About HostWatch
HostWatch is a graphical user interface that shows the connections between different Firebox interfaces. HostWatch also gives information about users, connections, ports, and other information.
The top section of the HostWatch window has two sides. You can set the left side to show one interface you want to monitor. The right side shows the connections to and from the interface selected on the left side.
The lines that connect source hosts and destination hosts use colors that show the type of connection. You can change these colors. The default colors are:
- Red — The Firebox denies the connection.
- Blue — The connection uses a proxy.
- Green — The Firebox uses NAT for the connection.
- Black — Normal connection (the connection has been accepted, and it does not use a proxy or NAT).
To indicate the type of service, these icons appear adjacent to the server entries.
|
Telnet |
|
FTP | |
|
HTTP |
|
Other | |
|
DNS Resolution and HostWatch
Domain name server (DNS) resolution does not occur immediately when you start HostWatch. When HostWatch is configured for DNS resolution, it replaces the IP addresses with the host or user names. If the Firebox cannot identify the host or user name, the IP address stays in the HostWatch window.
If you use DNS resolution with HostWatch, the management computer can send a large number of NetBIOS packets (UDP 137) through the Firebox. To stop this process, you must disable NetBIOS over TCP/IP in Windows.
Start HostWatch
To start the HostWatch application:
- Start Firebox System Manager.
- Click
.
Or, select Tools > HostWatch.
The display is automatically started.
Pause and start the HostWatch display
To pause the HostWatch display:
From the HostWatch window, click 
.
Or, select File > Pause.
To start the HostWatch display:
From the HostWatch window, click 
.
Or, select File > Continue.
Select Connections and Interfaces to Monitor
Filter Content of the HostWatch Window