Fireware Web UI Dashboard slow to update

PeteWashburn

M370 running 12.10.2 (latest) on a small business

I like to check the dashboard front panel daily to keep an eye on what's going on. I usually pick "Last 1 day" to look back 24 hours.

I notice that it can take over a minute for the dashboard to settle down and values stop updating. During that time, I can see Top Countries displaying a few unusual countries that I wouldn't normally expect to see listed during that first minute or so. After things settle down, I usually just see the countries I would expect.

Just want to make sure that this would be normal for a M370 firebox and not that something is screwing around with the logs to hide their activities and I'm being hacked.

Sometimes, these seem to be Microsoft ASN's, so it wouldn't surprise me that these could cause some unusual initial values.

Thanks for the wisdom
Pete

james.carson

Hi Pete,

The front panel dashboard for the firebox generally won't have enough data to show more than an hour or two back (some data points persist longer, but for the most part, logs on the firebox itself are very recent.)

I would suggest logging to a Dimension server (which is free for firewalls with a support contract.) Logs in dimension can persist for much longer and allow you to drill into any problem areas.

In general, the firewall won't show a report unless it has data for it. With that in mind, if you are using broad geolocation rules, it's not uncommon for datacenters to be located in/around the EU - if you're seeing a lot of denies for those countries, look into what specifically you're blocking.