WatchGuard Technologies FireboxTM System 4.6 Authentication list, Blocked Sites list, ARP table

HostWatch

ARP table

A snapshot of the ARP table on the running Firebox. The ARP table is used to map IP addresses to hardware addresses:

Authentication list

The Authentication List tab displays the host IP addresses and user names of everyone currently authenticated to the Firebox. If you are using DHCP, the IP address—to—user name mapping changes whenever machines restart.

Blocked Sites list

The Blocked Sites List tab lists the IP addresses (in slash notation) of any external sites that are temporarily blocked by port space probes, spoofing attempts, address space probes, or another event configured to trigger an auto-block.

Next to each blocked site is the amount of time remaining on the temporary auto- block. You can adjust the auto-blocking value from the Blocked Sites dialog box available through Policy Manager.

You can selectively remove sites from this blocked list either by selecting the site and clicking the X toolbar button or by double-clicking a site. If the display is in continuous refresh mode (that is, if the Continue button on the toolbar is active), selecting a site on the list or clicking the X button stops the refresh mode. (The X and Continue buttons are grayed out unless the Blocked Sites list is shown.)

If you opened the Firebox with the monitoring (read-only) passphrase, Firebox Monitors prompts you to enter the configuration (read-write) passphrase before removing a site from the list.

HostWatch

HostWatch is a real-time display of active connections occurring on a Firebox. It can also graphically represent the connections listed in a log file, either playing back a previous file for review or displaying connections as they are logged into the current log file. HostWatch provides graphical feedback on network connections between the trusted and external networks as well as detailed information about users, connections, and network address translation.

98