Early Access Build Available
Many of you had requested for a facility to view and search 'raw' logs received from firewalls and get in depth VPN reports, Attack reports etc. We have now incorporated these features (as listed below) in our early access build , which is available for evaluation on request. Please get in touch with support@fwanalyzer.com to try out the early access build. [list=1:67e16c5119]1. Advanced Search for Raw VPN logs, Raw Security Logs, Raw Attack/Virus logs and Raw Device Management logs. 2. Ability to
All traffic classified as denied
I am having an issue with looking at a couple of netscreen firewalls. I see all the traffic being monitored in the graphs and it all looks very nice, but it appears that EVERY packet gets counted as a DENIED EVENT. The policies on these firewalls are allow, any, any, and all traffic passes with no problems, I just get this ever increasing denied events graph. Anyone seen anything similar? 10.12.3.21 17.254.0.28 time 1 deny 2 - 10.12.3.21 192.168.98.249 icmp 2 deny 18 - 10.12.3.21 192.5.41.40 time
Live traffic not showing correct values
We're testing a demo of the product. We're using a netscreen NS208 with 8 interfaces. When we look at the live traffic data it shows that we are only using 1.5MB inbound, outbound is even less. However the MRTG graph for our untrust interface shows our internet connection is buried at 4.5MB. We checked to make sure we weren't confusing inbound with outbound. In short, we expected to see the 4.5MB internet traffic PLUS all the traffic going between the interfaces on the netscreen. Any suggestions
PIX newbie in firewall
Hi, I've self-studied a couple of PIX firewall books, but feel need some more practice . I wonder if any place holds the PIX practice or PIX simulator or trial software download. Thanks a lot for your help, erwin
Imported log problem
Hi, I currently have the problem with unassigned/unknown protocol with imported logs. I have looked at previous posts but it seems with the imported logs I do not get a question mark next to the unassigned entry like with the live syslogs. Is there any other way to display or view the protocols/ports? Thanks.
Syslog from a PIX firewall terminating a VPN
I know many of you probably already know this but the issue has been posted before and the response has been to use Kiwi Syslog Tunnel to bounce the traffic back. That's the system I've been using for months now at remote sites. It doesn't need to be done, found this last night and tested it successfully on multiple boxes this morning. If, like me, you hadn't a clue about this little command it's a lifesaver, to the rest of you laughing...well...er....anyway: On the remote PIX issue the following
VPN reports
Hi, I'm currently looking into the possibility of integrating our CISCO VPN 3000 into the firewall analyzer. In order for this to be useful we would require graphs showing number of connections/users over time , max connections, min connection, average connection per month. I see it does top 5 users, but does it store this kind of data? thanks. Matt
custom reports
Hi, I was just wondering if there is any way to get a custom report for a specific month on the data shown in live reports. I basically want to choose a month and see min, max and average traffic. thanks.
Admin Report
I would like to be able to schedule for the Admin Report to be emailed to me every day. I've looked through the filters, and the manual report generation, but have not been able to only receive the Admin Rerport. Any help would be greatly appreciated. --Samuel
Unsupported data log recived from ASA5510
Hello! I am testing FA and i configure my ASA to send message to FA. I set severity 20 and logging traaap infoormational ...I get the info Unsupported data log recived . I set the same on my PIX 6.3 and is working fine. What could be a problem?
Firewall List Sort Order
Hi, I've added some firewall and everything is going well loggin wise. The trouble I have is I did not enter the firewall in the order that I want to have them displayed in the list. Now that the firewalls are added to the list I cannot change this order or sort. Who do I do this? I can see where I'd add firewalls in the future and would want them in a certain location in the order rather than at the bottom of the list since it was the last to be added. Please help sort the list. Cheers, Markcnz
my opinion
It's nice
Adtran Netvanta 3448
I am trying to view reports from my netvanta 3448 Adtran firewall to the Firewall analyzer. However even though it is receiving the syslog (info) packets it isn't giving me any information in the traffic analysis. It analyzes about 2-4 of the lines and then just archives the rest. Is there something that I am missing and how can I extract the logs and send them so you can support Adtran Devices. Thanks a million so far the product looks like what I am looking for however I just need it to work for
How to monitor VPN sessions on Netscreen 50
Dear all, I have test FA4 for several days, and I can get some very useful reports. This is a great tool. But the most concern for us is VPN reports because our branch offices connect to H.Q. via VPN on Netscreen 50/5GT, of course including some VPN client users. How can we do it? Any comments are welcomed.
Cisco 8141 router
i am trying to use firewall analyzer with an 1841 router w/ firewall feature set. i can't get any data from the firewall to the FWA server...has anyone one this?
Does Firewall Analyzer support Netscreen SSG550?
Does Firewall Analyzer support Netscreen SSG550 firewalls? I try to import netscreen SSG550 env_log to Firewall Anyalyer But cannt see any Report , can you tell me how to do it?? Thank you
Uncatagorized/Unknown Services and Ports Help!
I have an issue with protocols catagorized as Unassigned and are listed as unknown. There virtually no information that shows what those ports are outside of the home page and clicking the question mark to list them. The problem is that there is no way to actually tie a particular unknown protocol or port to a specific report with that list. I am in the process of redesigning a firewall policy for 80 remote locations sharing one internet connection at one of the locations. I create a filter by network
Check Point LEA
Hello, I have a Check Point management stations with two attached R55 firewall clusters (two firewall members each cluster). The LEA communication to the management is working fine, but only one of the two firewall clusters is showing up in the reporting. Is there a limitation of firewalls (cluster) per management station? Thanks Christopher
Database creation failed
Hi, We had an instance of very high logging for a period of time. The data base has grown very large very rapidly. And also the server drive actaully ran out of space. Now the Firwall Analyser does not start. It reports "Database Creation Failed" How can we repair the database to get it running again? Also how do we prune the database? I have attached the log. Thanks Scotty
Raw Logs
I tried to extract one of the archived log files as per supports recommendation. The document was unreadable. Is there any way to view the raw syslog data collected. Is their a log file somewhere that I can grep for information?
fwanalyzer on windows issues
I have now been trying to test this application for couple weeks. I have it running on windows server 2003 enterprise with 4GiGs of ram & 830GiG's RAID 5 data storage. I am using the most recent version of fwanalyzer along with the mysql-nt.exe update that was in one of the other posts relative to windows issues. I have also made tweaks to the mysql configuration as per the performance info. We have all the data being output'd from a cisco fwsm to the fwanalyzer server. At midnight each night I have
Create Alerts for certain website access
How do I create an alert for access to certain websites, like YouTube? I tried creating it, by using URL starts with www.youtube.com, but its not working. I want to see how much traffic/bandwidth is used accessing some sites, and make a decision based on the results, wether it is affecting our overall bandwidth usage. Thank you. Marlon
Cisco VPN Concentrator - lack of log data
I am evaluating FA4 build 4030 and have a strange issue. My Cisco 3005 VPN Concentrator has been configured as specified (Syslog server address, port specified to match the syslog server on FA4, Severities 1-5 being sent to Syslog). However the only events that seem to get noticed/reported on in FA4 in my login to the VPN Concentrator console/gui. No other IPSEC/VPN communication gets logged. I have also enabled syslog to another device from the Cisco VPN I am getting a lot of information. What happens
Status 404 fw/mindex.do
For some reason after a new installation and starting the the application on a unbuntu server I get a Status 404. has anyone seen this. Could you provide some guidance as to what is going on.
Alerting on individual host download thresholds
Hi all, Firstly, thanks to the support team for identifying and fixing my earlier issue with unusual sent/received statistics. Im now wondering if it is possible to produce an alert that would identify individual hosts that have downloaded more than say 1GB per day. I realise it is possible to create an anomoly alert filtered by a network address but the alert created is triggered when the threshold is reached for the entire subnet. Not exactly what I expected but I guess it makes sense. What I would
Behind a Juniper firewall
Hello, Currently I am behind a Juniper firewall. Is this firewall supported through the software? If it is then I am in need of assistance I cannot get the software to recognize my firewall. Thanks, Travis
last hour
Is there anyway to drill down into the last hour?
Password reset
Hi, I need reset password for ME Firewall Analyzer v. 4, Trial vers. admin/admin combination did not work for me. Thank you for help Milan
Password needs to be reset
I reinstalled FWA and the password needs to be reset so I can login. Can you email my those instructions? Also, is there a license file I need so this software will run longer than the 29 days I saw when I selected the FWA? Chris
NoFirewall configured!!
I have configured my PIX 515E for FWA.The PIX is exporting the logs to the specified IP on UDP port 1514 but on deshboard it is showing No Firewall is currently exporting logs to FWA. Please help. THanks, gm
Microsoft Exchange traffic "unknown protocol"
Hello - I am testing Firewall analyzer for our Netscreen VPN deployment. This will consist of roughly 60 Netscreen devices varying from 5XP's to the newer SSG models. I have some questions: 1. Will the application run on a VMware virtual server running Windows 2003? 2. Does the Database clean itself up? Delete logs before the drive hits capacity? 3. We are running a pure route based VPN environment (no policy based VPN's). Do the VPN reports only function in a policy based environment? I am not seeing
Unusual Statistics - Cisco PIX
Hi there, I have been trialling the Firewall Analyzer as a tool for investigating internet abuse on our corporate network. My initial impressions of the product are good but there is something that is bugging me about the way sent/receive statistics are displayed. Basically, the UI displays hardly any sent traffic for any host with the exception of our Exchange server which is obviously sending mail to the outside world. My firewall is a Cisco PIX and I have read the configuration guidelines relating
Timestamps on website visits - using PIX 525
Trying to retrieve the timestamp details of websites visited by a single workstation. We are able to report on total duration, but can't seem to retrieve the timestamp details of when the websites were visited.
Unable to connect with localhost:8500
Hello, I downloaded the bin file and installed it under Fedora, the installation was fine, but the web page can't be shown with http://localhost:8500, I was afraid that the Apache service couldn't find the directory or the port, even I modified it, it still couldn't work, and there's no detailed information in the description, please give a hand, thanks alot!
netfilter support, really? doesn't seem that way
Not one post regarding netfilter/iptables. Thoughts?
After install will not start
When I try to start the trial version I get this. I tried to search the site but it seems to be broken. Press t to start the product in Evaluation mode l to provide the User Name and License File path e to Exit Choose an Option :: t ERROR CODE : 469 Invalid License File Please contact AdventNet, Inc. 5645 Gibraltar Drive Pleasanton, CA 94588 USA Phone: +1-925-924-9500 Fax : +1-925-924-9600 Email : info@adventnet.com WebSite : http://www.adventnet.com
Watchguard showing No Data
I am currently getting no data available for My Firebox 1250x with fireware 9.0. At one point i had data, just not live traffic and it was working fine. now I am getting no data. Went through a bunch of posts here and tried a few things with no joy. Any suggestions
Cisco VPNC issue
Please help, I could see log on Firewall Analyzer from Cisco VPNC. I have installed FA on my server and configure Cisco VPN Concentrator 3000 to send syslog on port 514 UDP. SAP3 is installed, FA build is 4030. There are files <Firewall Home>\server\default\archive\<IP of VPNC>. Date and time in those files match the system time. I can see packets by sniffer. I so not see VPNC as Device in Dashboard, so I can not see it in packet count. I attached support_file below. Thank you in advance, Vladimir
VPN Traffic not coming on dashboard
I am not able to see the VPN traffic running through my PIX firewall 515E. Also i am not able to see the Ougoing traffic. i configured as: logging host inside 192.168.1.X 17/1514 Please suggest
Firewall
how do i disable my wndows firewall ?
Next Page