Statistics and reports
The information maintained in the logs and statistics, and displayed in the reports, provides important guidance for configuring and maintaining the App Firewall.
The App Firewall statistics
When you enable the statistics action for App Firewall signatures or security checks, the App Firewall maintains information about connections that match that signature or security check. You can view the accumulated statistics information on the Monitoring tab of the main logon page of your App Firewall appliance by selecting one of the following choices in the Select Group list box:
- App Firewall. A summary of all statistics information gathered by your App Firewall appliance for all profiles.
- App Firewall (per profile). The same information, but displayed per-profile rather than summarized.
You can use this information to monitor how your App Firewall is operating and determine whether there is any abnormal activity or abnormal amounts of hits on a signature or security check. If you see such a pattern of abnormal activity, you can check the logs for that signature or security check, to diagnose the issue, and then take corrective action.
The App Firewall reports
The App Firewall reports provide information about your App Firewall configuration and how it is handling traffic for your protected web sites.
The PCI DSS report
The Payment Card Industry (PCI) Data Security Standard (DSS), version 1.2, consists of twelve security criteria that most credit card companies require businesses who accept online payments via credit and debit cards to meet. These criteria are designed to prevent identity theft, hacking, and other types of fraud. If an internet service provider or online merchant does not meet the PCI DSS criteria, that ISP or merchant risks losing authorization to accept credit card payments through its web site.
ISPs and online merchants prove that they are in compliance with PCI DSS by having an audit conducted by a PCI DSS Qualified Security Assessor (QSA) Company. The PCI DSS report is designed to assist them both before and during the audit. Before the audit, it shows which App Firewall settings are relevant to PCI DSS, how they should be configured, and (most important) whether your current App Firewall configuration meets the standard. During the audit, the report can be used to demonstrate compliance with relevant PCI DSS criteria.
The PCI DSS report consists of a list of those criteria that are relevant to your App Firewall configuration. Under each criterion, it lists your current configuration options, indicates whether your current configuration complies with the PCI DSS criterion, and explains how to configure the App Firewall so that your protected web site(s) will be in compliance with that criterion.
The PCI DSS report is located under System > Reports. To generate the report as an Adobe PDF file, click Generate PCI DSS Report. Depending on your browser settings, the report is displayed in the pop-up window or you are prompted to save it to your hard disk.
Note: To view this and other reports, you must have the Adobe Reader program installed on your computer.
The PCI DSS report consists of the following sections:
Description. A description of the PCI DSS Compliance Summary report.
Firewall License and Feature Status. Tells you whether the App Firewall is licensed and enabled on your NetScaler appliance.
Executive Summary. A table that lists the PCI DSS criteria and tells you which of those criteria are relevant to the App Firewall.
Detailed PCI DSS Criteria Information. For each PCI DSS criterion that is relevant to your App Firewall configuration, the PCI DSS report provides a section that contains information about whether your configuration is currently in compliance and, if it is not, how to bring it into compliance.
Configuration. Data for individual profiles, which you access either by clicking App Firewall Configuration at the top of the report, or directly from the Reports pane. The App Firewall Configuration report is the same as the PCI DSS report, with the PCI DSS-specific summary omitted, and is described below.
The App Firewall configuration report
The App Firewall Configuration report is located under System > Reports. To display it, click Generate App Firewall Configuration Report. Depending on your browser settings, the report is displayed in the pop-up window or you are prompted to save it to your hard disk.
The App Firewall Configuration report starts with a Summary page, which consists of the following sections:
- App Firewall Policies. A table that lists your current App Firewall policies, showing the policy name, the content of the policy, the action (or profile) it is associated with, and global binding information.
- App Firewall Profiles. A table that lists your current App Firewall profiles and indicates which policy each profile is associated with. If a profile is not associated with a policy, the table displays INACTIVE in that location.
To download all report pages for all policies, at the top of the Profiles Summary page click Download All Profiles. You display the report page for each individual profile by selecting that profile in the table at the bottom of the screen. The Profile page for an individual profile shows whether each check action is enabled or disabled for each check, and the other configuration settings for the check.
To download a PDF file containing the PCI DSS report page for the current profile, click Download Current Profile at the top of the page. To return to the Profiles Summary page, click App Firewall Profiles. To go back to the main page, click Home. You can refresh the PCI DSS report at any time by clicking Refresh in the upper right corner of the browser. You should refresh the report if you make changes to your configuration.