Skip to main content
Versa Networks

Monitor Device Services

Versa-logo-release-icon.pngFor supported software information, click here.

To monitor device services that are running on a Versa Operating SystemTM (VOSTM) device:

  1. In Director view:
    1. Select the Configuration tab in the top menu bar.
    2. Select Devices > Devices in the horizontal menu bar.
    3. Select a device in the main pane. The view changes to Appliance view.
  2. Select the Monitor tab in the top menu bar.
  3. Select the provider organization in the left menu bar.
  4. Select the Services tab in the horizontal menu bar.

    t19.png

The Services tab has the following sections:

  • Networking
  • Services

This article describes the Services sections on the Services tab.

Services > SD-WAN

Click the SD-WAN tab. This tab displays the following tabs:

  • Aggregate Traffic
  • Application Metrics
  • Forwarding Profiles
  • Policies
  • Sessions
  • Sites
  • SLA End-to-End Paths
  • SLA Metrics
  • SLA Paths
  • Transport Paths

Aggregate Traffic

Click SD-WAN > Aggregate Traffic and then select a Controller or branch device to view its aggregate traffic and the incoming and outgoing bytes and packets.

Monitor-Services-aggregate-traffic-tab.png

Application Metrics

Click SD-WAN > Application Metrics to display application metrics.

Forwarding Profiles

A forwarding profile determines the traffic path based on real-time SLA performance of traffic. The profile defines the properties of WAN circuits to be selected for traffic. It defines properties, such as the load balancing method to be used for traffic, priority of circuits, circuit type (broadband or MPLS), circuit media, and other associated attributes.

Click SD-WAN > Forwarding Profiles to displays the forwarding profile statistics. The data includes the profile name, hit count, valid link drop count, SLA fail drop count, SLA fail forward count, and turn redirect count.

Monitor-Services-forwarding-profiles-tab.png

Click a policy name to view its configuration in CLI format.

Monitor-Services-forwarding-profiles-tab-CLI.png

Policies

Click SD-WAN > Policies and then select a policy to view statistics about SD-WAN policies.

SD-WAN-Policies.png

Click the eye-icon.png Eye icon to view details.

SD-WAN-policies-details.png

Click a rule name to view its configuration in CLI format.

SD-WAN-policies-cli.png

Sessions

Click SD-WAN > Sessions to displays SD-WAN session details, including the total number of SD-WAN sessions, number of sessions created, and the number of sessions closed.

2 (1).png

Click the eye-icon.png Eye icon to view the filter session data.

sessionfilter.png

Sites

Click SD-WAN > Sites to display details about SD-WAN sites.

Monitor-Services-sites-tab.png

Click the eye-icon.png
Monitor-Services-sites-tab-details.png

SLA End-to-End Paths

Click SD-WAN > SLA End-to-End Paths.

SLA Metrics

Click SD-WAN > SLA Metrics to display SLA metrics.

5 (1).png

SLA Paths

Click SD-WAN > SLA Paths to display SLA path status, including local site name, remote site name, local/remote WAN link names, forwarding class names, and connectivity status.

6 (2).png

Transport Paths

Click SD-WAN > Transport Paths to display the amount of data that has been sent from a source to a destination.

7 (2).png

Services > CGNAT

CGNAT is a large-scale NAT that translates multiple private IPv4 addresses to a limited number public IPv4 addresses using Network Address and Port Translation (NAPT). In CGNAT, only port translation of source address is required for packets communicating from the network to outside. Port translation of destination address is not implemented.

CGNAT can replace NAT devices in enterprise networks. Using CGNAT, you can deliver seamless IPv4 connectivity even while using limited public addresses. You can define private IPv4 address in your network and use Versa CGNAT to manage address translation to the public IPv4 addresses.

Click the CGNAT tab. This tab has the following tabs:

  • Rules
  • Pools
  • Sessions

Rules

Click CGNAT > Rules to display information about CGNAT rules.

Monitor-Services-CGNAT-rules-tab.png

Click a rule name view its configuration.

Pools

Click CGNAT > Pools to display pool details.

Monitor-Services-CGNAT-pools-tab.png

Click a pool name to view its configuration.

Sessions

Click CGNAT > Sessions to display NAT session details.

Monitor-Services-CGNAT-sessions-tab.png

Click the eye-icon.png Eye icon to filter sessions.

session-filter.png

Services > IPsec

The Internet Protocol Security (IPsec) is a set of protocols that secure communications over IP networks by deploying cryptographic encryption services. IPsec provides the following security services:

  • Authenticity
  • Integrity
  • Confidentiality
  • Replay protection

Click the IPsec tab. This tab displays the following tabs:

  • Branch to Branch
  • IKE History
  • IKE Security Association
  • IPsec History
  • IPsec Security Association
  • Overview
  • Profile Statistics

IPsec Branch to Branch

Click IPsec > Branch to Branch and select an entity to view connection details.

Monitor-Services-IPSEC-branch-to-branch-tab.png

Click the eye-icon.png Eye icon to view details.

Monitor-Services-IPSEC-branch-to-branch-tab-details.png

IKE History

Click IPsec > IKE History and then select an entity to view its IKE history.

Monitor-Services-IPSEC-IKE-history-tab.png

Click the eye-icon.png Eye icon to view details.

Monitor-Services-IPSEC-IPsec-history-details-tab.png

IKE Security Association

Click IPsec > IKE Security Association and then select an entity to view its IKE security details.

Monitor-Services-IPSEC-IKE-security-association-tab.png

Click the eye-icon.png Eye icon to view details.

Monitor-Services-IPSEC-IKE-security-association-tab-details.png

IPsec History

Click IPsec > IPsec History and thenelect an entity to view its IPSEC history details.

Monitor-Services-IPSEC-IPsec-history-tab.png

Click the eye-icon.png Eye icon to view details.

IPSec-History-details.png

IPsec Security Association

Click IPsec > IPsec Security Association and then select an entity to view the security association details.

Monitor-Services-IPSEC-IPsec-security-association-tab.png

Click the eye-icon.png Eye icon to view details.

Monitor-Services-IPSEC-IPsec-security-association-tab-details.png

Overview

Click IPsec > Overview to display IPsec packet details.

Monitor-Services-IPSEC-overview-tab.png

Profile Statistics

Click IPsec > Profile Statistics and then select an entity to view profile statistics.

Monitor-Services-IPSEC-profile-statistics-tab.png

Services > NGFW

Next-generation firewall (NGFW) policy includes all the match criteria of a stateful firewall policy, in addition to Layer 7 match criteria such as application and URL category. The application for a session is automatically determined based on various identification methods, such as applying signatures, heuristics, and statistical identification. NGFW supports more than 3,000 predefined applications and more than 80 URL categories.

NGFW supports creation of custom applications and custom URL categories by the customer. NGFW policy rules can be specified based on predefined and/or custom application/URL categories.

Click the NGFW tab.This tab displays the following tabs:

  • Antivirus
  • Decryption
  • DoS Policies
  • File Filtering
  • IP Filtering
  • Persistent Action
  • Policies
  • Security Packages
  • Sessions
  • URL Filtering
  • Vulernability
  • Vulnerability Signature
  • Zone Protection

Antivirus

VOSdevices have a built-in antivirus engine. At least one antivirus profile needs to be configured to enable scanning of files for viruses. In the Next Generation Firewall Policy Rule, one of the enforcement actions available is to enable an antivirus profile. For all traffic that matches the security policy rule, the antivirus profile will be applied if configured.

Click NGFW > Antivirus, and then select the antivirus type the scanning profile, and the profile type.

Monitor-Services-NGFW-anti-virus-tab.png

Decryption

NGFW enables decryption of SSL traffic to detect malware and other suspicious data or prevent confidential data from leaving your organization. The Decryptio tab displays statistics of SSL traffic across multiple parameters.

Click NGFW > Decryption and then select a decryption filter:

  • Global—Display all decryption data for the organization.
  • Profilel—Display the decryption data for user-defined profiles.
  • Policy—Display the decryption data for user-defined policies.

Monitor-Services-NGFW-decryption-tab.png

DoS Policies

Click NGFW > DoS Policies and then select the type of DoS policy to display DoS policy details.

DOS-policies.png

Click a rule name to view its configuration.

NGFW-dos-policies-details.png

File Filtering

Click NGFW > File Filtering and then select a predefined or user-defined profile to view file filtering information.

80.png

IP Filtering

Click NGFW > IP Filtering and select user-defined policies or predefined policies to display IP filtering information.

NGFW-IP-filtering.png

Persistent Action

Click NGFW > Persistent Action, and then select a predefined or user-defined action, an action type (static or dynamic), an action name, and the action operation to display information about persistent actions.

  • For a static action:

    81.png
  • For a static action whose ID is 0:

    82.png
  • To activate configured objects, click Activate.
  • To deactivate configured objects, click Deactivate.
  • To activate or deactivate multiple configured objects, select all such objects and click Activate or Deactivate:

    multiple_deactivated.png

Policies

Click NGFW > Policies and then select the type of policy to display NGFW policy statistics.

Monitor-Services-NGFW-policies-tab.png

Click a rule name to view its configuration.

Monitor-Services-NGFW-policies-tab-CLI.png

Security Packages

Click NGFW > Security Packages to display security package details, includingthe installation date, version, flavor, release date, update type, and installation status.

NGFW-Services-security-packages.png

Sessions

Click NGFW > Sessions to display NGFW session details, including the total number of NGFW sessions, number of sessions created, number of sessions closed, total number of NAT sessions, number of NAT sessions created, number of NAT sessions closed, and number of NAT sessions failed.

Monitor-Services-NGFW-sessions-tab.png

URL Filtering

URL filtering controls access to Internet websites by permitting or denying access to specific websites based on information contained in a URL list.

Click NGFW > URL Filtering and then select the type of URL filter:

  • Profile—Display URL traffic data for user-defined profiles.
  • Global—Display URL statistics based on the total URL traffic in an organization.
  • User Category Predefined—A security administrator can apply various types of policies based on the predefined URL categories.
  • User Category User-Defined—A security administrator can create user-defined URL category objects for certain URLs and override predefined URL categorization values.
  • URL Reputation Predefined—A security administrator can filter websites based on their predefined reputation values.
  • URL Reputation User-Defined—A security administrator can define URL reputation values and filter websites.

The screen displays the number of transactions and sessions for the selected URL filter.

Monitor-Services-NGFW-URL-filtering-tab.png

User Identification

Click NGFW > ;User Identification and then select the user profile to view all user details (for example, Kerberos profile, LDAP profile, SAML profile) for specific profiles.

83.png

Vulnerability

VOS devices support ;multiple vulnerability profiles on a per-tenant basis. The Versa security research team provides predefined vulnerability profiles via security package updates. The predefined vulnerability profiles are available for all tenants to configure and use.

Click NGFW > Vulnerability and select the type of vulnerability profile to view vulnerabilitydetails:

  • User Defined—Profiles defined by an administrator.
  • Predefined—System-defined profiles.
  • Sessions—Vulnerable sessions during the current system uptime.

Monitor-Services-NGFW-vulnerability-tab.png

Click the eye-icon.png Eye icon to view details of the rules.

Vulnerability Signature

The screen displays the vulnerable profiles or rules for protection.

Monitor-Services-NGFW-vulnerability-signature-tab.png

Click view to display the signature ID associated with the policy.

NGFW-vulnerability-signature.png

Zone Protection

Zone protection profiles provide additional protection between specific network zones against attacks. The profile protects zones from spoof or junk data packets.

Click NGFW > Zone Protection to display statistics about zone protection profiles.

NGFW-zone-protecions.png

Click a rule name to view its configuration.

Services > Sessions

Click Services > Sessions to display the total session count, number of sessions cleared, number of sessions closed, number of NAT sessions closed, number of NAT sessions created, and other details for each VSN ID.

8 (2).png

Supported Software Information

Releases 20.2 and later support all content described in this article.

Additional Information

Monitor Device Networking Services

  • Was this article helpful?