Application Scenarios for Audit Policy
The FW serves as the gateway at the network border and logs the Internet access behavior for future audits and analysis.
Figure 1 shows the applications of the audit function as follows:
Logs the Internet access behavior that may leak sensitive information.
After the audit function is enabled, the device logs file uploads through HTTP or FTP and email-related behavior. Then you can use various reports, audit logs, and user activity logs to identify the users and user behavior that may leak sensitive data and take proper measures to ensure network security.
Logs non-work-related behavior during working hours.
The access to illegitimate, violence, and anti-social websites, post of non-work-related content on BBS and microblogs during working hours, download of videos through HTTP or FTP, and use of IM software compromise work efficiency.
After the audit function is enabled, the device logs the access to all URLs or specified URLs, titles of the accessed web pages, posting content, file download through HTTP or FTP, as well as QQ account and login and logout time. Then you can view various reports, audit logs, and user activity logs to identify the users and user behavior that leads to low productivity. You can also use this information to fine-tune security policies in the future.