The Summary section displays the total number of Active Connections and the number of connections that are incoming, outgoing, TCP, and TLS.
Connection Filter section
Use the Connect Filter section to define a filter and to display the connection list based on the defined filters. A filter can be an FQDN or an IP Address and mask.
If you select Non-compliant NIST TLS Only, the page displays only the TLS connections having an algorithm that is not compliant with the NIST SP800-131A recommendation.
Connection List section
The Connection List table displays basic information of all the active connections. The following definitions apply to several of the fields:
A Acceptable. The algorithm and key length are safe to use. No security risk is currently known.
D Deprecated. The use of the algorithm and key length is allowed, but the user must accept some risk.
X Disallowed.
N Not approved.
R Restricted. The use of the algorithm or key length is deprecated, and there are additional restrictions required to use the algorithm or key length for applying cryptographic protection to data.
U Unknown. The system cannot determine the status.
Name
Description
Details
Show or hide the detailed information of the selected connection link.
Dir
Link direction (inbound or outbound).
Local Port
Local Security Module port.
Remote IP
Remote IP address.
Remote Port
Remote port.
Remote FQDN/IP
Remote FQDN or IP address.
Transport
Transport protocol (UDP, TCP, TLS).
Policy
Security Policy (Trusted, Default, Instance)
Cert Sign
Certificate Signature. Digital signature algorithms (for example, RSA or DSA) and the cryptographic hash function (for example, SHA) of the certificate in use by the TLS connection.
Key Exch
Key exchange algorithm (for example, RSA, DSA, Diffie-Hellman,) and key bit length (for example, 1024, 2048) to establish symmetric keys between the endpoints on the TLS connection.
Encryption
Cryptographic operation that provides confidentiality of the data being carried on the TLS connection.
MAC
Message Authentication Code algorithm (for example, SHA) that authenticates the TLS data and provides integrity and authenticity assurance on the message.
Connection Details section
The Connection Details section displays detailed information for the selected connection.
Name
Description
Direction
Link direction.
Creation time
Link creation time.
Last message received
Last message received time.
Last message sent
Last message sent time.
Messages/Bytes Received
Received message count and byte count.
Messages/Bytes Transmitted
Transmitted message count and byte count.
Messages/Bytes Dropped
Dropped message count and byte count.
Subject
The subject field identifies the entity associated with the public key stored in the subject public key field of the X.509 certificate.
Alt Subject
Alt subject is an extension to X.509 that allows various values to be associated with a security certificate.
CA
The issuer who signed the certificate.
Cipher
The negotiated TLS cipher suite. The cipher suite includes the Key Exchange, Encryption and MAC algorithms.
Public Key Algorithm
The encryption algorithm of the public key (e.g. RSA, DSA or Diffie-Hellman).
Key Size (bits)
The Public Key length.
q bits size
For DSA public keys, this represents the q parameter size.
Signature Algorithm
The identifier for the cryptographic algorithm used by the CA to sign this certificate.
MAC Algorithm
The Message Authentication Code (MAC) algorithm to verify data integrity.
