The Network Activity screen provides a real-time view of all traffic events in your environment—both allowed and blocked. It helps you detect suspicious behavior, troubleshoot network issues, and understand how your infrastructure is being used.
📍 To access this screen, go to Insights → Network Activity → Firewall
Traffic Logs
The Traffic tab shows log-level entries for every traffic event evaluated by your firewall rules. Each row reflects a specific rule match, giving you granular visibility into connections and policy enforcement.
| Field | Description |
|---|---|
| Date | Timestamp of when the traffic event occurred |
| Source | Originating IP address |
| Source Port | Port used by the source |
| Destination | Target IP address |
| Destination Port | Port used on the destination |
| Protocol | Communication protocol (e.g., TCP, UDP) |
| Site | The site where the traffic was logged |
| Action | Whether the traffic was Allowed or Denied |
| Rule ID | The rule that triggered this log |
Traffic Details
Hover the info icon (🛈) at the end of each row to open a detailed panel.
Details include:
- Source IP, port, user, and team (if available)
- Destination IP and port
- Data size transferred
- Site of observation
- Rule ID and matched conditions
These insights help answer questions like:
• Why was this traffic blocked?
• Who attempted the connection?
📤 Export Traffic Logs
Click Export to download the current table view as a CSV file.
Applied filters and sorting are reflected in the export.
🆕 Flow Logs (NEW)
The Flows tab is a new feature introduced in this version, offering a deeper layer of visibility by analyzing full session-based connections—not just rule matches.
This feature is available only on gateways where Application Filter is enabled. It allows you to monitor real-time connections, identify risky or unknown applications, and understand bandwidth usage across ongoing sessions.
Why This Matters
Unlike traditional logs that record single events, Flow Logs track the entire lifecycle of a connection—from initiation to closure—while enriching each flow with:
- Application Detection
- Application Category
- Risk Score Evaluation
This is especially valuable for detecting encrypted, unknown, or non-domain-based traffic that may bypass classic rule logic.
| Field | Description |
|---|---|
| Date | Start time of the connection |
| Duration | Length of the session |
| Source | IP that initiated the connection |
| Source Port | Port used by the source |
| Destination | Target IP address |
| Destination Port | Port on the destination |
| Application | Detected application |
| Category | Application group (e.g., Business, Streaming) |
| Site | The site observing the flow |
| Protocol | Communication protocol |
| State | Active, Expired, or Closed |
| Risk Score | None, Low, Medium, High, Severe, Critical, Emergency |
Flow Details
Hover over the info icon (🛈) to view detailed attributes for a flow:
- Source and destination IPs/ports
- Bytes Sent / Received
- Packets Sent / Received
- Detected user and team (if available)
📤 Export Flow Logs
Click Export to download the current table view as a CSV file.
Applied filters and sorting are reflected in the export.
Flow visibility gives you actionable insights into live or recent activity—making it easier to detect bandwidth abuse, malware behavior, or unauthorized app usage.
Updated
Comments
0 comments
Please sign in to leave a comment.