NetFlow log support available in Firewall Analyzer for Cisco ASA v.8.2 devices
Season Greetings from ManageEngine Firewall Analyzer team!! We are happy to announce the private availability of Cisco ASA v.8.2 NetFlow logs support in Firewall Analyzer. If you are interested to evaluate, get in touch with us. Please furnish your contact details in the form. We will provide you the link to download the service pack and the procedure to configure Cisco ASA v.8.2 appliance. Prerequisite: Cisco ASA appliance running on Version 8.2 Firewall Analyzer v.6 (build 6000) installed.Note:
License Expried, New License Obtained but I can't install the new license
Hi, I have a trial version of Firewall Analyser and the license expired. I've been issued with a 2 week extension to it and have the new license key. The email I got with the key suggests I should be able to start the program and it ask for the new license key but it doesn't. Can you please direct me to the right place. Thanks Lee Read
Sorting website details by second level domains.
I am currently trialing the firewall analyzer and am wondering if there is a way to group the website details report by second level domains. ie. all of youtube.com traffic counted as one rarther than each individual 3rd and sometimes 4th level domain?
Syslog ports.... more than one?
Hi, Just a quick question. When configuring Firewall Analyser should I configure my firewall on multiple syslog ports? i.e for a cisco asa logging host interface_name syslog_ip 17/514 AND logging host interface_name syslog_ip 17/1541 Will configuring it for both cause inncorrect information in my reports? Thanks!
Config for Vpn in Fortigate 110C
were using forigate 110c for Firewall and Vpn. I installed FWA 6 and i like it a lot. The problem is that Vpn records doesnt count. i can see the sessions from the VPN network but nothing more. The log is set to informaition. We would like to see the user access and a drill on the sessions.
How can I filter by Interface and Time range?
Hello, Usually I need to investigate who is consuming the bandwith of an Interface in a time range. But when I use the reports I can filter by time, but not by time and inteface. I can also in the live reports, filter by interface, but not by time simultaneously. any tip on that? thanks dani
Live reports confuses IN and OUT traffic
Hello, I'm very confused by the Firewall Analyzer reports IN and OUT traffic. Today I dowloaded about 1GB using the intefaces WAN1 to see how FA reports it. As you will see in the attachment, in the Global Live Report view (the one that shows the aggregattion of all the interfaces) you can see the incoming peak at 10:00AM. But in the WAN1 live report, this same peak is reported as outgoing traffic. In fact, the graph is inverted. What is IN in global is out here. Why is the WAN1 traffic reported
Trialing Software... I like it so far but one major issue.
Hi, I've downloaded the 30 days trial and so far I like the software. It is quite nice. However my "intranet" reports don't seem to be reporting what I would expect. I have an ASA runn 8.0 code. I am sending my syslog traffic from the inside interface. I have configured my intranet settings as Networks : Net :192.168.0.0 Mask :255.255.0.0 I set this a few hours after the firewall started sending logs, however this was a few days ago. Looking at the Intranet logs from today only Top Internal Hosts
Trigged alerts
Whe have a netscreen SSG5 sending syslog to the analyzer, but when whe click on View Syslogs whe dont see anything. When whe import the syslog then it will show Atacks etc. So must whe do this by hand?
BindException error in RHEL 5.2
I'm trying to start up a copy of the 6.0 Firewall Analyzer on a Red Hat Enterprise Linux 5.2 system as a non-root user. The account name is fwalyzer. FWA binds to the 1514 port with no problems but I get the following errors from the /opt/Firewall/server/default/log/serverout0.txt when trying to bind to 514. [10:15:56:884]|[04-28-2010]|[com.adventnet.fa.server.lc.SyslogServer]|[INFO]|[24]|: [SyslogServer]Successfully Created Storage Buffer com.adventnet.fa.server.lc.RecordStore@11e78461 for port
Rebrand Firewall Analyzer 6
Hi Guys, I'm trying to Re-Brand Firewall Analyzer, i do as it says and keep the images to the appropriate pixel limit and save files as a JPG, once the file is uploaded it says successful but does not seem to apply the changes. When i update the strings/links it works fine. Thanks!
Intranet Settings
I am running on an evaluation for Firewall Analyzer 6 Build number 6000 – Standalone. I have been playing with the proxy reports to send out automated e-mails. – Works great. The one thing I have picked up is that with a range that’s been specified to report on… the Top talkers (LAN + WAN) it Does not differentiate between LAN / WAN traffic. See attachment as example (lan- wan.JPG). Now I have noticed in the settings, intranet settings you can configure ip ranges to basically tell the product
FW analyser is recieving packets - but no statistics
Hi all My Firewall analyser seems to be recieving packets from my two devices --Home -Packet count is current, but I am not able to see any statistics under for EG traffic reports - just says no data availble. Am I missing something ?
Negative Traffic values in FWA Live Reports
We have negative values showing up in our live reports and this makes the reports almost unusable. I can see 1 day in the last month and 4 in the the last year. Any ideas?
Make a report to see if a web site or IP is accessed
I wish to make a report that will tell me if any client in my domain visits a particular site or set of IPs. I am trying to weed out the usage of MYSPACE at our company and would like to know first how often and by whom the site is visited. Can anyone help?
How to start FWA as service automatically on RHEL and CENTOS
Hello everyone, I am trying to get FWA auto start as a service, however the current script in the bin directory is not chkconfig compatible. Does anyone have a work around on this issue. Thanks, AK
packets are receiving but no reports
packets are receiving but i can't see any reports. please help me?
Unused access list
Is there any best practice to see all the unused access_list rules. Trying to poll data I receive only the rules of Inside ACL. I don't know if I'm making something wrong. Thx so much
Firewall Analyzer Top URL display only IP address?
Hi There, I am new to this Firewall Analyzer build 5000, can you tell me why , in the Top URLs page, it only display the destination IP address (61.135.177.74:/.....) and not the FQD URL address? Example: 61.135.177.74:/20091124/9444da1e-3e6b-4b08-bde7-b04d1fb70e9fV.flv Thank you for your time.
FA: Login Credentials via Radius?
Hey ME, i am searching for the option to authenticate gui users via Radius similiar to DeviceExpert which allows this option. Regards, Roble
how to get conversation by user and/or by host
Hi! I need to know how to create an report that give me the conversations by user and by IP. My goal is to see what my VPN users are doing. But I am also interested in firewall traffic from internal IP's. Thanks
unknow users in VPN
Hi. I in my VPN report I have all the users users identified. I also can see per user the IP from VPN pool Address that was Assigned to them. Although not in VPN Report. For example I have IP 10.1.1.1 Assigned to userA and IP 10.1.1.2 to UserB But when I see the conversations (traffic) sometimes the traffic coming from 10.1.1.1 does not appea as userA but as user unknow. Also the same thing for 10.1.1.2, some times apppear as user unknow. How can I correct this? ps: All the traffic from internal
How to find details for unknown protocol
hi, I find some unknow protocols. One of top Machines is 10.11.1.x , now I whant to find in a easy way what ports are in use in this server. But all reports have Unknow protocol and don't say whis is the port. And see trought unassigned is no pratical since I have over 2000 IPs and some of comunitactions have been done some days ago. Can I search to the Raw Traffic logs? Thanls
Top Conversations for VPN users
Hi! My Report on Top Conversations on VPN Usage Details for an user as an problem. The IP's that are listed in here are only the public IP's. So I only see that an user establish a conversation between is Public IP address and the Public Ip address of the VPN . Or in other words the tunnel. What I need or I was hopping to see is the Conversations inside the tunnel, between the Virtual Private IP of the client and the Internal Host's private IP's. I am doing something wrong or do I need to fine tune
Unknown Protocols
How do you find the information for unknown protocols as to what the software is seeing. There are no unknown packets. Thanks.
Event Summary Reports in Cisco ASA
I have problem with Event Summary Reports and Cisco ASA. I see in „Event Summary” table "Information" severity with about 2000 events, but when I click on "Information" link and any ip address I see „No Data Found”. I don't have this problem with "Error" or "Warning" severity (I can see normal syslog informations). What is wrong ?
CSC-SSM logs not showing up on Firewall Analyzer 6
installed firewall analyzer since it shows that is support the csc-ssm module logs. I've setup the csc to send/export logs to firewall analyzer ip but its not showing up as one of the device. I've set it for both 1514 and 514 with syslog facility local0, local7, local1 but nothing shows up on the analyzer. Setup kiwi syslog on the same machine to check and see if its getting it and it does show up there.
Some error when upgraded from FWA5.0 to FWA6.0
Hi, I just purchased FWA6.0 and upgraded from FWA5.0 to FWA6.0. I found the serious error when I configured FWA6.0 to analyze log from Microsoft ISA2006. Log on Top WAN (ex. top wan hosts,top wan user) column is not shown. See the attachment for more detail. Be noted that there was not any error when FWA5.0 had been used. (Same log file, Same physical server and same OS-- Linux Redhat) Would you find out the solution ? PS. I upgraded FWA5.0 to FWA6.0 by unintalled FWA5.0 first and
How do you see if SNMP queries are working?
Hello. We just upgraded from FWA 5 to FWA 6. We are using Netscreen 5GT firewalls. The Live traffic reports used to be only populated by Syslog logs in Version 5. After the upgrade I wanted to start using SNMP as well. On the Live Reports page I entered the Global SNMP Parameters. 3 questions about this: 1- I assume I have to enter the Listening port (default 161) and not the Trap port (Default 162) ?? 2- I saved the SNMP settings (I see a green success message) but when I reopen the SNMP parameters
The traffic doesn't match the real traffic
Dear All I have Firewall analyzer 6. The problem is that from the Firewall reports top hosts I can see the sent is 0 bytes and the recieved is (too much huge). 1- How can recieved this much traffic without sending any bytes? 2- How the firewall analyzer tracking the traffic? 3- I have Cisco FWSM. I enabled the logging like the document. Do I have to enable the logging with each line of the access-list to log all the traffic and anlyze it by the firewall analyzer or the firewall analyzer needs
VPN usage reports - no username
Hi We monitor cisco PIX firewalls with the firewall analyzer product. We were using PPTP VPN's to connect but since we disabled PPTP and only permitted Cisco VPN client connections, all user data and usage reports for VPN users doesn't exist. Does the firewall analyzer support records for Cisco VPN client connections or does it only monitor PPTP type VPNs? Thanks
varios dns
Buen Dia Tengo varios dns en dominios diferentes y quisiera poder definir los nombres de todas pero solo me toma los de conexion de red local
Modified VPN Report
I would like to be able to see the vpn trend report in the following manner: VPN User, HOST, VPN Type, Hour of the DAY/Start Time , Duration I tried using report profile but cannot seem to produce the desired results Please help...
what is syslog server
i am new user of adventnet product and want to buy the firewall analyzer, i see the live demo and not understand about the syslog server
Lost and needs guidance
hi, i have just downloaded the Firewall Analyzer trial version, i have a D-Link DFL-860 and i need to know where to go and what to do to try out this product and see if it fulfills my needs. the compatibility list claims that Most DFL models are supported which is great, but i need to try it out and be familiar with what's going on. can anyone please direct me to a certain FAQ or any sort of guide to get this running with my DFL? thanks.
How to move to an other drive the logs folder?
Dear All, How to move to an other drive the logs folder? Thank you in advance.
6500 CISCO FWSM, multi context firewall logging
Good day, I would like to know if logging on the rulebase is not set to informational will it be logged by the firewall analyzer(logging on rule is set to default normally). Also we have a 35 Mb internet bandwith which is normally 100% utilised, but this does not reflect on the analyzer. the analyzer only shows usage up to 4 Mb, must all the rules be logged Can you advise. Sarish
Save reports to Disk
Can we configure FirewallAnalyzer to save scheduled reports to disk instead of emailing them? It would be nice to save them to a UNC path. Also, can CSV reports be configured to show more than the top 10 entries for a report category? I have seen how to increase the number for PDF reports, but not CSV.
DLINK DIR 655 Configuration for Firewall Analyser 6
I'm unable to configure my DLINK DIR 655 in FW6. Is it not supported or can someone give me an idea on how. The Dlink is already setup to forward the syslog to the syslog server which is local to the FW6 application. Any help will be appreciated
it doesn't work!!
Hi, I installed a 30 days test version of Firewall Analyzer on my RHEL server.while I have 100 vpn users and they are connected, I can`t see any of them in my vpn reports, and even can't see "Top Hosts",it just shows me one ip address:192.168.1.1 I attached a screenshot of my installed version of FWA. what is the problem? Is there any settings that I should do? thanks in advance.
Next Page