Monitor Enterprise

VeloCloud SD-WAN allows an Enterprise user to monitor the events and services using a redesigned portal.

In the SD-WAN service of the Enterprise portal, select Monitor from the top menu. The following screen appears:

You can explore each monitoring option and select the graphs to view more detailed drill-down reports.

Each monitoring window consists of the following options:

Search – Enter a term to search for specific details. Select the Filter icon to filter the view by a specific criterion.
Column – Select the columns to show or hide in the view.
Refresh – Select to refresh the details displayed with the most current data.

Monitor Network Overview

The Network Overview page displays the overall summary of the network, including activated Edges, links, top applications, and other configured data.

To view the Network Overview summary:

In the SD-WAN service of the Enterprise portal, select Monitor > Network Overview .

The Network Overview page displays the summary of the network in a graphical representation. On this page, you can find details about Activated Edges, Links, Top performing Applications and Edges by data volume, Profiles used by the Edges, Activated Segments, Software version of the Edges, and more.

Also, the Network Overview page displays additional information about the Edges connected, degraded, and down in a table format. For a provisioned and activated Edge, you can find additional details such as name and status of Edge, number of links and hub links that are stable, name of Cluster to which the Edge is assigned, High Availability (HA) mode if the Edge is running 5.2.0.0 and above versions, Bastion state if configured, secrets encryption, and date/time when the Edge activated.

The following details are displayed:

Table 1. Option Descriptions
Option	Description
Activated Edges	Displays the number of Edges and Hubs that are connected, degraded, and down, along with a graphical representation. Select the link to a number and details of the corresponding Edges or Hubs are displayed in the bottom panel. In the following table, select the link to the Edge or the cluster name to navigate to the corresponding tabs.
Links	Displays the number of links and hub links that are stable, degraded, and down, along with a graphical representation. Select the link to a number and details of the corresponding links or Hub links are displayed in the bottom panel. In the following table, select the link to the Hub name to navigate to the corresponding tab.
Top Apps by Data Volume	Displays the top 10 applications sorted by volume of data.
Top Edges by Data Volume	Displays the top 10 Edges sorted by volume of data.
Profiles Used	Displays the details of used and unused profiles.
Segments Activated	Displays the details of activated and other segments.
Software Version	Displays the details of software versions of the Edges, that are up to date and outdated.
Edges with Enabled VNF	Displays the number of Edges activated with VNF, that are with status Error, Off, and On.
Edges with Enabled A-S Pair	Displays the number of Edges activated as Active-Standby pair, that are with status Failed, Pending, and Ready.
Non SD-WAN Destinations via Gateway	Displays the number of non SD-WAN destinations that are connected and offline.

Hover the mouse on the graphs to view additional details.

Monitor Security Overview

The Security Overview page displays the overall impact summary of configured Security services, like Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), URL Categories, URL Reputations, and Malicious IP for all Edges within an Enterprise, based on the metrics collected using the various Enhanced Firewall Services (EFS) engines (IDS/IPS/URL Filtering/Malicious IP).

Note: Under the Monitor tab, the Security Overview option only displays if the EFS feature is activated in the Global Settings page.

Monitor Security Overview - Enterprise View

To view the overall impact summary of configured Security services for an Enterprise, in the SD-WAN service of the Enterprise portal, select Monitor > Security Overview . The Security Overview page appears.

In the Security Overview page, you can find the following details:

Table 2. Security Overview Option Descriptions
Option	Description
Overall Impact Summary	Displays the total count of Edges within the Enterprise and total count of Reporting Edges whose traffic was subjected to at least one of the Enhanced Firewall Engines. Under Reporting Edges, selecting the link to the number displays a tabular view of all Edges whose traffic hit at least one EFS engine along with the Action count details. Hover the mouse over the Action count to view the split count by supported Action types. Figure 4. Reporting Edges To view the EFS Threats details for a specific Edge, select the link to the Edge name. You will be navigated to the Edge-specific Security Overview page. See Monitor Security Overview.
IDS/IPS Summary	Displays the total count of IDS/IPS Threats Detected and Prevented for all Edges within the Enterprise, along with the Threat Severity and Action details in a graphical representation. Hover the mouse on the graphs to view specific threat details. For detailed information about the IDS/IPS Threat distribution, see the section Monitor Security Overview.
URL Category Summary	Displays the total count of URL Categories and Action count details for all Edges within the Enterprise, along with the Top 5 URL Categories details in a graphical representation. For detailed information about the URL Category Threats distribution, see the section Monitor Security Overview.
URL Reputation Summary	Displays the total count of URL Reputation risks and Action count details for all Edges within the Enterprise in a graphical representation. For detailed information about the URL Reputation Threats distribution, see the section Monitor Security Overview.
Malicious IP Summary	Displays the total count of Malicious IP Blocked and Monitored. For detailed information about the Malicious IP Threats distribution, see the section Monitor Security Overview.

Monitor IDS/IPS

To view the IDS/IPS specific threats details for an Enterprise, select Monitor > Security Overview > IDS/IPS .

The IDS/IPS page is a graphical representation of Threat distribution (Threats Detected/Threats Prevented) based on the metrics collected using the IDS/IPS engines for all Edges within an Enterprise. You can view the Threat distribution of all the Edges using the following two views:

Impacted Edge Distribution – Represents a map view of all the IDS/IPS Impacted Edges (by severity) and Protected Edges. The page graphically displays the following IDS/IPS Threat details for an Enterprise:
- Total count of Edges Impacted
- Total count of Edges Protected
- Top Threats Detected filtered "By Count" (Default) or "By Impact"
- Top Threat Origins filtered "By Country" (Default) or "By IP Address"
- Top Impacted Edges filtered "By Edge Name"
- Top Impacted Clients filtered "By IP Address"
Figure 5. Security Overview- Edge Distribution
Impacted Edge List – Represents a tabular view of all the IDS/IPS impacted Edges along with Threat details. The page displays the following details: Name and Description of the impacted Edge, Threat Impact on Edge, and Status of impacted Edge.

Figure 6. Security Overview- IDS/IPS

Monitor URL Filtering

To view the URL Filtering specific threats details for an Enterprise, select Monitor > Security Overview > URL Filtering .

The URL Filtering page graphically displays the following URL Categories and URL Reputations threat details for an Enterprise:

Total count of URL Categories
Total count of URL Category Actions
Top URL Categories
Top URL categories filtered by "Action" (Blocked, Allowed, and Monitored) or "Total Count" (Default)
Top Edges filtered by "Category Actions" (Blocked, Allowed, and Monitored) or "Total Count" (Default)
Total count of URL Reputations
Total count of URL Reputation Actions
Top Websites filtered by "URL Reputation" (High Risk, Suspicious, Medium Risk, Low Risk, and Trustworthy) or "Total Count" (Default)
Top Edges filtered by "Reputation Actions" (Blocked, Allowed, and Monitored) or "Total Count" (Default)

Monitor Malicious IP

To view the Malicious IP specific threats details for an Enterprise, select Monitor > Security Overview > Malicious IP .

The Malicious IP page graphically displays the following Malicious IP threat details for an Enterprise:

Total count of Blocked Malicious IP
Total count of Monitored Malicious IP
Top Malicious Destination IPs filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)
Top Malicious Categories filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)
Top Edges filtered by "Action" (Blocked and Monitored)) or "Total Count" (Default)
Top Malicious Destination Countries filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)

Monitor Security Overview - Edge View

To view the EFS Threat details for a specific Edge:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges . The list of Edges associated with the Enterprise appears.
Select an Edge by selecting the link to an Edge. The Network Overview page (default page view) appears.
From the Network Overview drop-down menu, select Security Overview.
The Security Overview page displays the overall impact summary of configured Security services, like IDS/IPS, URL Categories, URL Reputations, and Malicious IP for the selected Edge.

Figure 9. Monitor Security - Edge

Monitor Edges

You can monitor the status of Edges and view the details of each Edge, like the WAN links, top applications used by the Edges, usage data through the network sources and traffic destinations, business priority of network traffic, system information, details of Gateways connected to the Edge, and so on.

To monitor the Edge details:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise. The page displays the details of the Edges, like the status, links, Gateways, and other information.

Select CSV to download a report of the Edges in CSV format.

Select View in the Gateways column to view the details of the Gateways connected to the corresponding Edge.

Select an Edge name in the Name column to view the details of the selected Edge. Select the relevant tabs to view the corresponding information. Each tab displays a drop-down list at the top which allows you to select a specific time period. The tab displays the details for the selected duration.

Some of the tabs provide drop-down menu of metrics parameters. You can choose the metrics from the list to view the corresponding data. The following table lists the available metrics:

The following table describes each drop-down menu that are available in the Links, Applications, Sources, Destinations, and Business Priority tabs.

Table 3. Metric Option Descriptions
Metrics Option	Description
Average Throughput	Total bytes in a given direction divided by the total time. The total time is the periodicity of statistics uploaded from the Edge. By default, the periodicity in Orchestrator is 5 minutes.
Total Bytes	Total number of bytes sent and received during a network session.
Bytes Received/Sent	Split up details of number of bytes sent and received during a network session.
Total Packets	Total number of packets sent and received during a network session.
Packets Received/Sent	Split up details of number of packets sent and received during a network session.
Bandwidth	The maximum rate of data transfer across a given path. Displays both the upstream and downstream bandwidth details.
Latency	Time taken for a packet to get across the network, from source to destination. Displays both the upstream and downstream Latency details.
Jitter	Variation in the delay of received packets caused by network congestion or route changes. Displays both the upstream and downstream Jitter details.
Packet loss	Packet loss happens when one or more packets fail to reach the intended destination. A lost packet is calculated when a path sequence number is missed and does not arrive within the re-sequencing window. A “very late” packet is counted as a lost packet.
Auto Dual-Mode SIM	Status of the Edge with respect to the Automatic Switchover feature configured on that Edge, and is applicable only for a 610-LTE. For additional information on the Automatic Switchover feature, see Configure Automatic SIM Switchover.
Signal	Signal strength of the Edge indicated by the number of bars.

The following table describes the filter options that are available in the Applications, Sources, and Destinations tabs.

Table 4. Applications, Sources, and Destinations Tabs Option Descriptions
Filter Option	Description
Application	The application used by the Edge.
Category	The category of the application used by the Edge.
Operating System	The operating system used by the Edge.
Hostname	The hostname associated with the flow.
IP Address	The IP address associated with the flow.
Client Device	The Client device associated with the flow.
Destination	The destination domain of the flow.
Destination IP	The destination IP address of the flow.
FQDN	The Fully Qualified Domain Name (FQDN) of the flow.
Next Hop	The Next hop SD-WAN destination for the flow based on indicated Route.
Route	The WAN route taken by the flow. Refer to table Route to Next Hop Mapping for description of each route and its relation to Next hop.

The following table describes the Route to Nexthop Mapping.

Table 5. Route to Nexthop Mapping
Route Name	Nexthop
cloudViaGateway	The name of the Gateway that routes traffic to the cloud.
internetViaDirectBreakout	Nexthop has no name. The traffic is coming from the Internet directly.
branchToBranch (Gateway)	The name of the Gateway responsible for routing traffic to the other branch.
branchToBranch (Edge)	The name of the Edge that was used to route traffic to the other branch.
branchToNVSDirect	The name of the HUB device serving as the nexthop Edge.
branchToNVSViaGateway	The name of the Gateway that routes traffic to NVS.
branchToBackhaul	The name of the Edge or enterprise object that is used to route traffic to a non-velocloud site.
cloudViaGateway (Edge – to Partner Gateway)	The nexthop is the name of the Partner Gateway that will route the traffic.
branchRouted	Nexthop has no name. For basic routed traffic, there is no destination object, specifically, via an Edge router.
internetViaBranchCSS	Name of enterprise object used to route traffic to a non-VeloCloud branch.

For each Edge, you can view the following details:

Overview
QoE
Links
Paths
Flows
Applications
Sources
Destinations
Business Priority
System
High Availability

Select an Edge and select the Shortcuts option at the top to perform the following activities:

Configure – Navigates to the Configuration tab of the selected Edge. See Configure Edges with New Orchestrator UI.
View Events – Displays the Events related to the selected Edge.
Remote Diagnostics – Allows to run the Remote Diagnostics tests for the selected Edge. See Run Remote Diagnostics.
Generate Diagnostic Bundle – Allows to generate Diagnostic Bundle for the selected Edge. See Diagnostic Bundles for Edges with New Orchestrator UI.
Remote Actions – Allows to perform the Remote actions for the selected Edge. See Perform Remote Actions with new Orchestrator UI.
View Profile – Navigates to the Profile page, that is associated with the selected Edge.
View Gateways – Displays the Gateways connected to the selected Edge.

The following are the other options available on this page:

Table 6. Additional Option Descriptions
Option	Description
Search	Enter a search term to search for the matching text across the page. Use the advanced search option to narrow down the search results.
Columns	Select and select the columns to be displayed or hidden on the page.
Refresh	Select to refresh the page to display the most current data.

Monitor Edge Overview

The Overview tab of an Edge in the monitoring dashboard displays the details of WAN links along with bandwidth consumption and network usage.

To view the information of an Edge:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link to an Edge and display the Overview tab.

The Overview tab displays the details of links with status and the bandwidth consumption.

You can choose whether to view the Edge information live using the Live Mode option. When this mode is ON, live monitoring of the Edge happens and the data in the page is updated whenever there is a change. The live mode is automatically moved to offline mode after a period of time to reduce the network load.

The Links Status section displays the details of Links, Link Status, Auto Dual-Mode SIM, WAN Interface, Throughput, Bandwidth, Signal, Latency, Jitter, and Packet Loss. For additional information on these parameters, see Monitor Edges.

The Top Consumers section displays graphical representation of bandwidth and network usage of the following: Applications, Categories, Operating Systems, Sources, and Destinations of the Edges. Select View Details in each panel to navigate to the corresponding tab and view additional details.

Hover the mouse on the graphs to view additional details.

Note: The minimum amount of data consumption for SD-WAN control traffic on a link is 1.5- 2 GB per month depending on the number of paths.

Monitor QoE

The VeloCloud Quality of Experience (QoE) tab displays the Quality Score for different applications. The Quality score rates an application's quality of experience that a network can deliver for a period of time. The QoE is calculated based on the best score comparing all the Static tunnels (Edge to Gateways and Edge to Hubs) and then displays the best performing tunnel.

To view the QoE report of an Edge:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link to an Edge, and then select the QoE tab.

The QoE tab displays the quality score of applications for different traffic types.

Figure 12. Displaying the QoE Information

The following traffic types are supported:

Voice
Video
Transactional

Select the link to a traffic type displayed at the top, to view the corresponding data. You can hover the mouse on a WAN network link or an aggregate link to display a summary of Latency, Jitter, and Packet Loss.

The Quality Score rates an application's quality of experience that a network can deliver for a given time frame. The QoE graphs display the quality scores of the selected Edge before and after the SD-WAN optimization. A black vertical dotted line indicating an anchor, appears on the graph, whenever there is a threshold value change in a Profile or an Edge. You can hover the mouse on the anchor to see the modified latency threshold values for Voice, Video, and Transactional. Also, the of the graph varies depending on the threshold value as listed below:

Table 7. Threshold Values
color	Rating Color	Rating Option
Green	Good	All metrics are better than the objective thresholds. Application SLA is met/exceeded.
Yellow	Fair	Some or all metrics are between the objective and maximum values. Application SLA is partially met.
Red	Poor	Some or all metrics have reached or exceeded the maximum value. Application SLA is not met.

To modify the threshold values, select the View/Modify Thresholds link located at the bottom of the screen, which takes you to the Configure > Edges > Business Policy page.

Monitor Links of an Edge

You can monitor the WAN links connected to a specific Edge along with the status, interface details, and other metrics.

To view the details of Links and Transport groups used by the traffic:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link to an Edge, and then select the Links tab.

The Links tab displays the details of WAN links connected to the selected Edge.

Figure 13. Displaying WAN Links for an Edge

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

Hover the mouse on the graphs to view additional details.

Select Transport Groups to view the links grouped into one of the following categories: Public Wired, Public Wireless, or Private Wired.

You can choose whether to view the information live using the Live Mode option. When this mode is ON, you can view live monitoring of the links and the transport groups.

Choose the metrics from the drop-down to view the details related to the selected parameter.

The bottom panel displays the details of the selected metrics for the links or the transport groups. You can view the details of a maximum of 4 links at a time.

Select the arrow prior to the link name or the transport group to view the break-up details. To view drill-down reports with additional details, select the links displayed in the metrics column.

Select the arrow next to Top Applications to navigate to the Applications tab.

Monitor Path Visibility

Path is a tunnel between two endpoints. Path visibility is a report on utilization and quality of the paths between an Edge and its VeloCloud SD-WAN peers. Orchestrator allows an Enterprise user to monitor the Path visibility using the monitoring dashboard.

For a selected Edge, you can monitor the Path information for the VeloCloud SD-WAN peers with traffic flow observed for a specific period.

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link to an Edge, and then select the Paths tab.

For the selected Edge, the Paths tab displays the details of VeloCloud SD-WAN peers with traffic flow observed for specified period.

Note: The Paths tab is available only for Edges with software image version 4.0 or later.

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.

To get a report of a VeloCloud SD-WAN peer in CSV format, select the peer and select Export Path Statistics.

Select the link to a VeloCloud SD-WAN peer to view the corresponding Path details as follows:

All the VeloCloud SD-WAN peers that have traffic observed during the selected time period.
The status of the paths available for a selected peer.
Overall quality score of the paths for a selected peer for voice, video, and transactional traffic.
Time series data for each path by metrics like: Throughput, Latency, Packet loss, Jitter, and so on. For additional information on the parameters, see Monitor Edges.

The metrics time-series data is displayed in a graphical format. You can select and view the details of a maximum of four paths at a time.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

Hover the mouse on the graphs to view additional details.

Expand the Quality Score pane at the top, to view the Path score by the traffic types.

You can select a VeloCloud SD-WAN peer displayed in the left pane, to view the corresponding Path details.

A black vertical dotted line indicating an anchor, appears on the graph, whenever there is a threshold value change in a Profile or an Edge. You can hover the mouse on the anchor to see the modified latency threshold values for Voice, Video, and Transactional. To modify the threshold values, select the View/Modify Thresholds link located at the bottom of the screen, which directly takes you to the Configure > Edges > Business Policy page.

Monitor Flow Visibility

The Flow Visibility feature introduces a new Flows tab under Monitor > Edges , which provides detailed flow data on each traffic flow for each Edge. The comprehensive end-to-end flow (non-live flow) is built based on certain flow parameters, such as Source IP, Destination IP, Destination Port, Protocol, and Link ID. These parameters are displayed in a single-view table format, which can assist with monitoring and troubleshooting non-live flows. Starting with the 6.1 release, the Live Mode monitoring feature is supported. The Live Mode monitoring gives visibility into Source Port on top of non-live flows. It allows you to select individual or multiple live flows (up to four flows) to monitor and compare their metrics as live time series graphs.

Monitoring Non-Live Flows

To view detailed non-live flow data for a selected Edge, perform the following steps:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link of an Edge, and then select the Flows tab.
At the top of the page, from the time duration drop-down menu, choose a specific time or create a custom time filter to view the flow information.
By default, Past 12 Hours is selected. Filter capabilities from the past 60 minutes to 1 year is supported. The current data retention policy allows for high-resolution (per 5 minutes) flows to be retained for 4 weeks and low-resolution (per day) flows to be retained for up to a year.
High-resolution tables provide detailed insights into individual flows and short-term trends. They are useful for in-depth analysis and troubleshooting. Low-resolution tables offer a broader perspective on network traffic over longer periods. They are useful for capacity planning, trend identification, and reporting.

For the selected Edge, the Flows tab displays the detailed flow information about the selected Edge for a specified period.

See the "Flows Parameter Description Table" below for a description of flow parameters.
Note: For the Flows feature, the unselected table fields are only available for Edges with software image version 5.1 or later.

Figure 18. Monitoring Non-Live Flows

The Search field provides search capabilities to find a specific flow. Enter a search string to find text that matches the Source IP, Destination IP, Destination FQDN, and Destination Domain fields. Use the Advanced Search feature for more advanced filtering criteria.

Select the Filter icon to define a filter criterion. You can filter the flow details by the specified criteria: Source IP, Destination IP, Destination Port, Segment, Host Name, Application, Category, Destination FQDN, Destination Domain, and Next Hop.

Note: The client device table filters by hostname, however, the values display according to what was uploaded by the flow stats uploaded to the flow stats table. As a result, the hostname can be null, or it might not correspond to the filtered hostname. In essence, it displays the value submitted at the time the flow was uploaded.

Select CSV to create customized reports by exporting flow data in CVS format.

Note: A user can download the first 60K records matching the filter/quickSearch/sortBy/startTime/endTime criteria when the metrics/getEdgeFlowVisibilityMetrics request was made.

Note: Export to CSV format is not supported in the Live Mode.

Monitor Live Flows

The Live Mode monitoring feature enables customers to fetch live flow data to identify and troubleshoot problems. By default, this feature fetches a batch of up to 1000 recent flow records from the Edge or however many flows can be captured within five seconds (default value). The number of flows and the flow capture time can be configured by an Operator via the "edge.liveData.enterFlowLiveMode.delay.seconds" and "edge.liveData.enterFlowLiveMode.flow.count" System Properties. See section "List of System Properties" in the Operator Guide for a description of these properties and information on how to configure them.

Note: The Live Mode feature is only available for Edges with a version of 6.1 or later and Orchestrator with a version of 6.1 or later. Both Edge and Orchestrator must be on version 6.1 or later.

To activate Live Mode flow monitoring, perform the following steps:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link of an Edge, and then select the Flows tab.
In the Flows tab area of the Orchestrator, at the top, right-hand corner, switch the Live Mode toggle button to the right to activate the live monitoring of flow data.

The Time Remaining countdown of five minutes begins.

Figure 19. Monitoring Live Flows
In the Flows table, select up to four flows for which you want to monitor and compare the flow metrics. The selected flows move to the top of the table for better visibility. Then select any of the graph plots criteria (Bytes Received/Sent, Total Bytes, Packets Received/Sent, Total Packets, and Average Throughput), and select Submit.

Figure 20. Displaying the Flows Table

For the selected Edge with Live Mode activated, the Flows tab displays time series graphs of the selected flows, plotted at a rate of two seconds for a period of five minutes based on the selected graph plots criteria.
The Time Remaining countdown resets after the flows are selected and submitted. The timer will begin counting down from five minutes. After five minutes, a Mode Selection pop-up dialog displays.

Figure 21. Selecting Live Mode
Select Yes to stay in live mode, which resets the mode to live, and the countdown of five minutes begins.
Select No to exit the live mode. The Flows tab goes back to the non-live mode view.

Note: At any given time, only one user is permitted to initiate live flows on a specific edge. The Mode selection dialog is displayed for 30 seconds. If no action is taken, the user is automatically exited from the live mode.

Note: A maximum of 100 concurrent Edges can be monitored by default.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis scale between the two charts. If required, you can turn off this option.

Select the Breakdown by Links check box if you want to view the breakdown of flows by link.
The link-level breakdown provides a detailed analysis of the graph flows, showing the data flow through each link since the flow was started.
The breakdown of flows by link is calculated by using the flow tuple and link headers. This is in contrast with using the flow tuple with no added headers as in non-breakdown by link.

Figure 22. Displaying the Breakdown by Links

Note: When breaking down network flows by link, if the flow is a local network flow (i.e., no Wide Area Network (WAN) link), then there would not be any WAN link information displayed.

Selecting Refresh at the bottom-left side of the Orchestrator UI to fetches active flows in a batch of 1000- 4999 (as configured) flows from the Edge and updates existing flows displayed in the table.

Note: When the live mode is activated, if you select Refresh the Time Remaining counter does not refresh.

If a customer is actively monitoring flows and refreshes the table, the active live flows displayed on the graph will no longer display, and the graph will be empty.

The following table describes all the functionality deviations and behavioral changes from the non-live mode.

Table 8. Functionality Deviations from the Non-Live Mode
Deviation	Behavior
Deviation of Filter functionality from non-live mode	In live mode, users must provide a CIDR-formatted IPv4 or IPv6 address to apply filters based on Source/Destination IP addresses of current flows on the Edge. The user cannot filter flows based on Link or Destination Domain.
Deviation of Search functionality from non-live mode	In live mode, the search is performed locally and does not require a server-side search. Consequently, it filters data that has already been provided to the Orchestrator and not active flows on the Edge.
Deviation of Flow fields from non-live mode	For non-live mode, a device's hostname is mapped to a flow in order to filter traffic based on the provided hostname. In live mode, this is done by ignoring the hostname associated with a client device and displaying the hostname as sent by the edge instead. This can result in different hostnames being associated with the same flow based on non-live or live mode views. Additionally, the association to destination FQDN when the hostname is empty is bypassed to simplify the reasoning for the user when filtering for hostname. In live mode, the Link column in the Flow table shows the number of links used by that flow. Hovering over the number shows additional information about the link. If the column does not show a number, it means that it is a local network flow that is not associated with a WAN link. In live mode, the Start Time column displays the start time when the Edge started live flow monitoring. In live mode, the End Time column displays empty fields. In live mode, the Total Bytes/Packets column shows the total since the Edge first viewed the flow record. This count may differ from the Link total due to the VCMP header. In live mode, the Bytes Received/Sent and Packets Received/Sent columns show the snapshot of the reported value for the current interval, which is usually 2 seconds. The Source Port field is only available for the live mode. Once the users enter the live mode, the Link, Bytes, and Packet count values start accumulating. When the Breakdown by Links checkbox is activated, the breakdown of flows by link is calculated by flow tuple and link. This is in contrast with using the flow tuple with no added headers as in non-breakdown by link. When breaking down network flows by link, if the flow is a local network flow (i.e., no Wide Area Network (WAN) link), then there would not be any WAN link information displayed.

Table 9. Flows Parameter Description Table
Field Item	Description
Source IP	Displays the IP address that owns the flow item. This information is also available on the Source tab and can be mapped to the name of the client device/operating system. Note: When using the search features, IP filters do not support contains, startsWith or endsWith. Use CIDR format for similar results. Note: When using the filter in the live mode, provide a CIDR formatted IPv4 or IPv6.
Destination IP	Displays flow data of the Destination (Domain, FQDN, and IP). This information can also be found in the Destination tab. Note: When using the search features, IP filters do not support contains, startsWith or endsWith. Use CIDR format for similar results. Note: When using the filter in live mode, provide a CIDR formatted IPv4 or IPv6.
Source Port	Displays the source port number of the flow. Note: Source port is not available in the non-live mode.
Destination Port	Displays the destination port number of the flow, which identifies the process that is to receive the data.
Protocol	Displays Protocols (e.g. UDP, TCP) associated with the flow.
Segment	Routing domain. Each segment has a unique routing table.
Link	Underlying link through which the flow stats are reported.
ISP	Displays the Internet Service Provider associated with the flow.
Host Name	The hostname associated with the source device of the flow.
Application	Column that displays the application. This information can also be found in the Application tab.
Application Category	Similar applications that are used by a specific Edge can be grouped into a category.
Destination FQDN	The Fully Qualified Domain Name (FQDN) of the Destination to which the traffic flow was directed.
Next Hop	The name of next-hop device for the flow (for example, the name of the Gateway if the route is Cloud via Gateway). See Route to Nexthop Mapping Table for additional details.
Route	The path taken to the next hop across one or additional networks.
Start Time	The timestamp of when the Edge started the flow stats aggregation period.
End Time	The timestamp of when the Edge ended the flow stats aggregation period. The difference between start and end times equals the amount of time a flow stat record was aggregated for.
Average Throughput	Displays the average throughput.
Total Bytes	Displays the total number of bytes sent and received during a flow.
Bytes Received	Displays details of the number of bytes received during a flow.
Bytes Sent	Displays details of the number of bytes sent during a flow.
Total Packets	Total number of packets sent and received during a flow.
Packets Received	Displays details of the number of packets received during a flow.
Packets Sent	Displays details of the number of packets sent during a flow.
Destination Domain	This field is grayed out for the live mode. Ensure to use destination FQDN or destination IP for the same filter outcomes.
Business Policy	Displays the name of the business policy rule associated with the flow.
Firewall Rule	Displays the name of the firewall rule associated with the flow.

Table 10. Route to Nexthop Mapping Table
Route Name	Nexthop
cloudViaGateway	The name of the Gateway that routes traffic to the cloud.
internetViaDirectBreakout	Nexthop has no name. The traffic is coming from the Internet directly.
branchToBranch (Gateway)	The name of the Gateway responsible for routing traffic to the other branch.
branchToBranch (Edge)	The name of the Edge that was used to route traffic to the other branch.
branchToNVSDirect	The name of the HUB device serving as the nexthop Edge.
branchToNVSViaGateway	The name of the Gateway that routes traffic to NVS.
branchToBackhaul	The name of the Edge or enterprise object that is used to route traffic to a non-VeloCloud site.
cloudViaGateway (Edge – to Partner Gateway)	The nexthop is the name of the Partner Gateway that will route the traffic.
branchRouted	Nexthop has no name. For basic routed traffic, there is no destination object, specifically, via an Edge router.
internetViaBranchCSS	Name of enterprise object used to route traffic to a non-VeloCloud branch.

Monitor Edge Applications

You can monitor the network usage of applications or application categories used by a specific Edge.

To view the details of applications or application categories:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link to an Edge, and then select the Applications tab.

The Applications tab displays the details of the applications used by the selected Edge.

Figure 23. Monitoring Edge Applications

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.

Select Filter to define a criterion and view the application details filtered by the specified criteria including Application, Category, Operating System, Hostname, IP Address, Client Device, FQDN, Next Hop, and Route. For additional information about filter descriptions, see Monitor Edges.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.
Select Categories to view similar applications grouped into categories.
Hover the mouse on the graphs to view additional details.
Choose the metrics from the drop-down to view the details related to the selected parameter.

The bottom panel displays the details of the selected metrics for the applications or categories. You can select and view the details of a maximum of 4 applications at a time. Select Columns to select the columns to be shown or hidden in the view.

To view drill-down reports with additional details, select the links displayed in the metrics column.

Figure 24. Top Applications Report
Select the arrows displayed next to Transport Groups, Top Devices, or Top Destinations to navigate to the corresponding tabs.

Monitor Edge Sources

You can monitor the network usage of devices and operating systems for a specific Edge.

To view the details of devices and operating systems:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link to an Edge, and then select the Sources tab.

The Sources tab displays the details of the client devices used by the selected Edge.

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

Hover the mouse on the graphs to view additional details.

Select Filter to define a criterion and view the application details filtered by the specified criteria including Category, Operating System, Hostname, IP Address, Client Device, Destination, Destination IP, FQDN, Next Hop, and Route. For additional information about filter descriptions, see Monitor Edges.
Select Operating Systems to view the report based on the Operating Systems used in the devices.
Choose the metrics from the menu to view the details related to the selected parameter.
The bottom panel displays the details of the selected metrics for the devices or operating systems. You can select and view the details of a maximum of 4 client devices at a time. Select Columns to select the columns to be shown or hidden in the view.
To view drill-down reports with additional details, select the links displayed in the metrics column.

Figure 26. Displaying Detailed Top Client Reports
Select the arrows displayed next to Top Applications or Top Destinations to navigate to the corresponding tabs.

Monitor Edge Destinations

You can monitor the network usage data of the destinations of the network traffic.

To view the details of destinations, use the following steps:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link to an Edge, and then select the Destinations tab.

The Destinations tab displays the details of the destinations of the network traffic for the selected Edge.

Figure 27. Displaying Edge Destinations

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.
Select Filter to define a criterion and view the application details filtered by the specified criteria including Application, Category, Operating System, Hostname, IP Address, Client Device, Destination, Destination IP, FQDN, Next Hop, and Route. For additional information about filter descriptions, see Monitor Edges.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

You can view the report of Destinations by Domain, FQDN, or IP address. Select the relevant type to view the corresponding information.

Hover the mouse on the graphs to view additional details.
Choose the metrics from the menu to view the details related to the selected parameter.
The bottom panel displays the details of the selected metrics for the destinations by the selected type. You can select and view the details of a maximum of 4 destinations at a time. Select Columns to select the columns to be shown or hidden in the view.
To view drill-down reports with additional details, select the links displayed in the metrics column.

Figure 28. Displaying Detailed Top Destinations Report
Select the arrows displayed next to Top Applications or Top Devices to navigate to the corresponding tabs.

Monitor Business Priorities of an Edge

You can monitor the Business policy characteristics according to the priority and the associated network usage data for a specific Edge.

To view the details of business priorities of the network traffic:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.
Select the link to an Edge, and then select the Business Priority tab.

The Business Priority tab displays the details of the priorities of the network traffic for the selected Edge.

Figure 29. Displaying Business Priorities for an Edge

At the top of the page, you can choose a specific time period to view the details of the priorities for the selected duration.

Choose the metrics from the menu to view the details related to the selected parameter.

By default, the Scale Y-axis evenly check box is selected. This option synchronizes the Y-axis between the charts. If required, you can turn off this option.

Hover the mouse on the graphs to view additional details.

The bottom panel displays the details of the selected metrics for the business priorities.

Monitor System Information of an Edge

Starting from the 6.1.0 release, the System tab displays not only the detailed network usage by the system for a specific Edge, but also the system health statistics for an HA Standby Edge.

To access the System tab, use the following steps:

In the SD-WAN service of the Enterprise portal, select Monitor > Edges to view the Edges associated with the Enterprise.

Select the link to an Edge, and then select the System tab. The System Overview radio button is selected by default.

Figure 30. Displaying System Information for an Edge

The screen displays graphical representation of usage details of the following over the period of selected time duration, along with the minimum, maximum, and average values.

Table 11. Graphical Representation Descriptions
Graph	Description
CPU Utilization	Percentage of usage of CPU.
CPU Core Temperature (C)	The core temperature of the Edge CPU. Note: This graph is supported only for Edges running 5.1 and later versions.
Memory Utilization	Percentage of usage of memory.
Flow Count	Count of traffic flow.
Over Capacity Drops	Total number of packets dropped due to over capacity since the last sync interval. Occasional drops are expected, usually caused by a large burst of traffic. However, a consistent increase in drops usually indicates an Edge capacity issue.
Tunnel Count	Count of tunnel sessions.

Hover the mouse on the graphs to view additional details.

By default, the System tab displays the information of an Active Edge. Select the HA Standby button on the top right of the screen, to view the System Health statistics for an HA Edge. The Orchestrator includes special monitoring for a Site deployed with a High Availability topology.
If you hover the mouse on the bar, it indicates when the failover occurred. This failover bar represents a boundary marking how the system statistics apply to each respective HA Edge when they serve as the Active Edge.

A site deployed in High Availability has additional functionality displayed when an HA failover occurs. When an HA failover occurs, the Orchestrator renders a vertical bar marking the point of the failover. This failover bar indicates when an HA site has triggered a failover and that a different Edge has the role of Standby.

Figure 31. Displaying High Availability
If you select the graph to the left side of the failover bar, the Orchestrator indicates which Edge was Active at the time of those statistics.
If you select the graph to the right side of the failover bar, the Orchestrator indicates the Active Edge for the post-failover statistics. In this way, you can always know which Edge applies to which System values.
The HA Standby screen also provides live WAN Interface information which is especially helpful in Enhanced HA deployments where the Standby Edge is using unique WAN links.
Select on the information button, located at the top left of the screen, to get Standby Edge information at the same level as what a user sees on the Monitor > Edge > Overview tab, for the Active Edge.
To view the interface export details, select the Interface radio button, located at the top right of the screen.
In the SD-WAN service of the Enterprise portal, navigate to the Monitor > Edge > Overview tab, and display information about a site deployed in High Availability:

Figure 32. Displaying Edge Information

In the Link Status section, each connected WAN link includes a column Device Serial No (Device State) with the Edge serial number associated with the WAN link and the HA status of the Edge (Active or Standby). This information is valuable in Enhanced HA deployments where WAN links are uniquely associated to different HA Edges and allows you to see the status of WAN links on the Standby Edge just as you see them on the Active Edge.

The Overview tab adds an HA Interface Status section which includes the IP Address, Interface Status (Up or Down), and Interface (HA Type).

Monitor Network Services

You can view the details of configured network services for an enterprise.

To view the details of network services, log in to the SD-WAN service of the Enterprise portal, and then click Monitor > Network Services .

You can view the configuration details of the following network services:

Non SD-WAN Destinations through Gateway
Cloud Security Services
Edge Clusters
Edge VNFs

Monitor Non SD-WAN Destinations through Gateway

You can view the configured Non SD-WAN Destinations along with the VPN Gateways, Site Subnets, and other configuration details.

To view the configured Non SD-WAN Destinations:

In the SD-WAN service of the Enterprise portal, select Monitor > Network Services . The Non SD-WAN Destinations via Gateway tab is displayed.

The Non SD-WAN Destinations via Gateway tab displays the details of already configured Non SD-WAN Destinations. To configure the Non SD-WAN Destinations via Gateway, see Configure Non SD-WAN Destinations via Gateway.

Figure 33. Displaying Packets Received/Sent

Figure 35. Displaying Bytes Received/Sent

Figure 37. Displaying Packets Received/Sent

Table 12. Graphical Monitoring Options
Options
Total Bytes
Bytes Received/Sent
Total Packets
Packets Received/Sent

The page displays the following details:

Non SD-WAN Destination Name
Public IP Address
Non SD-WAN Destination Status
Tunnel Status
Number of profiles and Edges using the Non SD-WAN Destination
Last Contacted date and time

You can also sort the report by selecting the header of each column. You can use the Filter icon displayed next to the header to filter the details by specific Name, IP address, or Status.

Select a Non SD-WAN Destination to view the following details in the bottom panel:

Table 13. Non SD-WAN Destination option Descriptions
Options	Description
General	Displays the Name, Type, IP address and tunnel settings of Primary and Secondary VPN Gateways, location details, and Site subnet details.
IKE/IPSec Configuration	Select the tab to view sample configuration template for Primary and Secondary VPN Gateways. You can copy the template and customize the settings as per your requirements.
Events	Select the tab to view the events related to the selected Non SD-WAN Destination. Selectthe arrow displayed in the first column to view additional details of an event.
Monitoring	Select the tab to view the NSD tunnels display statistics in both table and chart format of the Bytes, Packets sent and received.

Monitor Non SD-WAN Destinations through Edge

You can view the configured Non SD-WAN Destinations along with the VPN Gateways, Site Subnets, and other configuration details.

To view the configured Non SD-WAN Destinations through Edge:

In the SD-WAN service of the Enterprise portal, select Monitor > Network Services > Non SD-WAN Destinations via Edge . The Non SD-WAN Destinations via Edge tab appears.

The Non SD-WAN Destinations via Edge tab displays the details of already configured Non SD-WAN Destinations. To configure the Non SD-WAN Destinations via Edge, see the topic Configure Non SD-WAN Destinations via Edge.

Figure 38. Displaying Non SD-WAN Destinations through an Edge

The page displays the following details:

Name of the Non SD-WAN Destination
Public IP Address
Status of the tunnel
Number of Profiles
Edges that use the Non SD-WAN Destination, last contacted date and time, and deployment status of Edge

You can also sort the report by selecting the header of each column. You can use Filter displayed next to the header to filter the details by specific Name, IP address, or Status.

Selecting a Non SD-WAN Destination displays Name, Type, IP address and tunnel settings of Primary and Secondary VPN Gateways, location details, and Site subnet details under the General tab.

Monitor Cloud Security Service Sites

You can view the details of Cloud Security Services (CSS) configured for the Enterprise.

To monitor the Cloud Security Services:

In the SD-WAN service of the Enterprise portal, select Monitor > Network Services > Cloud Security Service Sites .

The Cloud Security Service Sites tab displays the already configured Cloud Security Services. To configure a new Cloud Security Service, see Cloud Security Services.

Figure 39. Monitoring Cloud Security Service Sites

The page displays the following details:

Table 14. Column Descriptions
Column Name	Description
Name	Name of the CSS service provider.
Type	Type of the CSS service provider.
Public IP	IP address of the CSS service provider.
Status	Overall status of the CSS service provider.
Tunnel Status	Status of tunnels created from the CSS provider from different Edges. Also, status of the external service as recorded by each Edge
Deployment Status	Deployment status of the CSS provider.

You can also sort the report by selecting the header of each column. You can use the Filter icon displayed next to the header to filter the details by specific Name, Type, IP address, or Status.

Select the View link in the Deployment Status column to view the deployment status of the CSS provider.

Note: Starting from the 6.1.0 release, L7 health check status and Related State Change Events details are not available on the Monitor > Cloud Security Service Sites screen.

L7 health check status data is available through API only.
To view related tunnel state change events, navigate to Monitor > Events , and filter by CSS tunnel events.

Monitor Zscaler laasSubscription

You can view the configured Zscaler laasSubscription from the Monitor > Network Services page.

To view the Zscaler laasSubscription:

In the SD-WAN service of the Enterprise portal, click Monitor > Network Services > Zscaler laasSubscription .

The Zscaler laasSubscription tab displays the details of already configured Zscaler laas subscriptions. To configure a new Iaas subscription, see Configure API Credentials.

Figure 40. Displaying the Zscaler IaasSubscription

The page displays the name of the service along with the deployment status.

Monitor Edge Clusters

You can view the details of the configured Edge clusters and the usage data.

You can view the details of Edge clusters from the SD-WAN service of the Enterprise portal. Select Monitor > Network Services > Edge Clusters .

The Edge Clusters tab displays the details of already configured Edge clusters. To configure the clusters, see Configure Edge Clustering.

This page displays the following details:

Table 15. Edge Clusters Option Descriptions
Option	Description
Cluster Name	Name of the Cluster as configured under Configure > Network Services > SD-WAN Destinations > Clusters and Hubs .
Edges	Name of the Hub Edges that are a part of this Cluster.
CPU Utilization	Percentage value of CPU utilization of the corresponding Edge.
Memory Utilization	Percentage value of memory utilization of the corresponding Edge.
# Tunnels	Number of tunnels associated with the Hub Edge that is a part of the Cluster.
Flow Count	Number of flows associated with the Hub Edge that is a part of the Cluster.
# Handoff Queue Drops	Number of packets that are dropped when they exceed over capacity of Hub Edge in the Cluster.

Monitor Edge VNFs

You can view the details of the configured Edge VNFs and the VM status.

To view the Edge VNFs:

In the SD-WAN service of the Enterprise portal, select Monitor > Network Services > Edge VNFs .

The Edge VNFs tab displays the details of already configured VNFs. To configure VNF on an Edge, see Configure Edge Services.

The page displays the following details: Name of the VNF Service, Number of Edges that use the VNF, and VM status.

Select on a VNF to view the corresponding VNF Edge deployment details.

Monitor Routing Details

You can view the routing services configured in the Enterprise.

In the SD-WAN service of the Enterprise portal, select Monitor > Routing . You can view the details of following routing services:

Multicast Groups
PIM Neighbors
BGP Edge Neighbor State
BFD
BGP Gateway Neighbor State
Gateway Route Table

Monitor Multicast Groups

You can view the multicast groups configured for the Enterprise.

To view the multicast groups:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing . The Multicast Groups tab is displayed.

The Multicast Groups displays the details of already configured multicast group settings. To configure multicast groups, see Configure Multicast Settings for Profiles.

The page displays the following details: multicast group address, segment that consist of the multicast group, Source IP address, RP address, number of Edges in the multicast group, created time period, and the last updated time period.

Select a multicast group to view the details of the Edges in the group, along with the upstream and downstream information. Select View PIM Neighbors to view the detail of the PIM neighbors connected to a specific Edge.

Monitor PIM Neighbors

You can view the details of Edges and the PIM neighbors available in the multicast groups.

To view the PIM neighbors:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing > PIM Neighbors .

The PIM Neighbors tab displays the Edges available in the multicast groups.

Select an Edge to view the PIM neighbors connected to the Edge. The PIM Neighbors section displays the following details: Segment of the multicast group, Edge name, Interface details, IP address of the neighbor, created and last updated date with time.

Monitor BGP Edge Neighbor State

You can view the details BGP neighbors connected to Edges.

To view the BGP neighbors connected to Edges:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing > BGP Edge Neighbor State .

The BGP Edge Neighbor State tab displays the Edges connected as BGP neighbors, when you have configured BGP settings on the Edges.

Figure 45. Displaying BGP Edge Neighbor State

The page displays the following details: Edge name, IPv4 and IPv6 address of the neighbor, State of the neighbor, Date and time of the state change, number of messages received and sent, number of Events, duration for which the BGP neighbor is Up/Down, and number of prefixes received.

Select an Edge name to view the corresponding event details. The Related State Change Events section displays the change in the state and other details for the selected Edge.

Note:

You can select the Filter Icon next to the Search option to filter the details by Edge Name, Neighbor IP, Neighbor IP Type, and Status.
BGP Edge Neighbor State (API: monitoring/getEnterpriseEdgeBgpPeerStatus): At the time of calling the API, if the Edge state is "OFFLINE", then the user interface displays the neighbor state as "Unavailable" with appropriate tooltip showing the current Edge state to the user.

Monitor BFD

You can view the BFD sessions on Edges and Gateways.

To view the BFD sessions:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing > BFD .

The BFD tab displays the details of already configured BFD sessions. To configure BFD, see Configure BFD for Profiles.

The page displays the following details for the Edges and Gateways: Name of the Edge or Gateway, Segment name, Peer IP address, Local IP address, State of the BFD session, Remote and Local timers, number of Events, and duration of the BFD session.

Select the link to an event number to view the break-up details of the events.

Monitor BGP Gateway Neighbor State

You can view the details of the BGP neighbors connected to Gateways.

To view the BGP neighbors connected to Gateways, follow the steps below.

In the SD-WAN service of the Enterprise portal, select Monitor > Routing > BGP Gateway Neighbor State .
Select a Gateway name to view the corresponding event details. The Related State Change Events section displays the change in the state and other details for the selected Gateway.

The BGP Gateway Neighbor State tab displays the details of Gateways connected to BGP neighbors.

Figure 47. Displaying BGP Gateway Neighbor State

Note: BGP Gateway Neighbor State (API: monitoring/getEnterpriseBgpPeerStatus): At the time of calling the API, if the Gateway state is one out of "QUIESCED", "OUT_OF_SERVICE" or "OFFLINE", then the user interface displays the Neighbor state as "Unavailable" with appropriate tooltip showing the current Gateway state to the user.

BGP Received Routes and BGP Advertised Routes

For the 5.2 release, the BGP Gateway Neighbor State feature is enhanced with the BGP Received Routes and BGP Advertised Routes.

The BGP Received Routes displays routes (up to 16K) that have been received from the selected BGP neighbor at the Gateway, providing valuable insight into the routing information that is available in the network. This information can be used to troubleshoot connectivity issues in Customer deployments. The BGP Advertised Routes displays all routes that are being advertised to a selected BGP neighbor, providing visibility into the routes that are being used to reach destinations in the network (as shown in the image above the previous paragraphs).

See the table below for a detailed description of the fields in the BGP Received and Advertise Routes table.

Table 16. BGP Received and Advertise Routes
Route	Description
Status Code	Displays the status code of the BGP route, as follows: * valid > best = multipath i-internal
Network Prefix/Mask	Displays the prefix carried by the BGP route.
Next Hop	Displays the Next-hop IP address that is used by BGP to reach the BGP prefix.
Metric	Displays the MED (multi-exit discriminator) value associated with a route.
Local Preference	Displays the local preference value assigned by a BGP router to a route.
Weight	Displays the weight value assigned by the BGP router to a route.
AS Path	Displays the list of AS Path numbers that are carried by the BGP route.
Community	Displays the community attribute carried by the BGP route.
CSV	Select the CSV button to export the data to an Excel sheet.

Gateway Route Table

The Gateway Route Table provides a comprehensive view of the routing information on an SD-WAN Gateway, displaying the routes (up to 16k) that are known to a Gateway, including both learned routes and statically configured routes.

The Gateway Route Table displays important information about each route, such as the Network Prefix and Mask Preference, Flags, and Metric, to name a few. The Gateway Route Table updates in real-time, providing an up-to-date view of the routing information on a Gateway. It can be used to diagnose routing issues and to optimize routing policies.

To access the Gateway Route Table:

In the SD-WAN service of the Enterprise portal, select Monitor > Routing > Gateway Route Table , as shown in the image below.

Figure 48. Displaying the Gateway Route Table

Note: The WebSocket connection terminates and asks to reconnect when the Gateway WebSocket connections are opened in two tabs for the same session, or if idle time for five minutes.

See the table below for a description of the fields in the Gateway Route Table.

Table 17. Gateway Route Field Descriptions
Field	Description
Network Prefix	The destination address of the route. It specifies the network to which the route applies.
Network Mask	Displays the prefix carried by the BGP route.
Type	Indicates the type of routes: edge2edge: remote routes received from Edges. datacenter: NSD BGP routes. cloud: PG BGP routes.
Peer Name	Indicates the name of the BGP peer that learned the route.
Reachable	Indicates whether the route is reachable or not. If the route is reachable, it can be used for forwarding packets.
Metric	A value that represents the cost of using a particular route. Lower values indicate a lower cost.
Preference	A value that is used to influence the preferred path for outbound traffic. A lower value indicates a more preferred route.
Flags	Flags are listed below: B BGP D DCE L LAN SR C Connected O External W WAN SR S SecureEligible s self r recursive H HA m Management n nonVelocloud v ViaVeloCloud A RouterAdvertisment c CWS a RAS M MTGRE I IPSec
Age	Indicates the amount of time that has elapsed since the route was last updated.
C Tag	Used to identify the customer that the route belongs to in a multi-tenant environment.
CSV	Select the CSV button to export the data to an Excel sheet.

Monitor Alerts

Orchestrator allows to configure alerts that notify the Enterprise Administrators or other support users, whenever an event occurs.

Ensure that you have configured the relevant alerts, along with the notification delay, in Service Settings > Alerts & Notifications . See Configure Alerts and Notifications.

In the SD-WAN service of the Enterprise portal, select Monitor > Alerts .

The Alerts window displays the alerts received for different type of events:

You can choose a specific time period from the menu, to view the alerts for the selected duration.

To view details of specific alerts, you can use the filter option. Select the Filter icon in the Search option to define the criteria.

Select the CSV option to download a report of the Alerts in CSV format. You can also choose to include the Operator alerts.

The Alerts window displays the following details:

Table 18. Alerts Option Descriptions
Option	Description
Incident	The name of the event that triggered the alert.
Incident Category	The category of the incident.
Affected Entity	The entities (Edge/Link) affected by the incident.
Trigger Time	Time at which the alert got triggered.
Delivery Attempted Time	Time at which the operator or customer received the alert notification. The notification time depends on the delay time configured in the Alerts & Notifications page.
Status	Status of the alert as Success, Failed, or No Recipients.
Alert Level	Indicates if the alert received by the Operator or the Customer.

Monitor Events

The Events page displays the events generated by the Orchestrator. These events help to determine the operational status of the system.

To view the Events page:

In the SD-WAN service of the Enterprise portal, select Monitor > Events .

The Events page displays the list of events.

You can choose a specific time period from the list, to view the events for the selected duration. Select on an event name to view additional details.

To view details related to specific events, you can use the filter option. Select Filter in the Search option to define the criteria.

Select the CSV option to download a report of the events in CSV format.

The Events window displays the following details:

Table 19. Events Option Descriptions
Option	Description
Event	Name of the event
User	Name of the user for events that involve the user.
Segment	Name of the segment for segment related events.
Edge	Name of the Edge for Edge related events.
Severity	Severity of the event. The available options are: Alert, Critical, Debug, Emergency, Error, Info, Notice, and Warning.
Time	Date and time of the event.
Message	A brief description of the event.

Auto Rollback to the Last Known Good Configuration

If an Administrator changes a device configuration that causes the Edge to disconnect from the Orchestrator, the Administrator receives an Edge Down alert. Once the Edge detects that it cannot reach the Orchestrator, it rollbacks to the last known configuration and generates an event, Bad Configuration, on the Orchestrator.

The rollback time, which is the time necessary to detect a bad configuration and apply the previous known good configuration for a standalone Edge, is between 5-6 minutes. For HA Edges, the rollback time is between 10-12 minutes.

Note: This feature rolls back only Edge-level device settings. If the configuration is pushed from a Profile that causes multiple Edges to go offline from the Orchestrator, the Edges log Bad Configuration events and roll back to the last known good configuration individually. IMPORTANT: The Administrator is responsible for fixing the Profile accordingly. The Profile configuration does not roll back automatically.

Platform Firmware Upgrade Progress

You can view the progress of the Platform Firmware upgrade on the Orchestrator UI, as described in the sections below.

To view the progress for the Platform Firmware upgrade on the Orchestrator UI, go to Monitor > Events . The Events page displays a list of events and shows the status of the Platform Firmware upgrade (In Progress or Installed).

Figure 51. Displaying Firmware Upgrade Progress

Note: On the Orchestrator UI, you can use the Filter feature to see only specific events, which is especially helpful when upgrading multiple SD-WAN Edges.

Monitor Firewall Logs

The Firewall Logs page displays the details of the firewall log originating from VeloCloud Edges. Previously the only way a customer could store and view firewall logs was by forwarding them to a Syslog server. With Release 5.2.0 the customer has the option to store firewall logs on the Orchestrator where they can be viewed, sorted, and searched on the Orchestrator UI. By default, Edges cannot send Firewalls logs to Orchestrator. For an Edge to send the Firewall logs to Orchestrator, ensure you Enable Firewall Logging to Orchestrator activate the capability the Customer level under Global Settings. By default, Orchestrator retains the Firewall logs until it reaches the maximum retention time of seven days or a maximum log size of 15 GB per customer tenant on a rotation basis.

Firewall Logs generate using any of the following conditions:

Creation of a flow after accepting the flow.
Closing a flow.
Denying a new flow.
Updating an existing flow due to a firewall configuration change.

EFS Alerts generate whenever the flow traffic matches any URL Categories and/or URL Reputation, or Malicious IP, or any IDS/IPS signatures configured in the EFS engine:

If a firewall rule has URL Categories filtering service activated, the URL Category engine looks up the categories of destination URLs and detects if that matches the Blocked or Monitor categories configured. If the URL matches the Blocked categories, the URL Categories engine generates an alert and blocks the Edge traffic. If the URL matches the Monitor categories, the engine allows the Edge traffic and captures the firewall logs.
If a firewall rule has URL Reputation filtering service activated, the URL Reputation engine looks up the reputation score of the URL and takes action (Allow/Block) based on the minimum reputation configured. If the reputation score of the URL is less than the minimum reputation configured, the Edge blocks the traffic and generates EFS alerts and logs, otherwise allows the traffic. The URL Reputation engine generates EFS logs for the allowed traffic based on the Capture Logs configuration.
If a firewall rule has Malicious IP filtering service activated, the Malicious IP engine checks if the destination IP is present in the Malicious IP Database (Network Query DB and Local DB). If the engine detects the destination IP in the Malicious IP database, then the engine generates EFS alerts and logs and takes Edge traffic decisions based on the configured action (Block/Monitor).
If a firewall rule has only the Intrusion Detection System (IDS) activated, the Edges detect if the traffic flow is malicious or not based on certain signatures configured in the engine. If an attack is detected, the EFS engine generates an alert and sends the alert message to Orchestrator/Syslog Server if Firewall logging is activated in Orchestrator and will not drop any packets.
If a firewall rule has Intrusion Prevention System (IPS) activated, the Edges detect if the traffic flow is malicious or not based on certain signatures configured in the engine. If an attack is detected, the EFS engine generates an alert and blocks the traffic flow to the client only if the signature rule has action as Reject, matched by the malicious traffic. If the action in the signature rule is Alert, the engine allows the traffic without dropping any packets even if you configure IPS.

To view the Edge Firewall logs in Orchestrator, use the following steps:

In the SD-WAN service of the Enterprise portal, navigate to MonitorFirewall Logs. The Firewall Logs page appears.

With the Stateful Firewall and Enhanced Firewall Services (EFS) features activated, additional information can be reported in the firewall logs. The following table describes all the parameters reported in the firewall logs.

Table 20. Firewall Log Field Descriptions
Field	Description
Time	The timestamp of the traffic flow session on which the alert was triggered.
Segment	The name of the segment to which the session belongs.
Edge	The name of the Edge to which the session belongs.
Action	Any of the following actions that triggered against the event/alert: Allow Close Deny Open Update
Interface	The name of the interface on which the first packet of the session was received. In the case of overlay received packets, this field will contain VPN. For any other packets (received through underlay), this field displays the name of the interface in the Edge.
Protocol	The type of IP protocol used by the session. The possible values are TCP, UDP, GRE, ESP, and ICMP.
Source IP	The source IP address of the traffic flow session on which the alert was triggered.
Source Port	The source port number of the traffic flow session on which the alert was triggered.
Destination IP	The destination IP address of the traffic flow session on which the alert was triggered.
Destination Port	The destination port of the traffic flow session on which the alert was triggered.
Extension Headers	The extension headers of the traffic flow packet.
Rule	The Rule to which the Signature belongs.
Reason	The reason for closure or denial of the session. This field is available for Close and Deny log messages.
Bytes Sent	The amount of data sent in bytes in the session. This field is available only for Close log messages.
Bytes Received	The amount of data received in bytes in the session. This field is available only for Close log messages.
Duration	The duration for which the session has been active. This field is available only for Close log messages.
Application	The Application name to which the session was classified by DPI Engine. This field is available only for Close log messages.
Destination Domain	The destination domain of the traffic flow session.
Destination Name	The name of the destination device of the traffic flow session.
Session ID	The Session ID of the traffic flow on which the alert was triggered.
Signature ID	A unique ID of the signature rule.
Signature	The Signature installed on the Edge.
Attack Source	The Source of the attack.
Attack Target	The Target of the attack.
Severity	The severity of the intrusion.
Category	The category type to which the intrusion belongs.
IDS Alert	Displays "Yes" if the alert notification is received from the IDS engine, or else displays "No".
IPS Alert	Displays "Yes" if the alert notification is received from the IPS engine, or else displays "No".
URL	The URL of the destination to which the traffic flow was directed.
Engine Types	Total count of Engine types that match the flow. Select the link in this column to view the Engine types that match the flow.
URL Categories	Total count of URL category types that matches the flow. Select the link in this column to view the URL categories that matches the flow.
URL Category Filter Action	The URL Category Engine-specific filtering action: Block Monitor
URL Reputation	The URL Reputation type defined in the policy rule.
URL Reputation Action	The URL Reputation Engine-specific filtering action: Block Monitor
IP Categories	Total count of threat types that match the flow. Select the link in this column to view the IP categories that match the flow.
Malicious IP Action	The Malicious IP Engine-specific filtering action: Block Monitor

Note: Not all fields populate for all firewall logs. For example, Reason, Bytes Received/Sent and Duration are fields included in logs when sessions are closed. Signature ID, Signature, Attack Source, Attack Target, Severity, Category, IDS Alert, IPS Alert, URL, Engine Types, URL Categories, URL Category Filter Action, URL Reputation, URL Reputation Action, IP Categories, and Malicious IP Action are populated only for EFS alerts, not for firewall logs.

You can use the Filter options and select a filter from the menu to query the Firewall logs.
To view additional detailed information about a specific Firewall log, select the Firewall log entry. Under the Firewall Log Details section, you can view the detailed Log Overview and Engine information for the selected log entry.

Note: If the selected Firewall log entry is generated by Engines other than Enhanced Security Services, the Engine tab will not be available.

Figure 53. Displaying the Firewall Log Details
In the Log Overview tab, select the link next to Engine to view detailed information about the specific Engine that matched the flow along with the Engine-specific filtering action.

Figure 54. Displaying the Firewall Engine Details
To create customized reports by exporting Edge Firewall Logs data in CVS format, in the Firewall Logs page, select the CSV option.

Enterprise Reports

VeloCloud SD-WAN allows you to generate exportable secure SD-WAN Enterprise reports based on historical data for selected or all Edges across the Enterprise. The Enterprise reports include Network and Security data that are useful for the analysis of network.

For an Enterprise, you can generate reports namely Quick Report, Custom Report, and Generative AI (Gen AI) Traffic Report.

Quick Report is a consolidated report generated with default values, including all the data for the past one month starting from the time of request, and for all the Edges currently present in the Enterprise network.
Custom Report is a report generated with customized settings by specifying the time range, required data, and Edges to be included.
Gen AI Traffic Report is a report on Generative AI (Gen AI) applications traffic within the network of an Enterprise.

Note: By default, the Orchestrator stores 50 reports at a time for an Enterprise. An Operator can modify the number of reports using the system property, vco.reporting.maxReportsPerEnterprise.

A report has 60 days of age-out period after which it will be deleted automatically. When a customer exceeds the maximum report value (i.e., the default is 50), the oldest report will be deleted first.

To access Enterprise reports:

In the SD-WAN service of the Enterprise portal, select Monitor > Reports .

In the Reports page, you can create a new Enterprise report, customize the report, and schedule report generation for a recurring period.

For additional information on creating different Enterprise reports, see:

Create a Quick Enterprise Report
Create a Custom Enterprise Report
Create a Generative AI Traffic Report for Enterprise

Create a Quick Enterprise Report

VeloCloud SD-WAN allows you to generate a consolidated report generated with default values, including all the data for the past one month starting from the time of request, and for all the Edges currently present in the Enterprise network. Note that the Quick report does not include the Gen AI Application traffic related information.

To create a Quick Enterprise report, perform the following steps:

In the SD-WAN service of the Enterprise portal, select Monitor > Reports .
In the Reports page, select New Report.

Figure 56. Creating an Enterprise Report
In the New Report page, select Quick to generate a consolidated report with the settings displayed in the Quick Report pane. By default, this report includes data for the last 30 days, with breakdown details of the following:
- Top 10 applications and the top 10 Edges using each application.
- SD-WAN consumption based on traffic distribution with top 10 applications for each traffic type.
- SD-WAN consumption based on transport distribution with top 10 applications for each transport type.
- Top backup links based on traffic with top 5 applications for each of the backup links.
- Top Non SD-WAN destinations directly from the VeloCloud Edges with the top 5 Edges for each destination.
- Top Non SD-WAN destinations using VeloCloud Gateways with the top 5 Edges for each destination.
- Top clients across Edges with top 5 applications for each client.
- Security Summary of the following data collected from all Enhanced Firewall Service (EFS) engines (IDS/IPS, URL Filtering, Malicious IP):
  - Total Edges- Total count of Edges in the Enterprise.
  - Reporting Edges- The count of Edges that have at least one EFS engine data.
  - Reporting Edges table- Displays the top 10 Edges, based on total actions across all EFS engines.
- IDS/IPS displays the total count of IDS/IPS Threats Detected and Prevented for all Edges within the Enterprise, along with the Threat Severity and Action details.
- URL Filtering displays the total count of URL Categories with Action count details and URL Reputation risks with Action count details for all Edges within the Enterprise, along with the Top 5 URL Filtering details.
- Malicious IP displays the total count of Malicious IPs Blocked and Monitored.
  Note: The user can generate the EFS report only when EFS is activated at the customer level. For additional information on how to activate EFS, see the topic Configure Customers.
In the Submit Report window that appears, enter the Report Name, then choose the Format to be either PDF or PDF and CSV. Select the language of the Report, and choose to send the generated report as email and specify the email IDs. See Submit Report.
In the window Your Report is on its way appears, select Done.

Once you submit the report, the report details are displayed with the status in the Reports page. See Monitor Enterprise Reports.

Figure 57. Displaying Reports

You can generate a customized report with specific values including Gen AI Traffic data by selecting the Custom button. For additional information, see Create a Custom Enterprise Report.

Create a Custom Enterprise Report

You can create an Enterprise report with customized settings by specifying the time range, required data, and Edges. Custom report generation allows you to select and include Gen AI Application traffic as well.

In the SD-WAN service of the Enterprise portal, select Monitor > Reports .
Select New Report.

Figure 58. Creating a Custom Enterprise Report
In the Select Report page, select Custom.

Note: Gen AI Traffic report is supported for a time range of up to 31 days. You can select any 31 days within the last one year. If you include Gen AI Traffic report as well for Custom Reports, then make sure the time range selected for the report is not more than 31 days, or else the report will be rejected.

Follow the instructions on the screen to select the configuration settings for the custom report. See Select Time Range.

Select Time Range

You can customize a report for a selected time period. In addition, you can schedule a report to run on recurring basis.

When you choose to customize the Enterprise report and select Custom in Create a Custom Enterprise Report, the Select Time Range window appears.

Figure 59. Selecting a Time Range
The Create a one-time Report option is selected by default. You can either enter the start and end date for which the report should be generated, or choose the time range from the list
To configure a scheduled report, choose Schedule a recurring report and select the schedule period and time from the list.

Figure 60. Scheduling a Report
Select Next

See Select Data.

Select Data

You can select the data to be included in a custom report.

When you select Next after selecting the time range in Select Time Range, the Select Data window appears.

Figure 61. Selecting Data
Select the check boxes of the data items that you want to include in the report from the following available options:
Note: By default, all data items are selected.
- Edges by Application – Breakdown details of top 10 applications and the top 10 Edges using each application.
- Applications by Traffic – Breakdown details of SD-WAN consumption based on traffic distribution with top 10 applications for each traffic type.
- Applications by Transport – Breakdown details of SD-WAN consumption based on transport distribution with top 10 applications for each transport type.
- Backup Link Usage – List of top backup links based on traffic with top 5 applications for each backup link.
- Top Non SD-WAN Destinations (Direct) – List of top Non SD-WAN destinations directly from the VeloCloud Edges with top 5 Edges for each destination.
- Top Non SD-WAN Destinations (via Gateway ) – List of top Non SD-WAN destinations via VeloCloud Gateways with top 5 Edges for each destination.
- Top Talkers – List of top clients across Edges with top 5 applications for each client.
- Security Summary – Comprises of the following data collected from all Enhanced Firewall Service (EFS) engines (IDS/IPS, URL Filtering, Malicious IP):
  - Total Edges – Total count of Edges in the Enterprise.
  - Reporting Edges – The count of Edges that have at least one EFS engine data.
  - Reporting Edges table – Displays the top 10 Edges, based on total actions across all EFS engines.
- IDS/IPS – Total count of IDS/IPS Threats Detected and Prevented for selected Edges within the Enterprise, along with the Threat Severity and Action details.
- URL Filtering – Total count of URL Categories with Action count details and URL Reputation risks with Action count details for selected Edges within the Enterprise, along with the Top 5 URL Filtering details.
- Malicious IP – Total count of Malicious IPs Blocked and Monitored.
  Note: The user can generate the EFS report only when EFS is activated at the customer level. For additional information on how to activate EFS, see the topic Configure Customers.
Select Next.

See Select Edges.

Select Edges

You can select to generate an Enterprise report including all the Edges or choose to include specific Edges.

When you select Next after selecting the data to be included in the report in Select Data, the Select Edges window appears.

Figure 62. Selecting Edges
By default, the Include all edges option is selected. This option generates the report including data from all the Edges in the Enterprise.
You can choose Include specific edges to generate the report with data from specific Edges. Select the appropriate condition from the list to include the corresponding Edges. You can select the Plus ( +) Icon to include more conditions. After specifying the conditions, select Apply and the details of Edges selected according to the conditions are displayed at the right side.
Select Next.

See Submit Report.

Submit Report

After configuring all the settings, you can generate the Enterprise report.

When you select Quick to create a Quick Report in Create a Quick Enterprise Report, or select Next after selecting the Edges in Select Edges, the Submit Report window appears.

Figure 63. Submitting the Report
Configure the following:
- Report Name- Enter a name for the report.
- Format- Choose the format of the report from the list, as PDF or PDF and CSV.
- Report Language- Choose the language in which you want to generate the report. Currently the following languages are supported: English, Simplified Chinese, Czech, Italian, French, and German.
- Send email to list- If you want to send the generated report through Email, select the checkbox and enter the Email addresses separated by a comma. The report is attached to the Email that is sent.
In the Report Summary verify the settings and select Submit.
In the window Your Report is on its way that appears, select Done.

Once you submit the report, the Report details display with the status in the Reports window.

Your report is generated and is displayed in the Reports page. See Monitor Enterprise Reports.

Figure 64. Displaying Reports

Create a Generative AI Traffic Report for Enterprise

VeloCloud SD-WAN allows you to create a Generative AI (Gen AI) specific report for all Gen AI applications contributing to network traffic within an Enterprise.

To create a Gen AI Traffic report, perform the following steps:

In the SD-WAN service of the Enterprise portal, select Monitor > Reports .
Select New Report.

Figure 65. Creating a New Report
In the Select Report page, select Gen AI to generate a Gen AI Traffic report with the default settings displayed in the Gen AI Traffic Report pane. By default, this report includes data for the last 30 days, with breakdown details of the following:
- Top Ten Gen AI Applications within the network of an Enterprise
- Top Ten Edges by Gen AI Applications
- Top Talkers across an entire Enterprise
- Top Ten Gen AI Applications presence across Edges
- Gen AI Applications Growth across Edges over time
In the Submit Report window that appears, enter the Report Name, select the Format as either PDF or PDF and CSV. Select the language of the Report, and choose whether to send the generated report as email and specify the email IDs. See Submit Report.
Once you submit the report, the report details are displayed with the status in the Reports page, where you can download and view the report data.

Figure 66. Displaying Reports

To download a report, select the Completed link of the report. The report downloads as a ZIP file, which consists of the PDF format of the report.

Note: For the Gen AI report, only PDF format is supported. Export the report to CSV format is not supported.
The Gen AI Traffic report file consists of the following:
- Top Ten Gen AI Applications- Shows the top ten Gen AI applications usage by traffic volume and percentage measure compared to the overall Enterprise traffic volume.
- Top Ten Edges By Applications – Shows the top ten contributing Edges for each of the Gen AI applications along with the ratio of Download (RX) to Upload (TX) traffic volume. Download-to-Upload Ratio (DUR) is an indicator that helps identify traffic patterns for Gen AI applications. A DUR value more than 1 indicates that the download is more than the upload, and a DUR value less than 1 indicates that the upload is more than the download. A DUR value equal to 1 means symmetrical.
  
  Figure 67. Displaying a GenAI Traffic Report
- Top Talkers Across An Entire Enterprise – Shows the top five client devices that have contributed traffic for each of the top ten Gen AI applications, along with details like the Edge site the client belongs to and the DUR associated with the client.
  Note: The top talkers are based on the union of top sites for each of the top ten Gen AI applications.
  
  Figure 68. Displaying Top Talkers
- Top Ten Gen AI Applications Presence Across Edges- Shows for each of the top ten Gen AI applications, the percentage of Edges across your entire Enterprise contributing to the traffic.
  
  Figure 69. Displaying Edges
  
  Gen AI Applications Growth Across Edges Over Time – Shows the time growth across Edges for each of the top ten Gen AI applications. Regardless of the time range you have selected for your report, the time growth for Gen AI applications is shown for one year (month-wise).
  
  Figure 70. Displaying ChatGPT

Monitor Enterprise Reports

Generate a secure SD-WAN Enterprise report with Network and Security data using the default values, or a custom report with specified values, or a Gen AI specific report for Gen AI applications traffic. You can also schedule a custom report to run on a recurring basis. All the reports are displayed in the Reports page, where you can download and view the report data. You can also view the scheduled reports in this page.

In the SD-WAN service of the Enterprise portal, select Monitor > Reports . The page displays all the generated reports.

Figure 71. Displaying Enterprise Reports

To download a report, select the Completed link of the report. The report downloads as a ZIP file of the PDF format of the report. If you have configured to export the report to CSV format, the ZIP file consists of both the PDF and CSV files.

Note: The Gen AI report only supports the PDF format.

For a custom report, the data in the report may vary according to the customized settings. The report files consist of the following.

PDF
- Graphical representation of distribution of Enterprise Traffic, Transport, and top Applications.
- Top 10 Applications by Traffic and Transport types.
- Top 10 Edges by Applications.
- Top Backup links with top Applications.
- Top Talkers with top Applications.
- Gen AI Traffic Report including the following details:
  - Top Ten Gen AI Applications within the network of an Enterprise
  - Top Ten Edges by Gen AI Applications
  - Top Talkers across an entire Enterprise
  - Top Ten Gen AI Applications presence across Edges
  - Gen AI Applications Growth across Edges over time
- Top Edges in top Non SD-WAN Destinations from Edge.
- Top Sites in top Non SD-WAN Destinations via Gateway.
- Overall Impact Summary of the following data collected from all Enhanced Firewall Service (EFS) engines (IDS/IPS, URL Filtering, Malicious IP):
  - Total Edges
  - Reporting Edges
  - Top Ten Reporting Edges and its Actions
  - IDS/IPS Summary
  - URL Category Summary
  - URL Reputation Summary
  - Malicious IP Summary
- IDS/IPS
  - Top Ten Impacted Edges by Total Count
  - Top Ten Impacted Edges by Critical and High Count
  - Top Threats Detected
- URL Filtering
  - Top Ten Edges By Category Actions
  - Top Ten Edges By Category Blocked Actions
  - Top Ten URL Categories By Action
  - Top Ten Edges By Reputation Actions
- Malicious IP
  - Top Ten Malicious Edges By Actions
  - Top Ten Malicious Destinations By IP
  - Top Ten Malicious Destinations By Country
  - Top Ten Malicious Categories
  Note: The Enterprise report PDF includes Security Summary, IDS/IPS, URL Filtering, and Malicious IP related data only when EFS is activated at the customer level. For additional information about monitoring Security Services, see Monitor Security Overview.
The following image shows an example snippet of a PDF report:

Figure 72. Displaying Enterprise Traffic Distribution
The Enterprise Traffic distribution lists the following data:
- Cloud Via Gateway- Internet bound traffic that goes through the Gateway.
- Internet Via Direct Breakout- Internet bound traffic that breaks out directly from branch and does not go through Arista VeloCloud Tunnels.
- Internet Via Branch CSS- Traffic bound to Cloud Security Services directly from Arista VeloCloud branch.
- Branch To Branch- Traffic going through Gateway / Hub / dynamic SD-WAN Tunnels, directly between two Arista VeloCloud branches.
- Branch Routed- Traffic bound to local connected / static / routed (underlay) destinations.
- Branch To NVS Via Gateway- Traffic bound from branch to Non SD-WAN Destination through Gateway.
- Branch To NVS Direct- Traffic bound from branch to Non SD-WAN Destination over direct IPsec tunnels.
- Branch To Backhaul- Internet bound traffic being backhauled from branch to VeloCloud Hubs.
CSV- downloads the following CSV files:
- Top Sites by Applications- Lists all the applications, Edge name, Edge description, Bytes transmitted, and Bytes received.
- Traffic Type- Lists all the flow paths, applications, Edge name, Edge description, Bytes transmitted, and Bytes received.
- Transport Type- Lists all the Transport types, applications, Edge name, Edge description, Bytes transmitted, and Bytes received.
- Backup Link Usage- Lists the names of all the Backup links, total bytes and applications used by the links, Bytes transmitted, and Bytes received.
- Non SD-WAN Destinations from Edge- Lists all the Non SD-WAN Destinations connected directly from the Edges, name and description of the connected Edges, Bytes transmitted, and Bytes received.
- Non SD-WAN Destinations via Gateway- Lists all the Non SD-WAN Destinations connected through Gateways, name of the Gateway, Bytes transmitted, and Bytes received. This report also lists the name and description of the Edges connected to each destination along with the Bytes transmitted, and Bytes received.
- Top Talkers- Lists the names of clients, source IP address, source MAC address, name and description of the Edges connected to each client, total bytes used by the client, applications, Bytes transmitted, and Bytes received.
- Gen AI Traffic Report- A comprehensive summary of traffic usage based on Gen AI applications detected in the network. Details include Top 10 Applications, Top 10 Edges per top application, Top Talkers per top edge per top application, footprint of top application across all edges and growth of footprint of top application across all edges over the past year.
- Security Summary- Lists all the Reporting Edges and total action count by category (IDPS, URL Category, URL Reputation, and Malicious IP).
- IDPS Edge Stats- Lists all the impacted Edges and total count by severity (Critical, High, Medium, Low, and Suspicious).
- IDPS Signature Stats- Lists all the signature names along with the severity and total count.
- URL Categories- Lists all the impacted Edges and total count by Category Actions (Blocked, Allowed, and Monitored).
- URL Reputation Stats- Lists all the impacted Edges and total count by Reputation Actions (Blocked, Allowed, and Monitored).
- Malicious IP- Lists all the impacted Edges and total count by Malicious Actions (Blocked and Monitored).
  Note: For additional information about monitoring Security Services, see Monitor Security Overview.
The following image shows an example snippet of a CSV report for Top Sites by Applications:

Figure 73. Displaying a CSV Report

To delete a report, select the report and select DELETE.

To view the scheduled reports, select RECURRING REPORTS.

The Recurring Reports window displays the details of reports and the recurrence schedule.

To remove a report from the scheduled list, select the report and select DELETE.

Monitor Security Service Edge

This screen is available only for Symantec PoP-to-PoP connectivity.

Navigate to Monitor > Security Service Edge , to monitor the Symantec WSS PoP integration status.

Figure 75. Displaying Security Service Edge

Expand the integration name to view the following details:

Number of connected Gateways
WSS Endpoint details
Number of Profiles using this integration
Number of locations associated
Last updated date

VeloCloud SD-WAN 6.3 - Administration Guide - Monitor Enterprise 印刷

Monitor Enterprise

Monitor Network Overview

Monitor Security Overview

Monitor Security Overview - Enterprise View

Monitor IDS/IPS

Monitor URL Filtering

Monitor Malicious IP

Monitor Security Overview - Edge View

Monitor Edges

Monitor Edge Overview

Monitor QoE

Monitor Links of an Edge

Monitor Path Visibility

Monitor Flow Visibility

Monitoring Non-Live Flows

Monitor Live Flows

Monitor Edge Applications

Monitor Edge Sources

Monitor Edge Destinations

Monitor Business Priorities of an Edge

Monitor System Information of an Edge

Monitor Network Services

Monitor Non SD-WAN Destinations through Gateway

Monitor Non SD-WAN Destinations through Edge

Monitor Cloud Security Service Sites

Monitor Zscaler laasSubscription

Monitor Edge Clusters

Monitor Edge VNFs

Monitor Routing Details

Monitor Multicast Groups

Monitor PIM Neighbors

Monitor BGP Edge Neighbor State

Monitor BFD

Monitor BGP Gateway Neighbor State

Gateway Route Table

Monitor Alerts

Monitor Events

Auto Rollback to the Last Known Good Configuration

Platform Firmware Upgrade Progress

Monitor Firewall Logs

Enterprise Reports

Create a Quick Enterprise Report

Create a Custom Enterprise Report

Select Time Range

Select Data

Select Edges

Submit Report

Create a Generative AI Traffic Report for Enterprise

Monitor Enterprise Reports

Monitor Security Service Edge