View AFA device data

This topic describes how to view and work with the device data displayed in AFA.

AFA's device tree

Many devices supported by AFA are actually a system of devices in a hierarchy that work together. Each device defined in AFA is represented as a node in the tree, and any physical or virtual devices it manages appear as sub-nodes.

AFA enables you to manage and view data for each individual node or parent nodes. Reports at a parent level aggregate all analysis information for each of the sub-devices. Running an analysis on a parent node also updates data for each of the children.

Back to top

View a specific device

To view data for a specific device, do the following:

  1. In the main menu on the left, click DEVICES.

  2. Browse to or search for your device's name.

    • Devices for which the last report generation, real-time monitoring, or log collection failed appear in red.
    • Layer 2 devices that are not placed on the map appear in orange. For more details, see Managing Layer 2 Devices in the Map.

    Tip: To filter out devices with issues from being listed in the tree, click the Issues link at the top, and clear the selection for any item types you want to hide. Click the Issues link again to return to the standard view.

  3. Click your device in the tree to view full details in the workspace.

The information displayed at the top of the workspace for each device varies by its relative position in the hierarchy of the device tree.

Data displayed per device type

All tiers

Data displayed for all tiers includes:

  • A link to the latest report, with the date and time the device was last analyzed at that tier. For example:

  • Status indicators for the latest analysis, monitoring, and log collection processes. Green items indicate success, red indicates failures, and grey indicates a run in process or no data available.

Parent devices

Parent devices are also displayed with the number of devices they manage.

Individual devices

The following additional data is displayed for individual devices:

  • Host. The device's IP address.

  • Management/Device Version. The device's version and build.

  • Policy. The device's policy.

  • Device Manager. The remote agent that performs data collection for the device. Only displayed if geo-distribution is enabled.

    If the device is managed locally, this field displays Central Manager.

  • Monitoring and log collection status for the specific device:

    . Last cycle succeeded.

    . Last cycle failed.

    . Monitoring / log collection disabled.

For more details, see:

Back to top

Device data for cloud devices

AFA represents cloud "devices" with a three-tiered hierarchy:

  • AWS. User account > Region / VPC > Security set
  • Azure. Subscription > Region / VPC > Security set

In AFA, security sets are groups of instances, ALBs, or VMs with the exact same security group and network ACLs or subnet security groups applied. Each instance, ALB, or VM in a security set has identical security policies.

Details shown for each cloud device varies at each tier, and you can manage each tier individually, such as running analysis on a specific tier only. Reports for "parent" tiers appear as group reports, and  when an analysis is run on a "parent" tier, reports are automatically generated for each tier below it. For more details, see View AFA group data.

Cloud data per tier

The following details are presented at all tiers:

The following additional data is presented for the top two tiers only (account / subscription and region / VPC / VNet):

  • The number of regions with the tier.
  • The number of VPCs or VNets in the tier.
  • The number of instances, ALBs, or VMs in the tier.

Click the linked number to open a full list of items. For example:

The following information is presented at the security set tier only:

Security group or network security group The name of the security set's group. Click the link to show a list of the security groups and IDs.
Network ACLs or subnet network security group. The name of the security set's ACLs or subnet network security group. Click the link to show a list of the security groups and IDs.
Region

The name of the security set's region.

VNet or VPC The name of the security set's VPC or VNet.
Instances, ALBs, or VMs The number of instances, ALBs, or VMs. Click the link to open a searchable list of the instances, ALBs, or VMs and IDs.
Subnets The number of subnets. Click the link to open a list of the subnets and IDs.
Monitoring and log collection

The monitoring and log collection status for the specific device.

. Last cycle succeeded.

. Last cycle failed.

. Monitoring / log collection disabled.

Back to top

View device reports

Device reports provide details about a single device, either a device that's defined individually or the lowest tier in the device tree for a system of devices.

Tip: At the top right of each page in the report, click Export / Print PDF to export the report to a shareable PDF file. For more details, see Export AFA screens to PDF.

Back to top

Device report page reference

The following tables describe the pages included in device reports.

Home. Provides a general overview of the report, including basic device information and statistics, changes to the device, and device connectivity.

For details, see HOME page.

Risks. Provides a high-level executive summary of the risk analysis findings.

Available only with the AFA Risk and Compliance Module.

For details, see RISKS page.

Risky Rules. Provides a list of all the risky rules (vs. the actual risk displayed in the summary page) found in the device policy, along with links to all the risks to which each rule contributed.

Available only with the AFA Risk and Compliance Module.

For details, see RISKY RULES page.

Changes. Displays the changes in rules, objects, and the resulting changes in allowed traffic and risks, over all the history of AFA reports for this device.

For details, see CHANGES page.

Policy Optimization. Find out what you can eliminate from your device policy to optimize it and make it more efficient and maintainable.

For details, see POLICY OPTIMIZATION page.

VPN. Allows navigating through the VPN definitions on your device: identify the users, user groups, VPN rules, and VPN communities, and the relationships between these entities.

For details, see VPN page.

Policy. Provides access to the wealth of detailed information collected and identified during the analysis.

For details, see POLICY Page.

Regulatory Compliance. Access a variety of automatically-filled compliance reports.

Available only with the AFA Risk and Compliance Module.

For details, see REGULATORY COMPLIANCE page.

Baseline Compliance. Indicates whether the device's configuration complies with a certain baseline.

For details, see BASELINE COMPLIANCE page.

Back to top

 

â See also: