Blocked Applications Report
Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes
The Blocked Applications report shows a summary of the applications used on your network that were blocked by Application Control. The report includes TCP-UDP-Proxy incoming and outgoing connection transaction data, when available.
This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.
How to Use this Report
This report can help you find out more about blocked applications on your network. Here are some ways to use this report:
- Select the Top Blocked by User pivot to see the top blocked applications on your network, and the top users of those applications.
- If users report that they cannot use a specific application, select the Top Blocked by User or Top Blocked by Host pivots to see if Application Control blocks the application. If you want to allow the application on your network, update the Application Control action.
- Select the Detail report to see the protocols associated with each blocked application.
View the Report
This report is available in WatchGuard Cloud and in Dimension.
- Log in to WatchGuard Cloud.
- Select Monitor > Devices.
- Select a folder or a specific device.
- To select the report date range, click .
- From the list of reports, select Services > Blocked Applications.
The Blocked Applications report opens.
- To see reports for your Fireboxes or FireClusters, select Home > Devices.
The Devices list opens.
To see reports for your groups of Fireboxes, select Home > Groups.
The Groups list opens. - Select the Name of a Firebox, cluster, or group.
The Tools > Executive Dashboard page opens. - Select the Reports tab.
- Select Services > Blocked Applications .
The Blocked Applications report opens.
Pivots
You can use pivots to change the view of the data on the report.
To switch to a different view, select a pivot from the drop-down list above the report.
This report includes these pivots:
Top Blocked by User
Summary of the applications that were most blocked, organized by user name.
Top Blocked by Host
Summary of the applications that were most blocked, organized by host.
Top Users Blocked
Summary of the applications blocked by each user.
Top Hosts Blocked
Summary of the applications blocked by each host.
Blocked Applications Report Detail View
To view a detailed report of all applications blocked by Application Control, click View Details at the top of the report.
The Blocked Applications Detail report includes a row for each application blocked by Application Control and displays this information:
Column | Description |
---|---|
Event Time | Date and time Application Control blocked the application |
Client | Name of the client |
Source | IP address of the traffic source |
Destination | IP address of the traffic destination |
Policy | Name of the Firebox policy that examined the traffic |
Protocol | Protocol used to send the traffic |
Category | Application Control category of the blocked application |
Application | Name of the application blocked by Application Control |
Disposition | Action taken by the Firebox for this traffic, such as Allowed or Denied |
Hits | Number of hits |
Enable Logging for this Report
Logging for cloud-managed Fireboxes is automatically enabled. For locally-managed Fireboxes, you must manually enable logging in Fireware Web UI or Policy Manager. For more information, see Set Logging and Notification Preferences.
To collect the data required for this report for locally-managed Fireboxes, in Fireware Web UI or Policy Manager:
- In the Logging and Notification settings for all packet filters, select Send a log message for reports.
- In the General Settings for all proxy actions, select Enable logging for reports.