Remote Access Sites Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 6.1.6 Top Secure Remote Access Sites Drill-Down Use this report to look at the top sources of Secure Remote Access traffic for any top destination. Vantage Report User’s Guide...
  • Page 195 Click on a specific destination in Report > Secure Remote Access > Site-to- Site (IPSec) > Top Sites to open this screen. Figure 93 Report > Secure Remote Access > Site-to-Site (IPSec) > Top Sites > Drill- Down Vantage Report User’s Guide...

  • Page 196: Top Secure Remote Access Tunnels

    Back Click this to return to the main report. 6.1.7 Top Secure Remote Access Tunnels Use this report to look at the Secure Remote Access tunnels with the most Secure Remote Access traffic. Vantage Report User’s Guide...
  • Page 197 Both - all Secure Remote Access traffic the devices sent or received. Incoming - all traffic the devices received through Secure Remote Access tunnel. Outgoing - all traffic the devices sent out through Secure Remote Access tunnel. Vantage Report User’s Guide...
  • Page 198 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 199: Top Secure Remote Access Tunnels Drill-Down

    This entry displays the totals for the destinations above. 6.1.8 Top Secure Remote Access Tunnels Drill-Down Use this report to look at the top senders or receivers of Secure Remote Access traffic for a top Secure Remote Access tunnel. Vantage Report User’s Guide...
  • Page 200 Click on a specific destination in Report > Secure Remote Access > Site-to- Site (IPSec) > Top Tunnels to open this screen. Figure 95 Report > Secure Remote Access > Site-to-Site (IPSec) > Top Tunnels > Drill-Down Vantage Report User’s Guide...

  • Page 201: Top Secure Remote Access Protocols

    TopN setting in Settings. Back Click this to return to the main report. 6.1.9 Top Secure Remote Access Protocols Use this report to look at the top services generating Secure Remote Access traffic through the selected device. Vantage Report User’s Guide...
  • Page 202 Both - all Secure Remote Access traffic the devices sent or received. Incoming - all traffic the devices received through Secure Remote Access tunnel. Outgoing - all traffic the devices sent out through Secure Remote Access tunnel. Vantage Report User’s Guide...
  • Page 203 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 204: Top Secure Remote Access Protocols Drill-Down

    Total This entry displays the totals for the protocols above. 6.1.10 Top Secure Remote Access Protocols Drill-Down Use this report to look at the top senders or receivers of any top service through Secure Remote Access. Vantage Report User’s Guide...
  • Page 205 Click on a specific service in Report > Secure Remote Access > Site-to-Site (IPSec) > Top Protocols to open this screen. Figure 97 Report > Secure Remote Access > Site-to-Site (IPSec) > Top Protocols > Drill-Down Vantage Report User’s Guide...

  • Page 206: Top Secure Remote Access Hosts

    TopN setting in Settings. Back Click this to return to the main report. 6.1.11 Top Secure Remote Access Hosts Use this report to look at the top senders or receivers of Secure Remote Access traffic. Vantage Report User’s Guide...
  • Page 207 Tunnel Select a Secure Remote Access tunnel. Select All to display the total traffic for the device’s Secure Remote Access tunnels with the selected site (or all sites). This field is not available with all models. Vantage Report User’s Guide...
  • Page 208 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 209 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 210: Top Secure Remote Access Hosts Drill-Down

    This entry displays the totals for the hosts above. 6.1.12 Top Secure Remote Access Hosts Drill-Down Use this report to look at the services sent through Secure Remote Access from a top sender or to a top receiver. Vantage Report User’s Guide...
  • Page 211 Each service is identified by its IP address. Color This field displays what color represents each protocol in the graph. Sessions This field displays the number of traffic events of each protocol. Vantage Report User’s Guide...

  • Page 212: Top Secure Remote Access Users

    TopN setting in Settings. Back Click this to return to the main report. 6.1.13 Top Secure Remote Access Users Use this report to look at the users that send or receive the most Secure Remote Access traffic. Vantage Report User’s Guide...
  • Page 213 Both - all Secure Remote Access traffic the devices sent or received. Incoming - all traffic the devices received through Secure Remote Access tunnel. Outgoing - all traffic the devices sent out through Secure Remote Access tunnel. Vantage Report User’s Guide...
  • Page 214 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 215: Top Secure Remote Access Users Drill-Down

    Total This entry displays the totals for the users above. 6.1.14 Top Secure Remote Access Users Drill-Down Use this report to look at the services sent through Secure Remote Access from or to a top user. Vantage Report User’s Guide...
  • Page 216 This field displays the number of traffic events of each protocol. % of Sessions This field displays what percentage each protocol’s number of traffic events makes out of the total number of traffic events for the selected Secure Remote Access traffic. Vantage Report User’s Guide...

  • Page 217: Top Secure Remote Access Destinations

    TopN setting in Settings. Back Click this to return to the main report. 6.1.15 Top Secure Remote Access Destinations Use this report to look at the destinations with the most Secure Remote Access traffic. Vantage Report User’s Guide...
  • Page 218 IPSec router they use. Tunnel Select a Secure Remote Access tunnel. Select All to display the total traffic for the device’s Secure Remote Access tunnels with the selected site (or all sites). Vantage Report User’s Guide...
  • Page 219 These fields reset to the default values when you click a menu item in the menu panel (including the menu item for the same report). The fields do not reset when you open or close drill-down reports. Vantage Report User’s Guide...

  • Page 220: Top Secure Remote Access Destinations Drill-Down

    Total This entry displays the totals for the destinations above. 6.1.16 Top Secure Remote Access Destinations Drill-Down Use this report to look at the services sent through Secure Remote Access from or to a top destination. Vantage Report User’s Guide...
  • Page 221 Click on a specific destination in Report > Secure Remote Access > Site-to- Site (IPSec) > Top Destinations to open this screen. Figure 103 Report > Secure Remote Access > Site-to-Site (IPSec) > Top Destinations > Drill-Down Vantage Report User’s Guide...

  • Page 222: Secure Remote Access - Client-To-Site (Ipsec)

    Secure Remote Access tunnel. The Secure Remote Access remote access screens display statistics for remote users that use dynamic Secure Remote Access tunnels and have been authenticated by xauth. Vantage Report User’s Guide...

  • Page 223: Secure Remote Access User Status

    Use this report to see statistics about the device’s remote Secure Remote Access users. Click Report > Secure Remote Access > Client-to-Site (IPSec) > User Status to open this screen. Figure 104 Report > Secure Remote Access > Client-to-Site (IPSec) > User Status Vantage Report User’s Guide...
  • Page 224 This column displays the current status of users who have logged in. A user’s status icon is green when the user is currently connected. A user’s status icon is red when the user has already logged out. Vantage Report User’s Guide...

  • Page 225: Secure Remote Access User Status Drill-Down

    This entry displays the total number of users on each page of the report. 6.2.2 Secure Remote Access User Status Drill-Down Use this report to look at the services transferred through the device by any top users. Vantage Report User’s Guide...
  • Page 226 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 227: Top Secure Remote Access Protocols

    TopN setting in Settings. Back Click this to return to the main report. 6.2.3 Top Secure Remote Access Protocols Use this report to display which services the remote access users sent or received the most. Vantage Report User’s Guide...
  • Page 228 Both - all Secure Remote Access traffic the devices sent or received. Incoming - all traffic the devices received through Secure Remote Access tunnel. Outgoing - all traffic the devices sent out through Secure Remote Access tunnel. Vantage Report User’s Guide...
  • Page 229 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 230: Top Secure Remote Access Protocols Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 6.2.4 Top Secure Remote Access Protocols Drill-Down Use this report to look at the top remote access senders or receivers of any top service. Vantage Report User’s Guide...
  • Page 231 Click on a specific service in Report > Secure Remote Access > Client-to-Site (IPSec) > Top Protocols to open this screen. Figure 107 Report > Secure Remote Access > Client-to-Site (IPSec) > Top Protocols > Drill-Down Vantage Report User’s Guide...

  • Page 232: Top Secure Remote Access Destinations

    TopN setting in Settings. Back Click this to return to the main report. 6.2.5 Top Secure Remote Access Destinations Use this report to look at the destinations with the most remote access Secure Remote Access traffic. Vantage Report User’s Guide...
  • Page 233 Both - all Secure Remote Access traffic the devices sent or received. Incoming - all traffic the devices received through Secure Remote Access tunnel. Outgoing - all traffic the devices sent out through Secure Remote Access tunnel. Vantage Report User’s Guide...
  • Page 234 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 235: Top Secure Remote Access Destinations Drill-Down

    This entry displays the totals for the destinations above. 6.2.6 Top Secure Remote Access Destinations Drill-Down Use this report to look at the remote access hosts that sent the most traffic to the selected top destination. Vantage Report User’s Guide...
  • Page 236 Click on a specific destination in Report > Secure Remote Access > Client-to- Site (IPSec) > Top Destinations to open this screen. Figure 109 Report > Secure Remote Access > Client-to-Site (IPSec) > Top Destinations > Drill-Down Vantage Report User’s Guide...

  • Page 237: Secure Remote Access Top Users

    TopN setting in Settings. Back Click this to return to the main report. 6.2.7 Secure Remote Access Top Users Use this report to look at the users that send or receive the most Secure Remote Access traffic. Vantage Report User’s Guide...
  • Page 238 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 239 This field displays the number of traffic events for each destination. % of Sessions This field displays what percentage each destination’s number of traffic events makes out of the total number of traffic events that match the settings you displayed in this report. Vantage Report User’s Guide...

  • Page 240: Secure Remote Access Top Users Drill-Down

    This entry displays the totals for the destinations above. 6.2.8 Secure Remote Access Top Users Drill-Down Use this report to look at the services transferred the most through Secure Remote Access remote access by any top users. Vantage Report User’s Guide...
  • Page 241 Click on a specific user in Report > Secure Remote Access > Client-to-Site (IPSec) > Top Users to open this screen. Figure 111 Report > Secure Remote Access > Client-to-Site (IPSec) > Top Users > Drill-Down Vantage Report User’s Guide...

  • Page 242: Secure Remote Access - Client-To-Site (Ssl)

    (by username and password) when they try to initiate a SSL Secure Remote Access tunnel. The Secure Remote Access remote access screens display statistics for remote users that use SSL Secure Remote Access tunnels and have been authenticated. Vantage Report User’s Guide...

  • Page 243: Secure Remote Access User Status

    This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 244 This field displays the amount of Secure Remote Access traffic sent or (MBytes) received by the user and routed through the device. Click the title of this column to sort the list of users by the amount of traffic routed through the device. Vantage Report User’s Guide...

  • Page 245: Secure Remote Access User Status Drill-Down

    Click on a specific user in Report > Secure Remote Access > Client-to-Site (SSL) > User Status to open this screen. Figure 113 Report > Secure Remote Access > Client-to-Site (SSL) > User Status > Drill-Down Vantage Report User’s Guide...

  • Page 246: Top Secure Remote Access Protocols

    10 services for the selected user. Back Click this to return to the main report. 6.3.3 Top Secure Remote Access Protocols Use this report to display which services the remote access users used the most. Vantage Report User’s Guide...
  • Page 247 Both - all Secure Remote Access traffic the devices sent or received. Incoming - all traffic the devices received through Secure Remote Access tunnel. Outgoing - all traffic the devices sent out through Secure Remote Access tunnel. Vantage Report User’s Guide...
  • Page 248 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 249: Top Secure Remote Access Protocols Drill-Down

    This entry displays the totals for the sources above. 6.3.4 Top Secure Remote Access Protocols Drill-Down Use this report to look at the remote access senders or receivers who sent the most traffic for a specific service. Vantage Report User’s Guide...
  • Page 250 This field displays what percentage each user’s number of traffic events makes out of the total number of traffic events that match the settings you displayed in this report. MBytes This field displays how much traffic (in megabytes) the device Transferred handled for each user. Vantage Report User’s Guide...

  • Page 251: Top Secure Remote Access Destinations

    TopN setting in Settings. Back Click this to return to the main report. 6.3.5 Top Secure Remote Access Destinations Use this report to look at the destinations with the most remote access Secure Remote Access traffic. Vantage Report User’s Guide...
  • Page 252 Both - all Secure Remote Access traffic the devices sent or received. Incoming - all traffic the devices received through Secure Remote Access tunnel. Outgoing - all traffic the devices sent out through Secure Remote Access tunnel. Vantage Report User’s Guide...
  • Page 253 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 254: Top Secure Remote Access Destinations Drill-Down

    This entry displays the traffic summary for the destination hosts. 6.3.6 Top Secure Remote Access Destinations Drill-Down Use this report to look at the remote access hosts that sent the most traffic to the selected top destination. Vantage Report User’s Guide...
  • Page 255 MBytes This field displays how much traffic (in megabytes) the device Transferred handled for each user. % of MBytes This field displays what percentage of Secure Remote Access traffic Transferred the device handled for each user. Vantage Report User’s Guide...

  • Page 256: Top Secure Remote Access Applications

    Use this report to look at the applications with the most remote access Secure Remote Access traffic. Click Report > Secure Remote Access > Client-to-Site (SSL) > Top Applications to open this screen. Figure 118 Report > Secure Remote Access > Client-to-Site (SSL) > Top Applications Vantage Report User’s Guide...
  • Page 257 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). The field does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 258 Each application is identified by its name. Click on an application to look at the top remote user’s hosts of Secure Remote Access traffic for the selected application. Type This field displays what kind of service the internal server provides. Vantage Report User’s Guide...

  • Page 259: Top Secure Remote Access Applications Drill-Down

    TopN setting in Settings. 6.3.8 Top Secure Remote Access Applications Drill-Down Use this report to look at the remote access hosts that sent the most traffic to the selected Secure Remote Access application. Vantage Report User’s Guide...
  • Page 260 This field displays what percentage each user’s number of traffic events makes out of the total number of traffic events that match the settings you displayed in this report. MBytes This field displays how much traffic (in megabytes) the device Transferred handled for each user. Vantage Report User’s Guide...

  • Page 261: Secure Remote Access Top Users

    Use this report to look at the users that send or receive the most Secure Remote Access traffic. Click Report > Secure Remote Access > Client-to-Site (SSL) > Top Users to open this screen. Figure 120 Report > Secure Remote Access > Client-to-Site (SSL) > Top Users Vantage Report User’s Guide...
  • Page 262 These fields reset to the default values when you click a menu item in the menu panel (including the menu item for the same report). The fields do not reset when you open or close drill-down reports. Vantage Report User’s Guide...

  • Page 263: Secure Remote Access Top Users Drill-Down

    10 services are displayed. You can change the number of services to be displayed through the TopN setting in Settings. 6.3.10 Secure Remote Access Top Users Drill-Down Use this report to look at the services sent the most through Secure Remote Access by the selected user. Vantage Report User’s Guide...
  • Page 264 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 265: Xauth

    IPSec Secure Remote Access tunnels. 6.4.1 Secure Remote Access Successful Login Use this report to monitor the total number of users that have successfully logged in to use one of the device’s Secure Remote Access tunnels. Vantage Report User’s Guide...
  • Page 266 Store Log Days in System > General Configuration. Click Apply to update the report immediately, or click Cancel to close this screen. Time This column displays when the user last logged in. The entries are sorted in chronological order. Vantage Report User’s Guide...

  • Page 267: Secure Remote Access Failed Login

    Secure Remote Access tunnels. Click Report > Secure Remote Access > Xauth> Failed Login to open this screen. Figure 123 Report > Secure Remote Access > Xauth> Failed Login Vantage Report User’s Guide...
  • Page 268 Total This entry displays the total number of users on the current page of the report. If you want to see a different page of the report, type the number of the page in the field. Vantage Report User’s Guide...

  • Page 269: Network Security

    In most devices, go to Logs > Log Settings, and make sure Access Control is enabled. 7.1.1 Top Users Blocked Use this report to look at the users from which the device blocked the most traffic. Vantage Report User’s Guide...
  • Page 270 Chapter 7 Network Security Click Report > Network Security > Firewall Access Control > Top Users Blocked to open this screen. Figure 124 Report > Network Security > Firewall Access Control > Top Users Blocked Vantage Report User’s Guide...
  • Page 271 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 272: Top Packets Blocked

    Note: To look at firewall access control reports, each ZyXEL device must record blocked packets and users in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Access Control is enabled. Vantage Report User’s Guide...
  • Page 273 Chapter 7 Network Security Click Report > Network Security > Firewall Access Control > Top Packets Blocked to open this screen. Figure 125 Report > Network Security > Firewall Access Control > Top Packets Blocked Vantage Report User’s Guide...
  • Page 274 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 275: Attack

    Note: To look at attack reports, each ZyXEL device must record DoS attacks in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Attacks is enabled. Vantage Report User’s Guide...
  • Page 276 Chapter 7 Network Security Click Report > Network Security > Attack > Summary to open this screen. Figure 126 Report > Network Security > Attack > Summary Vantage Report User’s Guide...
  • Page 277 This field displays what percentage of all DoS attacks was handled in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...

  • Page 278: Attack Summary Drill-Down

    Use this report to look at the top categories of DoS attacks in a specific time interval. Click on a specific time interval in Report > Network Security > Attack > Summary to open this screen. Figure 127 Report > Network Security > Attack > Summary > Drill-Down Vantage Report User’s Guide...

  • Page 279: Top Attacks

    Note: To look at attack reports, each ZyXEL device must record DoS attacks in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Attacks is enabled. Vantage Report User’s Guide...
  • Page 280 Chapter 7 Network Security Click Report > Network Security > Attack > Top Attacks to open this screen. Figure 128 Report > Network Security > Attack > Top Attacks Vantage Report User’s Guide...
  • Page 281 Color This field displays what color represents each category in the graph. Attacks This field displays how many DoS attacks from each category occurred in the selected time interval. Vantage Report User’s Guide...

  • Page 282: Top Attacks Drill-Down

    Use this report to look at the top categories of DoS attacks for any top source. Click on a specific source in Report > Network Security > Attack > Top Attacks to open this screen. Figure 129 Report > Network Security > Attack > Top Attacks > Drill-Down Vantage Report User’s Guide...

  • Page 283: Top Attack Sources

    Note: To look at attack reports, each ZyXEL device must record DoS attacks in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Attacks is enabled. Vantage Report User’s Guide...
  • Page 284 Chapter 7 Network Security Click Report > Network Security > Attack > Top Sources to open this screen. Figure 130 Report > Network Security > Attack > Top Sources Vantage Report User’s Guide...
  • Page 285 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 286: Top Attack Sources Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 7.2.6 Top Attack Sources Drill-Down Use this report to look at the top categories of DoS attacks for any top source. Vantage Report User’s Guide...
  • Page 287 Color This field displays what color represents each category in the graph. Attacks This field displays the number of DoS attacks from each category that occurred from the selected source. Vantage Report User’s Guide...

  • Page 288: Attack Types

    Logs > Log Settings, and make sure Attacks is enabled. Click Report > Network Security > Attack > By Type to open this screen. Figure 132 Report > Network Security > Attack > By Type Vantage Report User’s Guide...
  • Page 289 This field displays what percentage of all DoS attacks come from each category. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the categories above. Vantage Report User’s Guide...

  • Page 290: Attack Types Drill-Down

    Use this report to look at the sources of DoS attacks for any top category. Click on a specific category in Report > Network Security > Attack > By Type to open this screen. Figure 133 Report > Network Security > Attack > By Type > Drill-Down Vantage Report User’s Guide...

  • Page 291: Intrusion Hits

    Logs > Log Settings, and make sure IDP is enabled. Then, go to IDP > Signature, and make sure the ZyXEL device logs each Attack Type you want to see in Vantage Report. 7.3.1 Intrusion Hits Summary Use this report to look at the number of intrusions by time interval.
  • Page 292 Chapter 7 Network Security Click Report > Network Security > Intrusion Hits > Summary to open this screen. Figure 134 Report > Network Security > Intrusion Hits > Summary Vantage Report User’s Guide...
  • Page 293 This field displays what percentage of all intrusions was made in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...

  • Page 294: Intrusion Hits Summary Drill-Down

    Use this report to look at the intrusion signatures in a specific time interval. Click on a specific time interval in Report > Network Security > Intrusion Hits > Summary to open this screen. Figure 135 Report > Network Security > Intrusion Hits > Summary > Drill-Down Vantage Report User’s Guide...
  • Page 295 View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the intrusion signatures above. Back Click this to return to the main report. Vantage Report User’s Guide...

  • Page 296: Top Intrusion Hits Signatures

    The following screen is displayed. Figure 136 Security Issue Details 7.3.3 Top Intrusion Hits Signatures Use this report to look at the top intrusion signatures by number of intrusions. Vantage Report User’s Guide...
  • Page 297 Chapter 7 Network Security Click Report > Network Security > Intrusion Hits > Top Intrusions to open this screen. Figure 137 Report > Network Security > Intrusion Hits > Top Intrusions Vantage Report User’s Guide...
  • Page 298 Click on an intrusion signature to look at the top sources for the selected signature. Color This field displays what color represents each intrusion signature in the graph. Vantage Report User’s Guide...

  • Page 299: Top Intrusion Hits Signatures Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the intrusion signatures above. 7.3.4 Top Intrusion Hits Signatures Drill-Down Use this report to look at the top sources of intrusions for any top signature. Vantage Report User’s Guide...
  • Page 300 Chapter 7 Network Security Click on a specific intrusion signature in Report > Network Security > Intrusion Hits > Top Intrusions to open this screen. Figure 138 Report > Network Security > Intrusion Hits > Top Intrusions > Drill-Down Vantage Report User’s Guide...

  • Page 301: Top Intrusion Hits Sources

    Back Click this to return to the main report. 7.3.5 Top Intrusion Hits Sources Use this report to look at the top sources of intrusions by number of intrusions. Vantage Report User’s Guide...
  • Page 302 Chapter 7 Network Security Click Report > Network Security > Intrusion Hits > Top Sources to open this screen. Figure 139 Report > Network Security > Intrusion Hits > Top Sources Vantage Report User’s Guide...
  • Page 303 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 304: Top Intrusion Hits Sources Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 7.3.6 Top Intrusion Hits Sources Drill-Down Use this report to look at the top intrusion signatures for any top source. Vantage Report User’s Guide...
  • Page 305 This field displays the top intrusion signatures from the selected Signature source, sorted by the number of intrusions by each one. Color This field displays what color represents each intrusion signature in the graph. Severity This field displays the severity of each intrusion signature. Vantage Report User’s Guide...

  • Page 306: Top Intrusion Hits Destinations

    Back Click this to return to the main report. 7.3.7 Top Intrusion Hits Destinations Use this report to look at the top destinations of intrusions by number of intrusions. Vantage Report User’s Guide...
  • Page 307 Chapter 7 Network Security Click Report > Network Security > Intrusion Hits > Top Destinations to open this screen. Figure 141 Report > Network Security > Intrusion Hits > Top Destinations Vantage Report User’s Guide...
  • Page 308 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 309: Top Intrusion Hits Destinations Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 7.3.8 Top Intrusion Hits Destinations Drill-Down Use this report to look at the top intrusion signatures for any top destination. Vantage Report User’s Guide...
  • Page 310 Intrusion This field displays the top intrusion signatures sent to the selected Signature destination, sorted by the number of intrusions at each one. Color This field displays what color represents each intrusion signature in the graph. Vantage Report User’s Guide...

  • Page 311: Intrusion Hits Severities

    Use this report to look at the severity (significance) of intrusions by number of intrusions. The levels of severity, in decreasing order of significance, are Emergency (system is unusable), Alert (immediate action is required), Critical, Error, Warning, Notice, Informational, and Debug. Vantage Report User’s Guide...
  • Page 312 Chapter 7 Network Security Click Report > Network Security > Intrusion Hits > By Severity to open this screen. Figure 143 Report > Network Security > Intrusion Hits > By Severity Vantage Report User’s Guide...
  • Page 313 This field displays what percentage of all intrusions are at each level of severity. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the severities above. Vantage Report User’s Guide...

  • Page 314: Intrusion Hits Severities Drill-Down

    Click on a slice in the pie chart to move it away from the pie chart a little. Intrusion This field displays the intrusion signatures of the selected severity, Signature sorted by the number of intrusions by each one. Vantage Report User’s Guide...

  • Page 315: Antivirus

    Virus is enabled. Then, go to Anti-Virus > General. ZyXEL devices can log viruses based on the Service the virus was using. Make sure the ZyXEL device logs viruses you want to include in Vantage Report. 7.4.1 Antivirus Summary Use this report to look at the number of virus occurrences by time interval.
  • Page 316 Chapter 7 Network Security Click Report > Network Security > AntiVirus > Summary to open this screen. Figure 145 Report > Network Security > AntiVirus > Summary Vantage Report User’s Guide...
  • Page 317 This field displays what percentage of all occurrences was made in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...

  • Page 318: Virus Summary Drill-Down

    Use this report to look at the viruses in a specific time interval. Click on a specific time interval in Report > Network Security > AntiVirus > Summary to open this screen. Figure 146 Report > Network Security > AntiVirus > Summary > Drill-Down Vantage Report User’s Guide...

  • Page 319: Top Viruses

    Back Click this to return to the main report. 7.4.3 Top Viruses Use this report to look at the top viruses by number of occurrences. Vantage Report User’s Guide...
  • Page 320 Chapter 7 Network Security Click Report > Network Security > AntiVirus > Top Viruses to open this screen. Figure 147 Report > Network Security > AntiVirus > Top Viruses Vantage Report User’s Guide...
  • Page 321 Click on a virus to look at the top sources for the selected virus. Color This field displays what color represents each virus in the graph. Occurrences This field displays the number of occurrences of each virus. Vantage Report User’s Guide...

  • Page 322: Top Viruses Drill-Down

    Use this report to look at the top sources of any top virus. Click on a specific virus in Report > Network Security > AntiVirus > Top Viruses to open this screen. Figure 148 Report > Network Security > AntiVirus > Top Viruses > Drill-Down Vantage Report User’s Guide...

  • Page 323: Top Virus Sources

    Back Click this to return to the main report. 7.4.5 Top Virus Sources Use this report to look at the top sources of virus occurrences by number of occurrences. Vantage Report User’s Guide...
  • Page 324 Chapter 7 Network Security Click Report > Network Security > AntiVirus > Top Sources to open this screen. Figure 149 Report > Network Security > AntiVirus > Top Sources Vantage Report User’s Guide...
  • Page 325 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 326: Top Virus Sources Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 7.4.6 Top Virus Sources Drill-Down Use this report to look at the top viruses for any top source. Vantage Report User’s Guide...
  • Page 327 % of Occurrences This field displays what percentage of all occurrences from the selected source was made by each virus. View Logs Click this icon to see the logs that go with the record. Vantage Report User’s Guide...

  • Page 328: Top Virus Destinations

    Use this report to look at the top destinations of virus occurrences by number of occurrences. Click Report > Network Security > AntiVirus > Top Destinations to open this screen. Figure 151 Report > Network Security > AntiVirus > Top Destinations Vantage Report User’s Guide...
  • Page 329 Each destination is identified by its IP address. Color This field displays what color represents each destination in the graph. Vantage Report User’s Guide...

  • Page 330: Top Virus Destinations Drill-Down

    Use this report to look at the top viruses for any top destination. Click on a specific destination in Report > Network Security > AntiVirus > Top Destinations to open this screen. Figure 152 Report > Network Security > AntiVirus > Top Destinations > Drill-Down Vantage Report User’s Guide...
  • Page 331 Back Click this to return to the main report. Vantage Report User’s Guide...
  • Page 332 Chapter 7 Network Security Vantage Report User’s Guide...

  • Page 333: E-Mail Security

    Virus is enabled. Then, go to Anti-Virus > General. ZyXEL devices can log viruses based on the Service the virus was using. Make sure the ZyXEL device logs viruses you want to include in Vantage Report. 8.1.1 Virus Found Summary Use this report to look at the number of virus occurrences by time interval.
  • Page 334 Chapter 8 E-Mail Security Click Report > E-Mail Security > Virus Found > Summary to open this screen. Figure 153 Report > E-Mail Security > Virus Found > Summary Vantage Report User’s Guide...
  • Page 335 This field displays what percentage of all occurrences was made in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...

  • Page 336: Virus Found Summary Drill-Down

    Use this report to look at the viruses in a specific time interval. Click on a specific time interval in Report > E-Mail Security > Virus Found > Summary to open this screen. Figure 154 Report > E-Mail Security > Virus Found > Summary > Drill-Down Vantage Report User’s Guide...

  • Page 337: Top Viruses

    Back Click this to return to the main report. 8.1.3 Top Viruses Use this report to look at the top viruses by number of occurrences. Vantage Report User’s Guide...
  • Page 338 Chapter 8 E-Mail Security Click Report > E-Mail Security > Virus Found > Top Viruses to open this screen. Figure 155 Report > E-Mail Security > Virus Found > Top Viruses Vantage Report User’s Guide...
  • Page 339 Click on a virus to look at the top sources for the selected virus. Color This field displays what color represents each virus in the graph. Occurrences This field displays the number of occurrences of each virus. Vantage Report User’s Guide...

  • Page 340: Top Viruses Drill-Down

    Use this report to look at the top sources of any top virus. Click on a specific virus in Report > E-Mail Security > Virus Found > Top Viruses to open this screen. Figure 156 Report > E-Mail Security > Virus Found > Top Viruses > Drill-Down Vantage Report User’s Guide...

  • Page 341: Top Virus Sources

    Back Click this to return to the main report. 8.1.5 Top Virus Sources Use this report to look at the top sources of virus occurrences by number of occurrences. Vantage Report User’s Guide...
  • Page 342 Chapter 8 E-Mail Security Click Report > E-Mail Security > Virus Found > Top Sources to open this screen. Figure 157 Report > E-Mail Security > Virus Found > Top Sources Vantage Report User’s Guide...
  • Page 343 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 344: Top Virus Sources Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 8.1.6 Top Virus Sources Drill-Down Use this report to look at the top viruses for any top source. Vantage Report User’s Guide...
  • Page 345 % of Occurrences This field displays what percentage of all occurrences from the selected source was made by each virus. View Logs Click this icon to see the logs that go with the record. Vantage Report User’s Guide...

  • Page 346: Top Virus Destinations

    Use this report to look at the top destinations of virus occurrences by number of occurrences. Click Report > E-Mail Security > Virus Found > Top Destinations to open this screen. Figure 159 Report > E-Mail Security > Virus Found > Top Destinations Vantage Report User’s Guide...
  • Page 347 Each destination is identified by its IP address. Color This field displays what color represents each destination in the graph. Vantage Report User’s Guide...

  • Page 348: Top Virus Destinations Drill-Down

    Use this report to look at the top viruses for any top destination. Click on a specific destination in Report > E-Mail Security > Virus Found > Top Destinations to open this screen. Figure 160 Report > E-Mail Security > Virus Found > Top Destinations > Drill-Down Vantage Report User’s Guide...

  • Page 349: Spam

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Anti- Spam is enabled. 8.2.1 Spam Summary Use this report to look at the number of spam messages by time interval. Vantage Report User’s Guide...
  • Page 350 Chapter 8 E-Mail Security Click Report > E-Mail Security > Spam > Summary to open this screen. Figure 161 Report > E-Mail Security > Spam > Summary Vantage Report User’s Guide...
  • Page 351 This field displays what percentage of all spam messages was made in Spams each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...

  • Page 352: Spam Summary Drill-Down

    SMTP server. Click on a specific time interval in Report > E-Mail Security > Spam > Summary to open this screen. Figure 162 Report > E-Mail Security > Spam > Summary > Drill-Down Vantage Report User’s Guide...

  • Page 353: Top Spam Senders

    Use this report to look at the top combinations of senders of spam messages and the first SMTP server to which the sender sends spam. For example, if a sender sends spam through two SMTP servers, there are two entries for the sender, one with each SMTP server. Vantage Report User’s Guide...
  • Page 354 Chapter 8 E-Mail Security Click Report > E-Mail Security > Spam > Top Senders to open this screen. Figure 163 Report > E-Mail Security > Spam > Top Senders Vantage Report User’s Guide...
  • Page 355 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 356: Top Spam Sources

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the senders above. 8.2.4 Top Spam Sources Use this report to look at the top sources of spam messages by number of messages. Vantage Report User’s Guide...
  • Page 357 Chapter 8 E-Mail Security Click Report > E-Mail Security > Spam > Top Sources to open this screen. Figure 164 Report > E-Mail Security > Spam > Top Sources Vantage Report User’s Guide...
  • Page 358 Each SMTP server is identified by its IP address. If DNS Reverse is enabled in System > General Configuration, the table displays the domain name, if identifiable, with the IP address (for example, “www.yahoo.com/200.100.20.10”). Vantage Report User’s Guide...

  • Page 359: Spam Scores

    Use this report to look at the scores calculated for spam messages by number of messages. Click Report > E-Mail Security > Spam > By Score to open this screen. Figure 165 Report > E-Mail Security > Spam > By Score Vantage Report User’s Guide...
  • Page 360 This field displays what percentage of all spam messages had each Spams score. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the scores above. Vantage Report User’s Guide...

  • Page 361: Intrusion Hits

    Logs > Log Settings, and make sure IDP is enabled. Then, go to IDP > Signature, and make sure the ZyXEL device logs each Attack Type you want to see in Vantage Report. 8.3.1 Intrusion Hits Summary Use this report to look at the number of intrusions by time interval.
  • Page 362 This field displays what percentage of all intrusions was made in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...

  • Page 363: Intrusion Hits Summary Drill-Down

    Signature interval, sorted by the number of attempts by each one. Clicking on the entries in this column will open a new window with a description of this security issue (see Figure 168 on page 364). Vantage Report User’s Guide...
  • Page 364 Note: Clicking on some linked entries in the Intrusion screen will open a new window that provides details on the security issue encountered by the devices. The following screen is displayed. Figure 168 Security Issue Details Vantage Report User’s Guide...

  • Page 365: Top Intrusion Hits Signatures

    Use this report to look at the top intrusion signatures by number of intrusions. Click Report > E-Mail Security > Intrusion Hits > Top Intrusions to open this screen. Figure 169 Report > E-Mail Security > Intrusion Hits > Top Intrusions Vantage Report User’s Guide...
  • Page 366 Click on an intrusion signature to look at the top sources for the selected signature. Color This field displays what color represents each intrusion signature in the graph. Vantage Report User’s Guide...

  • Page 367: Top Intrusion Hits Signatures Drill-Down

    Use this report to look at the top sources of intrusions for any top signature. Click on a specific intrusion signature in Report > E-Mail Security > Intrusion Hits > Top Intrusions to open this screen. Figure 170 Report > E-Mail Security > Intrusion Hits > Top Intrusions > Drill-Down Vantage Report User’s Guide...

  • Page 368: Top Intrusion Hits Sources

    Back Click this to return to the main report. 8.3.5 Top Intrusion Hits Sources Use this report to look at the top sources of intrusions by number of intrusions. Vantage Report User’s Guide...
  • Page 369 Chapter 8 E-Mail Security Click Report > E-Mail Security > Intrusion Hits > Top Sources to open this screen. Figure 171 Report > E-Mail Security > Intrusion Hits > Top Sources Vantage Report User’s Guide...
  • Page 370 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 371: Top Intrusion Hits Sources Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 8.3.6 Top Intrusion Hits Sources Drill-Down Use this report to look at the top intrusion signatures for any top source. Vantage Report User’s Guide...
  • Page 372 This field displays what kind of intrusion each intrusion signature is. This corresponds to IDP > Signature > Attack Type in most ZyXEL devices. Intrusions This field displays the number of intrusions by the selected source using each intrusion signature. Vantage Report User’s Guide...

  • Page 373: Top Intrusion Hits Destinations

    Back Click this to return to the main report. 8.3.7 Top Intrusion Hits Destinations Use this report to look at the top destinations of intrusions by number of intrusions. Vantage Report User’s Guide...
  • Page 374 Chapter 8 E-Mail Security Click Report > E-Mail Security > Intrusion Hits > Top Destinations to open this screen. Figure 173 Report > E-Mail Security > Intrusion Hits > Top Destinations Vantage Report User’s Guide...
  • Page 375 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 376: Top Intrusion Hits Destinations Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 8.3.8 Top Intrusion Hits Destinations Drill-Down Use this report to look at the top intrusion signatures for any top destination. Vantage Report User’s Guide...
  • Page 377 This field displays what kind of intrusion each intrusion signature is. This corresponds to IDP > Signature > Attack Type in most ZyXEL devices. Intrusions This field displays the number of intrusions of each intrusion signature sent to the selected destination. Vantage Report User’s Guide...

  • Page 378: Intrusion Hits Severities

    Emergency (system is unusable), Alert (immediate action is required), Critical, Error, Warning, Notice, Informational, and Debug. Click Report > E-Mail Security > Intrusion Hits > By Severity to open this screen. Figure 175 Report > E-Mail Security > Intrusion Hits > By Severity Vantage Report User’s Guide...
  • Page 379 This field displays what percentage of all intrusions are at each level of severity. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the severities above. Vantage Report User’s Guide...

  • Page 380: Intrusion Hits Severities Drill-Down

    Severity This field displays the severity of each intrusion signature. Type This field displays what kind of intrusion each intrusion signature is. This corresponds to IDP > Signature > Attack Type in most ZyXEL devices. Vantage Report User’s Guide...
  • Page 381 View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the intrusion signatures above. Back Click this to return to the main report. Vantage Report User’s Guide...
  • Page 382 Chapter 8 E-Mail Security Vantage Report User’s Guide...

  • Page 383: Web Security

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User’s Guide...
  • Page 384 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...

  • Page 385: Security Threat Summary Drill-Down

    This entry displays the totals for the time intervals above. 9.1.2 Security Threat Summary Drill-Down Use this report to look at the top sources of attempts to access blocked web sites in a specific time interval. Vantage Report User’s Guide...
  • Page 386 Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each host in the graph. Vantage Report User’s Guide...

  • Page 387: Security Threat Top Web Sites

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User’s Guide...
  • Page 388 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 389 This field displays what percentage of all attempts to access blocked web sites was made to each destination. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. Vantage Report User’s Guide...

  • Page 390: Security Threat Top Sites Drill-Down

    Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 391: Security Threat Top Users

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User’s Guide...
  • Page 392 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 393 This field displays what percentage the user had of all blocked attempts to access web sites. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. Vantage Report User’s Guide...

  • Page 394: Security Threat Top Users Drill-Down

    Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 395: Security Threat Top Hosts

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User’s Guide...
  • Page 396 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 397 This field displays what percentage of all attempts to access blocked web sites was made from each source. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. Vantage Report User’s Guide...

  • Page 398: Security Threat Top Hosts Drill-Down

    Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 399: Security Threat Categories

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User’s Guide...
  • Page 400 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...

  • Page 401: Security Threat Categories Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the categories above. 9.1.10 Security Threat Categories Drill-Down Use this report to look at the destinations for any category of blocked web traffic. Vantage Report User’s Guide...
  • Page 402 This field displays the destinations of blocked web traffic that belongs to the selected category, sorted by the number of attempts to each one. Each destination is identified by its domain name. Color This field displays what color represents each destination in the graph. Vantage Report User’s Guide...

  • Page 403: Virus Found

    Virus is enabled. Then, go to Anti-Virus > General. ZyXEL devices can log viruses based on the Service the virus was using. Make sure the ZyXEL device logs viruses you want to include in Vantage Report. 9.2.1 Virus Found Summary Use this report to look at the number of virus occurrences by time interval.
  • Page 404 Chapter 9 Web Security Click Report > Web Security > Virus Found > Summary to open this screen. Figure 187 Report > Web Security > Virus Found > Summary Vantage Report User’s Guide...
  • Page 405 This field displays what percentage of all occurrences was made in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...

  • Page 406: Virus Found Summary Drill-Down

    This field displays the number of occurrences of each virus in the selected time interval. % of Occurrences This field displays what percentage of all occurrences in the selected time interval was made by each virus. Vantage Report User’s Guide...

  • Page 407: Top Viruses

    Use this report to look at the top viruses by number of occurrences. Click Report > Web Security > Virus Found > Top Viruses to open this screen. Figure 189 Report > Web Security > Virus Found > Top Viruses Vantage Report User’s Guide...
  • Page 408 Click on a virus to look at the top sources for the selected virus. Color This field displays what color represents each virus in the graph. Occurrences This field displays the number of occurrences of each virus. Vantage Report User’s Guide...

  • Page 409: Top Viruses Drill-Down

    Use this report to look at the top sources of any top virus. Click on a specific virus in Report > Web Security > Virus Found > Top Viruses to open this screen. Figure 190 Report > Web Security > Virus Found > Top Viruses > Drill-Down Vantage Report User’s Guide...

  • Page 410: Top Virus Sources

    Back Click this to return to the main report. 9.2.5 Top Virus Sources Use this report to look at the top sources of virus occurrences by number of occurrences. Vantage Report User’s Guide...
  • Page 411 Chapter 9 Web Security Click Report > Web Security > Virus Found > Top Sources to open this screen. Figure 191 Report > Web Security > Virus Found > Top Sources Vantage Report User’s Guide...
  • Page 412 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 413: Top Virus Sources Drill-Down

    Use this report to look at the top viruses for any top source. Click on a specific source in Report > Web Security > Virus Found > Top Sources to open this screen. Figure 192 Report > Web Security > Virus Found > Top Sources > Drill-Down Vantage Report User’s Guide...

  • Page 414: Top Virus Destinations

    Back Click this to return to the main report. 9.2.7 Top Virus Destinations Use this report to look at the top destinations of virus occurrences by number of occurrences. Vantage Report User’s Guide...
  • Page 415 Chapter 9 Web Security Click Report > Web Security > Virus Found > Top Destinations to open this screen. Figure 193 Report > Web Security > Virus Found > Top Destinations Vantage Report User’s Guide...
  • Page 416 Each destination is identified by its IP address. Color This field displays what color represents each destination in the graph. Vantage Report User’s Guide...

  • Page 417: Top Virus Destinations Drill-Down

    Use this report to look at the top viruses for any top destination. Click on a specific destination in Report > Web Security > Virus Found > Top Destinations to open this screen. Figure 194 Report > Web Security > Virus Found > Top Destinations > Drill-Down Vantage Report User’s Guide...

  • Page 418: Intrusion Hits

    Logs > Log Settings, and make sure IDP is enabled. Then, go to IDP > Signature, and make sure the ZyXEL device logs each Attack Type you want to see in Vantage Report. 9.3.1 Intrusion Hits Summary Use this report to look at the number of intrusions by time interval.
  • Page 419 Chapter 9 Web Security Click Report > Web Security > Intrusion Hits > Summary to open this screen. Figure 195 Report > Web Security > Intrusion Hits > Summary Vantage Report User’s Guide...
  • Page 420 This field displays what percentage of all intrusions was made in each time interval. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. Vantage Report User’s Guide...

  • Page 421: Intrusion Hits Summary Drill-Down

    Use this report to look at the intrusion signatures in a specific time interval. Click on a specific time interval in Report > Web Security > Intrusion Hits > Summary to open this screen. Figure 196 Report > Web Security > Intrusion Hits > Summary > Drill-Down Vantage Report User’s Guide...
  • Page 422 View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the intrusion signatures above. Back Click this to return to the main report. Vantage Report User’s Guide...

  • Page 423: Top Intrusion Hits Signatures

    The following screen is displayed. Figure 197 Security Issue Details 9.3.3 Top Intrusion Hits Signatures Use this report to look at the top intrusion signatures by number of intrusions. Vantage Report User’s Guide...
  • Page 424 Chapter 9 Web Security Click Report > Web Security > Intrusion Hits > Top Intrusions to open this screen. Figure 198 Report > Web Security > Intrusion Hits > Top Intrusions Vantage Report User’s Guide...
  • Page 425 Click on an intrusion signature to look at the top sources for the selected signature. Color This field displays what color represents each intrusion signature in the graph. Vantage Report User’s Guide...

  • Page 426: Top Intrusion Hits Signatures Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the intrusion signatures above. 9.3.4 Top Intrusion Hits Signatures Drill-Down Use this report to look at the top sources of intrusions for any top signature. Vantage Report User’s Guide...
  • Page 427 Chapter 9 Web Security Click on a specific intrusion signature in Report > Web Security > Intrusion Hits > Top Intrusions to open this screen. Figure 199 Report > Web Security > Intrusion Hits > Top Intrusions > Drill-Down Vantage Report User’s Guide...

  • Page 428: Top Intrusion Hits Sources

    Back Click this to return to the main report. 9.3.5 Top Intrusion Hits Sources Use this report to look at the top sources of intrusions by number of intrusions. Vantage Report User’s Guide...
  • Page 429 Chapter 9 Web Security Click Report > Web Security > Intrusion Hits > Top Sources to open this screen. Figure 200 Report > Web Security > Intrusion Hits > Top Sources Vantage Report User’s Guide...
  • Page 430 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 431: Top Intrusion Hits Sources Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. 9.3.6 Top Intrusion Hits Sources Drill-Down Use this report to look at the top intrusion signatures for any top source. Vantage Report User’s Guide...
  • Page 432 This field displays the top intrusion signatures from the selected Signature source, sorted by the number of intrusions by each one. Color This field displays what color represents each intrusion signature in the graph. Severity This field displays the severity of each intrusion signature. Vantage Report User’s Guide...

  • Page 433: Top Intrusion Hits Destinations

    Back Click this to return to the main report. 9.3.7 Top Intrusion Hits Destinations Use this report to look at the top destinations of intrusions by number of intrusions. Vantage Report User’s Guide...
  • Page 434 Chapter 9 Web Security Click Report > Web Security > Intrusion Hits > Top Destinations to open this screen. Figure 202 Report > Web Security > Intrusion Hits > Top Destinations Vantage Report User’s Guide...
  • Page 435 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 436: Top Intrusion Hits Destinations Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 9.3.8 Top Intrusion Hits Destinations Drill-Down Use this report to look at the top intrusion signatures for any top destination. Vantage Report User’s Guide...
  • Page 437 This field displays the top intrusion signatures sent to the selected Signature destination, sorted by the number of intrusions at each one. Color This field displays what color represents each intrusion signature in the graph. Severity This field displays the severity of each intrusion signature. Vantage Report User’s Guide...

  • Page 438: Intrusion Hits Severities

    Emergency (system is unusable), Alert (immediate action is required), Critical, Error, Warning, Notice, Informational, and Debug. Click Report > Web Security > Intrusion Hits > By Severity to open this screen. Figure 204 Report > Web Security > Intrusion Hits > By Severity Vantage Report User’s Guide...
  • Page 439 This field displays what percentage of all intrusions are at each level of severity. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the severities above. Vantage Report User’s Guide...

  • Page 440: Intrusion Hits Severities Drill-Down

    Click on a slice in the pie chart to move it away from the pie chart a little. Intrusion This field displays the intrusion signatures of the selected severity, Signature sorted by the number of intrusions by each one. Vantage Report User’s Guide...
  • Page 441 View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the intrusion signatures above. Back Click this to return to the main report. Vantage Report User’s Guide...
  • Page 442 Chapter 9 Web Security Vantage Report User’s Guide...

  • Page 443: Security Policy Enforcement

    • Windows Auto Update setting and installed security patches • Personal firewall installation and activation • Anti-virus installation and activation • Windows registry settings • Processes that the endpoint must execute • Processes that the endpoint cannot execute Vantage Report User’s Guide...

  • Page 444: Eps Summary

    Click on a slice in the pie chart to move it away from the pie chart a little. Checking Item This field displays the description about whether users’ computers passed all the EPS checking items or failed a specific checking item on the selected device. Vantage Report User’s Guide...

  • Page 445: View Logs

    This field shows whether the user’s session passed EPS checking or the reason it failed. Time This field displays the time the Vantage Report server received the log entry from the ZyXEL device, not the time the user tried to access the protected network.

  • Page 446: Content Filter (All)

    Settings, and make sure Forward Web Sites, Warning Web Sites and Blocked Web Sites are enabled. 10.2.1 Summary Use this report to look at the number of attempts to access specified web sites by time interval. Vantage Report User’s Guide...
  • Page 447 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...

  • Page 448: Summary Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. 10.2.2 Summary Drill-Down Use this report to look at the top sources of attempts to access specified web sites in a specific time interval. Vantage Report User’s Guide...
  • Page 449 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 450: Top Sites

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Forward Web Sites, Warning Web Sites and Blocked Web Sites are enabled. Vantage Report User’s Guide...
  • Page 451 Chapter 10 Security Policy Enforcement Click Report > Security Policy Enforcement > Content Filter (All) > Top Sites to open this screen. Figure 210 Report > Security Policy Enforcement > Content Filter (All) > Top Sites Vantage Report User’s Guide...
  • Page 452 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 453: Top Sites Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 10.2.4 Top Sites Drill-Down Use this report to look at the top sources for any top destination of web traffic. Vantage Report User’s Guide...
  • Page 454 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 455: Top Users

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Forward Web Sites, Warning Web Sites and Blocked Web Sites are enabled. Vantage Report User’s Guide...
  • Page 456 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 457 This field displays what percentage of all attempts to access specified web sites was made by each user. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. Vantage Report User’s Guide...

  • Page 458: Top Users Drill-Down

    This field displays the title of the drill-down report. The title includes the date(s) you specified in the Last Days or Settings fields. Report Type Specify Top Categories, Top Sites or By Hour as the content to be displayed. Vantage Report User’s Guide...

  • Page 459: Top Hosts

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Forward Web Sites, Warning Web Sites and Blocked Web Sites are enabled. Vantage Report User’s Guide...
  • Page 460 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 461 This field displays what percentage of all attempts to access allowed web sites was made from each sources. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. Vantage Report User’s Guide...

  • Page 462: Top Hosts Drill-Down

    This field displays the title of the drill-down report. The title includes the date(s) you specified in the Last Days or Settings fields. Report Type Specify Top Categories, Top Sites or By Hour as the content to be displayed. Vantage Report User’s Guide...

  • Page 463: By Category

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Forward Web Sites, Warning Web Sites and Blocked Web Sites are enabled. Vantage Report User’s Guide...
  • Page 464 Chapter 10 Security Policy Enforcement Click Report > Security Policy Enforcement > Content Filter (All) > By Category to open this screen. Figure 216 Report > Security Policy Enforcement > Content Filter (All) > By Category Vantage Report User’s Guide...
  • Page 465 This field displays what percentage of all attempts to access blocked web sites belong to each category. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the categories above. Vantage Report User’s Guide...

  • Page 466: By Category Drill-Down

    Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 467: Content Filter (Blocked)

    Note: To look at security policy reports, each ZyXEL device must record blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites are enabled. Vantage Report User’s Guide...
  • Page 468 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...

  • Page 469: Summary Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the time intervals above. 10.3.2 Summary Drill-Down Use this report to look at the top sources of attempts to access blocked web sites in a specific time interval. Vantage Report User’s Guide...
  • Page 470 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 471: Top Blocked Sites

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User’s Guide...
  • Page 472 Chapter 10 Security Policy Enforcement Click Report > Security Policy Enforcement > Content Filter (Blocked) > Top Sites to open this screen. Figure 220 Report > Security Policy Enforcement > Content Filter (Blocked) > Top Sites Vantage Report User’s Guide...
  • Page 473 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 474: Top Blocked Sites Drill-Down

    Click this icon to see the logs that go with the record. Total This entry displays the totals for the destinations above. 10.3.4 Top Blocked Sites Drill-Down Use this report to look at the top sources for any top destination of blocked web traffic. Vantage Report User’s Guide...
  • Page 475 Each source is identified by its IP address. If Hostname Reverse is enabled in System > General Configuration, the table displays the host name, if identifiable, with the IP address. Color This field displays what color represents each source in the graph. Vantage Report User’s Guide...

  • Page 476: Top Blocked Users

    Note: To look at security policy Web blocked reports, each ZyXEL device must record blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User’s Guide...
  • Page 477 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 478 This field displays what percentage the user had of all blocked attempts to access web sites. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the sources above. Vantage Report User’s Guide...

  • Page 479: Top Blocked Users Drill-Down

    This field displays the title of the drill-down report. The title includes the date(s) you specified in the Last Days or Settings fields. Report Type Specify Top Categories, Top Sites or By Hour as the content to be displayed. Vantage Report User’s Guide...

  • Page 480: Top Blocked Hosts

    Note: To look at security policy reports, each ZyXEL device must record blocked web packets in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User’s Guide...
  • Page 481 This field resets to its default value when you click a menu item in the menu panel (including the menu item for the same report). It does not reset when you open or close drill-down reports. Vantage Report User’s Guide...
  • Page 482 This field displays the number of web site access attempts the device blocked from each source. % of Attempts This field displays what percentage of all attempts to access blocked web sites was made from each source. Vantage Report User’s Guide...

  • Page 483: Top Blocked Hosts Drill-Down

    Click on a specific source in Report > Security Policy Enforcement > Content Filter (Blocked) > Top Hosts to open this screen. Figure 225 Report > Security Policy Enforcement > Content Filter (Blocked) > Top Hosts > Drill-Down Vantage Report User’s Guide...

  • Page 484: Blocked Web Categories

    See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Blocked Web Sites is enabled. Vantage Report User’s Guide...
  • Page 485 Chapter 10 Security Policy Enforcement Click Report > Security Policy Enforcement > Content Filter (Blocked) > By Category to open this screen. Figure 226 Report > Security Policy Enforcement > Content Filter (Blocked) > By Category Vantage Report User’s Guide...
  • Page 486 This field displays what percentage of all attempts to access blocked web sites belong to each category. View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the categories above. Vantage Report User’s Guide...

  • Page 487: Blocked Web Categories Drill-Down

    Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 488: Application Access Control

    User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Application Patrol is enabled. 10.4.1 Top Applications Blocked Use this report to look at the applications for which the device blocked the most connections. Vantage Report User’s Guide...
  • Page 489 Chapter 10 Security Policy Enforcement Click Report > Security Policy Enforcement > Application Access Control > Top Applications Blocked to open this screen. Figure 228 Report > Security Policy Enforcement > Application Access Control > Top Applications Blocked Vantage Report User’s Guide...
  • Page 490 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 491: Top Users Blocked

    Note: To look at security policy reports, each ZyXEL device must record users blocked by the application patrol in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Application Patrol is enabled. Vantage Report User’s Guide...
  • Page 492 Chapter 10 Security Policy Enforcement Click Report > Security Policy Enforcement > Application Access Control > Top Users Blocked to open this screen. Figure 229 Report > Security Policy Enforcement > Application Access Control > Top Users Blocked Vantage Report User’s Guide...
  • Page 493 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 494: Top Applications Allowed

    Note: To look at security policy reports, each ZyXEL device must record forwarded applications in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure Application Patrol is enabled. Vantage Report User’s Guide...
  • Page 495 Chapter 10 Security Policy Enforcement Click Report > Security Policy Enforcement > Application Access Control > Top Applications Allowed to open this screen. Figure 230 Report > Security Policy Enforcement > Application Access Control > Top Applications Allowed Vantage Report User’s Guide...
  • Page 496 Click on a slice in the pie chart to move it away from the pie chart a little. Application This field displays the name of the application for which the selected device permitted connections, sorted by the number of connections for each one. Vantage Report User’s Guide...
  • Page 497 View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the application rules above. Vantage Report User’s Guide...
  • Page 498 Chapter 10 Security Policy Enforcement Vantage Report User’s Guide...

  • Page 499: Event

    ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure System Maintenance is enabled. Click Report > Event > Login > Successful Login to open the Successful Login screen. Figure 231 Report > Event > Login > Successful Login Vantage Report User’s Guide...
  • Page 500 (including the menu item for the same report). It does not reset when you open or close drill-down reports. Time This field displays the time the Vantage Report server received the log entry from the ZyXEL device, not the time the user logged into the device.

  • Page 501: Failed Logins

    ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure System Maintenance is enabled. Click Report > Event > Login > Failed Login to open the Failed Login screen. Figure 232 Report > Event > Login > Failed Login Vantage Report User’s Guide...

  • Page 502: Top Sessions Per Host

    Click this if you want to specify the select any Start Date and End Date. The Report Display Settings screen appears. Time This field displays the time the Vantage Report server received the log entry from the ZyXEL device, not the time the user tried unsuccessfully to log into the device.
  • Page 503 Chapter 11 Event Click Report > Event > Session Per Host > Top Hosts to open this screen. Figure 233 Report > Event > Session Per Host > Top Hosts Vantage Report User’s Guide...
  • Page 504 Move your mouse over a slice in the pie chart or a bar in the bar chart to display its identification. • Click on a slice in the pie chart to move it away from the pie chart a little. Vantage Report User’s Guide...

  • Page 505: Top Sessions Per User

    NAT sessions in its log. See the User’s Guide for each ZyXEL device for more information. In most devices, go to Logs > Log Settings, and make sure System Maintenance is enabled. Vantage Report User’s Guide...
  • Page 506 Chapter 11 Event Click Report > Event > Session Per Host > Top Users to open this screen. Figure 234 Report > Event > Session Per Host > Top Users Vantage Report User’s Guide...
  • Page 507 NAT sessions per host, sorted by the number of occurrences for each one. If the number of users is less than the maximum number of records displayed in this table, every user is displayed. Each user is identified by user name. Vantage Report User’s Guide...
  • Page 508 View Logs Click this icon to see the logs that go with the record. Total This entry displays the totals for the users above. Vantage Report User’s Guide...

  • Page 509: Schedule Report

    Attached Files option in any of the Customize ... Report screens for more information. If you do not have Vantage Report send the attachments you can still view the reports. The Vantage Report server backs up all scheduled reports in the <vrpt_home>\vrpt\data\scheduler folder.

  • Page 510: Customize Daily Report Screen

    Customize Scheduled Report screen appears. Delete Click this to delete the selected scheduled report. 12.2 Customize Daily Report Screen Use this screen to configure the Vantage Report to maintain and send daily reports. Vantage Report User’s Guide...
  • Page 511 Chapter 12 Schedule Report Click Report > Schedule Report > Summary. Either click on the index number of the entry you want to edit or click Add. Choose Daily Report in the Report Type. The following screen appears. Vantage Report User’s Guide...
  • Page 512 Chapter 12 Schedule Report Figure 236 Report > Schedule Report > Summary > Add (Daily Report) Vantage Report User’s Guide...
  • Page 513 Chapter 12 Schedule Report Vantage Report User’s Guide...
  • Page 514 Chapter 12 Schedule Report Vantage Report User’s Guide...
  • Page 515 Chapter 12 Schedule Report Vantage Report User’s Guide...
  • Page 516 Chapter 12 Schedule Report Vantage Report User’s Guide...
  • Page 517 Vantage Report sends. The body must be 1-255 printable ASCII characters long. E-mail Attached Select this if you want Vantage Report to send the selected report(s) Files as attachment(s). Vantage Report also saves the selected report(s) on the Vantage Report server. If you do not select this, Vantage Report only saves the selected report(s) on the Vantage Report server.

  • Page 518: Customize Weekly Report Screen

    Click this to close the screen without saving any changes. 12.3 Customize Weekly Report Screen Use this screen to configure the Vantage Report to maintain and send weekly reports. Click Report > Schedule Report > Summary. Either click on the index number of the entry you want to edit or click Add.
  • Page 519 Vantage Report sends. The body must be 1-255 printable ASCII characters long. E-mail Attached Select this if you want Vantage Report to send the selected report(s) Files as attachment(s). Vantage Report also saves the selected report(s) on the Vantage Report server. If you do not select this, Vantage Report only saves the selected report(s) on the Vantage Report server.

  • Page 520: Customize Overtime Report Screen

    Chapter 12 Schedule Report 12.4 Customize Overtime Report Screen Use this screen to configure the Vantage Report to maintain and send reports during a specified period of time. Click Report > Schedule Report > Summary. Either click on the index number of the entry you want to edit or click Add.
  • Page 521 Vantage Report sends. The body must be 1-255 printable ASCII characters long. E-mail Attached Select this if you want Vantage Report to send the selected report(s) Files as attachment(s). Vantage Report also saves the selected report(s) on the Vantage Report server. If you do not select this, Vantage Report only saves the selected report(s) on the Vantage Report server.

  • Page 522: Configure Template List

    Name This is the name that identifies the template inside Vantage Report. Click it to edit the template. Device Type This field displays which device this template can be generated for.

  • Page 523: Template Add/Edit

    LABEL DESCRIPTION Name Enter a name to identify the template inside Vantage Report. Numbers (0-9), letters (a-zA-Z), periods (.) and the underscore (_) are allowed. Spaces are not allowed. The name must start with a number or letter. Use up to 28 characters.

  • Page 524: Logo Template Add/Edit

    Template Name This is the name that identifies the template inside Vantage Report. Click it to edit the template. Template Title This field displays the title that appears at the top of the reports generated using this template.
  • Page 525 Click this button to view a sample of a report in PDF format. Template Use this section of the screen to configure the template’s name and Configuration the report title and upload a logo to display on the reports. Vantage Report User’s Guide...
  • Page 526 LABEL DESCRIPTION Template Name Enter a name to identify the template inside Vantage Report. Numbers (0-9), letters (a-z, A-Z), periods (.) and the underscore (_) are allowed. Spaces are not allowed. The name must start with a number or letter. Use up to 28 characters.

  • Page 527: Logs

    Appendix B on page 599 for information on the logs. 13.1 Log Viewer Use this screen to view logs that devices send to Vantage Report. Click Logs > Log Viewer > All Logs to look at all log entries. The screen is shown next.
  • Page 528 System Setting > General Configuration screen. You can also click the Calendar icon to specify the date. Start Time Enter the time of the earliest log entries you want to see, if you select Day. Vantage Report User’s Guide...
  • Page 529 Select this to display logs with the domain name of hosts instead of their IP addresses. If you select this and Vantage Report does not find the domain name of a host, it will display the IP address. This feature might increase the amount of time it takes to display log entries, however.
  • Page 530 Click More Info to view an on-line help page about downloading files. Time This field displays the time the Vantage Report server received the log entry, not the time the log entry was generated. Source:Port This field displays the source IP address and port (if any) of the event that generated the entry.

  • Page 531: Log Receiver

    13.2.1 By Day (Summary) Use this screen to look at the total number of logs that Vantage Report received by day. It also displays how many logs Vantage Report processed per second (on average).
  • Page 532 13.2.1.1 Log Receiver > By Day (Summary) > By Device Screen Use this screen to look at the total number of logs that Vantage Report received from each registered device on a particular day.

  • Page 533: By Device

    This field displays what percent of the day’s total logs came from each category. 13.3 By Device Use this screen to look at the number of logs that Vantage Report received from each device over a selected range of days. Vantage Report User’s Guide...
  • Page 534 They are sorted according to the number of logs received by each, in descending order. Click a device's MAC address to see details about the categories of logs that the device sent to Vantage Report on the selected days. Vantage Report User’s Guide...

  • Page 535: Log Receiver > By Device > By Category Screen

    13.3.1 Log Receiver > By Device > By Category Screen Use this screen to look at the number of logs that Vantage Report received according to the category of log (i.e., log type such as Login, Traffic log, etc.) from an individual device over a selected range of days.

  • Page 536: Vrpt System Logs

    13.4 VRPT System Logs Use this screen to view system, device and user information, events, scheduled reports and data maintenance records related to Vantage Report. Click Logs > Log Viewer > VRPT System Logs. The following screen displays. Figure 250 Logs > VRPT System Logs...
  • Page 537 Select what category type of log entries you want to see. You can also select All Categories. The categories are as follows: • System - See information about Vantage Report’s disk space. • Device - Check which devices were added, edited or removed in the Vantage Report.

  • Page 538: Log Archiving

    These screens allow you to archive past logs to a preferred location (local directory, FTP or network server) as a ZIP file. You can set the day(s) or time interval when Vantage Report performs this task. You can view, import/export, or delete log archives for a particular device.
  • Page 539 DESCRIPTION Enable Archiving Click this to enable Vantage Report to archive log files. Zip Creation Interval: Set every which day or the time interval the Vantage Report archives the generated log files for record keeping. every... Days (1-7) Enable Encryption Select this if you want to encrypt archive files.
  • Page 540 Figure 253 on page 541 for descriptions of other table fields found in this screen. 13.5.1.2 Storage Server Use this screen to store archive files on a storage server, such as a Network Attached Storage (NAS) server. Vantage Report User’s Guide...

  • Page 541: View Archived Files

    13.5.2 View Archived Files Use this screen to view archived logs for a particular day or range of days. Vantage Report imports the archived logs from the location where they are stored and enables you to view them in the web browser.
  • Page 542 DESCRIPTION Device This field displays the name of the devices that have archived logs on Vantage Report. You can also select All. Start Date Enter the date of the earliest log entries you want to see. You can also click the Calendar icon to specify the date.

  • Page 543: Log Transfer

    Click a Transfer icon next to an archive entry in the Logs > Log Archiving > View Archived Files screen. The following screen displays. Figure 255 Logs > Log Archiving > View Archived Files Vantage Report User’s Guide...

  • Page 544: Log Remove

    Click this to send this mail to the specified e-mail addresses. 13.6 Log Remove Use this screen to purge logs collected over a specified period of time. This helps clear up space in Vantage Report. Click Logs > Log Remove. The following screen displays. Figure 256 Logs > Log Remove Each field is described in the following table.
  • Page 545 Chapter 13 Logs Vantage Report User’s Guide...
  • Page 546 Chapter 13 Logs Vantage Report User’s Guide...

  • Page 547: System Setting, User Management And Troubleshooting

    System Setting, User Management Troubleshooting System Setting (549) User Management (577) Troubleshooting (583)

  • Page 549: System Setting

    • Export the current device panel to XML and import devices from XML • Upgrade to a new software release of Vantage Report • Register Vantage Report (You have to register Vantage Report if you want to get the trial version, upgrade to the full version, or increase the number of devices Vantage Report supports.)
  • Page 550 Vantage Report sends a notification to the e-mail address (if any) for the user account. root Stored Log Days Enter the number of days you want to store logs in Vantage Report before removing them. Language Choose Choose the language for the Vantage Report. Apply Click this to save your settings.

  • Page 551: Configuring For Hostname Reverse

    Besides enabling hostname, do the following to allow the hostname reverse function to work. Turn on hostname reverse in Vantage Report. Enable the default NetBIOS setting in the host computers. Configure any software firewalls installed on the host computers to allow NetBIOS packets from the Vantage server.
  • Page 552 For Windows Vista, click View status next to the Connection field. A screen appears and then click Properties. For Windows 7, click Local Area Connection and then click Properties. Figure 260 Windows XP: Control Panel: Network Connections: Properties Vantage Report User’s Guide...
  • Page 553 For Windows 2000, the Internet Protocol TCP/IP Properties window opens. Click Advanced and then the WINS tab. In Windows Vista/7, The Internet Protocol Version 4 (TCP/IPv4) Properties window opens, click Advanced and then the WINS tab. Figure 262 Windows XP: Advanced TCP/IP Settings: WINS Vantage Report User’s Guide...

  • Page 554: Server Configuration Screen

    SMTP IP Address Enter the IP address or domain name of the SMTP mail server on or Domain Name which Vantage Report has an account to send e-mail messages. Sender E-mails Enter the complete e-mail address for the Vantage Report account.

  • Page 555: Data Maintenance Screens

    Send Test E-mail Note: You should click Apply before you click Test. to Administrator Click this to send a test message from the Vantage Report account to the e-mail address, if any, for the user account. root...

  • Page 556: Device List Screen

    Backup Click this to look at or save the current settings in the General Configuration, Server Configuration, User Management, and Device List screens. Vantage Report saves the current settings in XML format. File Name / Enter the XML file name that contains the settings you want to Browse restore.

  • Page 557: Upgrade Screen

    You can use this screen to export the current device panel to an XML file, or you can add devices stored in XML format to Vantage Report. To access this screen, click System Setting > Data Maintenance > Device List.

  • Page 558: Registration Screens

    Chapter 14 System Setting Use this screen to install new releases of Vantage Report. Do not use this screen to upgrade to the full version. To access this screen, click System Setting > Upgrade. Figure 266 System Setting > Upgrade Each field is described in the following table.

  • Page 559: Registration Summary Screen

    To access this screen, click System Setting > Registration. Figure 267 System Setting > Registration The fields in this screen depend on what version (basic or full) of Vantage Report you have and whether or not you have used the registration screens to log into myZyXEL.com.

  • Page 560: Registration > Upgrade Screen

    Otherwise, the Registration screen appears. 14.5.2 Registration > Upgrade Screen Note: The Vantage Report server must be connected to the Internet to use this screen. To access this screen, click Trial or Upgrade in System Setting > Registration.

  • Page 561: Notification

    14.6 Notification Use this screen to manage your Vantage Report notifications. Based on the monitoring data collected and the notifications you set, Vantage Report can send e-mail, E-mail SMS, and/or Web SMS notifications to you when events happen in monitored devices.
  • Page 562 Some choices are not available, depending on the number of pages. Enter the page number you want to see, and click Go. Click this to add the rule to the Vantage Report. Delete Select the check box(es) of the rule(s) you want to delete and then click this button.

  • Page 563: Add/Edit A Notification

    Use this screen to create or edit a notification. Click Add or click a notification’s name in the System Setting > Notification screen to open the following screen. Figure 270 System Setting > Notification > Add/Edit Vantage Report User’s Guide...
  • Page 564 This shows the basic information for the notification. Email Email Status Select Active to enable the Vantage Report to send this type of notification to the configured e-mail address(es) in the Destination E-mail Address field. Alternatively, select Paused to disable it.

  • Page 565: Rule-Based Alert

    Click this to exit this screen without saving any changes. 14.7 Rule-Based Alert Use this screen to manage your Vantage Report alert system. Based on the monitoring data collected and the rules you set, Vantage Report can send e-mail notifications and keep you in the loop on events happening in monitored devices.

  • Page 566: Add/Edit A Rule-Based Alert

    Some choices are not available, depending on the number of pages. Enter the page number you want to see, and click Go. Click this to add the rule to the Vantage Report. Delete Select the check box(es) of the rule(s) you want to delete and then click this button.
  • Page 567 Note: These condition filters only apply to the ZLD platform type. In case you want to know how much of the system resources are being used by the monitored devices, use this screen to configure a rule for CPU, memory and session usage conditions. Vantage Report User’s Guide...
  • Page 568 Click this if you want all criteria to apply before Vantage Report sends following out a notification. Match any of the Click this if you want Vantage Report to send out a notification even if following only one criteria has been met. Alert Setting Vantage Report sends out a notification immediately as soon as conditions set in the rule are detected.
  • Page 569 Table 252 System Setting > Rule-based Alert > Add/Edit > CPU/Memory/Session Usage LABEL DESCRIPTION Second Alert Specify when you want Vantage Report to send a second e-mail after.. minutes notification. Enter the number of minutes between 1 to 60. Enter 0 to disable this. Third alert after..
  • Page 570 Using the previous example, you can set the period to 5 minutes. This means that if the device reaches or exceeds 100 KByte/s of outgoing port traffic for 5 minutes, Vantage Report sends out an alert. Section Table 252 on page 568 for descriptions of other table fields found in this screen.
  • Page 571 Using the previous example, you can set the period to 5 minutes. This means that if the device reaches or exceeds 100 KByte/s of interface traffic for 5 minutes, Vantage Report sends out an alert. Section Table 252 on page 568 for descriptions of other table fields found in this screen.
  • Page 572 Table 255 System Setting > Rule-based Alert > Add/Edit > Service LABEL DESCRIPTION Condition Select Service in this field. Interface Type Select which service type you want to monitor. Choose one of the following. • WEB • FTP • MAIL • IPSec VPN • SSL VPN Vantage Report User’s Guide...
  • Page 573 For example, choose MAIL, select >= and set the percentage value to 100 KByte/s. This means Vantage Report sends an alert once a monitored device uses or exceeds 100 KBytes for mail for a set time (see Period..
  • Page 574 For example, choose Attack, select >= and set the percentage value to 5. This means Vantage Report sends an alert once a monitored device receives 5 attacks for a set time (see Period..
  • Page 575 For example, select >= and set the percentage value to 100 KByte/s. This means Vantage Report sends an alert once a monitored device uses or exceeds 100 KBytes/s bandwidth for a set time (see Period.. minutes field below).
  • Page 576 Chapter 14 System Setting Vantage Report User’s Guide...

  • Page 577: User Management

    The root account or accounts in the 'super' group can use these screens to view, add, edit, or remove Vantage Report groups and users. Other users can only use these screens to look at and edit their user settings, including their password. The screens are the same except where noted below.

  • Page 578: Group > Add/Edit Group Screen

    This field displays the type of the user group. • Super displays if the group has read/write/execute permissions for all Vantage Report screens. • Normal displays if the group has read/write permissions for the Monitor, Report and Logs > Log Reviewer screens.

  • Page 579: Account Screen

    Click this to return to the previous screen without saving any changes. 15.2 Account Screen Use the Account screen to manage user accounts for Vantage Report. Click User Management > Account to open the Account screen. Figure 280 User Management > Account...

  • Page 580: Account > Add/Edit User Account Screen

    Click this to delete the user accounts that are selected in Index field. If a user is currently logged in, the user is kicked out of the system the next time the session accesses the Vantage Report server. 15.2.1 Account > Add/Edit User Account Screen Use this screen to add or edit a user account.
  • Page 581 Apply Click this to save your settings and close the screen. Reset Click this to change the settings in this screen to the last-saved values. Cancel Click this to close the screen without saving any changes. Vantage Report User’s Guide...
  • Page 582 Chapter 15 User Management Vantage Report User’s Guide...

  • Page 583: Troubleshooting

    H A P T E R Troubleshooting This chapter offers some suggestions to solve problems you might encounter. I cannot start the Vantage Report sever. Make sure the following system variables are defined. PATH=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem Do the following to check these variables in different operating systems.
  • Page 584 Vantage Report server, especially if the Vantage Report server runs behind a NAT or firewall. Check the amount of available disk space on the Vantage Report server. If it is less than the value in...
  • Page 585 • In Firefox, click Tools > Options > Privacy > Cache > Clear Cache Now. • In Mozilla, click Edit > Preferences > Privacy > Cache > Clear. Close your browser and open a new web configurator session. The version number should be updated. Vantage Report User’s Guide...
  • Page 586 Chapter 16 Troubleshooting Vantage Report User’s Guide...

  • Page 587: Appendices And Index

    Appendices and Index Product Specifications (589) ZyWALL USG Series and ZyWALL 1050 Log Descriptions (599) ZyNOS Log Descriptions (645) Open Software Announcements (671) Legal Information (709) Index (711)

  • Page 589: Appendix A Product Specifications

    Maximum number of logs for each device 15,000,000 Warning: Maximum number of logs for each device 10,000,000 Minimum amount of free disk space required to run Vantage Report 800 MB Warning: Minimum amount of free disk space required to run Vantage Per Low free disk Report Mark.
  • Page 590 Get a quick top level summary of activity across devices. You can also easily drill-down to get more details on any area of interest. Select which reports or monitors you want Vantage Report to display first when you login. Customizable Reports Display company logos, record information and edit report titles to match customer accounts.
  • Page 591 Appendix A Product Specifications The following tables list which features Vantage Report supports with various firmware versions of various devices. Table 267 VRPT 3.6 Feature Support for USG Series and ZyWALL 1050 Devices ZYWALL 1050 / ZYWALL USG MENU ITEM 1.01 / 2.00 /...
  • Page 592 Session Per Host Schedule Report Summary Configure Template Logo Template Log Viewer Log Receiver VRPT System Logs Log Archiving Log Remove A. ZyWALL USG series includes ZyWALL 100 / 200 / 300 / 1000 / 2000. Vantage Report User’s Guide...
  • Page 593 Intrusion AntiVirus AntiSpam Report > Traffic Bandwidth Summary Top Protocols Top Hosts Top Users Destinations Top Sites Top Hosts Top Users Top Sites Top Hosts Top Users MAIL Top Sites Top Hosts Top Users Customization Customization Vantage Report User’s Guide...
  • Page 594 Top Hosts Top Users Destinations Remote Access (IPSec) User Status Top Protocols Destinations Top Users Remote Access (SSL) User Status Top Protocols Destinations Applications Top Users Xauth Successful Login Failed Login Report > Network Attack Attack Summary Vantage Report User’s Guide...
  • Page 595 (N/A for ZyWALL P1) Top Senders (N/A for ZyWALL P1) Top Sources (N/A for ZyWALL P1) Report > Security Policy Firewall Access Control Top Users Blocked Top Packets Blocked Application Access Control Applications Blocked Top Users Blocked Vantage Report User’s Guide...
  • Page 596 Login Failed Login Sessions Per Host Top Hosts Top Users Report > Report > Schedule Report Summary Configure Template Logo Template Logs Log Viewer Log Receiver By Day (Summary) By Device VRPT System Logs Log Archiving Vantage Report User’s Guide...
  • Page 597 P1 / 5 / 35 P1 / 5 / 35 P-652 MENU ITEM / 70 / 70 3.63 / 4.00 / 4.01 3.62 4.02 3.64 / 3.40 2.00 / 4.02 3.65 File Archiving Settings View Archived Files Log Remove Vantage Report User’s Guide...
  • Page 598 Appendix A Product Specifications Vantage Report User’s Guide...

  • Page 599: Appendix B Zywall Usg Series And Zywall 1050 Log Descriptions

    %s: website host The device allowed access to a web site. The content filtering %s: Service is not service is unregistered and the default policy is not set to registered block. %s: website host Vantage Report User’s Guide...
  • Page 600 The web site contains Java applet and access was blocked %s: Contains Java according to a profile. applet %s: website host The web site contains a cookie and access was blocked %s: Contains cookie according to a profile. %s: website host Vantage Report User’s Guide...
  • Page 601 The specified user was signed out by the device due to a re- %s %s from %s has been authentication timeout. logged out (re-auth timeout) 1st %s: Administrator|Limited-Admin|User|Ext-User|Guest 2nd %s: username 3rd %s: service name (HTTP/HTTPS, FTP, telnet, SSH, console) NOTE field: %s means username. Vantage Report User’s Guide...
  • Page 602 The device blocked a login because the maximum Failed %s login simultaneous login capacity for the administrator or access attempt (reach the account has already been reached. maximum number of simultaneous logon) %s: service name Vantage Report User’s Guide...
  • Page 603 Standard service activation failed, this log will append an error Standard service message returned by the MyZyXEL.com server. activation has failed:%s. %s: error message returned by the myZyXEL.com server Standard service activation has succeeded. Standard service activation has succeeded. Vantage Report User’s Guide...
  • Page 604 The device sent packets to the MyZyXEL.com server, but did Get server response not receive a response. The root cause may be that the has failed. connection is abnormal. Vantage Report User’s Guide...
  • Page 605 %d: retry times (1~3) The device could not resolve the myZyXEL.com server's FQDN Resolve server IP has to an IP address through gethostbyname(). failed. The device could not connect to the MyZyXEL.com server. Connect to MyZyXEL.com server has failed. Vantage Report User’s Guide...
  • Page 606 MyZyXEL.com server or by the device’s own count. The device only supports SSLv3 protocol. %d: SSL version Unknown TLS/SSL assigned by client. version: %d. Vantage Report User’s Guide...
  • Page 607 System internal error. Get IDP engine activation flag failed. System internal error. Detect IDP engine status failed. Enable IDP engine activation flag failed. System internal error. Enable IDP failed. Disable IDP engine activation flag failed. System internal error.Disable IDP failed. Vantage Report User’s Guide...
  • Page 608 <line>, sid <sid>, <error_message>. Custom signature replacing failed. Error line number of file, Custom signature sid and message will be shown replace error: line <line>, sid <sid>, <error_message>. Vantage Report User’s Guide...
  • Page 609 Signature version: <version>. System internal error. Create IDP debug directory failed. System internal error. Create IDP debug directory failed System internal error. Create IDP statistics entry failed. System internal error. Create IDP statistics entry failed. Vantage Report User’s Guide...
  • Page 610 Application patrol zysh initialization failed. Protocol file import System fatal error: error. 60005001. Application patrol zysh initialization failed. Shared memory System fatal error: failed. 60005002. Application patrol zyio failed. Fail to do zyio operation. System fatal error: 60005017. Vantage Report User’s Guide...
  • Page 611 System fatal error: 60018014. Fail to retrieve user event from uamd. System fatal error: 60018015. Application patrol daemon (process) shared memory generate System fatal error: failed. 60018016. Fail to get share memory. System fatal error: 60018017. Vantage Report User’s Guide...
  • Page 612 Table 276 IKE Logs LOG MESSAGE DESCRIPTION %s:%s is the peer IP:Port. Peer has not announced capability. %s:%s has not announced DPD capability Cannot find SA according to the cookie. [COOKIE] Invalid cookie, no sa found Vantage Report User’s Guide...
  • Page 613 [SA] : Tunnel [%s] was not a ISKAMP packet in the protocol field. Phase 1 invalid protocol %s is the tunnel name. When negotiating Phase-1, the [SA] : Tunnel [%s] transform ID was invalid. Phase 1 invalid transform Vantage Report User’s Guide...
  • Page 614 Could not dial manual dialed. key tunnel "%s" When receiving a DPD response with invalid ID ignored. DPD response with invalid ID When receiving a DPD response with no active query. DPD response with no active request Vantage Report User’s Guide...
  • Page 615 %s is the tunnel name. The device received an IKE request. Tunnel [%s] Recving IKE request %s is the tunnel name. The device sent an IKE request. Tunnel [%s] Sending IKE request Vantage Report User’s Guide...
  • Page 616 Sending IKE request The variables represent the tunnel name and the SPI of a Tunnel [%s:0x%x] is tunnel that was disconnected. disconnected %s is the tunnel name. The tunnel was rekeyed successfully. Tunnel [%s] rekeyed successfully Vantage Report User’s Guide...
  • Page 617 3rd is the to zone, 4th is the service name, 5th is ACCEPT/ DROP/REJECT. Firewall is dead, trace to %s is which file, %d is which line, %s %s:%d: in %s(): is which function %s is enabled/disabled Firewall has been %s. Vantage Report User’s Guide...
  • Page 618 %d is maximum sessions per host. Maximum sessions per host (%d) was exceeded. Table 280 Policy Route Logs LOG MESSAGE DESCRIPTION Policy routing can't activate BWM feature. Cann't open bwm_entries Policy routing can't detect link up/down status. Cann't open link_down Vantage Report User’s Guide...
  • Page 619 1st %d: the original policy route rule number 2nd %d: the new policy route rule number Rule is deleted. Policy-route rule %d was deleted. %d: the policy route rule number Policy routing rules are cleared. Policy-route rules were flushed. Vantage Report User’s Guide...
  • Page 620 FTP port has been changed to port %s. %s is port number assigned by user An administrator changed the port number for FTP back to the FTP port has been default (21). changed to default port. Vantage Report User’s Guide...
  • Page 621 An administrator added a new rule. DNS access control rule %u of DNS has %u is rule number been appended. An administrator inserted a new rule. DNS access control rule %u has been %u is rule number inserted. Vantage Report User’s Guide...
  • Page 622 32. The maximum number of allowable rules has been reached. Access control rules of %s have reached the %s is HTTP/HTTPS/SSH/SNMP/FTP/TELNET. maximum number of %u %u is the maximum number of access control rules. Vantage Report User’s Guide...
  • Page 623 A daemon (process) is gone (was killed by the operating %s is dead at %s system). 1st %s: Daemon Name, 2nd %s: date+time The count of the listed process is incorrect. %s process count is incorrect at %s 1st %s: Daemon Name, 2nd %s: date+time Vantage Report User’s Guide...
  • Page 624 IP address. arp response packets for the requested IP address The ARP cache was cleared successfully. Clear arp cache successfully. A client MAC address is not an Ethernet address. Client MAC address is not an Ethernet address Vantage Report User’s Guide...
  • Page 625 2nd %s is the FQDN of the profile. has failed because the FQDN %s was blocked for abuse. Try to update profile, but failed, because of authentication fail, Update the profile %s %s is the profile name. has failed because of authentication fail. Vantage Report User’s Guide...
  • Page 626 The profile is paused by device-HA, because the VRRP status The profile %s has of that iface is standby, %s is the profile name. been paused because the VRRP status of WAN interface was standby. Vantage Report User’s Guide...
  • Page 627 Disable DDNS. Disable DDNS has succeeded. Enable DDNS. Enable DDNS has succeeded. Rename DDNS profile, 1st %s is the original profile name, 2nd DDNS profile %s has %s is the new profile name. been renamed as %s. Vantage Report User’s Guide...
  • Page 628 %s: the connectivity module, currently only ICMP available. The connectivity check process can't get socket to send Create socket error packet. The connectivity check process can't get IP address of Can't get IP address interface. of %s interface %s: interface name. Vantage Report User’s Guide...
  • Page 629 An VRRP group has been modified, %s: the name of VRRP Device HA VRRP group group. %s has been modified. An VRRP group has been deleted, %s: the name of VRRP Device HA VRRP group group. %s has been deleted. Vantage Report User’s Guide...
  • Page 630 Master. A Backup device only version can not be synchronizes from the Master if the Master and the Backup recognized. Stop have the same firmware versions. syncing from Master. Vantage Report User’s Guide...
  • Page 631 %s has succeeded. %s: IP or FQDN of Master One of VRRP groups has became active. Device HA Sync has aborted from Master %s. Master configuration file does not exist. Skip updating ZySH Startup Configuration. Vantage Report User’s Guide...
  • Page 632 RIP md5 authentication id and key have been changed. RIP md5 authentication id and key have been changed. RIP global version has been changed to version 1 or 2. RIP global version has been changed to %s. Vantage Report User’s Guide...
  • Page 633 %s. 1st %s: Interface Name, 2nd %s: RIP interface %s has been reset to current global version %s. RIP v2-broadcast on interface %s has been disabled. %s: RIP v2-broadcast on Interface Name interface %s has been disabled. Vantage Report User’s Guide...
  • Page 634 The FTP Application Layer Gateway (ALG) has been turned on %s FTP ALG has or off. succeeded. %s: Enable or Disable Extra FTP ALG port has been changed. Extra signal port of FTP ALG has been modified. Vantage Report User’s Guide...
  • Page 635 X509certifiate "%s" successfully The router was not able to create an X509 format certificate Generate X509 with the specified name. See Table 256 on page 637 certificate "%s" details about the error number. failed, errno %d Vantage Report User’s Guide...
  • Page 636 Certificates. %s is the certificate request name. certificate "%s" into "My Certificate" successfully The device imported a PKCS#7 format certificate into My Import PKCS#7 Certificates. %s is the certificate request name. certificate "%s" into "My Certificate" successfully Vantage Report User’s Guide...
  • Page 637 Table 256 on page 637), %s is the Due to %d, cert not certificate subject. trusted: %s CODE DESCRIPTION Algorithm mismatch between the certificate and the search constraints. Key usage mismatch between the certificate and the search constraints. Vantage Report User’s Guide...
  • Page 638 AUX Interface dialing not enabled. failed. This AUX interface is not enabled. The AUX interface is not enabled and a user tried to use the AUX Interface disconnect aux command. disconnecting failed. This AUX interface is not enabled. Vantage Report User’s Guide...
  • Page 639 At this time the configuration will be down. Default route saved but route will not take effect until the link becomes will not apply until up.1st %s: interface name, 2nd %s: interface name. interface %s links up. Vantage Report User’s Guide...
  • Page 640 PAP authentication failed (the server must support PAP and Interface %s connect verify verify that the authentication failed, this does not failed: PAP include cases where the server does not support PAP). %s: authentication failed. PPP interface name. Vantage Report User’s Guide...
  • Page 641 DHCP client and has more than one member in its client. group. In this case the DHCP client will renew. %s: interface name. An administrator configured port-grouping, %s: interface Port Grouping %s has name. been changed. Vantage Report User’s Guide...
  • Page 642 Resetting system... After the system reset, it started to apply the configuration System resetted. Now file. apply %s.. %s is configuration file name. An administrator ran the listed shell script. Running %s... %s is script file name. Vantage Report User’s Guide...
  • Page 643 Operating System. A user’s computer failed to pass an EPS checking item about Windows version check the Windows version. fail in %s A user’s computer passed all the EPS checking items. EPS checking result is pass. Vantage Report User’s Guide...
  • Page 644 Appendix B ZyWALL USG Series and ZyWALL 1050 Log Descriptions Vantage Report User’s Guide...

  • Page 645: Appendix C Zynos Log Descriptions

    Time initialized by Time server The router got the time and date from the NTP server. Time initialized by NTP server The router was not able to connect to the Daytime Connect to Daytime server server. fail Vantage Report User’s Guide...
  • Page 646 The myZyXEL.com service registration failed due to the error listed. If you are unable to register for services at myZYXEL.com, the error message displayed in this log may be useful when contacting customer support. Vantage Report User’s Guide...
  • Page 647 [ TCP | UDP | IGMP | ESP | GRE | OSPF ] The router blocked a packet that didn't have a Packet without a NAT table entry corresponding NAT table entry. blocked: [ TCP | UDP | IGMP | ESP | GRE | OSPF ] Vantage Report User’s Guide...
  • Page 648 UDP idle timeout: 3 minutes TCP connection (three way handshaking) timeout: 270 seconds TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in the TCP header). TCP idle (established) timeout (s): 150 minutes TCP reset timeout: 10 seconds Vantage Report User’s Guide...
  • Page 649 The firewall does not support this kind of ICMP Unsupported/out-of-order ICMP: packets or the ICMP packets are out of order. ICMP The router sent an ICMP reply packet to the Router reply ICMP packet: ICMP sender. Vantage Report User’s Guide...
  • Page 650 The PPP connection’s Link Control Protocol stage is closing. ppp:LCP Closing The PPP connection’s Internet Protocol Control Protocol stage is ppp:IPCP Closing closing. Table 302 UPnP Logs LOG MESSAGE DESCRIPTION UPnP packets can pass through the firewall. UPnP pass through Firewall Vantage Report User’s Guide...
  • Page 651 The Vantage Report cannot get the IP address of the external DNS resolving failed content filtering via DNS query. Creating socket failed The Vantage Report cannot issue a query because TCP/IP socket creation failed, port:port number. The connection to the external content filtering server failed.
  • Page 652 ICMP Time Exceed ICMP The firewall detected an ICMP Destination Unreachable ICMP Destination attack. Unreachable ICMP The firewall detected an ICMP ping of death attack. ping of death. ICMP The firewall detected an ICMP smurf attack. smurf ICMP Vantage Report User’s Guide...
  • Page 653 The MAC filter blocked a wireless station from connecting WLAN MAC Filter Fail to the device. The MAC filter allowed a wireless station to connect to WLAN MAC Filter Success the device. A wireless station associated with the device. WLAN STA Association Vantage Report User’s Guide...
  • Page 654 2 SAs has been exceeded reached. Phase 2 Quick Mode has started. Start Phase 2: Quick Mode The connection failed during IKE phase 2 because the Verifying Remote ID failed: router and the peer’s Local/Remote Addresses don’t match. Vantage Report User’s Guide...
  • Page 655 Mode request from <IP> The router started negotiation with the peer. Send <Main or Aggressive> Mode request to <IP> The peer’s “Local IP Address” is invalid. Invalid IP <Peer local> / <Peer local> Vantage Report User’s Guide...
  • Page 656 Rule[%d] Phase 1 negotiation match between the router and the peer. mode mismatch The listed rule’s IKE phase 1 encryption algorithm did Rule [%d] Phase 1 encryption not match between the router and the peer. algorithm mismatch Vantage Report User’s Guide...
  • Page 657 The listed rule’s IKE phase 1 did not match between Rule [%d] phase 1 mismatch the router and the peer. The listed rule’s IKE phase 2 did not match between Rule [%d] phase 2 mismatch the router and the peer. Vantage Report User’s Guide...
  • Page 658 IP [%s] is changed to %s" address. The IP address for the domain name of the Vantage New My Vantage Report Addr in Report in the listed rule changed to the listed IP rule [%s] is changed to %s address.
  • Page 659 Certificate was not added to the cache. Certificate decoding failed. Certificate was not found (anywhere). Certificate chain looped (did not find trusted root). Certificate contains critical extension that was not handled. Certificate issuer was not valid (CA specific information missing). Vantage Report User’s Guide...
  • Page 660 The router logged out a user from which there was User logout because of no no authentication response. authentication response from user. The router logged out a user whose idle timeout User logout because of idle period expired. timeout expired. Vantage Report User’s Guide...
  • Page 661 (L to L/ZW) LAN to LAN/ ACL set for packets travelling from the LAN to the Vantage Report LAN or the Vantage Report. (W to W/ZW) WAN to WAN/ ACL set for packets travelling from the WAN to the Vantage Report WAN or the Vantage Report.
  • Page 662 ACL set for packets travelling from the WLAN to the DMZ. (WL to WL) WLAN to WLAN/ ACL set for packets travelling from the WLAN to Vantage Report the WLAN or the Vantage Report. Table 312 ICMP Notes TYPE CODE DESCRIPTION Echo Reply...
  • Page 663 The device attempted to check for the latest available signature Check signature version. %s gives details. Either the check was unsuccessful due version - %s. to the server being busy or the device is already using the latest available firmware. Vantage Report User’s Guide...
  • Page 664 Internet. %s describes the reason for the error. You may need to update - %s! provide the error message when contacting customer support if you are repeatedly unable to download the signature file from the update server. Vantage Report User’s Guide...
  • Page 665 Spam Score:%d Mail than or equal to the spam score threshold. From:%EMAIL_ADDRESS% Subject:%MAIL_SUBJECT%!%MAIL_DIRECTIO The number of concurrent mail sessions Exceed maximum mail sessions went over the limit (%d). (%d).%MAIL_DIRECTION% Vantage Report User’s Guide...
  • Page 666 (D to D) (D to W2) (D to WL) WAN2 (W2 to L) (W2 to (W2 to D) (W2 to W2) (W2 to WLAN (WL to L) (WL to (WL to D) (WL to W2) (WL to Vantage Report User’s Guide...
  • Page 667 "Traffic Log". The "proto" field lists the service msg="Traffic Log" name. The "dir" field lists the incoming and outgoing note="Traffic Log" devID="<mac interfaces ("LAN:LAN", "LAN:WAN", "LAN:DMZ", address>" cat="Traffic Log" "LAN:DEV" for example). duration=seconds sent=sentBytes rcvd=receiveBytes dir="<from:to>" protoID=IPProtocolID proto="serviceName" trans="IPSec/Normal" Vantage Report User’s Guide...
  • Page 668 The definition of dst="<dstIP:dstPort>" messages and notes are defined in the IDP ob="<0|1>" ob_mac="<mac categories. address>" msg="<msg>" note="<note>" devID="<mac address>" cat="IDP" class="<idp class>" act="<idp action>" sid="<idp sid> count="1" Vantage Report User’s Guide...
  • Page 669 Please refer to the RFC for detailed information on each type. Table 319 RFC-2408 ISAKMP Payload Types LOG DISPLAY PAYLOAD TYPE Security Association Proposal PROP Transform TRANS Key Exchange Identification Certificate Certificate Request CER_REQ Hash HASH Signature Nonce NONCE Notification NOTFY Delete Vendor ID Vantage Report User’s Guide...
  • Page 670 Appendix C ZyNOS Log Descriptions Vantage Report User’s Guide...

  • Page 671: Appendix D Open Software Announcements

    Free Software Foundation's software and to any other program whose authors commit to using it.(Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. Vantage Report User’s Guide...
  • Page 672 To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. Vantage Report User’s Guide...
  • Page 673 Section 1 above, provided that you also meet all of these conditions: a. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. Vantage Report User’s Guide...
  • Page 674 3.You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: Vantage Report User’s Guide...
  • Page 675 Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. Vantage Report User’s Guide...
  • Page 676 Vantage Report User’s Guide...
  • Page 677 WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/ OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, Vantage Report User’s Guide...
  • Page 678 "copyright" line and a pointer to where the full notice is found. ONE LINE TO GIVE THE PROGRAM'S NAME AND A BRIEF IDEA OF WHAT IT DOES. Copyright (C) YYYY NAME OF AUTHOR Vantage Report User’s Guide...
  • Page 679 You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Vantage Report User’s Guide...
  • Page 680 The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. Vantage Report User’s Guide...
  • Page 681 Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Vantage Report User’s Guide...
  • Page 682 For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/ Linux operating system. Vantage Report User’s Guide...
  • Page 683 For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Vantage Report User’s Guide...
  • Page 684 You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. Vantage Report User’s Guide...
  • Page 685 General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Vantage Report User’s Guide...
  • Page 686 When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if Vantage Report User’s Guide...
  • Page 687 Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) Vantage Report User’s Guide...
  • Page 688 7. You may place library facilities that are a work based on the Library side-by- side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate Vantage Report User’s Guide...
  • Page 689 (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations Vantage Report User’s Guide...
  • Page 690 Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you Vantage Report User’s Guide...
  • Page 691 RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Vantage Report User’s Guide...
  • Page 692 You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. Vantage Report User’s Guide...
  • Page 693 SELECT THE "DECLINE" BUTTON AT THE BOTTOM OF THE AGREEMENT AND THE DOWNLOAD OR INSTALL PROCESS WILL NOT CONTINUE. 1. DEFINITIONS. "Software" means the identified above in binary form, any other machine readable materials (including, but not limited to, libraries, source files, Vantage Report User’s Guide...
  • Page 694 This limited warranty gives you specific legal rights. You may have others, which vary from state to state. 5. DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A Vantage Report User’s Guide...
  • Page 695 ("Sun Marks"), and you agree to comply with the Sun Trademark and Logo Usage Requirements currently located at http://www.sun.com/policies/trademarks. Any use you make of the Sun Marks inures to Sun's benefit. Vantage Report User’s Guide...
  • Page 696 Binary Code License Agreement. These Supplemental Terms shall supersede any inconsistent or conflicting terms in the Binary Code License Agreement, or in any license contained within the Software. Vantage Report User’s Guide...
  • Page 697 Agreement, (vi) you agree to defend and indemnify Sun and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that Vantage Report User’s Guide...
  • Page 698 Software and/or the Publication. Your obligation to provide indemnification under this section shall arise provided that Sun: (i) provides you prompt notice of the claim; (ii) gives you sole control of the defense and Vantage Report User’s Guide...
  • Page 699 All source code, binaries, documentation and other files distributed with Quartz Enterprise Job Scheduler are subject to the following license terms, and are held under the following copyright, unless otherwise noted within the individual files. Copyright James House (c) 2001-2004 Vantage Report User’s Guide...
  • Page 700 This product uses and includes within its distribution, software developed by the Apache Software Foundation (http://www.apache.org/) This Product includes Stuts and Tomcat under Apache License Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION Vantage Report User’s Guide...
  • Page 701 "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). Vantage Report User’s Guide...
  • Page 702 Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution Vantage Report User’s Guide...
  • Page 703 Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. Vantage Report User’s Guide...
  • Page 704 License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Vantage Report User’s Guide...
  • Page 705 GPL, LGPL, Sun Microsystems, Inc. Binary Code License, Quarz License and Apache License. To obtain the source code covered under those Licenses, please contact ZyXEL Communications Corporation at: ZyXEL Technical Support. This source code is free to download at http://www.zyxel.com End-User License Agreement for “Vantage VRPT 3.4”...
  • Page 706 Software, and to use reasonable best efforts to ensure their compliance with such terms and conditions, including, without limitation, not knowingly permitting such persons to use any portion of the Software for the purpose of deriving the source code of the Software. Vantage Report User’s Guide...
  • Page 707 LAWS, REGULATIONS, ORDERS, OR OTHER RESTRICTIONS ON THE EXPORT OF THE SOFTWARE OR INFORMATION ABOUT SUCH SOFTWARE WHICH MAY BE IMPOSED FROM TIME TO TIME. YOU SHALL NOT EXPORT THE SOFTWARE, DOCUMENTATION OR INFORMATION ABOUT THE SOFTWARE AND Vantage Report User’s Guide...
  • Page 708 If any part of this License Agreement is found invalid or unenforceable by a court of competent jurisdiction, the remainder of this License Agreement shall be interpreted so as to reasonably effect the intention of the parties. Vantage Report User’s Guide...

  • Page 709: Appendix E Legal Information

    ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation. All rights reserved. Note: Refer also to the Open Software Announcements on page 671.
  • Page 710 Please read the license screen in the installation wizard. You must accept the terms of the license in order to install Vantage. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com North American products. Vantage Report User’s Guide...

  • Page 711: Index

    VPN traffic editing device basic information outgoing VPN traffic editing folder information remote user export remote VPN user moving device ZLD-based ZyXEL devices refresh ZyNOS-based ZyXEL devices removing device configuration removing folder backup Vantage Report User’s Guide...
  • Page 712 EPS. monitors signatures IPSec Secure Remote Access events dynamic tunnel statistical reports Xauth failed login 445, 501 JavaScript features firmware platform versions folder license key 22, 558 edit folder information license version remove Vantage Report User’s Guide...
  • Page 713 CPU usage platform E-Mail anti-spam E-Mail anti-virus port number E-Mail intrusions port usage end time monitors graph print icon interface usage printing intrusions monitors Vantage Report User’s Guide...
  • Page 714 522, 523 processing time weekly right-click Secure Remote Access settings IPSec table Site-to-Site title typical layout security issues web security anti-virus E-Mail web traffic Vantage Report User’s Guide...
  • Page 715 See configuration. system information summary e-mail port number system notification processing time low free disk mark setting source data starting stopping time Vantage Report users. See users. templates 522, 523 version time license clock time full processing time upgrade title bar...
  • Page 716 ZyXEL device corresponding configuration device type setting edit basic information feature support MAC setting 40, 53 model name move remove searching device select source data, see source data. view basic information ZyXEL devices in typical application Vantage Report User’s Guide...

This manual is also suitable for:

Vantage report 3.0Vantage report 2.3

Table of Contents