Network Activity

The Network Activity screen provides a real-time view of all traffic events in your environment—both allowed and blocked. It helps you detect suspicious behavior, troubleshoot network issues, and understand how your infrastructure is being used.

📍 To access this screen, go to Insights → Network Activity → Firewall


Traffic Logs

The Traffic tab shows log-level entries for every traffic event evaluated by your firewall rules. Each row reflects a specific rule match, giving you granular visibility into connections and policy enforcement.

FieldDescription
DateTimestamp of when the traffic event occurred
SourceOriginating IP address
Source PortPort used by the source
DestinationTarget IP address
Destination PortPort used on the destination
ProtocolCommunication protocol (e.g., TCP, UDP)
SiteThe site where the traffic was logged
ActionWhether the traffic was Allowed or Denied
Rule IDThe rule that triggered this log

Traffic Details

Hover the info icon (🛈) at the end of each row to open a detailed panel.

Details include:

  • Source IP, port, user, and team (if available)
  • Destination IP and port
  • Data size transferred
  • Site of observation
  • Rule ID and matched conditions

These insights help answer questions like:

Why was this traffic blocked?

Who attempted the connection?

📤 Export Traffic Logs

Click Export to download the current table view as a CSV file.

Applied filters and sorting are reflected in the export.


🆕 Flow Logs (NEW)

The Flows tab is a new feature introduced in this version, offering a deeper layer of visibility by analyzing full session-based connections—not just rule matches.

This feature is available only on gateways where Application Filter is enabled. It allows you to monitor real-time connections, identify risky or unknown applications, and understand bandwidth usage across ongoing sessions.

Why This Matters

Unlike traditional logs that record single events, Flow Logs track the entire lifecycle of a connection—from initiation to closure—while enriching each flow with:

  • Application Detection
  • Application Category
  • Risk Score Evaluation

This is especially valuable for detecting encrypted, unknown, or non-domain-based traffic that may bypass classic rule logic.

FieldDescription
DateStart time of the connection
DurationLength of the session
SourceIP that initiated the connection
Source PortPort used by the source
DestinationTarget IP address
Destination PortPort on the destination
ApplicationDetected application
CategoryApplication group (e.g., Business, Streaming)
SiteThe site observing the flow
ProtocolCommunication protocol
StateActive, Expired, or Closed
Risk ScoreNone, Low, Medium, High, Severe, Critical, Emergency

Flow Details

Hover over the info icon (🛈) to view detailed attributes for a flow:

  • Source and destination IPs/ports
  • Bytes Sent / Received
  • Packets Sent / Received
  • Detected user and team (if available)

📤 Export Flow Logs

Click Export to download the current table view as a CSV file.

Applied filters and sorting are reflected in the export.

Flow visibility gives you actionable insights into live or recent activity—making it easier to detect bandwidth abuse, malware behavior, or unauthorized app usage.

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.