How to avoid import log duplicates
I have IPCOP firewall running squid proxy. First of all, IPCOP only accepts SFTP connections and your product only does regular FTP. Second what happens to the old log file. If you import the access.log file in the morning and then in the evening won't you have duplicates? Does your import utility delete the old access.log file? Does it only import the new records. Please clarify. - David
VPN Report Issues
Hi, very impressed with the firewall analyser the only issue we have is that althought the vpn reports contain the vpn sessions established there is no info for the volume of data passing through the tunnels. We use a PIX 515 here at head office with 501's at the branch offices with also a few software client connections for a few users all the reporting info is coaming from the 515 Is there anything that can be done to improve the quality of the VPN reporting? Thanks Simon
Log imports
Hello, how fast can we import log files? Here is what we see: We start with a fresh install Import the fist log file (Sept 01) Reports begin to show data for Sept 01 When the log import status shows: Import of log file completed We begin 2nd log file import (Sept 02) When the log import status shows: Import of log file completed The issue now is there is no data in the reports for Sept 02, even after hours later.... thanks, Jean
Approve new Security Statistics UI in Firewall Analyzer
Hi, For our next release of Firewall Analyzer, we are toying around with some new ideas for our security dashboard, which we have tried to capture in the prototype screens below. We would like to hear from you about your opinion on the same. The reason for providing this is to, provide a complete snapshot about the informations regarding Attack, Virus and Security Events occurred in the Firewall(s). Below are the prototypes that we have developed for the same, 1. Click Security Statistics to view
Live Reports page empty
I am getting data collected on other pages but hte Live Reports page has no data to show. Is there something else I must do? Firewall is Watchguard running Fireware v8.3. You created a patch for me to get FWA to work with my Watchguard. Does something else have to be patched? chris
Exporting of drilled-down reports and other issues
Hello there! 1. Is there a way to perhaps export the drilled-down reports of a particular entity, say, an IP address/hostname or a Protocol; to PDF or CSV format? To my knowledge this is currently not supported yet, am i right? If yes, is there a work-around? 2. Most of the IP addresses are not getting resolved to their respective hostnames. As per the FAQs, IP addresses are automatically resolved by connecting to the network DNS server. My question is, how does the Firewall Analyzer determine my
Checkpoint firewall log import
Hello, We are currently unable to import Checkpoint firewall logs that are delimited by semi-colon. Besides the most common characters used (commas, tab, pipes and spaces) Will more characters be supported in the future? Will this be a customizable option for the end-user? thanks,
Classifying unknown traffic
What is the best way to classify unknown traffic, I cannot find anywhere where the log analyzer tells me the actual port that the traffic is using, so I don't have any way of knowing what it is. Is there a report which shows the actual ports of the unknown traffic instead of just "unknown" ? Also is there a way to sort the ports in the custom protocol configuration.. its very hard to sort through thousands of ports when they are in no order.
Download HotFix For Build 4021/4020
A hotfix for build 4021/4020, for the below listed bug fixes, is available for download. We request customers using build 4021/4020 to apply this hotfix. And for customers using earlier builds like 4012, 4011, or 4010 should first apply the service pack before applying the below hotFix for build 4020/4021. Bug Fixes * "No Data Available" issue caused due to FirewallRecords_Tmp table getting full has been fixed. * Issue with quotes in RuleName for Cisco Pix firewall has been fixed. * Issue with parsing
Is CentOS 4.4 supported by FWA
Hi There, Is CentOS 4.4 supported by FWA? Thanks, Hong
PIX 7.2(1) and Firewall Rules Report
Hello, I have purchased a License of Firewall Analyser (build 4020) to monitor our Cisco PIX Firewall. The Analyser works fine for me. But when I look in the Firewall Rules Report I can�t use the Drill down tables for our custom rules, e.g. the Tables are empty. Only in the default Rule I have several entrys. I�ve attached a screenshot where you can see what I mean. The only difference I can see, is that our custom rules are in a single double quote. Kind regards Andr�
Bluecoat Logs
I have bluecoat logs following this naming convention: SG_main__21_1117054549.log.gz.done When I import logs into FA, small logs are processed fairly quickly while larger logs take several minutes to process. This isn't a problem, I am a patient person :) However, the problem is that after logs are imported I am unable to see any data or reports based on log data. I know there are valid records in the logs as on the import logs page it shows how many records. After importing the logs, I have a "squid
Not distinguishing between inbound/outboand
We have set up the demo of firewall analyzer, and for the most part it appears to be behaving correctly. We have it monitoring Checkpoint firewall using Authenticated LEA, which also works, though there seems to be some significant discrepancies with regard to traffic volumes. The live report does not appear to be accurately reflecting the data. Also, the traffic related reports show our hosts (behind the firewall) in all of the lists. We have set up the intranet rules with all of the networks behind
QoS Problem with Checkpoint?
Are there any known issues with Checkpoint and how enabling QoS might affect the logs that are sent from the firewall to the analyzer? We recently enabled rate-limiting on OS updates. What this means from a logging perspective is that there may be thousands of sessions that remain open for several minutes before being "accounted" by Checkpoint and the bytes transferred data logged. Does Checkpoint send an initial log entry without bytes, and then send a second log with the total bytes transferred?
Checkpoint QoS issues?
Are there any known issues with Checkpoint and how enabling QoS might affect the logs that are sent from the firewall to the analyzer? We recently enabled rate-limiting on OS updates. What this means from a logging perspective is that there may be thousands of sessions that remain open for several minutes before being "accounted" by Checkpoint and the bytes transferred data logged. Does Checkpoint send an initial log entry without bytes, and then send a second log with the total bytes transferred?
Report scheduling
Hi, am currently evaluating this product and need the following. 1. I would like to schedule a report (current as well as historic) with a particular destination, protocol and all the conversations for the selected period. I am trying my best but not been successful. I just need one consolidated report of the above. Pls advise step by step procedure. 2. I was able to manually drill down to the info I have asked above. The report shows OUT data in MB, but IN is ZERO for all the conversations to that
Organising Protocols
Is there a way to orgaize the protocols and groups? Currently the groups appear in no particular order in selection boxes. Can they be done alphabetically? We would also like to see some way to organize the protocols, again either alphabetically, or by port number. We have found the random display to be confusing, and entries frequently get missed. Lastly, is there duplicate checking when a protocol is added to prevent it from existing in multiple groups at once? We believe that it may be the case
EXPORT LIVE REPORTS
Please can you tell me a way to export all the live reports to a pdf format.
Netscreen Site to site VPN - No data
Hi, me using Netscreen 25 VPN to 30 branches netscreen 5GT, Firewall Analyzer show me no data fot VPN, how to make it work my Netscreen 25 using version 5.3
syslog or webtrend ?
HI, to monitor netscreen firewall, i should enable the syslog or webtrend ??
Getting a TomCat exception when trying to browse remotehost
I am trying to import Squid log files via FTP (I am using ProFTPd on Fedora Core 5). When I try to browse for the access.log file, I am getting a TomCat error in the popup browser window where I assume I am supposed to be seeing a list of files to select from. I am attaching the support log files. I have verified that both PASV and non-PASV ftp work correctly and get me to the correct location on the FC5 server and can obtain the file list. Any insight would be greatly appreciated. Thank you.
cannot see results
I have just installed FA 4020 Demo version and are using it to analyze my PIX. I get protocol data, but not any amount. All data, IN and OUT are zero! If I look at web or mail usage reports there is only zeros everywhere. PIX config: logging on logging timestamp logging standby logging monitor debugging logging buffered warnings logging trap informational logging history warnings logging queue 0 logging device-id hostname logging host inside 172.16.40.253 PubPIX515E-B# sh logging Syslog logging:
Unable to discover Netscreen - 204 in Firewall analyzer.
Hi, I need some help with the discovery of Netscreen 204 in firewall analyzer. I am using build 4020 of the Firewall analyzer. Snmp has been configured on NS- 204 as well as the syslog logging server IP address and port no. 1514 have been configured on the same. What other configuration changes do I need to make to get this problem resolved. Kindly revert back at the earliest. The NS - 204 firewall gets discovered in the OpManager. There is also a PIX firewall on the network, which is being monitored
Unable to import/export firewall logs
Hi I have installed firewall analyser on windows 2003 server in my domain and have configured my firewall with following commands logging on logging timestamp logging buffered debugging logging trap errors logging host inside 172.16.2.239 17/1514 i have configured the webclient to add port 1511 for the syslog server. however the webclient keep saying no firewall is exporting logs and i am not able to add any device in device details
Checkpoint NGX
Hi, I would like to know whether Firewall Log Analyzer would support the Checkpoint NGX platform. Thanks, Nibin
Traffic showing zero data from PIX 520
I have just installed FA 4020 Demo version and are using it to analyze my PIX. I get protocol data, but not any amount. All data, IN and OUT are zero! If I look at web or mail usage reports it shows sorted by what looks like amount of data, but there is only zeros everywhere. PIX config: logging on logging timestamp logging standby logging monitor debugging logging buffered warnings logging trap informational logging history warnings logging queue 0 logging device-id hostname logging host inside
ASA5510
I have just installed FA 4020 Demo version and are using it to analyze my ASA5510 with Cisco Adaptive Security Appliance Software Version 7.1(1). The Syslog is running on port 514/UDP. Windows 2003 Server. I send the syslog messages to firewall, but i receive the message "No firewall is currently exporting logs to Firewall Analyzer". If i use the 3CDaemon Syslog Server, it receives the syslog messages. Syslog logging: enabled Facility: 20 Timestamp logging: enabled Standby logging: disabled Deny
multiple network adapters
I was wondering how, on a server with multiple network adapters, you can have the Firewall Analyzer only listen on one of them? Is there a certain file that can be edited to do this? Thanks, Drew
Using FA4 with Watchguard, what is next step?
I am using a Watchguard firewall with Fireware 8.3. I have it setup to do syslogging and I have verified this is working as I installed Kiwi Syslog and can see the realtime events through Kiwi. My question is, now what? I see on the home tab in FA4 that is states that "No firewall is currently exporting logs to Firewall Analyzer" I also see where I can add another syslog server. Ithought was was for adding syslog server that aren't on the default udp 514 port. What are the next steps needed to get
License issue, PIX with failover
We have purchased one license of Firewall Analyzer to monitor a PIX firewall. It is however a firewall setup with failover. Its only usefull to monitor the active PIX so I figured I only needed one license. As the config is replicated to the stand-by PIX so is also the syslog export, and I end up with two PIX'es in Firewall Analyzer. It is then complaining that I should upgrade to one more license. I have tried to delete the stand-by PIX from the software but it keeps coming back. Is there any way
Watchguard 7.3 syslog config
Hi, I have aclient with a watchguard 7.3 firewall and the Firewall analyser is picking the logs up fine but there is no Bytes information. The configuration notes provided state: For version 7.3 , One need to go into "General Setting" area of your proxy and select the check box "Send log message with summary of each transaction". Can I get a little more clarification on the procedure? I assume by "proxy" it is meant the watchguard? The Policy Manager which is used to configure the watchuard does
No Data for VPN Reports
Hi, I'm a newbie with Firewall Analyzer. I have some few questions regarding VPN Reports. I was wondering why there's no data available for: - Top VPN Users - Top VPN Hosts - Top VPN Clients - Top VPN Protocol Groups - VPN Summary - VPN Traffic Usage Trend What are the things, setup or configuration that I should do inorder to have data on VPN Report? Need help. Thanks. Silver Hawk
Does Firewall Analyzer support Cisco ASA virtual firewalls
Hi, Just wondering does the Adventnet Firewall Analyzer support virtual firewalls (contexts) on Cisco ASA? We want to use it in MSSP scenario (one ASA covers multiple customers) Each customer would like to see separate report and not the other customers related reports. Thanks!
NetScreen 204
Who can help me with my problem? Im forgot admin password for console on NS 204, How to recovery it and do not erase running configutation ? If some body has good idea pleeees help me
Checkpoint Safe@Office support
Is this check point product's logs supported also? Daniel
Deleted Traffic report
I am currently evaluating the FW Anyzer App. What will determine if I buy this is: "how easy can I create custom reports." How does one recover the traffic report that come native (default) when setting up a Pix Firewall. Within the Traffic Reports that come by default you have : Top Hosts Sent Top Hosts Received Top Host Sent and Received Top Protocol Groups and so on... My issue is here. Under ALL REPORTS\ 1. Create a Report profile, the report was named. in the next screen in 2. Select Report
Concerns
Hi, I would like to ask the following: 1. Do you have a list of your clients who are providing Managed Services? 2. For contingency or redundancy purposes can we mirror the data on another server and would this entail additional cost? 3. Are there steps to backup and restore data in case of a system crash? Thanks
License portability
Hi, We are about to purchase the product and are wondering about license portability. Example: We buy 10 lic. and we have the FWA running on a VMware platform with 5 devices but decide to shift the service to a more powerfuil dedicated server for the next 5 firewalls and transfer the other over later. Would this work? Or We have a customer that like the service but wants to be able to resolve their internal IP addresses so wants the FWA installed on their LAN rather than our central server, Can we
Updates on Licensed Product
Hi Support, We would like to ask if we already have the licensed version of the product, do the the later updates/upgrades will have additional fees? Also, do i need to reinstall the whole program if i need to apply/install the updates? thanks, jenesis
Replacing ManageEngine logo in reports
Hi, I have several questions: 1. Since we are customizing the reports and sending it to our clients, is there a way that we can replace manage engines log o with ours? 2. Do you have a list of your clients/testimonials who are using ManageEngine firewall analyzer? 3.We are collecting logs from fortigate firewalls and I was wondering if it can show reports of the attacks, (such as, malic ious URLs passed to a webserver, attacks with ips signatures detected, vpn sessions (failed, successful) That's
Next Page