When looking at Traffic Monitor, you will see columns of numbers. However not all of them are apparent on what they are for. Unfortunately I don't have enough reputation to post images but I'll try to explain what I'm looking at.
Can someone let me know the following. Thanks.
1) What are the numbers on Column 7, 12, and 13?
2) What's the difference between what's shown on columns 6 and 8?
Column Description 1 Date 2 Time 3 Shows "Allowed", Deny", etc 4 Source IP 5 Destination IP the Source IP is trying to target (ie Firebox's external IP for incoming traffic) 6 Protocol (Port name and sometimes Port number is shown also) 7 Unknown 8 Protocol (Port number but not sure difference from column 5 above) 9 Network from which Source IP originates from 10 Network to which Destination IP is at 11 Shows "Allowed", "blocked ports", etc 12 Unknown 13 Unknown 14 Policy name
Guys I found the answer! On Firebox System Manager (the one where you use to look at Traffic Monitor), click on File -> Settings. Check the "Show Log Field Names" box and click OK. Here are the answers:
Field 7 is probably the source port.
Not sure about the other two yet.
When within the Traffic Monitor if you would right click on a traffic entry you can edit the setting of Traffic Monitor. Within the Traffic Monitor setting it show the heading for each column.
They are:
Time - Disposition - Source IP - destination IP - protocol - source port - destination port - source interface - destination interface - message - packet length - time to live - policy - proxy action - repeat - details
From the source - check out the official documentation. Then remember to google and find this link.
http://www.watchguard.com/support/fireware_howto/HowTo_ReadFirewareLogs.pdf