Web Audit Report
Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes
The Web Audit report displays a summary of allowed website traffic for each WebBlocker category and client. The report only includes data for traffic handled by the HTTP and HTTPS proxies.
This report includes data for HTTPS traffic in Dimension v2.1.2 Update 2 or higher.
This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.
How to Use this Report
This report can help you better understand web browsing activity on your network. Here are some ways to use this report:
- Select the Client pivot to see the client computers on your network that account for the most web traffic.
- Select the Categories pivot to view the most popular website categories visited by your users. If you see categories that you do not want your users to access, such as Gambling sites, configure WebBlocker to deny those categories. For more information, go to Configure WebBlocker Categories.
The Private IP Addresses category typically represents traffic between computers on your network.
View the Report
This report is available in WatchGuard Cloud and in Dimension.
- Log in to WatchGuard Cloud.
- Select Monitor > Devices.
- Select a folder or a specific device.
- To select the report date range, click .
- From the list of reports, select Web > Web Audit.
The Web Audit report opens.
- To see reports for your Fireboxes or FireClusters, select Home > Devices.
The Devices list opens.
To see reports for your groups of Fireboxes, select Home > Groups.
The Groups list opens. - Select the Name of a Firebox, cluster, or group.
The Tools > Executive Dashboard page opens. - Select the Reports tab.
- Select Web > Web Audit.
The Web Audit report opens.
Pivots
You can use pivots to change the view of the data on the report.
To switch to a different view, select a pivot from the drop-down list above the report.
This report includes these pivots:
Category
Summary of the website traffic for connections allowed by proxy rules, by WebBlocker category.
Client
Summary of the website traffic for connections allowed by proxy rules, by client.
Web Audit Report Detail View
To view a detailed report of all allowed web traffic connections through your device, click View Details at the top of the report.
The Web Audit Detail report includes a row for each website allowed by WebBlocker and shows this information:
Column | Description |
---|---|
Event Time | Date and time WebBlocker allowed the website |
Category | WebBlocker category the website is assigned to |
Client | IP address of the traffic source |
Policy | Name of the Firebox policy that examined the traffic |
Disposition | Action taken by the Firebox for this traffic, such as Allowed or Denied |
Destination | IP address of the website |
Hits | Number of hits |
If the Firebox is unable to connect to WebBlocker Cloud or if the user entered the passphrase for a WebBlocker Override or clicked Accept when a site matched a Warn action, the Category column might show (none) or an empty value ("").
Enable Logging for this Report
Logging for cloud-managed Fireboxes is automatically enabled. For locally-managed Fireboxes, you must manually enable logging in Fireware Web UI or Policy Manager. For more information, go to Set Logging and Notification Preferences.
To collect the data required for this report for locally-managed Fireboxes, in Fireware Web UI or Policy Manager:
-
In the General Settings for all HTTP and HTTPS proxy actions, select Enable logging for reports. For more information, go to HTTP Request: General Settings and HTTPS-Proxy: General Settings.
- In all WebBlocker actions, select the Log check box for all categories and select the When a URL is uncategorized, Log this action check box. For more information, go to Configure WebBlocker Categories.