Exploring the SD‑WAN Monitor tab

The Services subtab is a quick way to get information from a branch FlexVNF without having to sign in to the CLI and run a command. This is useful for an operations teams to track down an issue as well as for daily operational tasks—including looking at traffic flows or seeing the health of IPSec tunnels. The items shown on the Services subtab fall under two categories: Services and Networking.

• Aggregate Traffic—From the branch you are on to another branch or a controller, you can look at the aggregate amount of traffic that has traversed over the encrypted or plain-text tunnels.

• Forwarding Profiles—The screen displays the forwarding profile statistics. The data includes the profile name, hit count, valid link drop count, SLA fail drop count, SLA fail forward count, and turn redirect count.

• Access Circuits—From the branch you are on to another branch or a controller, you can look at each transport and see how much data has traversed over the plain-text or encrypted tunnels.

• Policies—How many times a policy has been hit and the transmit and receive bytes/packets.

• Sessions—Active number of SD-WAN sessions going through the local FlexVNF. Clicking the eye icon lets you search for SD-WAN sessions by supplying any one of the following criteria to search for:
  
  
  • Source IP address/prefix
  • Source port
  • Destination IP address/prefix
  • Destination port
  • Protocol
  • Predefined application
  • Predefined URL category

• Sites—All the SD-WAN sites this specific branch has connectivity to.

• SLA Paths—From the branch you are on to another branch or a controller, you can look at what the current SLA paths by forwarding class to see if they are up, the last time they flapped and if adaptive monitoring is active or not.

• SLA Metrics—From the branch you are on to another branch or a controller, what the current SLA metrics are between the devices.

• Antivirus—select the antivirus type, for example User Defined Profile, from the list. Select the scanning profile from the list. Select the profile type from the list.

• Decryption—shows the decryption filter, with the following choices.
  
  • Global—displays all the decryption data within the associated organization.
    
  • Profile—displays the decryption data associated with user-defined profiles.
    
  • Policy—displays the decryption data associated with user-defined policies.
    

• DDoS—shows the DDoS policy details.

• IP Filtering—shows predefined or user-defined IP filtering policies.

• Policy—shows the hit count, forward packet/byte count, reverse packet/byte count, hit rate, and inactive session count for configured NGFW rules.

• Security Packages—security package details. The details include the installation date, version, flavor, release date, update type, and installation status.

• Sessions—Refers to vulnerable sessions during the current system up time.

• URL Filtering—shows URL filtering for the following:
  
  • Profile—Displays URL traffic data associated with user-defined profiles.
    
  • Global—Displays URL statistics based on the total URL traffic in an organization.
    
  • User Category Predefined—The Security Administrator can apply various types of policies based on the predefined URL categories.
    
  • User Category User-defined—The Security Administrator can create user-defined URL category objects for certain URLs and override predefined URL categorization values.
    
  • URL Reputation Predefined—The Security Administrator can filter websites based on their predefined reputation values.
    
  • URL Reputation User-defined—The Security Administrator can define URL reputation values and filter websites.

• Vulnerability—select the type of vulnerability profile from the list to view details:
  
  
  • User Defined—refers to profiles as defined by an administrator.
  • Pre Defined—refers to system-defined profiles.

• Vulnerability Signature—lets the administrator look into a profile/rule to see what vulnerabilities it is protecting against. Clicking view shows you what signature ID is associated with the policy.

• Zone Protection—shows the statistics of zone protection profiles.

• Sessions—NGFW session details. The details include the total number of NGFW sessions, number of sessions created, number of sessions closed, total number of NAT sessions, number of NAT sessions created, number of NAT sessions closed, and number of NAT sessions failed.

• Pools—configured pool usage.

• Rules—hit count, forward packet/byte count, and reverse packet/byte count for configured rules.

• Sessions—NAT sessions created. Clicking on the eyeball, lets you search for CGNAT sessions by supplying any one of the following criteria to search for:
  
  
  • source IP address/prefix
  • source port
  • destination IP address/prefix
  • destination port
  • protocol
  • predefined application
  • predefined URL category

• Branch to Branch—connection details from a IPSEC Profile view.
  

• IKE History—IKE history from an IPsec Profile view.
  

• IKE Security Associations—IKE SA details from an IPsec Profile view.
  

• IPsec History—IPsec History IPsec Profile view.
  

• IPsec Security Associations—IPsec SA details from an IPsec Profile view.
  

• Overview—the IPsec details of the local FlexVNF.
  

• Profile Statistics—profile statistics from the local FlexVNF based on a IPsec Profile view.

Allows you to look at any session tables for SDWAN, CGNAT, and NFGW and to search across all session tables.

• Interfaces—the WAN and LAN interface statistics with respect to the organization associated with the device. The table displays the latest cumulative values at the time of polling after the interface is activated, unless a clear operation is performed. The PPS (packets per second) and BPS (bits per second) counters average out over a maximum of 30 seconds. The PPS and BPS numbers represent the observable rate of a stable flow. For example, if the traffic drops to zero at the 20th second, the value of these averages will drop to zero as well, and will not use the values of the first 20 seconds to calculate the rate.

Click the eyeball to view the configured IP address, VRF, interface status, and type.

• Routes—show either IPv4 or IPv6 routes from a specific routing instance.

• BGP—show BGP neighbor adjacencies from a specific routing instance.

• OSPF—show OSPF neighbor adjacencies from a specific routing instance.

• OSPFv3—show OSPFv3 neighbor adjacencies from a specific routing instance.

Interfaces view

Neighbor view

• BFD—show BFD adjacencies from a specific routing instance.

• DHCP—show DHCP active leases, lease history, and statistics.

Active Leases

Lease History

Statistics

• CoS—shows the following:

App QoS Policies—layer 2–7 QoS policies and their hit count, forward packets/bytes, dropped packets/bytes.

Interfaces—shows the CoS interface details. The details include the transmitted and received packets, number of transmitted packets per second, number of transmitted packets dropped, number of received packets per second, number of received packets dropped, number of transmitted bytes per second, and the number of bytes dropped in transmission.

QoS Policies—layer 2–4 QoS policies and their hit count, forward packets/bytes, dropped packets/bytes.

• VRRP—shows details of VRRP master/slave, configured priority, VIP address.

• Log Export Functionality (LEF)—shows the status and statistics of configured LEF devices and groups:

Collector Groups (showing status)

Collectors (showing status)

Collectors (showing statistics)

• ARP—shows ARP information for a routing instance.

• IP SLA—shows state, address, routing instance, interval and threshold for configured IP SLA.