Connection dimensions

These dimensions are available on the Network Traffic activity report. You can organize data based on these dimensions. If these dimensions are not available by default in the list of connections shown in the Connections table, you can add them to your view.
Dimensions for Network Connections
Dimension Description
Destination Port TCP or UDP port number of traffic such as port 80 for HTTP traffic and port 443 for HTTPS traffic.
Status Indicates if the connection was allowed or blocked by ETP. If the traffic was dropped, the status indicates why it was dropped.
Location Indicates where the connection originated from.
Geo Geographical region where connection originated from.
Domain Domain requested by the user.
Destination IP IP address of the destination (origin) website.
Source IP IP address of traffic. This is likely the IP address that is assigned to a location as a result of Network Address Translation (NAT).
Source Port The TCP/UDP port of the user’s machine
Autonomous System Unique identifier for a network
Sub-Location Indicates the sub-location where the event originated from.
Onramp Type Indicates how a request was directed to ETP Proxy.
One of these values may appear:
  • dns. Indicates DNS activity was forwarded to ETP Proxy.
  • web. Indicates web (HTTP and HTTPS) request was forwarded to the full web proxy.
  • onramp_dns. Indicates that risky HTTP and HTTPS traffic was forwarded to the selective proxy.
  • etp_client. Indicates the request was directed to ETP Proxy as a result of ETP Client.
  • etp_offnet_client. Indicates the request was directed to ETP Proxy as a result of ETP client. In this case, the ETP Client was off the corporate network.
  • explicit_proxy_tls. Indicates the request was directed to ETP Proxy as a result of an on-premises proxy configuration.
Policy Action Policy action that was applied. If this traffic was directed to ETP Proxy, the policy action onramp is shown.
Internal Client IP Internal IP address of the user’s machine
Device Name Name of the device where ETP Client is hosted or installed.
Client Request ID Universally unique identifier (UUID) of ETP Client that’s installed on the machine.
Invalid Certificate Action Shows the action that was applied to a website’s origin certificate when ETP Proxy cannot verify the certificate. In a policy, an administrator selects an action in the Invalid Certificate Response menu.

Depending on the action that’s selected, the Bypass or Block - Error Page action appears. If no action was selected by an administrator, N/A is shown.