BloxOne Service Edge provides a monitoring service that allows you to view DAF traffic when you enable DAF violations either in log or learn-only mode. Monitoring DAF violations assists you in taking proactive actions. Fore example, you can decide to turn a blocked traffic into a bypass rule to avoid future denials for a specific destination IP or network.
To monitor DAF violations across all edges:
- In the Cloud Services Portal, click Manage > Service Edge > Monitor > DAF Violations.
- On the DAF Violations page, review the following:
- TIME STAMP: The time stamp when the DAF traffic was captured. Note that Service Edge aggregates DAF traffic logs every minute and refreshes information on this page every five minutes.
EDGE:: The name of the edge.
- SERVICE: The protocol and destination port used to report DAF violations.
- SOURCE IP: The source IP or network address of the DAF traffic.
- ACTION: The action being taken for the DAF traffic. If you have enabled the learn-only mode, no traffic is blocked and the traffic is marked as Bypassed. If you have enabled Log DAF Violation, the packets or traffic is Blocked.
You can do the following on this page:
- Filter information on this page by choosing a specific timeframe from five minutes to 24 hours by clicking the interval from the Show drop-down menu. For example, if you choose 15 minutes, this page displays information for the past 15 minutes. Service Edge stores DAF traffic data for up to 24 hours.
- Click Refresh to refresh the data in the table.
- Choose a DAF violation from the list and view detailed information in the right panel.
- While monitoring DAF traffic, decide on whether certain DAF violations warrant corrective actions. You can select a specific traffic violation and turn it into a bypass rule to avoid future denials for the destination IP or network. For information, see Creating Bypass Rules.