Empty Usage Reports
I am using Firewall Analyzer with Checkpoint. My usage reports are blank for telnet and FTP. I am passing traffic with those protocols and the information is not showing in the reports.
Sending syslog messages to two different destinations
Hi to all. I'm a happy user of Firewall Anaylzer and I'm currently testing Event Log Analyzer to do log consolidation. Right now I'm using a watchguard Firebox x1250e with the FW Analyzer but also I'd like to send logs to the Eventlog Analyzer, unfortunately, I can only configure one syslog server in the firebox so If I want to use FW analyzer I can't use Eventlog Analyzer. So my question is: How can I send the syslog messages to both syslog servers?, or a way to share one syslog instance between
ManageEngine Firewall Analyzer 6 Released
ManageEngine® Firewall Analyzer 6 Released We are glad to announce the release of ManageEngine® Firewall Analyzer 6 (GA) Distributed Edition and Standalone Edition Download Standalone Edition Distributed Edition Read More What's new in this release? 6.0.0 - Build 6000 Distributed Edition GA release of Firewall Analyzer Distributed Edition. New Features - Admin Server The general features available in this release include, In Admin Server you can view following for all Collector Servers in a single
How to monitor a Cisco ASA with 4 interfaces
My set up is as follows, Cisco ASA with 4 interfaces and Firewall Analizer V5 Interface details. Internal: 192.168.1.0 /16 DMZ 172.16.1.0/16 External: Public IP and a National ethernet link to our colo 192.168.2.0/16 I cant seem to get Firewall Analizer to report on the different traffic ie from my internal lan to my DMZ or colo Im sure I have probably set it up wrong, any advise would be gratefully recieved. Zad
Alerts: non-deterministic source/destination criterion
Hello. Using FW Analyzer 5: Running traffic report sorted by hits or volume, I occasionally observe hyper-active hosts on my intranet. Wish to anticipate my observations by means of alerts. Have not found the way to configure alert profile to react to a single, yet not pre-defined source. Speaking in numbers, assume my intranet is 172.16.0.0/16 with some 500 hosts. I am not particularly keen on trapping any particular host (as you demonstrate it in examples) nor creating as many alert profiles as
Getting external IP in top user report with no supporting data
Hi, I thought of evaluating firewall analyzer to see if this can be beneficial for us. The setup seems to go fine and I am getting report from 2 of the firewalls I configured. One our main firewall when I go for top user report (traffic report - top user sent, receive or sent + receive), I am seeing one external IP as a top user. If I select this entry, I do not see any info except for this IP address. Also I do not see any thing about this IP in either the debug or information log in the firewall
Syslog Export and/or Review
We have a licensed version of Firewall Analyzer and would like to review the detailed syslog entries to debug a problem. Is there an easy way to access the raw files? The only thing I was able to do was create an "advanced search", but that required a search criteria in addition to a date/time frame. Can I access the database directly to export the records? Since we can only identify one syslog server, it would be nice to have direct access to these records. John
How to configure the firewall analyzer to get the logs and all reports from juniper SSG 500?
Hi, Please tell me short and effictive description of how to confgure the firewall analyzer to get the logs and all the reports from juniper SSG 500 firewall from the scratch. Your help will be appreciated. Thanks and Regards Asif.
VPN Duration Question
Hello, When looking at my VPN durations from my Checkpoint firewall it shows the duration as longer than the time period that i've selected in the global calendar. (e.g. I set the global calendar to a 24hrs and see that some users have a duration of multiple days.) Please can you tell me why it outputs like that? Thanks in advance.
Cisco ASA Not showing Firewall Rules
We send syslog events from our Cisco ASA firewall to Firewall Analyzer. The events are coming in fine, and most of the reports work perfectly. However, on the Firewall Rules report, it only lists the named interface that the traffic went through (like 'inside' or 'outside'). It does NOT list firewall rules. Is there any way for it to actually give information on what rules are being used? Jason
Watchguard x6500e traffic
I installed this software about an hour ago and I do not see traffic in the reports. If I look at the Top Hosts (Sent + Received) I see data in the following fields... Hosts, Hits, % Hits. Under Events Genterated I see the following fields populated... Severity, # Events, % Event Count. Throughout all the reports I do not see any data in the traffic fields, i.e. Bytes Sent and Bytes Rcvd. Is there a setup step I missed?
Import Firewall log from Cisco ASA 5510
Hi, I am evaluating this product for a customer of mine and I am having issues with importing firewall logs from a Cisco ASA 5510. After the program has parsed the logs, I cannot find any way to view or generate reports. Upon further investigation, I see that the import log feature is for Squid proxies and in order to analyze firewall logs, I would need to utilize a syslog server. The problem is that I do not have access to a syslog server, nor do I know if one is running. I simply have offline
Log Files?
What is the purpose of the .txt log files under the C:\AdventNet\ME\Firewall\bin directory? Can I delete those? Are they used in the archving or real-time process? They are taking up about 15Gb of space and that was why I was curious about it. Thanks in advance!
Watchguard 750e Fully 10.2.9
I am trying out Firewall Analyzer and so far I think it is great and will purchase it if I can get it show me the MB usage. Is there a possible known issue with this version? I have tried and read everything I could find on configuring it properly and believe it is all set up right. Thanks for any help, Andrew Oberlin
Deleting old logs
How do I delete old log files Thanks
Announcing the availability of Firewall Analyzer 6.0 Beta Versions
The Firewall Analyzer team is happy to announce the beta release of our latest version 6.0. For the first time, Firewall Analyzer is also available in an Enterprise Edition, for those requiring a distributed setup, along with our Stand Alone Edition. If you'd like to try the beta versions of FWA 6.0, both Stand Alone and Enterprise Editions, please contact the support team at fwanalyzer-support@manageengine.com to receive the download links and complete list of features. Kindly note that the beta
Checkpoint HA Licensing:
I have been reviewing your product and I am very impressed. I have a question about the "Device" licensing. I have a two checkpoint firewall configured in a clustered HA (high availability mode) both firewalls pass traffic. These firewalls are managed by a single Checkpoint firewall management station (FMS). I have configured your product to point to my FMS via LEA. Under Settings >> Device Details Firewall Analyzer shows 3 devices. Each firewall appliance in the cluster AND the firewall management
Firewall listed as external host
even though i have the internal IP range in intranet list the firewall is showing up as an external host. This means that the 10Mb+ logging/lea traffic is showing up on reports as external data.. How can i get the software to count it as intranet or ignore it all together.. Also in the raw logs under hot.. I notice FW1_lea traffic appears with __p_dport="Unknown", which I assume is why the traffic all appears as unassigned/unknown even though I have put the ports into the assignments.
64-bit OS capable?
Is firewall analyzer able to run on redhat enterprise 64-bit? Are there any performance issues or special configurations to be aware of? Thanks, kevin
Need to monitor out side firewall
Hi, I'm using FA in local that is internal office it showing the all deatils Can i use this FA to get information on my other office it's in internet cloud G.MOHAN
Zip File Attachments
Is there any way to disable the zip file attachments? We are striping those attachments with our mail filter and we can't get the reports. Thanks.
Zip File Attachments
We have a client that uses Symantec Endpoint Protection, where the global settings do not allow attachments with .zip extension through. They are quarantined every time. Is there another method of delivery for the reports, or are we just not going to send the client the reports? (reading between the lines - "find another product") Thanks
Install Firewall Analyer
I already Opmanger and NCM and Netflow, I want to try out Firewall Analyzer, where do I install it.
No Data Available Problem
I am using the Firewall Analyzer v5.0 trial edition for a possible purchase. I am running FWA on CentOS 5.x with a Cisco ASA 5510. I installed it on 6/18/09, and all reports showed up just fine for the first day. For the past two days, the FWA service and syslog is still running, but the FWA is showing "No Data Available" for both 6/19 and 6/20. in the ../server/default/archive/hot folder, the raw logs are showing up for both 6/19 and 6/20, but no data is showing in the FWA web console. It seems
Live Reports shows outbound traffic as inbound
Time on Net report
Is there anyway of reporting on the amount of time a user spends on the internet? Rob
Top URLS not showing all pages
If I setup a report profile using just one IP, then run the report and look under web useage, Top URLS, I see Showing: 1 to 20 of 20 Page: [1] View per page 200 I dont get a link to a second page and I dont see 200 urls on the page. I see the default 20. When I change it to 200 or in fact any other view 25,50 etc. I still see 20 views and only one page. Now this is weird. If I create another report profile for a IP range. I go to same page I am able to view pages 1 to 965 at 200 views per
Cant get live reports from Sonicwall Pro 2040
Hi there, I have configured my Sonicwall Pro to deliver it's syslog's to the FA, but I don't seem to be able to get live traffic reports. Can anyone help? Thanks in advance, EdvinH
Watchguard Support
We are currently evaling FWA and so far this seems to be the best app to crunch WG syslog, but do you have any plans to further support WG? Have access to all the reporting features would make purchasing this app a slam dunk Thanks David DCSD Computer Services
How to tune up Max Memory For JVM
Hello, Our machine has 4G memory,when i click setting/Server diagnostics the max memory for JVM is 505MB. Can it be tunnig up? Thank you! BR,
No live reports
I'm existing customer of servicedesk and I'm trialling firewall analyzer and having an issue where I am not getting any live stats. I'm generating syslogs from a watchguard 10 firebox.
Shorewall
Hi everyone! Has anyone successfully used the FWA with shorewall? If so how to configure the shorewall so FWA gets syslogs. many thx
Do you support the watchguard x55e and the x-core 550??
Cisco PIX Secure Firewall V8.X not for Firewall Analyzer monitor ??
my Firewall is Cisco PIX 515E software user V8.X, Firewall analyzer Ver : build version:5.0.0 build number:5000_CS18 service pack:sp-1.8 Firewall analyzer is not monitor my firewall !! help me Thanks!!
Security Advisory - When will it be fixed?
Any idea when this Security Advisory will be patched? Secunia Security Advisory 33740
WatchGuard X-Core 1000...V10.2
I'm on a trial of the software and I can't seem to get anything out of the software. Is X-Core 1000 running V10.2 supported? Thank you!
Moving Log files
We recently changed the directory in which the Raw Logs Archive files are stored. The archived log files are now being written to the new location, however there are a lot of old archive log files in the old location. I would like to move the files from the old directory to the new. Is it safe to simply move the files, or is there a more appropriate method for moving these archived files? I wasn't sure if Firewall Analyzer would have a problem when it couldn't find these archive files in their
how to configure the firewall Analyzer
Hi , I'm unable to configre the firewall analyzer to Juniper ssg550 . So please tell me how to configure the firewall analyzer juniper SSG550 from the scratch, I have read the help aswell but I'm unable to get any thing from that, Your help will be appriaciated. Regards , asif
PIX Version 7.0 and Cisco ASA 5500
Hi, I looking for Firewall Reporting Tool which supports PIX Software Version 7.0 and also the new PIX ASA5500 Appliances. For the ASA5500 the software should have the capability to generate reports for the Firewall, IPS/IDS and the Antivirus Feature. http://www.cisco.com/en/US/products/ps6120/index.html Does the Firewall Analyzer already support this or is it planned in the future? Thanks in advance for the answer Mike
Rules list
can anyone tell me how to import a Device rules file into firewall analyser. i keep getting invalid format even though my file is a csv. is there a templateI need to use?
Next Page