Colt SD WAN-Versa Analytics User Guide

SD WAN Analytics
Read Only Access
The SD WAN Analytics Read Only access provides a detailed set of statistics and usage for the SD
WAN network, paths, applications, and security. Graphical and tabular views of data are available to
view and download. This guide provides an overview of the predefined reports showing aggregate
utilization dashboards for SD WAN, Security and system level views. In addition, drill-down or specific
reports per site, WAN link, Firewall, Application and path are available.
Contents
1. Summary�� 4
2. Limitations and Restrictions �� 4
3. Navigation and Views��5

3.1. Icons and Options�� 5
3.2. Scaling and Accuracy�� 7
4. Access Via Colt Online�� 9
5. SD WAN Analytics Views��10

5.1. SD WAN Analytics Dashboard�� 11
5.2. Availability�� 19
5.3. Access Circuits�� 20
5.4. Users �� 21
5.5. Applications �� 23
5.6. Rules�� 26
5.7. SLA Metrics�� 28
5.8. SLA Violations �� 29
5.9. VRF��30
5.10. QoS�� 31
5.11. APM�� 31
5.12. MOS�� 31
6. Security dashboard view�� 31

6.1. Application Visibility �� 33
6.2. Web Visibility�� 38
6.3. Firewall ��40
6.4. Threat Monitoring �� 45
7. System �� 50
7.1. Interfaces�� 52
7.2. WAN�� 52
7.3. LTE�� 53
8. Log �� 53
1. Summary
This guide is a summary of the graphical user interface provided by the SD WAN
Analytics portal. The data, analytics and log file are configured, enabled and collected
by the SD WAN Analytics, network and customer appliances that comprise a given
customers network topology.
This guide is an illustration of the capabilities of SD WAN Analytics showing

key metrics and how to find them. Note that the analytics view is not a network
management system or replacement for a network planning system. Colt is planning
to release additional product features to allow SNMP, IPFix, Syslog and CEF log format
files to be forwarded to customer NMS or log collectors.
Colt enables access to Read Only Analytics as a premium service and it is therefore a
chargeable feature, the details of which are available from Colt Sales representatives or
Colt Online.
Access to SD WAN Analytics is available through Colt Online, where links direct
users to view only their tenant space – the details are shown below. Note that only
customers who have purchased this feature will be able to view the necessary links to
access the SD WAN Analytics GUI from the Colt Online pages.
2. Limitations and Restrictions

SD WAN Analytics architecture consists of redundant log collectors and analytics
databases, which synchronize to provide a single view of customer usage and
performance data. In some circumstances the log collector or database may not be
synchronized, and some data appear not to be available. This is a temporary situation
until the databases synchronize.
Additionally, analytics data is provided by each SD WAN CPE and both analytics and
logging need to be enabled at the CPE for data to appear in the Analytics views.
Users must check with the SD WAN service description and their account managers to
confirm which SD WAN features they have purchased, and which can support Logging
and Analytics. As an example, for customers that have not purchased or are not using
the Firewall feature or the Local Internet Breakout(LIB) will not have any data available
in the Firewall and Security Analytics data.
In the current release, geographic map views are not available.
Currently analytics data is not guaranteed to be available for more than 90 days and
log file storage is restricted to 10,000 log files per VPN per tenant or customer.
Colt SD WAN 3
External Service Guide – Customer Reference
3. Navigation and Views
3.1. Icons and Options
Top level icons show the IPC or IP VPN number and the period which the report
shows, plus the number of active sites in this VPN:
The data range, here shown as “last day” is a drop down list where users can
select a view based on a period or a custom date range.
This icon is positioned at the top right hand

side of graphical displays. It allows users to
select a data type to be viewed; in this example,
the Volume of TX/RX data, Volume for RX,
Volume TX or the total bandwidth.
Note: In the top level dashboard views, data is

shown as the aggregated or total for all sites in
the VPN. For more detail, users must drill down
or select a specific site. The drill-down views
are explained in later sections of this document.
• Bar chart
• Line chart
• Trend lines
Note that on detailed drill-down views, there are additional icons to show
trending and usage analytics over time. These will be described later.
Graphical reports can be shown and

downloaded in various formats from the drop-
down menu button, as shown.
Colt SD WAN 4
Reports can be downloaded or saved using the icons below. These are found at
the top or bottom right-hand side of any tabular data.
• Copy
• Download as CSV
• Download as PDF
For site-specific views or drill-down views, the icons and drop-down menu
options change as shown below.
All sites are listed but individual sites can be selected from the drop-down list
of available sites.
Individual sites can also be selected from either site name in the graphical view
or the in tabular view, see below:
Site names can be Change the number

clicked on to open a of rows that appear
site-specific view in the tabular view
Additional metrics may be shown in the drop-

down list; in this example, Uplink and Downlink
bandwidth is available. In other views,
additional metrics may be selectable from this
menu.
Colt SD WAN 5
The Trending icon allows a new window to be opened to
show trending options as shown in the screen shot below.
Selecting the different trending options shows a trend line according the
options chosen. For example, linear trending is shown below.
3.2. Scaling and Accuracy

Graphical views show data based on average values calculated over a period
of time. That accuracy changes with the duration of the data that is selected,
i.e. for hour or daily views, the specific peak usage is more accurate than in
monthly views.
Colt SD WAN 6
Hovering the cursor above the graph shows a specific point on the graph and a
corresponding table of sites and values at that point on the graph.
The views of usage date can be from 5 minutes to a custom range.
Users can zoom in on a section of the graph by left clicking and dragging the
cursor along the graph to create a shaded area as below.
Colt SD WAN 7
This will open the shaded section for a more detailed view as shown below with
the time and bandwidth scale automatically changed.
4. Access Via Colt Online

Customers that contract the Advanced Analytics feature for their SD WAN services will
get the access to SD WAN Analytics through their Colt Online account where they will
have the option of Analytics/Reporting in the Services menu. All SD WAN customers
will see the Analytics reporting option, but only those that subscribe will be redirected
to the Analytics Portal.
Link to
SD WAN
Analytics
Colt SD WAN 8
Users are presented with a list of SD WAN VPNs that are part of their organization and
will be able to choose the one for which they want to see the Analytics data. Only the
VPNs for which this feature was contracted will be enabled. Note the term IPC below is
a reference to the unique name/number assigned to each customer VPN.
Selecting a specific VPN will redirect the user to the SD WAN Analytics GUI Dashboard
for that VPN. A view of the SD WAN Analytics portal that a customer will see is shown
in the screen shot below.
5. SD WAN Analytics Views

When user’s login to the SD WAN Analytics Portal The page shows the following views:
• SD WAN Dashboard (Aggregate view of all sites)

• Security Dashboard (Aggregate view of all security metrics, across all sites)
• System Dashboard (list of CPE Hardware performance and usage data, including
interfaces)
• Log files
The initial page view is a summary of the top used SD WAN sites and Circuits over the
last day (24 hours). The VPN or IPC is shown, and the user has the option to change
the period that this view relates to using the drop down arrow in the box labelled ‘last
day”.
Colt SD WAN 9
From this page users can select various options and drill down either by:
• Selecting them from the drop down menus under the “Dashboard views”
• Selecting the segments in each of the graphical views which takes the user to site-
specific, drill-down views. This drill-down view shows all the key data.
5.1. SD WAN Analytics Dashboard

The SD WAN Analytics Dashboard displays the most used site and circuits.
To change the view and metrics, use the Metrics and Chart menu buttons as
described in the Icons and Options above. Note that clinking on one of the
graphical segments takes you straight to the site-level detailed analytics.
SD WAN Sites
By selecting SD WAN “Sites” in the left side menu, users can drill down to a
single site and view specific data associated with that site. The site data is
shown graphically in different tabs. Site-level views show usage for Bandwidth,
data transfer and availability for all sites but shown on a single graphic to
compare relative usage. Users can select from the following options:
• Graph type (using the menu buttons)

• Upload / download the graphical image or download the raw data as CSV
• Filter the graphical view by selecting the site name.
Colt SD WAN 10
Usage
Usage shows the top sites. The various metrics that can be viewed are chosen
from the Metrics menu button as shown below.
Availability
Availability shows the time a site was available or down for each site, hovering
over each. Hovering over the availability on the graphs shows the start and end
time for that period of availability.
Connections
Connections shows the top 50 path connections between sites with relative
usage per connection.
Colt SD WAN 11
Heatmap
Heatmap shows the utilization and percentage availability based on the

sessions calculated per site which changes the relative size of each block. The
colour range indicates the percentage availability.
Site Map
Site Map shows the graphical view of the SD WAN network topology. This
feature is not available at the moment.
SD WAN Paths
The Paths View shows statistics for the encrypted traffic that is transported on
the overlay tunnels that each site builds with other sites in the SD WAN VPN.
Path reporting data shows the bandwidth and any associated SLA parameter
and traffic steering rules defined for that path.
Colt SD WAN 12
Usage
The path usage date is shown for the top used paths and is displayed
graphically or in a tabular form. The path usage metrics can be changed using
the metrics menu button as shown below.
Selecting the path from the tabular view generate a detailed view of that
specific path as shown below.
SLA Metrics
SLA metrics provide a path-level view of SLA parameters that have been
measured between sites. In addition, paths are also shown between sites and
Colt network Gateways typically named in the form NV-VNF-GW-XXX. This
view shows the paths with the highest SLA metric measurements.
Note, the SLA metrics view is per site and related to SD WAN paths between
sites. To get an accurate view of which sites have performance issues, the
tabular view below the graphical view lists each path from that site. The path
data is also per underlay connection from originating site local to remote sites.
The paths between specific sites can be selected using the menu options as
shown.
Colt SD WAN 13
Selecting a line from the tabular view above shows a detailed network data for
that path as shown below. The various SLA metric options can be selected from
the Metrics menu buttons on each graph, and the period of the report can be
varied. A tabular view for all SLA log metrics is shown below the graphs. These
can be copied or downloaded as CSV/PDF using the buttons at the bottom
right-hand side of the view.
Colt SD WAN 14
Rules
Rules shows the top used rules and SLA Violations of traffic steering policies.
Below, the graphical view is a tabular view where specific rules can be selected.
If a specific rule has been selected, the screen shots below shows the traffic
conditions applied by the rule (See the SD WAN Portal User guide for SLA
traffic policy options) and number SLA violations per rule.
Colt SD WAN 15
MOS
This shows the codec-specific MOS score per site, between specified sites and
by SD WAN transport type, e.g. Internet or MPLS as shown below.
Note the MOS score must be specifically enabled as a service before data is
logged and becomes available on the SD WAN Analytics views.
Site-level view of site-level statistics
Site-level show detailed analytics view for that specific site. You can get to this
view from various menu options, but the simplest method is from SD WAN
sites. Select a specific site as shown below:
Once a site is selected, the detailed site view is shown with a range of new tab
options to select. See screen the screen shot below.
Colt SD WAN 16
Note: A view of each tab option can be obtained for each of the underlay or SD
WAN transport circuit types. In addition, users can modify their view by using
the Metric, Chart and Trend menu buttons. They can also copy or download the
graphs and tables using the menu and copy buttons as describe in the Icons
and options section above.
Usage
To access usage data, select a site and follow these steps to understand the
content of each of these tabs:
1 Select the Usage tab to view analytic statistics of the overall SD WAN traffic
usage for the selected site. It displays these two tiles:
a. SD WAN site bandwidth usage over time for the selected site. Additional
metric views can be shown by selecting the metric menu button.
b. SD WAN branch total bandwidth usage of the selected site. The tabular
view can be copied or downloaded in CSV/PDF file formats.
Colt SD WAN 17
5.2. Availability
Select the Availability tab to view the reachability of the site. It displays these
tiles:
a. Total availability and availability over time for selected site.
Controller status log.
Colt SD WAN 18
5.3. Access Circuits
Select the Access Circuit tab to view the traffic usage on each of the WAN links
of the selected site. It displays these tiles:
a. SD WAN usage over time of selected site by total bandwidth. This is the SD
WAN traffic and represents all the traffic running over all the paths across
each underlay network link.
b. Additional views by usage metric can be selected from the metric menu
button (see icons and options).
c. Individual circuit can be filtered out of the graphical view by selecting he
circuit name under the graph.
d. The tabular shows all the circuit usage metrics, CPE name, any service
provider details(OLO connected or 3rd party ISP) and WAN IP address.
Colt SD WAN 19
e. Direct Internet Access (Local Breakout) usage over time of selected site by
total bandwidth. Note this view is pure Internet traffic, not SD WAN traffic
that traverses the Internet WAN Links.
f. Data can be filtered or downloaded and views by metric can be changed
using the menu buttons on each screen (see icons and options).
5.4. Users
From the site-level menu, select the Users tab to display top traffic sources by
IP address. This view shows the following tiles:
a. Top users of the site by bandwidth.
Colt SD WAN 20
b. Top user per access circuit over time for site by bandwidth is by default but
the Metric Button Menu can be used to change which metrics to view.
c. Users table.
This is a tabular view of all user metrics by site and source IP address. Users
can change the sequence and list order by using the icons at the top of each
column
Colt SD WAN 21
Drill-down of a specific user provides top applications of the users as well as
user traffic usage over time by bandwidth.
5.5. Applications
Select the Applications tab to view top applications. Applications are defined
by signature and a list of 3600 applications are maintained for monitoring,
reporting and policy management. Applications that do not match a known
signature are shown as undefined with the protocol type associated it shown in
the Application reports .
a. Top applications of a selected site by bandwidth and several other metrics.

To display the other metric views, use the metric menu button (See icons
and options).
Colt SD WAN 22
Selecting a segment from the above chart allows a drilldown of any application
provides the application usage of time per WAN link, as well as the top users of
the application.
b. Application usage over time per WAN link by bandwidth.
c. Application summary statistics.
d. Top applications per access circuit usage over time for selected site by
bandwidth.
Colt SD WAN 23
e. Applications are grouped into families with a different tags for security.
SD WAN supports 6 application tags with the majority being Business or
Non-Business applications. This view shows a report by application family
of selected site by bandwidth. However, using the metric menu button will
allow reports using different usage metrics (see icons and options).
Selecting a chart segment allows a drill-down to the list of non-business or

business applications being used by bandwidth. The business/non business
applications are predefined by Colt.
Colt SD WAN 24
5.6. Rules
View SD WAN traffic steering rule usage and violations. SD WAN forwarding
rules are configured on the SD WAN branches to steer traffic matching the
rules to different paths based on the SLA conformance on each of the paths.
These are the reports available:
a. Top rule usage of selected site by bandwidth, use the metric menu button
to show a list of usage metrics for rules usage.
b. Top rule usage over time selected site by bandwidth, use the metric menu
button to show a list of usage metrics. Selecting the segment on the graph
takes you to a drill-down view
Colt SD WAN 25
c. Top rules, remote sites usage of selected site by bandwidth use the metric
menu button to show a list of usage metrics.
d. Top rules, remote sites seeing SLA violations, select each segment to a
detailed view.
Drill-down on a rule, remote site provides usage over time of the rule on various
paths.
Colt SD WAN 26
Drill-down on a rule, remote site also provides FEC and traffic replication
statistics per rule , and WAN link.
5.7. SLA Metrics

Versa devices have health monitoring for overlay SD WAN path to each remote
SD WAN Branch. Devices collect delay, loss and PDU-Loss on defined intervals
for each SD WAN path and calculate a mean value. You can see loss and delay
for any path for specific time. Such statistics are useful in troubleshooting as
well. To view these metrics, take the following steps:
a. Top SLA measurement of the selected site by delay.
b. SLA Measurement of the selected site.
Colt SD WAN 27
Drill-down of a path can be obtained by clicking on the magnifying glass in the
tabular view above. This provides a granular SLA metrics per path and traffic
class as shown below.
5.8. SLA Violations

Select the SLA Violations tab to get summary reports and SLA related alarms.
This tab provides information about aggregated reports for SD WAN path
flaps and SLA violations events per path. Additionally, if SD WAN branches
are configured to generate alarms for path disconnect and path SLA violation
events, they are also displayed in this page. It displays these tiles:
1 Top sites of the selected site steering path based on SLA.
Colt SD WAN 28
a. It provides summary of top remote sites of selected site for which SLA
is being violated, i.e. loss/latency/PDU loss.
5.9. VRF
Select the VRF tab to view traffic usage per VRF. The VRF reports provide
breakdown of per LAN VRF traffic sent / received on the WAN links. Traffic
type indicates if it is SD WAN or DIA(native) traffic. It displays these tiles:
a. VRF usage over time of selected site by bandwidth, use the

metric menu button to display usage reports with different metric types.
b. VRF usage of the selected site.
Colt SD WAN 29
5.10. QoS
Select the QoS tab if visible, but QoS data is not accurately represented in this
release of the Advanced Analytics portal.
5.11. APM
Currently this is not enabled as an option.
5.12. MOS
MOS is not available for in this release
6. Security dashboard view

SD WAN Security Analytics provides visibility and analytics of the traffic, policy and
rules configured on SD WAN CPE appliances. Note, these views will only be populated
with data where a feature has been enabled as part of the customers service.
Security Analytics has the following sub menu views:
• Application Visibility
This menu provides the identified application based on the traffic flown through
application control engine.
• Firewall
This menu provides the Layer 4 information of the traffic which is traversing through
FlexVNF. By default, it can be listed as 5 tuples which includes Source IP, Destination
IP, source port, destination port, and protocol.
The Security Analytics dashboard shows an overview of the following key views that
can be used to drill down to specific top usage for the following:
• Top Applications - This option will allow to view the list of top applications which
were accessed through FlexVNF
• Top Bandwidth Consuming Applications – This option lets you view the top
applications which are using more bandwidth which are accessible from the end
users.
• Top Rules – This option lets you view the list of rules which are used for majority of
traffic forwarding.
• Top Destination Addresses – This option lets you view the list of destination
address where the number of connections towards those addresses are high.
• Top Source Addresses – This option lets you view the list of source address from
where the number of connections generated are high.
• Top Zone – This option lets you view the top zone where the overall traffic rate
were high, and the zones are listed in order depends on their traffic flow rate.
• Firewall actions – This option lets you view top actions which were hit based on the
traffic flow. By default, the action could be allow / deny.
Colt SD WAN 30
These images showcase the Security Analytics Dashboard displaying the top data for
each of the security parameters:
1 Security dashboard displaying top applications & Bandwidth usage by

application.
2 Security dashboard displaying top usage by rule, source and destination IP

address.
3 Security dashboard displaying zone based usage data.
Notes :
• Zone definition is limited to LAN X, e.g. LAN 1, LAN 2 etc., and DMZ
currently. Also, to usage by firewall rule actions and threats.
• Threat detection is currently not supported as part of the SD WAN security
product.
Colt SD WAN 31
6.1. Application Visibility
An application is determined based on deep packet inspection (DPI). The firewall
uses IP address and port numbers for enforcing policies. This is based on the
assumption that users connect to the network from a fixed location and access
particular resources using specific port numbers.
SD WAN supports more than 3,600 applications that are automatically

recognized based on application signatures. Each application is associated with
attributes like Family, Subfamily and Tags. Additionally, SD WAN supports user-
defined applications, application groups and dynamic application filters. The
SD WAN Analytics shows the visibility of the applications based on predefined,
application groups and dynamic application filters.
Follow these steps to view the application analytics:
1 Under the Security dashboard view, select the applications sub menu as
shown below.
The dashboard has these tabs:
• Applications – To View application statistics

• Risk Not Currently Data Not Available
• Productivity Data Not Available
• Families Data Not Available
• Sub Families Data Not Available
Select the default Application tab to view analytical statistics for:
Top applications by
Session – Displays information of top applications by session.
Volume Tx – On choosing this, it displays the information of top applications by

upload size.
Colt SD WAN 32
Volume Rx - On choosing this, it displays the information of top applications by
download size.
Total Bandwidth – On choosing this , it displays the application in an order of

top bandwidth usage which includes both Tx / Rx (Upload & Download).
Additional metrics can be used using the metric menu button.
a. Application usage over time by bandwidth in a graphical form can be

displayed, again the view by metric can be changed using the metric menu
button.
b. Application tabular view displays the summary details of the application by

following values:
Sessions – Number of sessions established per application.
Total Bandwidth – The rate at which the data is exchanged between client and
server. This is an addition of both Tx + Rx where Rx refers to download , Tx
refers to upload.
Volume received (bytes) – Total amount of data recieved per application.
Volume transmitted (bytes) - Total amount of data transferred per application.
Colt SD WAN 33
Average duration of each session (milliseconds) – The average duration among
number of connections per application which lasted.
Bandwidth received and transmitted (bps) per session.
Note the table can be downloaded as CSV or PDF format (see icons and
options).
2 Select the Risk tab to view traffic usage per risk level. Application risks are
predefined by Versa based on their scoring system. The applications list,
which Versa maintains, has visibility of both good and bad applications.
Customer can gain visibility of both types of traffic when this option
is chosen. The applications are rated based on the standard analysis
conditions which are internal to the Versa application control engine.
3 Select the Productivity tab to view traffic usage for a productivity level.
Drill-down for a productivity view will provide top applications with the
productivity value.
Colt SD WAN 34
Click on specific productivity values to see the event by sessions for the
specific valued applications.
4 Select the Families tab to view traffic usage per predefined application
family.
Drill-down on a specific family value will provide top applications for that
family.
5 Select the Sub Families tab to view traffic usage per predefined sub family
Every application is categorized under a standard structure, which helps in

having effective control and monitoring of applications. The following is the
structure of every application embedded in the application control engine.
Application Family Sub-Family
01NET General-internet Web
The below screenshot shows the actual application structure from the CLI of
FlexVNF.
Colt SD WAN 35
Drill-down on a specific subfamily value will provide top applications for that
subfamily.
To view more details of the specific sub-famil , click on the specific sub-family
category (e.g. peer-to-peer) under the first column. This will display the
following.
Colt SD WAN 36
6.2. Web Visibility
Follow these steps to view the Web traffic visibility.:
1 Select the Web to view the dashboard, as shown below.
2 The dashboard has these tabs:
• URL Categories
• URL Reputation
3 The URL Categories tab to view traffic usage per predefined URL category.
a. URL Category Usage over time by bandwidth (select the metric menu
button to see more options) displays the bandwidth consumption of the
traffic that matches the URL category configured in the security access
policy rules.
Colt SD WAN 37
Click on each legend in the graphical view above to show the URL category to
view individual category specific data.
b. URL Category Usage—Displays the detailed statistics for each URL

category and its bandwidth consumption and other related details.
4 Select the URL Reputation tab to view traffic usage per URL reputation
(Note: This will be available in next release of Advanced Firewall feature
enhancements.
a. URL Reputation usage over time by bandwidth displays the bandwidth

consumption of the traffic that matches the URL reputation configured
in the security access policy rules.
Colt SD WAN 38
b. URL Reputation usage displays the detailed statistics for each URL
reputation, its bandwidth consumption and other related details
(Note: This is not available until the next release of Advanced Firewall
Enhancement).
6.3. Firewall
In general, Firewall controls the traffic flow between two communicating parties
based on various parameters. Typically, this includes source IP, destination
IP, destination port, protocol, and action . It combines these parameters to
construct a set of rules. Interesting traffic will be inspected with this set of
rules and appropriate action is taken based on the defined rules. To gain more
visibility of the traffic statistics which were processed through those sets of
rules, the analytics portal provides the classical view. The following covers
Firewall reporting in detail.
To view Firewall reports:
1 View Firewall Analytics by selecting the Firewall option under the Security
menu.
The dashboard contains these tabs:
• Rules Tab
• Source
• Destination
• Zone Tab
• Forwarding Class
Colt SD WAN 39
2 Select the default Rules tab to view analytical statistics of the security
access policy rule.
a. Rule usage over time by bandwidth. Use the metric menu button
to display additional metric views. This displays the bandwidth
consumption of the traffic that matches the security access policy rules.
Additional metrics are:
Sessions – Shows number of sessions which were established per rule.
Volume Tx Rx – The measure in which amount of data is exchanged between

two entities which are allowed by specific firewall rule, where Rx refers to
download and Tx refers to upload.
Volume Rx (bytes) – Total amount of data received per rule.
Volume Tx (bytes) - Total amount of data transferred per rule.
Bandwidth – The rate at which the data is processed per rule.
b. Rule usage displays the detailed log for each rule and its bandwidth
consumption and other related details. Drill-down is possible in the
tabular view below by selecting the specific rule.
Colt SD WAN 40
3 Select the Source tab to see top usage by source IP address. Use the metric
menu button to show more metric views.
a. Further drill-down to specific usage by IP address is possible by clicking

the IP address in the graphical view.
b. A tabular view the Destination IP usage is available under the graphical

view. A drill down on each line is possible to get IP source specific usage
reports.
4 Select the Destination tab to see top usage by source IP address. Use the
metric menu button to show more metric views.
Colt SD WAN 41
a. Further drill-down to specific usage by IP address is possible by clicking
the IP address in the graphical view
b. A tabular view the IP Destination usage is available under the graphical

view. A drill down on each line is possible to get IP source specific usage
reports.
5 Select the Zone tab to view analytical statistics of the security policy rule
based on the security zone. The data is displayed for:
a. Zone usage over time by bandwidth displays the bandwidth

consumption of the traffic that matches the security access policy rules
based on zones. Select the metric menu button for more options.
Additional metrics are
Colt SD WAN 42
Sessions – Shows number of sessions which were established per zone.
Volume Tx Rx – The measure in which amount of data is exchanged between

two entities which traversed through zones, where Rx refers to download and
Tx refers to upload.
Volume Rx (bytes) – Total amount of data received per zone.
Volume Tx (bytes) - Total amount of data transferred per zone.
Bandwidth – The rate at which the data is processed per zone.
b. Zone usage displays the detailed log for each zone and its bandwidth
consumption and other related details. A drill-down view per zone name
is possible by clicking on the link in the Zone column.
6 Select the Forwarding Class tab to view analytical statistics of the security
policy rule based on the forwarding class.
The data is displayed for:
Colt SD WAN 43
a. FC usage over time by bandwidth displays the bandwidth consumption
of the traffic that matches the security access policy rules based on
forwarding class. More views using different metrics are possible using
the metric menu button (see icons and options).
b. FC usage displays the detailed log for each forwarding class and its
bandwidth consumption and other related details.
6.4. Threat Monitoring

SD WAN’s threat monitoring solution offers these sets of security capabilities,
in addition to all the security features of a Next Generation Firewall (NGFW). To
view Threat Monitoring reports:
1 View Threats from the Security dashboard sub menu.
Colt SD WAN 44
The dashboard contains these tabs:
• Web Filtering Not Available

• IP Filtering Not Available
• Malware Not Available
• Vulnerabilities Not Available
• Summary
2 Select the default Web tab to view reports for URL Filtering using the
NGFW and URL Filtering profiles.
It displays these tiles:
• Top URL Categories.

• Top URL Reputation.
• Top URL Filtering Profiles.
• Top URL Filtering Source.
Colt SD WAN 45
Drill-down provides detailed view of the URL filtering events matching the drill
key.
Colt SD WAN 46
3 Select the IP tab to view IP filtering report.
It displays these tiles:
• Top IP Filtering Action

• Top IP Filtering Profiles
• Top Filtering Destination Reputation
• Top IP Filtering Source
Drill-down provides detailed view of the IP filtering events matching the drill
key.
Colt SD WAN 47
4 Select the DDOS tab to view DOS threat reports. It displays the Top DDoS
Threads information.
Drill-down provides detailed DOS logs matching the drill key.
Colt SD WAN 48
5 Select the Summary tab to view the threat reports. The tiles displays the
summary of:
7. System
The System dashboard shows SD WAN CPE hardware usage data. The dashboard pro-
vides a summary of all the devices in the customer VPN. Each line appliance ID can be
clicked on to provide a detailed view of the usage of that appliance.
Drill-down of any appliance provides a detailed view of CPU, memory, disk, session
load over time. It displays these tiles:
Colt SD WAN 49
• Site monitoring by CPU load
• Site monitoring by memory load
• Site monitoring by disk load
• Site monitoring by sessions load
SD WAN’s System Analytics has built-in dashboards for:
• Guest VNF (Not available with Colt SD WAN)

• SNG (Not available with Colt SD WAN)
Colt SD WAN 50
7.1. Interfaces
The interface usage for all sites can be shown as an aggregate view by
selecting interface option. This shows all WAN and LTE uplinks on all sites,
both in graphical view as total bandwidth over time and as a tabular view (see
below).
7.2. WAN
This view shows the list of top used WAN interfaces by device. Underneath
the graphical views is a tabular view. WAN interface usage can be viewed by
bandwidth and several different metrics using the metric menu button.
There is a drill-down option which can be accessed by selecting a specific

device in the tabular view to create a graphical and tabular view for each SD
WAN CPE and WAN interface.
Colt SD WAN 51
7.3. LTE
The LTE interface view is only available where a CPE has an LTE-enabled device
installed. The views available are shown in the screen shots below. The usage
views can be changed using the metric menu button.
8. Log
Log files can be viewed from the SD WAN Analytics GUI. Log files will only be dis-
played if the logging has been enabled for that log type. Not all the generic log collec-
tor options are available; for example, Guest VNF or packet captures.
Log file and types available are as follows:
• Firewall
• CGNAT
• DDOS
To view the firewall logs in raw log format, select Firewall Logs. The log messages fol-
low standard structures and the below screenshot portrays a sample log message
On choosing the magnifier option of each log message in first column, the following
details are shown.
Colt SD WAN 52
The full list of log file types available is shown in the screenshot below, however only
the those listed above are available in this release.
Note, currently the log file storage is limited to 10,000 log files per customer.
For more information +44 (0)20 7863 5510

sales@colt.net
www.colt.net
Colt © 2020 Colt Technology Services Group Limited. The Colt name
Colt SD WAN and logos are trade marks. All rights reserved. 53

Colt SD WAN-Versa Analytics User Guide

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Colt SD WAN-Versa Analytics User Guide

Загружено:

Авторское право:

Доступные форматы

SD WAN Analytics

Read Only Access

2. Limitations and Restrictions ���������������������������������������������������������������������������� 4

3. Navigation and Views�����������������������������������������������������������������������������������������5

4. Access Via Colt Online�������������������������������������������������������������������������������������� 9

5. SD WAN Analytics Views���������������������������������������������������������������������������������10

6. Security dashboard view��������������������������������������������������������������������������������� 31

This guide is an illustration of the capabilities of SD WAN Analytics showing

2. Limitations and Restrictions

In the current release, geographic map views are not available.

This icon is positioned at the top right hand

Note: In the top level dashboard views, data is

Graphical reports can be shown and

Site names can be Change the number

Additional metrics may be shown in the drop-

3.2. Scaling and Accuracy

The views of usage date can be from 5 minutes to a custom range.

4. Access Via Colt Online

5. SD WAN Analytics Views

• SD WAN Dashboard (Aggregate view of all sites)

5.1. SD WAN Analytics Dashboard

• Graph type (using the menu buttons)

Heatmap shows the utilization and percentage availability based on the

Site-level view of site-level statistics

a. Total availability and availability over time for selected site.

Controller status log.

a. Top users of the site by bandwidth.

a. Top applications of a selected site by bandwidth and several other metrics.

b. Application usage over time per WAN link by bandwidth.

c. Application summary statistics.

Selecting a chart segment allows a drill-down to the list of non-business or

5.7. SLA Metrics

a. Top SLA measurement of the selected site by delay.

b. SLA Measurement of the selected site.

5.8. SLA Violations

1 Top sites of the selected site steering path based on SLA.

a. VRF usage over time of selected site by bandwidth, use the

b. VRF usage of the selected site.

6. Security dashboard view

Security Analytics has the following sub menu views:

1 Security dashboard displaying top applications & Bandwidth usage by

2 Security dashboard displaying top usage by rule, source and destination IP

3 Security dashboard displaying zone based usage data.

SD WAN supports more than 3,600 applications that are automatically

Follow these steps to view the application analytics:

The dashboard has these tabs:

• Applications – To View application statistics

Select the default Application tab to view analytical statistics for:

Session – Displays information of top applications by session.

Volume Tx – On choosing this, it displays the information of top applications by

Total Bandwidth – On choosing this , it displays the application in an order of

Additional metrics can be used using the metric menu button.

a. Application usage over time by bandwidth in a graphical form can be

b. Application tabular view displays the summary details of the application by

Sessions – Number of sessions established per application.

Volume received (bytes) – Total amount of data recieved per application.

Volume transmitted (bytes) - Total amount of data transferred per application.

Bandwidth received and transmitted (bps) per session.

Every application is categorized under a standard structure, which helps in

Application Family Sub-Family

01NET General-internet Web

1 Select the Web to view the dashboard, as shown below.

2 The dashboard has these tabs:

b. URL Category Usage—Displays the detailed statistics for each URL

2. Limitations and Restrictions �� 4

3. Navigation and Views��5

4. Access Via Colt Online�� 9

5. SD WAN Analytics Views��10

6. Security dashboard view�� 31