5 proxy graphs, 6 connections – NEXCOM IFA 1610 User Manual

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 2: The Status Menu

29

2.5 Proxy graphs

The access statistics of the HTTP proxy during the last 24 hours are shown here. There are no graphs in this page if the
HTTP proxy service in not active and has never been enabled. However, if the service has been running even for a short
period during the last year, the data produced are still accessible by clicking on the graph. Similarly to the other graphs,
older statistics are shown for the last day, week, month, and year. In this page, a click on the BACK hyperlink on the
bottom allows to go back to the main page.

Note:

To show the proxy graphs, HTTP proxy logging must be enabled under Proxy

► HTTP ► Configuration ► Log

settings, by ticking the Enable logging checkbox. Also queried terms and useragents can be logged to produce more
detailed logs and graphs.

After the HTTP proxy has been enabled, the four boxes show the following data:

▪ Total traffic per day: the amount of data flown through the appliances’ proxy service. In green is show the outgoing

traffic, while in blue the incoming traffic.

▪ Total Accesses per Day. The number of HTTP requests, depicted in blue, received by the appliance.

▪ Cache hits per day. The number of cache data requested

▪ Cache hits ratio over 5 minutes per day. The number of cache data requested during a five minutes period.

2.6 Connections

This page shows a table containing the list of current connections from, to, or going through the appliance. The data
shown here are devised by the kernel conntrack table. The following colours are employed in the table and used as the
background of the cells in the table to denote the source and destination of the connection.

▪ Green, red, orange, and blue are the zones governed by the appliance.

▪ Black is used for connections involving the firewall, including daemons and services, like e.g., SSH or web accesses).

▪ Purple shows connections using VPN or IPsec.

The data displayed in the table are the following.

Source IP
The IP from which the connection has originated.

Source port
The port from which the connection has originated.

Destination IP
The IP to which the connection is directed.

Destination port
The port to which the connection is directed.

Protocol
The protocol used in the connection, which is typically tcp or udp.

Status
The current status of the connection, meaningful only for TCP connections. They are defined in RFC 793, significant
states are ESTABLISHED (connection is active) and CLOSE (no connection).

Expires
How long will the connection remain in that particular status.

Hint: The page refreshes automatically every 5 seconds.

Each IP address and each IP port in the table can be clicked to obtain useful information. Clicking on the IP address will
launch a whois query that will display who the owner of the IP address is and where it is located. Clicking on the port
number will open the Internet Storm Center web page, with information about the port (i.e., the purpose for which it
is used) and about which services or malware (e.g., Trojans, viruses) may exploit that port and the number of attacks
received on those ports by various servers worldwide.