Skip to main content

Getting Started with Illumio Insights

Firewall Insights

Note

You must onboard your cloud firewall or your firewall from a third-party vendor to see traffic from those firewalls within Firewall Insights.

Firewall Insights provides information about the firewalls in your organization. It displays network traffic information for both cloud environments and on-premises environments, such as data centers, corporate networks, and factories. Firewall Insights correlates external firewall telemetry with Illumio's workload traffic data to detect risky flows, services, and traffic. Use this information to identify and address gaps in your security posture.

Filter firewall data by one or more firewalls.

The Risky Service Traffic widget shows all of the risky traffic on all of the firewalls in your environment. This widget displays the service name, its port and protocol, and Bytes and Flows information. If there has been a significant increase in the traffic flow associated with a risky service, the value in the Delta Flows field will have a red up arrow next to it. In this case, you might want to investigate further and possibly adjust that firewall to restrict suspicious traffic.

The Top Traffic widget displays the top firewalls in your organization that have the most traffic, displayed in a circular, color-coded graph. Hover over the colors in the graph to display a tooltip with details about the firewall that you selected. Click Flows or Bytes to change the metric that the graph uses. To change which firewalls display in the graph, check the check box next to the firewall name.

Top 10 Most Used Rules widget displays information about the firewall rules that are used most often in your organization. In this widget, you can view the rule and firewall name, the Rule and Firewall ID, the vendor, and current and previous Flows and Bytes information. As in other Firewall Insights widgets, you can select a particular service to view its details.

Click on a rule to view details about that rule. The detail pane contains the following tabs:

  • The Firewall Overview tab displays the Firewall Name, IP Address, Version, Hardware, Connected Interfaces, and Access Control Policy information about the firewall on which selected rule was applied.

  • The Firewall Rules tab displays the Name, Source, Destination, Rule Hit Count, Service & Application, and Action information for the rule that you selected within Selected Firewall Rule Details. The pane displays all of the rules that are associated with the policy, but it does not display details about rules that you did not configure.

    Note

    The Action field indicates whether or not the rule allowed or denied the traffic.

The Traffic by Zone widget displays traffic by the zones that your organization has defined, such as Source Zone to Destination Zone. If there has been an increase in the number of flows that seems suspicious, you might want to investigate.

The Traffic Query Results list displays traffic from all of your firewall vendors, but you can select a specific vendor or service to view only the information about that vendor or service. You can filter the firewall traffic by Firewall ID, Source Zone, Port, Service, Protocol, and much more. If there is data flowing between a firewall and the cloud, you will see information in the Destination Tenant ID and Subscription ID fields. Scroll all of the way to the right and click Filter to filter the list information. To adjust the columns that display, click Columns.