Dashboard
This help contains the following topics:
Load balancing monitoring—Virtual server connection rate statistics
Load balancing monitoring—Virtual server concurrent connection statistics
Load balancing monitoring—Server farm connection rate statistics
Load balancing monitoring—Server farm concurrent connection statistics
Load balancing monitoring—Real server connection rate statistics
Load balancing monitoring—Real server concurrent connection statistics
Load balancing monitoring—Intelligent DNS domain requested times statistics
Introduction
The Dashboard page clearly displays key information, data, and various states of the device in graphical widgets. It provides a pre-defined tab and allows you also to define tabs as needed. The pre-defined tab displays information about the basic modules and allows you to add other modules as required. You can also customize tabs and add modules to these tabs. Security monitor displays service and user security statistics, device key information, and statistical data about types of traffic and sessions. The system does not support customizing widgets for display.
Support for the modules depends on the device model.
Operation monitor—Device status
The Device Status widget displays the CPU usage, memory usage, and flash usage. To view detailed device information and set alarm thresholds, click the Details icon to go to the System resource usage page. Device information includes device status, device type, and software version.
The following types of alarm thresholds are available and you can set alarm thresholds as required:
CPU usage thresholds: The system samples CPU usage at 1-minute intervals and compares the samples with the CPU usage threshold and the CPU usage recovery threshold.
If a sample is equal to or greater than the CPU usage threshold, the device determines the CPU usage is high and sends traps to affected service modules and processes.
If a sample decreases to or below the CPU usage recovery threshold, the device determines the CPU usage has recovered and sends traps to affected service modules and processes.
Free memory thresholds: To ensure correct operation and improve memory efficiency, the system performs the following operations:
Samples memory usage at 1-minute intervals. If the sample is equal to or greater than the memory usage threshold, the device sends a trap.
Monitors the amount of free memory space in real time. If the amount of free memory space reaches the level-1 (minor), level-2 (severe), or level-3 (critical) alarm threshold, the system issues an alarm to affected service modules and processes.
As shown in Table-1, the system supports the following free-memory thresholds:
Normal state threshold.
Level-1 alarm threshold.
Level-2 alarm threshold.
Level-3 alarm threshold.
Table-1 Memory alarm notifications and memory alarm-removed notifications
Notification
Triggering condition
Remarks
Level-1 alarm notification
The amount of free memory space decreases below the level-1 alarm threshold.
After generating and sending a level-1 alarm notification, the system does not generate and send any additional level-1 alarm notifications until the level-1 alarm is removed.
Level-2 alarm notification
The amount of free memory space decreases below the level-2 alarm threshold.
After generating and sending a level-2 alarm notification, the system does not generate and send any additional level-2 alarm notifications until the level-2 alarm is removed.
Level-3 alarm notification
The amount of free memory space decreases below the level-3 alarm threshold.
After generating and sending a level-3 alarm notification, the system does not generate and send any additional level-3 alarm notifications until the level-3 alarm is removed.
Level-3 alarm-removed notification
The amount of free memory space increases above the level-2 alarm threshold.
N/A
Level-2 alarm-removed notification
The amount of free memory space increases above the level-1 alarm threshold.
N/A
Level-1 alarm-removed notification
The amount of free memory space increases above the normal state threshold.
N/A
If a memory alarm occurs, delete unused configuration items or disable some features to increase the free memory space. Because the memory space is insufficient, some configuration items might not be able to be deleted.
Operation monitor—System logs
The System Logs widget displays the system log messages of and above the error level. To display detailed information about log messages of all levels, click the Details icon. You can use the information for device status analysis and troubleshooting.
Operation monitor—Log overview
The Log Overview widget displays statistics about device logs, including total numbers of different types of system event logs and security event logs, and number of logs for each service.
Operation monitor—System traffic statistics
The System Traffic Statistics widget displays the inbound and outbound traffic statistics during a period of time in a line chart. You can use the chart to analyze traffic distribution over time on the network.
To display detailed traffic statistics on interfaces, click the Details icon.
To set traffic statistics parameters and filter the statistics result, click the Set icon.
Operation monitor—System session statistics
The System Sessions widget displays statistics on the number of sessions established during the past hour.
To display statistics about sessions established during the past hour, the past day, or past 30 days, click the Details icon.
To enable top 10 ranking and view the ranking result, click the following buttons:
Enable top 10 ranking—Enables the device to collect statistics based on services and sort the statistics by source or destination address.
View top 10 ranking—Displays the top 10 ranking result. You can select the time range (past hour, past day, or past 30 days) and the sort criterion (source or destination address).
To view the most recent statistics, click the Refresh icon.
To configure auto refresh of statistics, click the Set icon. In the dialog box that opens, select Auto refresh and specify a refresh interval.
Operation monitor—Session establishment rate statistics
The Session Establishment Rate Statistics widget displays session establishment rate statistics over the statistics duration.
To display session establishment rate statistics during the past hour, the past day, or past 30 days, click the Details icon.
To enable top 10 ranking and view the ranking result, click the following buttons:
Enable top 10 ranking—Enables the device to collect statistics based on services and sort the statistics by source or destination address.
View top 10 ranking—Displays the top 10 ranking result. You can select the time range (past hour, past day, or past 30 days) and the sort criterion (source or destination address).
To view the most recent statistics, click the Refresh icon.
To configure auto refresh of statistics, click the Set icon. In the dialog box that opens, select Auto refresh and specify a refresh interval.
Operation monitor—System information
The System Info widget displays device information, for example, the device name, device model, software version, and operating mode. You can also click the Set icon to configure some parameters.
Operation monitor—Deny session statistics
The Deny Session Statistics widget displays statistics on the number of sessions denied during the past hour.
To display statistics about sessions denied during the past hour, the past day, or past 30 days, click the Details icon.
To enable top 10 ranking and view the ranking result, click the following buttons:
Enable top 10 ranking—Enables the device to collect statistics based on services and sort the statistics by source or destination address.
View top 10 ranking—Displays the top 10 ranking result. You can select the time range (past hour, past day, or past 30 days) and the sort criterion (source or destination address).
To view the most recent statistics, click the Refresh icon.
To configure auto refresh of statistics, click the Set icon. In the dialog box that opens, select Auto refresh and specify a refresh interval.
Operation monitor—Internet access monitoring
The Internet Access Monitoring widget displays Internet access information, including the applications, websites, and IP addresses. If an application audit policy or a URL filtering policy matches packets, the device will send log records to the Internet Access Monitoring widget. To display detailed Internet access information and audit user behaviors, click the Details icon. You can adjust policies to control Internet access behaviors based on Internet access information.
For more information about application audit logs and URL filtering logs, see the application audit logs online help and URL filtering logs online help, respectively.
Operation monitor—License information
The License Info widget displays license information about features. To display detailed license information, including the license type, status, and validity period, click the Details icon.
Operation monitor—Cloud-network collaboration
The Cloud-Network Collaboration widget displays the device's collaboration status with the services provided by the cloud security operation center. Cloud-network collaboration allows the device to collaborate with the cloud security operation center, and implements cloud management and protection for the device through cloud services including cloud O&M, cloud SCDN, and cloud WAF.
To register licenses for cloud O&M, cloud SCDN, and cloud WAF and view cloud service information, navigate to the System > Cloud-Network Collaboration page.
Operation monitor—Interface information
The Interface Information widget displays the current status, IP address, and detailed information of each interface on the device. To view interface states on the device panel, click View device panel. You can also click an interface on the device panel to configure interface settings.
Traffic monitor—Real-time user ranking
By default, the real-time user ranking widget displays the top 5 users by percentage of the user's traffic rate to the total traffic rate in a list.
The real-time user ranking list contains the following fields:
User.
Downlink traffic rate.
Uplink traffic rate.
Total rate.
Percentage.
To customize the widget to display the real-time user ranking list, click the Set icon 
in the top-right corner of the widget and configure either of the following functions:
Auto refreshing—Select the Auto refresh option, enter the refresh interval in the Refresh interval field, and then click OK.
Real-time traffic data collection—Select the Enable real-time traffic data collection option and click OK. To view traffic details in real time, select the Display real-time traffic details option. To view the traffic data of different applications used by the user in real time, click a user in the User column in the real-time user ranking list.
Traffic monitor—Real-time application ranking
By default, the real-time application ranking widget displays the top 5 applications by percentage of the application's traffic rate to the total traffic rate in a list.
The real-time application ranking list contains the following fields:
Application.
Downlink traffic rate.
Uplink traffic rate.
Total rate.
Percentage.
To customize the widget to display real-time application ranking list, click the Set icon 
in the top-right corner of the widget and configure either of the following functions:
Auto refreshing—Select the Auto refresh option, enter the refresh interval in the Refresh interval field, and then click OK.
Real-time traffic data collection—Select the Enable real-time traffic data collection option and click OK. To view traffic details in real time, select the Display real-time traffic details option. To view the traffic data of the application used by different users in real time, click an application in the Application column in the real-time application ranking list.
Threat monitor—Threats overview
This widget displays the security status of the internal network over the past hour.
By analyzing the distribution of threats by severity level, the device determines the security score and the risk level for the internal network. A higher security score indicates a lower risk level. The security scores and their corresponding risk levels are as follows:
A security score in the range of 0 to 50 corresponds to high risk level.
A security score in the range of 50 to 70 corresponds to medium risk level.
A security score in the range of 70 to 90 corresponds to low risk level.
A security score in the range of 90 to 100 corresponds to secure level.
Support for the Threats Overview module depends on the device model.
Threat monitor—Threat ranking
This widget displays the ranking result of threat names by the number of threat events. This is convenient for administrators to analyze threats and adjust protection policies.
Threat monitor—Security status
This widget displays the risk factor and security event distribution.
Risk factor: Evaluates the overall security protection capabilities of the device, including whether the device is configured with security policies, IPS, anti-virus, and IP reputation, whether the device detects security events. The lower the score is the more secure the device is. This is convenient for administrators to obtain the overall device security status and adjust protection policies.
Security event distribution: Display distribution of internal hosts or assets by risk level, including Vulnerable, Attacked, Controlled, Spread, and Damaged. This is convenient for administrators to obtain the overall security status of internal hosts or assets and adjust protection policies. To view detailed statistics analysis, click the data in the Security Event Distribution graph.
If no data is displayed, verify that the following requirements are met:
Hard disks and USB disks are mounted correctly.
Verify that service log collection is enabled. For more information, see the basic log settings online help.
Verify that security protection policies are configure for internal and external networks, such as IPS, anti-virus, and IP reputation.
Threat monitor—Top 10 hosts at risk
This widget displays compromised host information, including hostname, risk level, and attack events. To view detailed risk analysis for a host, click the hostname.
Threat monitor—Ransomware statistics
The device analyzes ransomware risks for hosts based on logs related to security threats, such as IPS and anti-virus logs. This helps users quickly understand host risk status. Users can click statistics to access the ransomware analysis page for detailed information.
Load balancing monitoring—Link traffic statistics
The Link Traffic Statistics widget displays link traffic statistics over the statistics duration. To select links and specify a link traffic type, click the Set icon.
To perform link traffic statistics, select Log collection for Load balancing | Link traffic overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Virtual server traffic statistics
The Virtual Server Traffic Statistics widget uses a line chart to display uplink and downlink traffic trend of virtual servers over the statistics duration. This is convenient for administrators to obtain information about virtual server traffic changes.
To configure virtual server traffic statistics conditions, click the Set icon. The device performs statistics on virtual server traffic according to the specified virtual server range, traffic type, and statistics duration.
To view virtual server traffic statistics, select Log collection for Load balancing | Virtual server overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Virtual server connection rate statistics
The Virtual Server Connections widget uses a line chart to display the trend of the number of new connections per second over the statistics duration for specific virtual servers.
To configure new virtual server connection statistics conditions, click the Set icon. The device performs statistics on new virtual server connections according to the specified virtual server range and statistics duration.
To view statistics about new virtual server connections, select Log collection for Load balancing | Virtual server overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Virtual server concurrent connection statistics
The Virtual Server Connection Statistics widget uses a line chart to display the trend of the number of the current active connections over the statistics duration for specific virtual servers.
To configure virtual server concurrent connection statistics conditions, click the Set icon. The device performs statistics on concurrent virtual server connections according to the specified virtual server range and statistics duration.
To view statistics about concurrent virtual server connections, select Log collection for Load balancing | Virtual server overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Virtual server SSL TPS statistics
The Virtual Server SSL TPS Statistics widget uses a line chart to display the trend of new SSL connections per second over the statistics duration for specific virtual servers.
To configure virtual server SSL TPS statistics conditions, click the Set icon. The device performs statistics on new SSL connections per second according to the specified virtual server range and statistics duration.
To view virtual server SSL TPS connection statistics, select Log collection for Load balancing | Virtual server overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Server farm traffic statistics
The Server Farm Traffic Statistics widget uses a line chart to display uplink and downlink traffic trend of server farms over the statistics duration. This is convenient for administrators to obtain information about server farm traffic changes.
To configure server farm traffic statistics conditions, click the Set icon. The device performs statistics on server farm traffic according to the specified server farm range, traffic type, and statistics duration.
To view server farm traffic statistics, select Log collection for Load balancing | Server farm overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Server farm connection rate statistics
The Server Farm Connections widget uses a line chart to display the trend of the number of new connections per second over the statistics duration for specific server farms.
To configure new server farm connection statistics conditions, click the Set icon. The device performs statistics on new server farm connections according to the specified server farm range and statistics duration.
To view statistics about new server farm connections, select Log collection for Load balancing | Server farm overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Server farm concurrent connection statistics
The Server Farm Connection Statistics widget uses a line chart to display the trend of the number of the current active connections over the statistics duration for specific server farms.
To configure server farm concurrent connection statistics conditions, click the Set icon. The device performs statistics on concurrent server farm connections according to the specified server farm range and statistics duration.
To view statistics about concurrent server farm connections, select Log collection for Load balancing | Server farm overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Real server traffic statistics
The Real Server Traffic Statistics widget uses a line chart to display uplink and downlink traffic trend of real servers over the statistics duration. This is convenient for administrators to obtain information about real server traffic changes.
To configure real server traffic statistics conditions, click the Set icon. The device performs statistics on real server traffic according to the specified server farm range, real server range, traffic type, and statistics duration.
To view real server traffic statistics, select Log collection for Load balancing | Real server overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Real server connection rate statistics
The Real Server Connections widget uses a line chart to display the trend of the number of new connections per second over the statistics duration for specific real servers.
To configure new real server connection statistics conditions, click the Set icon. The device performs statistics on new real server connections according to the specified server farm range, real server range, and statistics duration.
To view statistics about new real server connections, select Log collection for Load balancing | Real server overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Real server concurrent connection statistics
The Real Server Connection Statistics widget uses a line chart to display the trend of the number of the current active connections over the statistics duration for specific real servers.
To configure real server concurrent connection statistics conditions, click the Set icon. The device performs statistics on concurrent real server connections according to the specified server farm range, real server range, and statistics duration.
To view statistics about concurrent real server connections, select Log collection for Load balancing | Real server overview statistics on the System > Log Settings > Storage Space Settings page.
Load balancing monitoring—Intelligent DNS domain requested times statistics
The Intelligent DNS Domain Requested Times Statistics widget displays the trend of intelligent DNS request traffic that matches a domain name over the statistics duration. To specify a domain name, click the Set icon.
To perform statistics on intelligent DNS domain requested times, select Log collection for Load balancing | Domain request overview statistics on the System > Log Settings > Storage Space Settings page.
Security monitor—Security analysis
The Security Analysis widget displays risk summary about hosts within a time range recently.
Restrictions and guidelines
Support for this feature depends on the device model.
The functions on the Security Analysis page are available only when the device is installed with hard disks or USB disks.
Internal asset address range
To perform statistical analysis on asset traffic, configure an asset address range. The device identifies the specified address range as the internal network and identifies addresses outside the range as the external network. In addition, the device will analyze traffic between internal-internal, internal-external, and external-external networks. If no asset address range is configured, the device will analyze only traffic between Trust-Trust, Trust-Untrust, and Untrust-Trust security domains. In this case, the device identifies the Trust domain as the internal network and the Untrust domain as the external network, and does not analyze traffic from other security domains.
Hosts at risk
The device analyzes security risks of hosts to help administrators quickly know the risk status based on all security risk-related logs, including IPS logs, anti-virus logs, WAF logs, file filtering logs, URL filtering logs, reputation logs, and DGA domain detection logs. You can click the statistical data to jump to the security analysis page to view security details of hosts.
If this module does not display any data, the following are possible reasons:
The device is not installed with hard disks or USB disks.
No logs are generated for IPS and anti-virus services.
Attack trends
The device analyzes attacks on service hosts based on IPS logs and anti-virus logs, and displays attack trends within a time range. This helps administrators quickly understand the attacks on services.
If this module does not display any data, it might be because no logs are generated for IPS and anti-virus services within a time range.
Top 10 hotspot events
The IPS signature library records top 10 hotspot attack events in the network recently. When the device detects that a host has been attacked based on IPS logs, it displays the corresponding hotspot events on the Web interface. This helps administrators understand the security risk status of the host and adjust protection policies timely.
If this module does not display any data, the following are possible reasons:
The version of the IPS signature library is too low. You can upgrade the library as needed.
No IPS logs are generated within a time range.
Security monitor—Ransomware analysis
Ransomware analysis displays risk summary of ransomware risk hosts in specific time ranges.
Restrictions and guidelines
Support for this feature depends on the device model.
The features on the Ransomware Analysis page are displayed only when you install disks or USB disks to the device.
Ransomware statistics
The device analyzes ransomware risks for hosts based on logs related to security threats, such as IPS and anti-virus logs. This helps users quickly understand host risk status. Users can click statistics to access the ransomware analysis page for detailed information.
If no ransomware statistics are displayed, the possible reasons are as follows:
No address range is configured for internal assets.
No disk or USB disk is installed on the device.
The security services including IPS and anti-virus services, do not generate log messages.
Top 5 hosts by attack number
Top 5 hosts by attack number indicate the five hosts that have experienced the most attacks within a time range. Analyzing these hosts' attack details helps the cybersecurity team identify the most threatened hosts.
If this module shows no data, it may be because no IPS log messages were generated during the selected time range.
vSystem support information
Support of non-default vSystems for this feature depends on the device model. This feature is available on the Web interface only if it is supported.