Run traffic simulation queries

This section explains how to perform traffic simulation queries and routing queries.

Overview

Once AFA has analyzed a device, group, or matrix, you can issue your own traffic simulation query to be tested against the policy. When running a traffic simulation query on a group or matrix, AFA finds the devices in the path of the traffic, using the graphic network map, and queries all these devices. If traffic is blocked by the device, you can determine which rules block it. This provides you with a powerful help desk support functionality. Furthermore, using the traffic simulation query feature allows users to determine whether the devices are protecting the organization's networks against traffic from a new exploit, or which device is letting a particular type of traffic through.

NAT is fully supported for traffic simulation queries on groups of devices. When finding the devices in the path of the traffic for a group, AFA supports both NAT and Proxy ARP. AFA predicts the devices in the path and then validates the prediction with the query information. When the query information matches the path, the source and destination values for all relevant devices in the path are updated. When only part of the traffic is translated, the downstream devices are queried for both the pre- and post-NAT values. This produces an accurate query, where no relevant traffic is ignored.

If you want to run a traffic simulation query, but you only know post-NAT values, you can look up the pre-NAT values with which to run the query. For details, see Find NAT values.

AFA additionally provides the option to run a routing query to determine the devices in the path, without policy simulation. Note that routing queries ignore NAT. For details, see Run a routing query.

Run traffic simulation queries

Save traffic simulation queries

Some traffic simulation queries are repeated often. AFA allows saving the source, destination, service and title values of such queries, and then reloading them when they are needed again. The saved queries are kept for each user individually, for maximum customization. Saved queries can be used for both single device queries and group queries.

To save a traffic simulation query:

  1. Fill in the query form.
  2. Click Save Query.

    The Save Query As window appears.

  3. In the field, type a name for the query.
  4. Click OK.

    The query is saved.

Delete saved traffic simulation queries

To delete a saved traffic simulation query:

  1. Access the query form.
  2. In the Saved queries list, select the desired query.
  3. Click Delete saved query.

    The query is deleted.

Find NAT values

AFA provides the ability to look up all the potential translations to and or from an IP address. This is particularly useful if you want to run a traffic simulation query, but you only know a post-NAT value. You can look up the pre-NAT value(s) with which to run the query.

Note: The results of this search include all possible translations across all NAT rules and configurations.

  1. View the desired device. For details, see View AFA device data.
  2. Click Traffic Simulation Query.

    The Traffic Simulation Query page appears.

  3. Click .

    The Discover NAT Assistant dialog is displayed.

  4. In the Type a single IP field, type a single IP address.
  5. Using the IP address can be check boxes, indicate whether the IP address can be a Pre-NAT value, Post-NAT value, or both.
  6. Using the Discover NAT address in check boxes, indicate whether the IP address can be a Source, Destination, or both.
  7. Click Discover.

    The results appear.

    The results indicate the device name, the potential pre- and post-NAT values, and whether the NAT is static or dynamic.

Run a routing query

Run a routing query to see the devices in the path of a route without policy simulation.

Note: When running a routing query, NAT is ignored.

Note: Traffic simulation queries include policy simulation and take NAT into account. Consequently, they produce a more accurate path when NAT is involved (especially for a group of devices). For details, see Run traffic simulation queries.

To run a routing query:

  1. View the graphic network map. For details, see AFA's graphic network map.
  2. Click Routing Query.

    The Routing Query dialog is displayed.

  3. In the Source field, type the relevant IP address or CIDR.

    Note: IP ranges are not a supported format for this field.

  4. In the Destination field, type the relevant IP address or CIDR.

    Note: IP ranges are not a supported format for this field.

  5. Click Run Query.

    The results appear in a new window. The path of the traffic is highlighted in blue on the graphic network map. When hovering over the route, all devices in the path display a tooltip that states "Traffic is routed through this device".

Supported network object names

If your network includes object names not supported by ASMS, your traffic simulation query may return incorrect results.

Use the following regular expression to verify that all of your network object names are supported:

[-.A-Za-z_0-9\"\&][-.A-Za-z_0-9\"\&\s\/]*

 

â See also: