Reading Check Point Firewall Configurations
Hi, Can we read the Check Point firewall configurations? If yes? How? Any samples in C/C++?
No VPN data in VPN Reports
We are using checkpoing ngx R61 and everything seems to be working iwth teh newest FA build. However, I don not see any information regarding the top vpn users or anything related to vpn traffic. Any help would be appreciated. Thank you!
CHECKPOINT LEA CONNECTION
Hi I am trying to get checkpoint log by LEA connection, but following the procedure everything seems is ok, but after to set up the LEA Checkpoint settings I've waiting to some data or report appears in the fwanalyzer, the LEA connection is ok but I don't know if I need something else, or another step to bring the data in real time. Regards
Strange Statistics
We are evaluating the analyzer which on the face of it produces a lot of useful information. The thing is I am getting confused. Outbound web access is showing as Inbound and it appears that our outgoing eMail is showing as Outbound where it should. With outbound web access it goes via a proxy in our protected network, then onto a virus scanning proxy in the DMZ and out. I have setup the DMZ and protected network as Intranets. Damian
Firewall analyzer on proxy server
Hello Can Firewall analyzer report on the actual pages visited on a website and not just the root of the website ?. thanks
Total Bandwidth reporting & archiving
Looking at the bandwidth reports in the Live Demo, I don't see any way to get Total Bandwidth per month (in GBytes) and monthly in/out rates with a 95th percentile calculation (Gbps). Having these statistics helps in a very real way to know that the ISP is correctly calculating/billing bandwidth useage. It would be nice to have the end of month stats archived for 12 or 24 months so that trends can be viewed as well. How can I go about generating such a report, or is the functionality not there? I
No data being graphed
brand new install, downloaded build 4022. Set up PIX according to directions, but no data is showing up. Packet count received is 15,000 and is rising, and if I shut down FWA4 and turn on a normal syslog app, I see all traps coming in for tcp connections and teardowns, so I know the data is coming into port 514. I tried the http://localhost:8500/fw/genreport.do and http://localhost:8500/fw routine as suggested in the troubleshooting, still graphs are blank and data is showing 0.0 Server Diagnostics
Analyzer on Centos 4/RHEL4 Linux not starting
Hi all! I tried to install the trial version on Centos 4 (Redhat Enterprise Linux 4 Clone) but it doesn't work. When I start it by run.sh it says: Failed to start the server. Please refer logs for more details. In the logs there are many java errors ... Did anybody try it on RHEL4? P.S.: I added the serverout0.txt file for reference ... br, Roman Payreder
Cisco IOS firewall support
It seems a vast oversight that FWA does not support the massively deployed Cisco IOS router embedded firewall. These are found in a huge number of small and medium sized companies, especially the 800 series with integrated modems for DSL, Cable. The latest versions of IOS firewall are now supporting Layer 7 IDS functions making them very popular (but sadly have poor interface and reporting). Have adventnet made any roadmap plans to include the IOS firewall syslogs? Thanks in advance.
Netgear FVS318
Has anyone sucessfuly set up this firewall with Firewall Analyzer 4?
Trial Version - number of devices
Is there a limit on the number of devices one can monitor in the trial version. I can monitor our internal firewall without a problem, but not the two remote firewalls that are connected via a VPN. They are not detected. Is there a way to manually add firewalls. Damian
can not log in
Recently I have been having a problem with logging on to my firewall analyzer. If I restart the computer I can log back in for a while but it goes away again after hour or so. Please help. Thanks
Cant connect for second time on a trial version
Hi there I ve just downloaded the trial version and installed it. At the first time on front end page you'll see the message: "First time users use 'admin' as User Name and 'admin' as Password to login" I have to restart the server and now when i tried to join to de MageneEngine web page http://127.0.0.1:8500, the data above do not function. i didn't change any password, just restarted the server. Does anyone have a solution for changing the password or recover it? Thanks A lot
no VPN data from checkpoint R62 logs
We are using checkpoint NGX R62 and everything seems to be working fine for all of the traffic except that there is no VPN data showing up in the reports. I checked our firewall to make sure it was accounting the information and it is so I can see all of the information and the correct columns are selected. Any other ideas why this would be happening? Thanks in advance!
Checkpoint logs
I was going to install the Firewall Analyzer on our checkpoint log server (instead of a remote server). Will the firewall analyzer be able to just look at the log directory (in real time... not just importing) so I don't have to set up all of the lea configurations and so forth? Thanks in advance!
Firewall Analyzer 4 Shoing wrong time in logs
I have a sonicwall pro 2040 from which FA4 is pulling from port 514 - It is not downloading the logs. I have the workday set to 07-18hrs. The sonicwall is set to UTC time. For some reason, FA4 is listing the tim in its logs as starting at 16hr. Any ideas why the timing is skewed? Thanks in advance M
Unable to add devices
Hi , I'm trying to generate reports for a log file I have succesfully imported. All appear empty, I believe the issue is that I'm not able to add devices, when I enter the IP address or either the network and save, the devices are not listed. Thanks
deleting custom reports
I have a custom report I can't delete. I get a html page stating some kind of http 500 error and that the report was not deleted. How do I delete it. Thanks Patrick
FW Analyzer Reporting
I've been running FWA for about a week now, and would like to be able to produce a report that lists protocol use between a couple of subnets outside my PIX and an inside network. The aim is to see what protocols/ports are in use between one of our clients and us so we can lock down the firewall to only have essential services being permitted in both directions. Is it possible to do this?
FW Analyzer Report - How To?
I tried to register but it says I tried too many times? I just tried once and once only...oh well. Here's my question: I've been running the Firewall Analyzer for about 5 days now. I'd like to be able to get a report on traffic and protocols between two outside subnets and 1 inside subnet from my PIX firewalls. There doesn't seem to be a simple way to create this filter that I can see. I'd like to see a table with source hosts --- Dest hosts --- protocols. Is such a report or log filter ruleset possible?
Need help with viewing old logs.
Hi, I need some help for the logs of firewall analyzer. Firewall analyzer was running on one of the servers, but on last Friday, 19th Jan. 2007, it started giving an error saying that database creation failed. We reinstalled FW analyzer. Build is 4022. Now, whenever I click on the past dates (dates prior to 19th Jan. 2007) I am unable to view the reports in the dashboard. Please let me know how can I view these reports. I have archived logs , so I believe I need to import the same, but I need a step
Exetending Firewall Analyzer Trial Period
Hi, I am testing FireWall Analyzer, and I could not check all the features properly, is it possible for me to get an extension for the trial. Nother 3 days left for the expiration. Rgds, Nilanka.
RSA Conference 2007 - Free Expo Pass Available
We are happy to inform you that we are taking part in the upcoming RSA Conference 2007, to be held between Feb 5-9, Moscone Center, San Fransico. Visit us at Booth #2147 Existing customers, please get in touch with support@fwanalyzer.com before Feb 2nd, to get hold of a Free Pass for the Expo to be held between Feb 6-8. See you at the show!
Resolve IP Addresses
Is it possible to resolve IP numbers back to web address is reports? Knowing that the most visited site is www.xxx.com instead of 25.56.85.45 is more useful... Is is also possible to monitor more that one firewall in a product? I have a second FW sending logs to the software but is just seems to trigger the "unsupported log data received" message? DOes each FW have to be on a different syslog server? I don't see a actual "Add Firewall" configuration.
Support for Juniper/Netscreen SSL VPN
I have loaded the trial software and have gotten it to report some items when in WELF but when I change it to Standard, FWA tells me there are no firewalls currently exporting logs. There are also some features of the SSL VPN that would be nice to report on such as: Host Checker successes and failures Network Connect durations Overall, I am not sure if I trust the duration intervals I have seen based on the WELF reports. I would be happy to upload logs if that will help. Thanks, Mike
What firewall is better to install?
What will be a better one firewall I can download and use for free, that will come with my windows xp and won't slow it down? :(
Fortigate-60 with FortiOS 3.00,build0400,061002
I'm on trial license - trying to analyze logs from device in subject. I'm getting 'Unsupported Logs Received ' Is ther any solution for this? Or any plans for future to support this unit? thanks, chris
FA stopped working suddenly !!!
Dear Support I had FA 2 weeks back. It was working fine till yesterday when I was unable to loh in . I had created two users with admin rights. Whem I put the url in IE it gives me the username / passwd screen but is unable to login. To investigate the matter when i check the FA server it was givin some error that there has some catastrophic error occured. I tried stopping and starting the FA service and rebooting the server but in vain. PS - I had installed the service pack. It was working fine
FreeRadius vs Firewall Analyser
I'm in the process of using Firewall Analyzer working side by side with FreeRadius on a Fedora Core 6 machine. Currently I'm using the evaluation copy of Firewall Analyzer but the instance is failing or not starting (even after I stop the msqld service to avoid conflicts). I notice that the "backbone" seems to be on a JBoss installation. Just to test, I shutdown the msqld service for FreeRadius and ran a separate instance of JBoss 4.0. JBoss came up fine. Looking into the logs of the Firewall Analyzer
Can't open file: 'firewallrecords.MYI' (errno: 145) error me
I am receiving this error message in my logs on my server and not sure what may have been changed. I am seeing this event log iten every few seconds. I've tried stopping/starting the services. The file is there, and about 15mb in size. ../mysql/\bin\mysqld-nt: Can't open file: 'firewallrecords.MYI' (errno: 145) Is there a specific cause for this? thanks; chris
VPN reports
Hi, I have installed Firewall Analyzer ver 4012 and started by installing 2 netscreen 208 firewalls. The problems I am having are: 1- The Firewall Analyzer does not recognize the native syslog format I had to enable webtrend to start receiving data. 2- In the VPN Reports the Top VPN Users shows unknown and does not show the authenticated user. Thank you, Ramzi
java.lang.NumberFormatException: For input string: "&qu
Hi. The software has now been running fine for a few days, but at 0900 hour today it stopped again. I got this message in the serverout.log. This repeats itself over and over again. Looks like it stopped at Update_Trend_Tables. Tried a genreport.do, but it stopped at the same place. [08:43:32:948]|[11-20-2006]|[com.adventnet.la.util.dm.DMTask]|[INFO]|[25]|: Executing Task [Cleanup Task]| [08:50:17:500]|[11-20-2006]|[com.adventnet.la.util.dm.DMTask]|[INFO]|[24]|: Executing Task [Update_DOW_Trend_Tables]|
Live Reports has no data
I am evaluating FireWall analyzer for one of our customers. They have PIX 515E version 6.3. All the other reports are giving details properly but the "Live Reports" has no data. Please advice how to rectify the matter. Rgds, Nilanka.
FA - Java performance
I'm evaluating FA from few days. Running it on Debian Sarge, with Pentium4 2.8 CPU, 2GB RAM, SCSI 10k HDDs. Not very fast in overall, but not bad as well. After starting FA, I can see java process at 99.X% CPU. Is it normal? I have 1 firewall, with rather not much activity - 1500 events from beginning. Thanks, Chris
FA Failover licensing
Hi, I have 2 pix running faillover. Is it enough to buy one device license? regards, mustafa
NO DATA AVAILABLE
HI THERE IS NO DATA AVAILABLE IN THE FIREWALL ANALYZER AFTER A COLD START . WHAT DO I DO TO MAKE IT UP AND RUNNING :P
Secure Computing Firewall
Hi there, I am currently testing FWA. One of our clients are using a firewall call Secure Computing and it is not in the list of your supported equipment. I was wondering how we can make this possible? is FWA capable of discovering unsupported devices? Faizal
Specifing Protocol Ranges
Hello, we use dcom in a range from port 35000 - 36000 , how do I specify that in custom protocol settings ?? i.e: dcom 35000 - 36000/udp 35000 - 36000/tcp
Quick Report User Column Unknown
Hi, I am running Firewall Analyzer Build 4022. When I click on the Quick Reports Link the User column is only populated with "Unknown" as the entry. How can I get this column to display actual User or PC information? Thanks
Problem using remote mysql server
Hi i tried to use mysql server in another machine i change nms-service.xml and mysql-ds.xml the server start, but i tried to add lea client (checkpoint firewall, i create .conf and get certifate). in web console show infite refresh and serverout0.txt show error: [08:06:49:641]|[12-19-2006]|[com.adventnet.fa.server.lc.TriggerTasks]|[INFO]|[21]|: Hei !!! Good Starting Generating Reports ============>>>>ReportGenerationThread For FirstResource for :::ReportGenerationThread For FirstResource| [08:06:49:642]|[12-19-2006]|[SYSOUT]|[INFO]|[21]|:
Next Page