View AFA device data

This topic describes how to view and work with the device data displayed in AFA.

AFA's device tree

Many devices supported by AFA are actually a system of devices in a hierarchy that work together. Each device defined in AFA is represented as a node in the tree, and any physical or virtual devices it manages appear as sub-nodes.

AFA enables you to manage and view data for each individual node or parent nodes. Reports at a parent level aggregate all analysis information for each of the sub-devices. Running an analysis on a parent node also updates data for each of the children.

Palo Alto Networks Panorama devices also display the device's group. Click the link to open a list of all device groups.

Additionally, Palo Alto Networks Panorama devices and any Juniper SRX devices that are configured to display virtual routers, VRs appear as the last tier in the device tree.

In this case, AFA provides reports for each VR under each VSYS/LSYS. Although the VSYS/LSYS analysis aggregates the data for each child VR, it does not contain the full VR tier data, as is usually the case for parent reports.

Data for individual VRs include topology and routing information, and the risky rules associated with the traffic they route. These reports should be consulted to troubleshoot routing issues, or to view risky rules. All other data, such as policy optimization recommendations, is in the VSYS/LSYS reports.

Note: This behavior is not relevant to Juniper Netscreen or NSM devices configured to display virtual routers. Netscreen devices are not sub-devices of a virtual system, and are displayed as parallell.

Back to top

View a specific device

To view data for a specific device, do the following:

  1. On the left, click DEVICES.

  2. Browse to or search for your device's name.

    • Devices for which the last report generation, real-time monitoring, or log collection failed appear in red.
    • Layer 2 devices that are not placed on the map appear in orange. For more details, see Managing Layer 2 Devices in the Map.

    Tip: To filter out devices with issues from being listed in the tree, click the Issues link at the top, and clear the selection for any item types you want to hide. Click the Issues link again to return to the standard view.

  3. Click your device in the tree to view full details in the workspace.


The information displayed at the top of the workspace for each device varies by its relative position in the hierarchy of the device tree.

Data displayed per device type

All tiers

Data displayed for all tiers includes:

  • A link to the latest report, with the date and time the device was last analyzed at that tier. For example:

  • Status indicators for the latest analysis, monitoring, and log collection processes. Green items indicate success, red indicates failures, and grey indicates a run in process or no data available.
Parent devices

Parent devices are also displayed with the number of devices they manage.
Individual devices

The following additional data is displayed for individual devices:

  • Host. The device's IP address.

  • Management/Device Version. The device's version and build.

  • Policy. The device's policy.

  • Device Manager. The remote agent that performs data collection for the device. Only displayed if geo-distribution is enabled.

    If the device is managed locally, this field displays Central Manager.

  • Monitoring and log collection status for the specific device:

    . Last cycle succeeded.

    . Last cycle failed.

    . Monitoring / log collection disabled.

For more details, see:

Back to top

Device data for cloud devices

AFA represents cloud "devices" with a three-tiered hierarchy:

  • AWS. User account > Region / VPC > Security set
  • Azure. Subscription > Region / VPC > Security set

In AFA, security sets are groups of instances, ALBs, or VMs with the exact same security group and network ACLs or subnet security groups applied. Each instance, ALB, or VM in a security set has identical security policies.

Details shown for each cloud device varies at each tier, and you can manage each tier individually, such as running analysis on a specific tier only. Reports for "parent" tiers appear as group reports, and  when an analysis is run on a "parent" tier, reports are automatically generated for each tier below it. For more details, see View AFA group data.

Cloud data per tier

The following details are presented at all tiers:

The following additional data is presented for the top two tiers only (account / subscription and region / VPC / VNet):

  • The number of regions with the tier.
  • The number of VPCs or VNets in the tier.
  • The number of instances, ALBs, or VMs in the tier.

Click the linked number to open a full list of items. For example:

The following information is presented at the security set tier only:

Security group or network security group The name of the security set's group. Click the link to show a list of the security groups and IDs.
Network ACLs or subnet network security group. The name of the security set's ACLs or subnet network security group. Click the link to show a list of the security groups and IDs.
Region

The name of the security set's region.
VNet or VPC The name of the security set's VPC or VNet.
Instances, ALBs, or VMs The number of instances, ALBs, or VMs. Click the link to open a searchable list of the instances, ALBs, or VMs and IDs.
Subnets The number of subnets. Click the link to open a list of the subnets and IDs.
Monitoring and log collection

The monitoring and log collection status for the specific device.

. Last cycle succeeded.

. Last cycle failed.

. Monitoring / log collection disabled.

Back to top

View device reports

Device reports provide details about a single device, either a device that's defined individually or the lowest tier in the device tree for a system of devices.

To view the full and latest report for a specific device, browse to and select a specific device, and then click the link at the top of the workspace.

The report opens in a separate tab. For more details, see AFA reports.

Do the following:

  1. Browse to and select your device in the device tree.

  2. In the workspace, click the REPORTS tab, which displays a list of all available reports for the device.

    For example:

    Report status is listed as follows:

    • Report was generated successfully
    • Report is currently being generated
    • Report failed to generate

  3. Do one of the following:

    • To view a report online, click the report's name.
    • To download a report to your computer, click the Zip link in the row for the report you want to download.

    For more details, see AFA reports.

Do the following:

  1. At the top of the device tree, click the ALL_FIREWALLS node.

  2. In the workspace, click the REPORTS tab, which displays a list of all available reports for all devices in the system.

  3. Click the All Reports tab.

    The All Reports tab appears, displaying a list of all available reports for all devices in the system.

    Report status is listed as follows:

    • Report was generated successfully
    • Report is currently being generated
    • Report failed to generate

  4. Do one of the following:

    • To view a report online, click the report's name.
    • To download a report to your computer, click the Zip link in the row for the report you want to download.

    For more details, see AFA reports.

Tip: At the top right of each page in the report, click Export / Print PDF to export the report to a shareable PDF file. For more details, see Export AFA screens to PDF.

Back to top

Device report page reference

The following tables describe the pages included in device reports.

Home. Provides a general overview of the report, including basic device information and statistics, changes to the device, and device connectivity.

For details, see HOME page.

Risks. Provides a high-level executive summary of the risk analysis findings.

Available only with the AFA Risk and Compliance Module.

For details, see RISKS page.

Risky Rules. Provides a list of all the risky rules (vs. the actual risk displayed in the summary page) found in the device policy, along with links to all the risks to which each rule contributed.

Available only with the AFA Risk and Compliance Module.

For details, see RISKY RULES page.

Changes. Displays the changes in rules, objects, and the resulting changes in allowed traffic and risks, over all the history of AFA reports for this device.

For details, see CHANGES page.

Policy Optimization. Find out what you can eliminate from your device policy to optimize it and make it more efficient and maintainable.

For details, see POLICY OPTIMIZATION page.

VPN. Allows navigating through the VPN definitions on your device: identify the users, user groups, VPN rules, and VPN communities, and the relationships between these entities.

For details, see VPN page.

Policy. Provides access to the wealth of detailed information collected and identified during the analysis.

For details, see POLICY Page.

Regulatory Compliance. Access a variety of automatically-filled compliance reports.

Available only with the AFA Risk and Compliance Module.

For details, see REGULATORY COMPLIANCE page.

Baseline Compliance. Indicates whether the device's configuration complies with a certain baseline.

For details, see BASELINE COMPLIANCE page.

Back to top

 

â See also: