Reporting: Real-time view of traffic/connections in GUI.
Customers would like to be able to see what connections are occurring through the appliance an any given time to be able to look at load issues or to troubleshoot issues with out the help of support.
We have addressed some of the operational issues with connections in version 4.0 by removing the limitations on concurrent connections. We will look again at this specific feature in the future if there is still strong demand.
due to customers request sophtrac 6871496:
a realtime traffic/connection view with the option to drop/kill specific connections would be a very helpful feature
We are currently looking at an issue and management have requested a note of how many external users are connected to each of our published URLs. It's quite embarrasing to admit that such a basic feature just doesn't exist.
Sonny Vinyard commented
When I have a user saturating bandwidth, this is the easiest way to see what's going on. I'd add with it the protocol, port, destination, etc so we can drill down. It would also be nice to be able to add a quick way to block the session while we figure out what was happening.
Absolutely needed. Strange as this is a basic feature and not yet implemented.
This is really the only issue that makes me consider switching to another web filter appliance. Please address this is possible.
Or at the very least, let us see the total traffic coming through the appliance, not just throughput based on user requests. My netflow says my bandwidth is at maximum capacity for internet connectivity, yet my Sophos appliance says we're barely registering traffic. This incongruity needs to be addressed please.
I would love this feature as well. Right now I can see netflow coming through the web filters, but if it is not flagged as user based, I can't see WHAT that traffic is, so it's basically a black hole of information.
Ideally, even if a site is whitelisted (ie. Sophos Antivirus updates, Windows Updates, etc), I should be able to see those connections and associated bandwidth instead of it dropping off the face of the earth.
Currently using the GUI in the web appliance, there is no view that allows me to see traffic passing through the filter and what policy it conforms to (ie whether the traffic
is blocked or allowed). Therefore when trying to troubleshoot pages not displaying for clients/users we have no way of seeing the URL that is being blocked to allow it through the filter.
Some sites refer elements of their site to other URLs (such as pulling css formatting) so knowing the intended webpage doesn’t always solve the issue either as I cannot see where
content is being pulled from.
The same is true when applications are trying to access the web for help file displays etc and as these blocks are not directly through a web browser, again I am unable to see
the site being blocked to allow access.
How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have:
1 - Critical
Bryan Lyons commented
The ability to look at the raw logs in close to real time on the web gui so admins can troubleshoot connection issues, with websites.
Just the connections available would be a good number to see on the dashboard.
Thorsten Brinkmann commented
1. The maximum number of connections (I understand this will be a theoretical number based on the resources allocated)
2. The number of connections currently being consumed
3. The number of connections consumed by hostname, logged in account and IP
It would also be helpful to see how number 2 above trends over time via a graph.
It would also be useful to be able to run a report that shows the number of connections for a hostname, logged in user or IP at a point in time in the past
Having this information helps us to manage our environment.