User guide
Chapter 12: Monitoring Firebox Activity
168 WatchGuard Firebox System
The HostWatch display uses the logging settings configured with Policy
Manager. For instance, to see all denied incoming Telnet attempts in
HostWatch, configure the Firebox to log incoming denied Telnet
attempts.
The line connecting the source host and destination host is color-coded to
display the type of connection being made. These colors can be changed.
The defaults are:
• Red – The connection is being denied.
• Blue – The connection is being proxied.
• Green – The connection is using network address translation (NAT).
• Black – The connection falls into none of the first three categories.
Representative icons appear next to the server entries for HTTP, Telnet,
SMTP, and FTP.
Name resolution might not occur immediately when you first start
HostWatch. As names are resolved, HostWatch replaces IP addresses
with host or usernames, depending on the display settings. Some
machines might never resolve and the IP addresses remain in the
HostWatch window.
To start HostWatch, click the HostWatch icon (shown at left) on
the Control Center QuickGuide.
HostWatch display
As shown in the following figure, the upper pane of the HostWatch
display is split into two sides, Inside and Outside. Double-click an item on
either side to produce a pop-up window displaying detailed information
about current connections for the item, such as IP addresses, port number,
connection type, and direction.
The lower pane displays the same information in tabular form, in
addition to ports and the time the connection was established.