Application Patrol

See the Application Patrol section for related information on these screens.

Application Patrol Overview

Application patrol provides a convenient way to manage the use of various applications on the network. It manages general protocols (for example, http and ftp) and instant messenger (IM), peer-to-peer (P2P), Voice over IP (VoIP), and streaming (RSTP) applications. You can even control the use of a particular application's individual features (like text messaging, voice, video conferencing, and file transfers). Application patrol also has powerful bandwidth management including traffic prioritization to enhance the performance of delay-sensitive applications like voice and video.

Note: The ZyWALL checks firewall rules before it checks application patrol rules for traffic going through the ZyWALL.

If you want to use a service, make sure both the firewall and application patrol allow the service's packets to go through the ZyWALL.

Application patrol examines every TCP and UDP connection passing through the ZyWALL and identifies what application is using the connection. Then, you can specify, by application, whether or not the ZyWALL continues to route the connection.

Classification of Applications

There are two ways the ZyWALL can identify the application. The first approach is called auto. In this approach, the ZyWALL looks at the IP payload (OSI level-7) and attempts to match it with known patterns for specific applications. Usually, this occurs at the beginning of a connection, when the payload is more consistent across connections, and the ZyWALL examines several packets to make sure the match is correct.

Note: The ZyWALL allows the first eight packets to go through the firewall, regardless of the application patrol policy for the application. The ZyWALL examines these first eight packets to identify the application.

The second approach is called service ports. In this approach, the ZyWALL only uses OSI level-3 information, such as IP address and port, to identify what application is using the connection. This approach is available in case the ZyWALL identifies a lot of "false positives" for a particular application.

Configurable Application Policies

The ZyWALL has policies for individual applications. For each policy, you can specify the default action the ZyWALL takes once it identifies one of the service's connections.

You can also specify custom policies that have the ZyWALL forward, drop, or reject a service's connections based on criteria that you specify (like the source zone, destination zone, original destination port of the connection, schedule, user, source, and destination information). Your custom policies take priority over the policy's default settings.

Bandwidth Management

When you allow an application, you can restrict the bandwidth it uses or even the bandwidth that particular features in the application (like voice, video, or file sharing) use. This restriction may be ineffective in certain cases, however, such as using MSN to send files via P2P.

The application patrol bandwidth management is more flexible and powerful than the bandwidth management in policy routes. Application patrol controls TCP and UDP traffic. Use policy routes to manage other types of traffic (like ICMP).

Note: Bandwidth management in policy routes has priority over application patrol bandwidth management. It is recommended to use application patrol bandwidth management for TCP and UDP traffic and remove it from the policy routes.

Connection and Packet Directions

Application patrol looks at the connection direction, that is from which zone the connection was initiated and to which zone the connection is going.

A connection has outbound and inbound packet flows. The ZyWALL controls the bandwidth of traffic of each flow as it is going out through an interface or VPN tunnel.

For example, a LAN to WAN connection is initiated from the LAN and goes to the WAN.

Outbound and Inbound Bandwidth Limits

You can limit an application's outbound or inbound bandwidth. This limit keeps the traffic from using up too much of the out-going interface's bandwidth. This way you can make sure there is bandwidth for other applications. When you apply a bandwidth limit to outbound or inbound traffic, each member of the out-going zone can send up to the limit.

Take a LAN to WAN policy for example.

Bandwidth Management Priority

The ZyWALL gives bandwidth to higher-priority traffic first, until it reaches its configured bandwidth rate.

Then lower-priority traffic gets bandwidth.

The ZyWALL uses a fairness-based (round-robin) scheduler to divide bandwidth among traffic flows with the same priority.

The ZyWALL automatically treats traffic with bandwidth management disabled as priority 7 (the lowest priority).

Maximize Bandwidth Usage

Maximize bandwidth usage allows applications with maximize bandwidth usage enabled to "borrow" any unused bandwidth on the out-going interface.

After each application gets its configured bandwidth rate, the ZyWALL uses the fairness- based scheduler to divide any unused bandwidth on the out-going interface amongst applications that need more bandwidth and have maximize bandwidth usage enabled.

Unused bandwidth is divided equally. Higher priority traffic does not get a larger portion of the unused bandwidth.

Bandwidth Management Behavior

This section shows how bandwidth management behaves with various settings. For example, you configure DMZ to WAN policies for FTP servers A and B. Each server tries to send 1000 kbps, but the WAN is set to a maximum outgoing speed of 1000 kbps. You configure policy A for server A's traffic and policy B for server B's traffic.

Configured Rate Effect

In the following table the configured rates total less than the available bandwidth and maximize bandwidth usage is disabled, both servers get their configured rate.

Configured Rate Effect

Policy
Configured RAte
Max. b. u.
priority
Actual rate
A
300 kbps
No
1
300 kbps
B
200 kbps
No
1
200 kbps

Priority Effect

Here the configured rates total more than the available bandwidth. Because server A has higher priority, it gets up to it's configured rate (800 kbps), leaving only 200 kbps that server B can use.

Priority Effect

Policy
Configured RAte
Max. b. u.
priority
Actual rate
A
800 kbps
Yes
1
800 kbps
B
1000 kbps
Yes
2
200 kbps

Maximize Bandwidth Usage Effect

With maximize bandwidth usage enabled, after each server gets its configured rate, the rest of the available bandwidth is divided equally between the two. So server A gets its configured rate of 300 kbps and server B gets its configured rate of 200 kbps. Then the ZyWALL divides the remaining bandwidth (1000 - 500 = 500) equally between the two (500 / 2 = 250 kbps for each). The priority has no effect on how much of the unused bandwidth each server gets.

So server A gets its configured rate of 300 kbps plus 250 kbps for a total of 550 kbps. Server B gets its configured rate of 200 kbps plus 250 kbps for a total of 450 kbps.

Maximize Bandwidth Usage Effect

Policy
Configured RAte
Max. b. u.
priority
Actual rate
A
300 kbps
Yes
1
550 kbps
B
200 kbps
Yes
2
450 kbps

Priority and Over Allotment of Bandwidth Effect

Server A has a configured rate that equals the total amount of available bandwidth and a higher priority. You should regard extreme over allotment of traffic with different priorities (as shown here) as a configuration error. Even though the ZyWALL still attempts to let all traffic get through and not be lost, regardless of its priority, server B gets almost no bandwidth with this configuration.

Priority and Over Allotment of Bandwidth Effect

Policy
Configured RAte
Max. b. u.
priority
Actual rate
A
1000 kbps
Yes
1
999 kbps
B
1000 kbps
Yes
2
1 kbps

Other Applications

Sometimes, the ZyWALL cannot identify the application. For example, the application might be a new application, or the packets might arrive out of sequence. (The ZyWALL does not reorder packets when identifying the application.) In these cases, you can still provide a default rule for the ZyWALL to follow. You can use source zone, destination zone, destination port, schedule, user, source, and destination information as criteria to create a sequence of specific conditions, similar to the sequence of rules used by firewalls, to specify what the ZyWALL should do more precisely. You can also control the bandwidth used by these other applications.

Application Patrol Screens

Use the General summary screen to enable and disable application patrol.

Use the Common, Instant Messenger, Peer to Peer, VoIP, and Streaming screens to look at the applications the ZyWALL can recognize, and review the settings for each one. You can also enable and disable the rules for each application and specify the default and custom policies for each application.

The Other screen controls what the ZyWALL does when it does not recognize the application, and it identifies the conditions that refine this. It also lets you open the Other Configuration Add/Edit screen to create new conditions or edit existing ones.

Use the Statistics screen to see a bandwidth usage graph and statistics for each protocol.

Application Patrol General

Use this screen to enable and disable application patrol. It also lists the registration status and details about the signature set the ZyWALL is using.

Note: You must register for the IDP/AppPatrol signature service (at least the trial) before you can use it.

See Registration for how to register.

AppPatrol > General 

Label
Description
Enable Application Patrol
Select this check box to turn on application patrol.
Enable BWM
This is a global setting for enabling or disabling bandwidth management on the ZyWALL. You must enable this setting to have individual policy routes or application patrol policies apply bandwidth management.
This same setting also appears in the Network > Routing > Policy Route screen. Enabling or disabling it in one screen also enables or disables it in the other screen.
Registration
The following fields display information about the current state of your subscription for IDP/application patrol signatures.
Registration Status
This field displays whether a service is activated (Licensed) or not (Not Licensed) or expired (Expired).
Registration Type
This field displays whether you applied for a trial application (Trial) or registered a service with your iCard's PIN number (Standard). None displays when the service is not activated.
Apply new Registration
This link appears if you have not registered for the service or only have the trial registration. Click this link to go to the screen where you can register for the service.
Signature Information
The following fields display information on the current signature set that the ZyWALL is using.
Current Version
This field displays the IDP signature and anomaly rule set version number. This number gets larger as the set is enhanced.
Released Date
This field displays the date and time the set was released.
Update Signatures
Click this link to go to the screen you can use to download signatures from the update server.

Application Patrol Applications

Use the application patrol Common, Instant Messenger, Peer to Peer, VoIP, or Streaming screen to manage traffic of individual applications.

Use the Common screen to manage traffic of the most commonly used web, file transfer and e-mail protocols.

AppPatrol > Common 

Label
Description
#
This field is a sequential value, and it is not associated with a specific application.
Service
This field displays the name of the application.
Default Access
This field displays what the ZyWALL does with packets for this application. Choices are: forward, drop, and reject.
Modify
This column provides icons to activate and deactivate each application and to edit the settings for each one.
To activate or deactivate patrol for an application, click the Active icon for the corresponding application.
To edit the settings for an application, click the Edit icon next to the application. The Configuration Edit screen appears.

Application Patrol Edit

Use this screen to edit the settings for an application.

Application Edit 

Label
Description
Service
 
Enable Service
Select this check box to turn on patrol for this application.
Service Identification
 
Name
This field displays the name of the application.
Classification
Specify how the ZyWALL should identify this application. Choices are:
Auto - the ZyWALL identifies this application by matching the IP payload with the application's pattern(s).
Service Ports - the ZyWALL identifies this application by looking at the destination port in the IP header.
Service Port
This is available if the Classification is Service Ports. You can view and edit the ports used to identify this application.
Add icon
When the Classification is Service Ports, this column provides icons to add and remove port numbers used to identify the application.
Click Add add a port number. Type the destination port number in the Service Port field.
Click Remove to delete a port number. The web configurator confirms that you want to delete the port number before doing so.
Policy
This table lists the policies configured for this application.
#
This field is a sequential value, and it is not associated with a specific condition.

Note: The ZyWALL checks conditions in the order they appear in the list. While this sequence does not affect the functionality, you might improve the performance of the ZyWALL by putting more common conditions at the top of the list.

Port
This field displays the specific port number to which this policy applies.
Schedule
This is the schedule that defines when the policy applies. any means the policy always applies.
User
This is the user name or user group to which the policy applies. If any displays, the policy applies to all users.
From
This is the source zone of the traffic to which this policy applies.
To
This is the destination zone of the traffic to which this policy applies.
Source
This is the source address or address group for whom this policy applies. If any displays, the policy is effective for every source.
Destination
This is the destination address or address group for whom this policy applies. If any displays, the policy is effective for every destination.
Access
This field displays what the ZyWALL does with packets for this application that match this policy.
forward - the ZyWALL routes the packets for this application.
Drop - the ZyWALL does not route the packets for this application and does not notify the client of its decision.
Reject - the ZyWALL does not route the packets for this application and notifies the client of its decision.
BWM
These fields show the amount of bandwidth the application's traffic that matches the policy can use. These fields only apply when Access is set to forward.
In - This is how much inbound bandwidth, in kilobits per second, this policy allows the application to use. Inbound refers to the traffic the ZyWALL sends to a connection's initiator. If no displays here, this policy does not apply bandwidth management for the application's incoming traffic.
Out - This is how much outbound bandwidth, in kilobits per second, this policy allows the application to use. Outbound refers to the traffic the ZyWALL sends out from a connection's initiator. If no displays here, this policy does not apply bandwidth management for the application's outgoing traffic.
Pri - This is the priority for this application's traffic that matches this policy. The smaller the number, the higher the priority. The traffic of an application with higher priority is given bandwidth before traffic of an application with lower priority. The ZyWALL ignores this number if the incoming and outgoing limits are both set to 0. In this case the traffic is automatically treated as being set to the lowest priority (7) regardless of this field's configuration.
Log
This field shows whether the ZyWALL generates a log (log), a log and alert (log alert) or neither (no) when the application's traffic matches this policy.
Add icon
Click the Add icon in the heading row to add a new first entry.
The Active icon displays whether the entry is enabled or not. Click the Active icon to activate or deactivate the entry.
Click the Edit icon to go to the screen where you can edit the entry.
Click the Add icon in an entry to add a new entry below the current entry.
Click the Remove icon to delete an existing entry from the ZyWALL. A window displays asking you to confirm that you want to delete the entry.
To move an entry up or down in the list, click on the Move to N icon next to the entry, and type the line number (# field) of where you want to move the entry. The # field is updated accordingly. The ordering of the entries is important as they are applied in order of their numbering.

Application Patrol Policy Edit

The Application Policy Edit screen allows you to edit a group of settings for an application.

Application Policy Edit 

Label
Description
Enable Policy
Select this check box to turn on this policy for the application.
Port
Use this field to specify a specific port number to which to apply this policy. Type zero, if this policy applies for every port number.
Schedule
Select a schedule that defines when the policy applies or select Create Object to configure a new one (see Schedules for details). Otherwise, select any to make the policy always effective.
User
Select a user name or user group to which to apply the policy. Select Create Object to configure a new user account (see User Add/Edit for details). Select any to apply the policy for every user.
From
Select the source zone of the traffic to which this policy applies.
To
Select the destination zone of the traffic to which this policy applies.
Source
Select a source address or address group for whom this policy applies. Select Create Object to configure a new one. Select any if the policy is effective for every source.
Destination
Select a destination address or address group for whom this policy applies. Select Create Object to configure a new one. Select any if the policy is effective for every destination.
Access
This field controls what the ZyWALL does with packets for this application that match this policy. Choices are:
forward - the ZyWALL routes the packets for this application.
Drop - the ZyWALL does not route the packets for this application and does not notify the client of its decision.
Reject - the ZyWALL does not route the packets for this application and notifies the client of its decision.
Action Block
For some applications, you can select individual uses of the application that the policy will have the ZyWALL block. These fields only apply when Access is set to forward.
Login - Select this option to block users from logging in to a server for this application.
Message - Select this option to block users from sending or receiving instant messages.
Audio - Select this option to block users from sending or receiving audio traffic.
Video - Select this option to block users from sending or receiving video traffic.
File Transfer - Select this option to block users from sending or receiving files.
Bandwidth Management
Configure these fields to set the amount of bandwidth the application can use. These fields only apply when Access is set to forward.
You must also enable bandwidth management in the main application patrol screen (AppPatrol > General) in order to apply bandwidth shaping.
Inbound kbps
Type how much inbound bandwidth, in kilobits per second, this policy allows the application to use. Inbound refers to the traffic the ZyWALL sends to a connection's initiator.
If you enter 0 here, this policy does not apply bandwidth management for the application's traffic that the ZyWALL sends to the initiator. Traffic with bandwidth management disabled (inbound and outbound are both set to 0) is automatically treated as the lowest priority (7).
If the sum of the bandwidths for routes using the same next hop is higher than the actual transmission speed, lower priority traffic may not be sent if higher priority traffic uses all of the actual bandwidth.
Outbound kbps
Type how much outbound bandwidth, in kilobits per second, this policy allows the application to use. Outbound refers to the traffic the ZyWALL sends out from a connection's initiator.
If you enter 0 here, this policy does not apply bandwidth management for the application's traffic that the ZyWALL sends out from the initiator. Traffic with bandwidth management disabled (inbound and outbound are both set to 0) is automatically treated as the lowest priority (7).
If the sum of the bandwidths for routes using the same next hop is higher than the actual transmission speed, lower priority traffic may not be sent if higher priority traffic uses all of the actual bandwidth.
Priority
Enter a number between 1 and 7 to set the priority for this application's traffic that matches this policy. The smaller the number, the higher the priority.
The ZyWALL gives traffic of an application with higher priority bandwidth before traffic of an application with lower priority.
The ZyWALL uses a fairness-based (round-robin) scheduler to divide bandwidth between applications with the same priority.
The number in this field is ignored if the incoming and outgoing limits are both set to 0. In this case the traffic is automatically treated as being set to the lowest priority (7) regardless of this field's configuration.
Maximize Bandwidth Usage
Enable maximize bandwidth usage to let the traffic matching this policy "borrow" any unused bandwidth on the out-going interface.
After each application gets its configured bandwidth rate, the ZyWALL uses the fairness- based scheduler to divide any unused bandwidth on the out-going interface amongst applications that need more bandwidth and have maximize bandwidth usage enabled.
Log
Select whether to have the ZyWALL generate a log (log), log and alert (log alert) or neither (no) when the application's traffic matches this policy.

Other Protocol Screen

The Other Protocol screen controls the default policy for TCP and UDP traffic that the ZyWALL cannot identify. In other words, you can control what the ZyWALL does when it does not recognize the application. This screen also allows you to add, edit, and remove conditions to this default policy.

AppPatrol > Other 

Label
Description
Policy
This table lists the policies configured for traffic which does not match an application.
#
This field is a sequential value, and it is not associated with a specific condition.

Note: The ZyWALL checks conditions in the order they appear in the list. While this sequence does not affect the functionality, you might improve the performance of the ZyWALL by putting more common conditions at the top of the list.

Port
This field displays the specific port number to which this policy applies.
Schedule
This is the schedule that defines when the policy applies. any means the policy always applies.
User
This is the user name or user group to which the policy applies. If any displays, the policy applies to all users.
From
This is the source zone of the traffic to which this policy applies.
To
This is the destination zone of the traffic to which this policy applies.
Source
This is the source address or address group for whom this policy applies. If any displays, the policy is effective for every source.
Destination
This is the destination address or address group for whom this policy applies. If any displays, the policy is effective for every destination.
Protocol
This is the protocol of the traffic to which this policy applies.
Access
This field displays what the ZyWALL does with packets that match this policy.
forward - the ZyWALL routes the packets.
Drop - the ZyWALL does not route the packets and does not notify the client of its decision.
Reject - the ZyWALL does not route the packets and notifies the client of its decision.
BWM
These fields show the amount of bandwidth the traffic can use. These fields only apply when Access is set to forward.
In - This is how much inbound bandwidth, in kilobits per second, this policy allows the matching traffic to use. Inbound refers to the traffic the ZyWALL sends to a connection's initiator. If no displays here, this policy does not apply bandwidth management for the inbound traffic.
Out - This is how much outgoing bandwidth, in kilobits per second, this policy allows the matching traffic to use. Outbound refers to the traffic the ZyWALL sends out from a connection's initiator. If no displays here, this policy does not apply bandwidth management for the outbound traffic.
Pri - This is the priority for the traffic that matches this policy. The smaller the number, the higher the priority. Traffic with a higher priority is given bandwidth before traffic with a lower priority. The ZyWALL ignores this number if the incoming and outgoing limits are both set to 0. In this case the traffic is automatically treated as being set to the lowest priority (7) regardless of this field's configuration.
Log
Select whether to have the ZyWALL generate a log (log), log and alert (log alert) or neither (no) when traffic matches this policy.
Add icon
Click the Add icon in the heading row to add a new first entry.
The Active icon displays whether the entry is enabled or not. Click the Active icon to activate or deactivate the entry.
Click the Edit icon to go to the screen where you can edit the entry.
Click the Add icon in an entry to add a new entry below the current entry.
Click the Remove icon to delete an existing entry from the ZyWALL. A window displays asking you to confirm that you want to delete the entry.
To move an entry up or down in the list, click on the Move to N icon next to the entry, and type the line number (# field) of where you want to move the entry. The # field is updated accordingly. The ordering of the entries is important as they are applied in order of their numbering.

Other Configuration Add/Edit

The Other Configuration Add/Edit screen allows you to create a new condition or edit an existing one.

AppPatrol > Other > Edit 

Label
Description
Enable
Select this check box to turn on this policy.
Port
Use this field to specify a specific port number to which to apply this policy. Type zero, if this policy applies for every port number.
Schedule
Select a schedule that defines when the policy applies or select Create Object to configure a new one (see Schedules for details). Otherwise, select any to make the policy always effective.
User
Select a user name or user group to which to apply the policy. Select Create Object to configure a new user account (see User Add/Edit for details). Select any to apply the policy for every user.
From
Select the source zone of the traffic to which this policy applies.
To
Select the destination zone of the traffic to which this policy applies.
Source
Select a source address or address group for whom this policy applies. Select Create Object to configure a new one. Select any if the policy is effective for every source.
Destination
Select a destination address or address group for whom this policy applies. Select Create Object to configure a new one. Select any if the policy is effective for every destination.
Protocol
Select the protocol for which this condition applies. Choices are: TCP and UDP. Select any to apply the policy to both TCP and UDP traffic.
Access
This field controls what the ZyWALL does with packets that match this policy. Choices are:
forward - the ZyWALL routes the packets.
Drop - the ZyWALL does not route the packets and does not notify the client of its decision.
Reject - the ZyWALL does not route the packets and notifies the client of its decision.
Bandwidth Management
Configure these fields to set the amount of bandwidth the application can use. These fields only apply when Access is set to forward.
Inbound kbps
Type how much inbound bandwidth, in kilobits per second, this policy allows the traffic to use. Inbound refers to the traffic the ZyWALL sends to a connection's initiator.
If you enter 0 here, this policy does not apply bandwidth management for the matching traffic that the ZyWALL sends to the initiator. Traffic with bandwidth management disabled (inbound and outbound are both set to 0) is automatically treated as the lowest priority (7).
If the sum of the bandwidths for routes using the same next hop is higher than the actual transmission speed, lower priority traffic may not be sent if higher priority traffic uses all of the actual bandwidth.
Outbound kbps
Type how much outbound bandwidth, in kilobits per second, this policy allows the traffic to use. Outbound refers to the traffic the ZyWALL sends out from a connection's initiator.
If you enter 0 here, this policy does not apply bandwidth management for the matching traffic that the ZyWALL sends out from the initiator. Traffic with bandwidth management disabled (inbound and outbound are both set to 0) is automatically treated as the lowest priority (7).
If the sum of the bandwidths for routes using the same next hop is higher than the actual transmission speed, lower priority traffic may not be sent if higher priority traffic uses all of the actual bandwidth.
Priority
Enter a number between 1 and 7 to set the priority for traffic that matches this policy. The smaller the number, the higher the priority.
Traffic with a higher priority is given bandwidth before traffic with a lower priority.
The ZyWALL uses a fairness-based (round-robin) scheduler to divide bandwidth between traffic flows with the same priority.
The number in this field is ignored if the incoming and outgoing limits are both set to 0. In this case the traffic is automatically treated as being set to the lowest priority (7) regardless of this field's configuration.
Maximize Bandwidth Usage
Enable maximize bandwidth usage to let the traffic matching this policy "borrow" any unused bandwidth on the out-going interface.
After each application or type of traffic gets its configured bandwidth rate, the ZyWALL uses the fairness- based scheduler to divide any unused bandwidth on the out-going interface amongst applications and traffic types that need more bandwidth and have maximize bandwidth usage enabled.
Log
This field controls what kind of record the ZyWALL creates when traffic matches this policy.
no - the ZyWALL does not record anything
log - the ZyWALL creates a record in the log
log alert - the ZyWALL creates an alert

Application Patrol Statistics

This screen displays a bandwidth usage graph and statistics for selected protocols.

Application Patrol Statistics: General Setup

Use the top of the AppPatrol > Statistics screen to configure what to display.

AppPatrol > Statistics: General Setup 

Label
Description
Refresh Interval
Select how often you want the statistics display to update.
Display Protocols
Select the protocols for which to display statistics.
Select All selects all of the protocols.
Clear All clears all of the protocols.
Click Expand to display individual protocols. Collapse hides them.
Statistics for the selected protocols display after you click Apply.

Application Patrol Statistics: Bandwidth Statistics

The middle of the AppPatrol > Statistics screen displays a bandwidth usage line graph for the selected protocols.

Application Patrol Statistics: Protocol Statistics

The bottom of the AppPatrol > Statistics screen displays statistics for each of the selected protocols.

AppPatrol > Statistics: Protocol Statistics 

Label
Description
Service
This is the protocol. Click the expand icon (+) to display the statistics for each of a protocol's rules. Click the close icon (-) to hide the statistics for each of a protocol's rules.
Forwarded Data (KB)
This is how much of the application's traffic the ZyWALL has sent (in kilobytes).
Dropped Data (KB)
This is how much of the application's traffic the ZyWALL has discarded without notifying the client (in kilobytes). This traffic was dropped because it matched an application policy set to "drop".
Rejected Data (KB)
This is how much of the application's traffic the ZyWALL has discarded and notified the client that the traffic was rejected (in kilobytes). This traffic was rejected because it matched an application policy set to "reject".
Matched Auto Connection
This is how much of the application's traffic the ZyWALL identified by examining the IP payload.
Matched Service Ports Connection
This is how much of the application's traffic the ZyWALL identified by examining OSI level-3 information such as IP addresses and port numbers.
Rule
This is a protocol's rule.
Inbound Kbps
This is the incoming bandwidth usage for traffic that matched this protocol rule, in kilobits per second. This is the protocol's traffic that the ZyWALL sends to the initiator of the connection.
Outbound Kbps
This is the outgoing bandwidth usage for traffic that matched this protocol rule, in kilobits per second. This is the protocol's traffic that the ZyWALL sends out from the initiator of the connection.
Forwarded Data (KB)
This is how much of the application's traffic the ZyWALL has sent (in kilobytes).
Dropped Data (KB)
This is how much of the application's traffic the ZyWALL has discarded without notifying the client (in kilobytes). This traffic was dropped because it matched a policy set to "drop".
Rejected Data (KB)
This is how much of the application's traffic the ZyWALL has discarded and notified the client that the traffic was rejected (in kilobytes). This traffic was rejected because it matched a policy set to "reject".