Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

About the User Visibility Page

To access this page, select Monitor > Maps & Charts > Users.

Use the User Visibility page to view information about users or source IP addresses (such as top 50 users or IP addresses accessing high bandwidth consuming applications or establishing higher number of sessions) on your network. Based on this information, network administrators can choose to rate-limit a device that is accessing applications which consume large bandwidth or create maximum traffic.

Prerequisites

You need to do the following to view user visibility data:

  • Ensure that an application signature package is installed on the SRX Series Firewall. For example:

  • Ensure that a dynamic application is applied on the firewall rule. For example:

    You can also match the firewall rule to a specific dynamic application or group. For example:

  • Enable Session initiate logs and Session close logs on the firewall rule.

  • Configure source identity on the firewall rule. Otherwise, the source IP address of the end host is displayed instead of the user name. See User Role Firewall Security Policies.

Tasks You Can Perform

You can perform the following tasks from this page:

  • View user visibility data in Summary View. See Summary View.

  • View user visibility data in Grid View. See Grid View.

Summary View

Click the Summary View tab to view the data graphically as a bubble graph, heat map, or a zoomable bubble graph. The data is refreshed automatically based on the selected time span.

You can hover over the chart to view critical information such as the total number of sessions established and bandwidth consumed about each user.

Users are represented by the IP address or usernames of their devices on the network.

You can also view the top five applications of each user, based on either their bandwidth consumption or number of sessions established.

Table 1 provides guidelines on using the fields on the Summary View tab of the User Visibility page.

Table 1: Fields on the Summary View

Field

Description

Time Span

Select the duration (last 15 minutes, last 30 minutes, last 45 minutes, last 1 hour, last 4 hours, last 8 hours, last 12 hours, last 1 day, or custom) for which you want to view the user visibility data.

Select Custom to view data for more than one day.

The Custom Time page appears.

Specify the From date and To date (in MM/DD/YYYY format).The time span is from 00:00 through 23:59.

For

Displays the devices for which application visibility data is displayed. By default, All devices is selected. To view application visibility data for a specific device group:

  1. Click Edit to open the Add Device Group page.
  2. Select the Selective option.
  3. Select the devices(s) you want to add to the device group from the available devices and click > to add the devices(s) to the device group.
  4. Click OK.

Show By

Select the criterion to display information regarding the bandwidth consumed and number of sessions established by applications in the selected time span:

  • Bandwidth—Displays users based on their bandwidth consumption. Users running applications that consume larger bandwidth are represented by larger bubbles or matrices.

  • Number of Session—Displays users based on the number of sessions established. Users running applications that have higher number of sessions established are represented by larger bubbles or matrices.

Select Graph

Select one of the following options to view data graphically:

  • Bubble Graph (default)

  • Heat Map

  • Zoomable Bubble Graph

Group By

Select from the following options to view the application's data:

  • Risk-Grouped by critical, high, unsafe, and so on.

  • Category-Grouped by categories such as web, infrastructure, and so on.

Table 2 describes the parameters that are displayed when you hover your cursor over the chart.

Table 2: Parameters on the Chart

Parameter

Description

User Name

Name of the user or source IP address accessing the application.

Bandwidth

Total Bandwidth consumed by the user (device).

Number of Sessions

Total number of application sessions established by the user (device).

Grid View

Click the Grid View tab to view high-level details of the users on your network. You can view widgets that provide information about top users by volume and top applications that create network traffic by volume. The data is also displayed in a tabular format with sortable columns.

Table 3 describes the widgets on the Grid View of the User Visibility page.

Table 3: Widgets on the Grid View

Field

Description

Top Users by Volume

Top users of applications, based on bandwidth consumption, for the selected time span.

Top Apps by Volume

Top applications accessed by users on the network, based on bandwidth consumption, for the selected time span.

For example: Amazon

Table 4 describes the fields in the table below the widgets.

The table includes sortable columns, with the users (devices) represented by usernames or IP addresses.

Click the Search icon to enter the search text that can include a specific application or user name, or IP address of a device on the network.
Table 4: Detailed View of Users

Field

Description

User Name

IP address or username of the user (device) accessing the applications.

Volume

Bandwidth consumed by a user (who is represented by a user name or IP address).

Total Sessions

Total number of application sessions established by a specific user (device).

Applications

Name of the application accessed by a specific user (device).

For example: Google

Note:

By default, this column lists only one application per user. If a user accesses more than one application, a +<integer>icon (for example: +2) appears to the right of the application name. The integer indicates the number of additional applications accessed by the user. Click the integer to view all applications accessed by a user.