VPN reports from Juniper SRX device
Hello Sirs, We are using Firewall Analyzer 7 (build7000) to gather reports from Cisco ASA firewalls. I added another device which is Juniper SRX210 firewall. I easily got it up and reporting to Analyzer server. All the traffic is being reported perfectly. Couple of users are also connecting to it using VPN (dyn-vpn by Junipers terms) I’m having a question about VPN Report section, however. When I see reports from CiscoASA, „VPN reports” section shows the active VPN users. On SRX – nothing is showing
Updated to ver 7 with error message
Updated from ver5 to 6 and to 7 but get error message once the upgraded is done: java.sql.SQLException: General error message from server: "Can Stack Trace is not available. Any ideas?
Firewall new installation not worked ??
Dear all, I have install new Firewall Analyzer 7. SysLogServer-1 port 514 down. How to make it UP? I have Configure my Cisco ASA 5520 logging enable logging timestamp logging trap informational logging device-id ipaddress Insite logging host Insite 172.16.1.234 but i still get message "No firewall is currently exporting logs to Firewall Analyzer" I try to change SysLogServer-1 port to be 513. This port can UP. but i still get message "No firewall is currently exporting logs to Firewall Analyzer"
Trying to start MySQL server failed
Hey guys, I have been trailing FW Analyzer for a couple of days now on Windows platform. I decieded that I would try it on a Linux platform and have installed it on a fresh SUSE 10.01 box. All seemd to go well but whe I used the ./run.sh I recieved the following message "Trying to start MySQL server failed". Can you guys point me in the right direction. Thanks Brett...
Missing Alerts
I am testing the Firewall Analyzer, and noticed that I get no alerts coming in from my SonicWALL devices. I get all the emails from the sonicwall, but no alerts listed in the firewall analyzer. Does FWA support sonicwall alerts?
Custom Report based on Cisco ASA Syslog ID
How can I create a custom report that looks at all the information contained in selected Syslog ID's from a Cisco ASA? Basically I am looking to generate reports from my Botnet Traffic filter on a regular basis. Thanks for any advice!
Firewall Analyzer stopped displaying \gathering Data
Hi Even tho the devices are showing UP on the Devices Statuts and the Manage Field is showing Ok and in Traffic In Details and Traffic Out details I can see that there is a traffic the graphs display nothing any idea on why this is happening ? Thanks Regards Mehdi
Fortigate VDOM
Hi, We are evaluating the Firewall Analyzer for our Fortigate solution. We are running several VDOMs on the Fortigate and we need to create reports for each VDOM. Can this be done? Kind regards
VPN Connected and Disconnected Times Report
Hello, I'm testing out Firewall Analyzer with a PIX 506E, I have set up some custom alerts that sends me an email when a user Connects to the VPN (matchin conditions MSG * PIX-6-603104) Email subject: ($USER Connected to VPN) and when they Disconnect (matching conditions MSG * %PIX-6-603105: PPTP Tunnel deleted) from the VPN. Email subject: ($SRC Disconnected from VPN) Now this works very well and does exactly what I want, however it is a bit cumbersome because when I need to do a report on when
Alert Profile's
I am busy playing with the Alert profiles. i have setup a basic one to warn me if any protocol exceeds10000 hits with on a hour to warn me. This worked well when we had a DNS attack. I am just wondering what other Alerts suggestions anyone has for firewalls. I have not intergrated this with VPN / Squid yet. Just looking at firewalls right now.
Web usage report
Hi there, we are trialing Firewall Analyzer athe the moment. I don't seem to be able to get what i believe is a basic report. I want to be able to report what sites a specific user has accessed, including date and time over a period of x days. All i seem to be able to get is a list of sites and the amount of hits to that site but without the date and time. Is this possible?
Firewall Analyzer ADMIN REPORT not working with Cisco ASA
Hi, I am having problems getting admin reports to work with a cisco ASA. Build Version : 7.0.0 Build Number : 7000 Service Pack : SP-7.0 I am not seeing any login success/failure events at all. SSH and ASDM authenticate to local user accounts on the firewall. I do see some commands in the report but not very many. If I look at the raw logs I see configuration entries 0.0.0.0 unknown 0.0.0.0 unknown 28 Jan 2011, 11:06:55 debug %asa-config-7-111009: user 'xxxxx'
Alerts for Failed VPN Users
Hi, I'm trying to configure an alert on Firewall Analyzer 7, to email a notification when a VPN login fails, however I cannot find out how to do this? Can someone help please? The firewall is a Cisco ASA. Thanks, Steve
What is necessary for changing de Firewall Analyzer Collector IP Address ?
Hi !! I need to change the IP address of my Firewall Analyzer Collectors server from 172.28.255.x to 172.29.51.x. Which config archives I need to change and which are the specific lines? What more is necessary for this change?? Thanks to all for your reply, Diego Rodriguez
Help with unknown protocal assignment - UDP ports
I am trying to assign traffic types with unknown ports, I can get it to assign the port but I am running into a problem with UDP ports. I have alot of VoIP traffic which of course picks a random UDP port in a range say from port 20000 to 45000. The problem is if I assign it to the SIP group I create any traffic that uses any of that range with be classified as SIP traffic when it is not. Since many applications pick UDP ports at random can you give me any suggestions on the best way to correct this?
Device rules / Fortigate ?
Hi, I have fortigate 200A and I have connect it with firewall analyzer 7 and i have problem with getting firewall policy rules, I connect it with telnet and everything is ok (green) but I got "Command fail. Return code 5" for show firewall policy command. What is right command on fortigate to get policy rules. thnx in advance for replay.
Eventlog Analyzer and Firewall Analyzer questions.
Folks, I have just started to test the firewall and eventlog analyzers this morning. My first issue seems to be they both want to use syslog port 512 for themselves. Shouldnt this software be smart enough to see that another product is already installed, and somehow "share" the database from the other product, or is that asking too much? My fear is that in order to use more than one of these packages, I would have to either have seperate servers, or manually reconfigure all my devices to use 2 different
Raw Logs Archiving disabled, space in C: storage still filling up to 100%
Hi, I tried switching the logs storage to a E: drive, then I tried disabling the Raw Logs Archiving, but I still have some kind of files filling up both C: and E: drives. I used to have exactly this amount of space using FW Analyzer 6 and 20GB was good enough space for my logs. Now the analyzer eat up all the space in about a day (even with Raw Logs Archiving disabled!) Please advice!
Watchguard Bandwidth
I am testing out Firewall Analyzer and have a Watchguard X750 Firewall. It is not showing bandwidth data. I have completed the additional steps per your instructions. Any ideas?
Install Error
When I install Firewall Analyser using the quick or advanced option, I get "Error occurred while configuring Port Number". I then completes the install, but the service will not start - error 1067 (Critical error: wait for JVM process failed) I've tried changing port numbers. No other apps are installed. I've also tried using a standard virtual machine and building a new OS with default settings. OS is Windows 2008 R2 Standard. Any ideas?
Firewall analyzer service stop, not starting up again
I have just notice my firewall analyzer stopped working. I tried to restart the service, even after a reload of the server no luck. What can I look for to get it up again ?
newly created isa logs do not import in FA
I have configured FA to import every 24hrs the logs from my ISA 2004 using FTP. The issue is that it doesn't import the newly created logs. The exported logs from ISA in in w3c format and it creates 1 file per day using the date in the filename of each log. Is this a bug? Isn't there any way to automatically import the new log files from ISA every day? Any help will be appreciated.
Break down users traffic by hour
Is there any way to see a users traffic hour by hour without having to go in and selecting the Time Range from the top left and doing them one at a time?
FAnalyzer generating default reports time interval
hi, I'm testing faz. Faz receives syslog records. There is no problem. That I want to ask a question is: what is time interval that default reports will be generate? I'm surfing internet and then i'm looking up reports and advanced search but I don't find any url (destination) in reports. thanks, umit.
DNS Resolution
Is there any way to turn on DNS resolution for all entries in all reports all of the time? And once it is on all of the time, does it cache lookups? Also, if an entry changes how does it handle that (meaning if 192.168.1.2 looks up to hosta today and hostb tomorrow, how is that handled)?
Enquiry about technical issue for Firewall Analyzer
Hi All, I did was to restart the PC where the FW Analyzer installed, deleted and re-added UDP 514 and 1514. Now both ports are up but still the program fails to collect packets from the PIX. Meanwhile, I notice that the services "ManageEngine Firewall Analyzer 4.0" always turns off itself despite I manually start it. Can help me fix the problem!
Enquiry about technical issue for firewall analyzer
Hi All, I did was to restart the PC where the FW Analyzer installed, deleted and re-added UDP 514 and 1514. Now both ports are up but still the program fails to collect packets from the PIX. Meanwhile, I notice that the services "ManageEngine Firewall Analyzer 4.0" always turns off itself despite I manually start it.
Problem With FWAnalyzer
Hey guys, I have installed the firewall anlyzer 7, everything was working fine until the day yesterday, we found that the hard drive partition where the program is mounting procedures and had no storage capacity. Debugging information from that disk to free space. It left about 8 GB free, but still not after starting the Firewall Analyzer program. Reboot the server and processes, but still does not work, and even try to repair your tables through batch file "RepairTable.bat." Reviewing the file serverout.txt
Juniper SRX
Is there, or is there plans, to support Juniper SRX firewalls ?
New Feature Series - 3 :: Firewall Analyzer 7 - All New Security Audit and Configuration Analysis Report
Why Security Audit and Configuration Analysis required? The review of the Firewall rules is one of the important part of the security audit.Firewall Analyzer performs a comprehensive security audit of your device configuration settings, equivalent to that performed by a professional security auditing companies. Latest Firewalls and other security devices offer quite complex and wide rage of configuration option. The settings are sometimes not clear for even an experienced network administrator. Firewall
Excessive Java.exe usage by manage engine firewall analyzer
I've got a dell 2.4GHz Quad Core server with 2GBs or ram running Windows Server 2003. I've installed 3 applications on this server (Firewall Analyzer, WSUS - windows update services, ServersAlive - Monitoring software). WSUS & ServersAlive take very little resources to run, however Firewall Analyzer is causing my CPU usage to spike, and has Java.exe hovering at around 600MBs of usage in most cases. I determined the firewall analyzer was the cause of my excessive usage by using Process Explorer, which
Astaro 8 is able to send logs to Firewall Analyzer but data not complete
I am using Astaro Gateway ver 8. It successfully sent the logs to FWA but when i open the reports, the data is not complete. Is Astaro ver 8 supported by FWA 7?
New Feature Series - 2 :: Firewall Analyzer 7 provides user names in the reports
Often, the SEM/SIEM solutions roll out reports with IP Addresses or DNS names of the machines from where the security incident has emanated. But, if the exact user can be pinpointed, during whose session the particular incident has occurred, it will be much more useful to arrive at accurate security assessment. Firewall Analyzer 7 comes with a unique feature to associate IP address of machines with user names available in the Firewall log entries. Association is done either from proxy server log
Firewall analyzer wont receive logs
I am running Firewall Analyzer 7 on a Windows 2008 R2 Standard box. keep getting an error "No Firewall currently exporting logs to Firewall Analyzer" The firewall config # logging enable logging trap debugging logging device-id string fwlacc0z01_new logging host inside [Firewall Analyzer IP] If I run wireshark on the windows box I can see all the logs, but not in firewall analyzer. I have disabled the manage engine dir for virus scanning, no logs I even disabled the anti-virus completely, no logs.
Virus report
Hello, am using MEFA 4.0.10 demo, on my firewall Forti i have configured with syslog and webtrends but didn�t receive reports for virus, ????? my firewall reports but de MEFA doesn�t. Greetings. Karmit :(
how to import FW-1's raw logfile.
Hello. I have raw and exported FW-1's logfile. but It has not set "Account" on TRACK section with Smartdashboad. How to import my llog files to FirewallAnalizer? Thanks. Hiro.JAPAN.
New Feature Series - 1 :: Firewall Analyzer 7 supports Microsoft SQL as back end database
You can use MS SQL database as back end database for Firewall Analyzer. Of course, MySQL is bundled free, by default, with the product. If your organization already has MS SQL database, you can use the same for Firewall Analyzer. You have to configure the MS SQL database after the installation of the product. If you have already installed the product with MySQL database and using the product, you can still change the database to MS SQL following the procedure given in the document 'Migrating Firewall
manageengine firewall analyzer sbox
i have sbox 500 and i use manageengine firewall analyzer 7 for the logs the analyzer prompt me to set the sbox with few codes but i cant set them in sbox 500 please help
Enquiry on reading the raw data in Archive zip file
Dear support, Dear all Is it possible to review the raw data / sys log that is being archive in the zip file under \cold\ folder? What tool can i use to read the raw data? Thanks
Some problem with import log file process.
Hi all, I have some problem with import log file process . I import any log as it usual but i can't import any log from localhost and remote host. it's always tell me "processing request" , the size is " - " and time taken is 0 mSecs . I wait it very long ... long time and it's no change. Any idea ? Thanks for your advise. fon ps. attachment:: the webpage and result of top at backend.
Next Page