Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes
The Application Usage report shows a summary of application usage data for allowed connections. The report includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available.
This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.
How to Use this Report
This report can help you analyze how applications use your network resources. Here are some ways to use this report:
- Select the Top Users pivot sorted by Bandwidth to identify which users consume the most bandwidth on your network. In the Authenticated User column, click arrows next to user names to show which applications they use.
- Select the Application (User) pivot sorted by Bandwidth to identify which applications consume the most bandwidth on your network. In the Application column, click arrows next to applications to show the names of the top users.
View the Report
This report is available in WatchGuard Cloud and in Dimension.
- Log in to WatchGuard Cloud.
- Select Monitor > Devices.
- Select a folder or a specific device.
- To select the report date range, click
.
- From the list of reports, select Services > Application Usage.
The Application Usage report opens.
- To see reports for your Fireboxes or FireClusters, select Home > Devices.
The Devices list opens.
To see reports for your groups of Fireboxes, select Home > Groups.
The Groups list opens. - Select the Name of a Firebox, cluster, or group.
The Tools > Executive Dashboard page opens. - Select the Reports tab.
- Select Services > Application Usage.
The Application Usage report opens.
Pivots
You can use pivots to change the view of the data on the report.
To switch to a different view, select a pivot from the drop-down list above the report.
This report includes these pivots:
Application (User)
Summary of the applications with the most users, by user name.
Application (Host)
Summary of the applications with the most users, organized by host name.
Top Hosts
Summary of the top hosts on the network, organized by application.
Top Users
Summary of the top users on the network, organized by application.
Application Usage Report Detail View
To view a detailed report of all connections used by applications on your network, click View Details at the top of the report.
The Application Usage Detail report includes a row for each connection used by an application on your network:
| Column | Description |
|---|---|
| Event Time | Date and time that an application event occurred |
| Client | IP address of the client device |
| Source | IP address of the traffic source |
| Destination | IP address of the traffic destination |
| Policy | Name of the Firebox policy that examined the traffic |
| Protocol | Protocol used to send the traffic |
| Category | Application Control category the application is assigned to |
| Application | Application type or name |
| Disposition | Action taken by the Firebox for this traffic, such as Allowed or Denied |
| Bytes (MB) | Amount of data in MB |
| Hits | Number of hits |
Enable Logging for this Report
Logging for cloud-managed Fireboxes is automatically enabled. For locally-managed Fireboxes, you must manually enable logging in Fireware Web UI or Policy Manager. For more information, see Set Logging and Notification Preferences.
To collect the data required for this report for locally-managed Fireboxes, in Fireware Web UI or Policy Manager:
- In the Logging and Notification settings for all packet filters, select Send a log message for reports.
- In the General Settings for all proxy actions, select Enable logging for reports.