NetScreen 204
Who can help me with my problem? Im forgot admin password for console on NS 204, How to recovery it and do not erase running configutation ? If some body has good idea pleeees help me
Checkpoint Safe@Office support
Is this check point product's logs supported also? Daniel
Deleted Traffic report
I am currently evaluating the FW Anyzer App. What will determine if I buy this is: "how easy can I create custom reports." How does one recover the traffic report that come native (default) when setting up a Pix Firewall. Within the Traffic Reports that come by default you have : Top Hosts Sent Top Hosts Received Top Host Sent and Received Top Protocol Groups and so on... My issue is here. Under ALL REPORTS\ 1. Create a Report profile, the report was named. in the next screen in 2. Select Report
Concerns
Hi, I would like to ask the following: 1. Do you have a list of your clients who are providing Managed Services? 2. For contingency or redundancy purposes can we mirror the data on another server and would this entail additional cost? 3. Are there steps to backup and restore data in case of a system crash? Thanks
License portability
Hi, We are about to purchase the product and are wondering about license portability. Example: We buy 10 lic. and we have the FWA running on a VMware platform with 5 devices but decide to shift the service to a more powerfuil dedicated server for the next 5 firewalls and transfer the other over later. Would this work? Or We have a customer that like the service but wants to be able to resolve their internal IP addresses so wants the FWA installed on their LAN rather than our central server, Can we
Updates on Licensed Product
Hi Support, We would like to ask if we already have the licensed version of the product, do the the later updates/upgrades will have additional fees? Also, do i need to reinstall the whole program if i need to apply/install the updates? thanks, jenesis
Replacing ManageEngine logo in reports
Hi, I have several questions: 1. Since we are customizing the reports and sending it to our clients, is there a way that we can replace manage engines log o with ours? 2. Do you have a list of your clients/testimonials who are using ManageEngine firewall analyzer? 3.We are collecting logs from fortigate firewalls and I was wondering if it can show reports of the attacks, (such as, malic ious URLs passed to a webserver, attacks with ips signatures detected, vpn sessions (failed, successful) That's
Different firewall vendors on a single FWA
Hi support, I would like to ask if it is possible to have different firewall vendors configured on a single FWA? (e.g. I have Check Point and Fortinet on different machines). Would there be any special configuration? Thanks, Jenesis
FW support Cisco VPN Concentrator?
Hi, With the new version of Firewall Analyzer (Build 4020), does it support the Cisco VPN Concentrator? Can I send log information from the VPN Concentrator to Firewall Analyzer and generate VPN reports? Please let me know. Thanks, Herman
Incorrect Reports
I am currently running the Firewall Analyzer evaluation version. I am wondering about the event summary report page. It appears the totals for the different graphs on the report do not match. For example in the event summary graph the event total is reported as 231500 events. In the top hosts graph the event total is reported as 90830. Why the difference? do these two totals track different statistics?
Upgrade path.
Is there somewhere on your web site that relates a PROCEDURE if you're at a build 4012 to change to the 4020 build? Regards, --Ron
Cyberguard support
Any idea, whether Cyberguard Firewall is supported by Firwall Analyzer? Thanks
Cisco IOS syslogs
Hi, I am currently running the evaluation copy of the firewall Analyzer and straight up I can tell it will suit my organisations requirements but for one thing - Does it support Cisco IOS syslogs for routers running the advanced security feature-set? I have not seen a positive reply to this question on the forums. With my eval I am not seeing the host discovered or even entries in the unsupported logs received area. I have confirmed that syslogs are making it to the physical server using kiwisyslog.
Import Logs Duplicating
Anyone, Could you tell me what happens if you import the same file twice, it seems to duplicate and if so how can you remove the data so the reports clear back down? The reason why I ask is because we want to import from our WatchGuard system for logs going back six months, however someone imported a file twice which duplicated that days data, I understand you have to be careful when importing files but can you role back the data or could you tell me how to reset the whole database and start over
Import Logs Duplicated
Can you tell me what happens if you import the same file twice, it seems to duplicated and if so how can you remove the data so the reports clear back down? The reason why I ask is because we want to import from our WatchGuard system for logs going back six months, however someone imported a file twice which duplicated that days data, I understand you have to be careful back can you role back the data or could you tell me who you wipe the data and start over without uninstalling the product? Kind
Auto refreshing Firewall Analyzer
We are using FA Build 4020 on a Windows 2003 Server for our Netscreen25 device. Is there a way to keep my session open (web client) without timing out? I would have liked to keep Firewall Analyzer open, and just have it auto refresh, (ideally in a pre-configured interval). Would be nice to see the Live reports auto refresh by itself. This would make us pro-active in assessing the current state of our network usage. However, the web client times out and we have to login again. Maybe you can add this
Alerts
Hi, I have created an Alert profile to receive emails whenever firewall analyzer receives a syslog entry that contains login attempt. The rule I have created is: Match all of the following - The message contains login attempt The new rule does not seem to work. Any idea what could be the problem. Bellow is a sample syslog entry: Oct 16 09:24:37 192.168.x.y hostname: NetScreen device_id=hostname [Root]system-notification-00002: Admin user "usename" login attempt for Web(http) management (port 80)
Alert!!
Hi, I have been testing Firewall Log Analyzer for the last 2 weeks. I would like to suggest something to the setting of alerts. Right now alert can be set only as <"Severity/Attack/etc .."> <"is/isnt/etc.."><string> that means I have to give some entry as string..But it would be nice if a condition like ANY can be set. So the alert would look like <"Severity/Attack/etc .."> <"is/isnt/etc.."><"[any/{string}]"> I will tell you the reason because I want to set an alert which gets triggered when an Attack
ManageEngine Firewall Analyzer Service Pack 2 (Build 4020)
We are happy to announce the availability of ManageEngine Firewall Analyzer Service Pack 2 (Build 4020). The new release empowers Network Administrators & MSSP's with user specific device views, anomaly detection filters for network behavioral analysis, firewall administration reports for regulatory compliance, support for more number of devices, and many other new feature additions as listed below. To get the complete build (4020) follow the below URL. http://manageengine.adventnet.com/products/firewall/download.html
Cannnot start
Out Fedora 5 Box had rebooted and now we cannot start the program anymore STATUS | wrapper | 2006/10/14 14:46:46 | --> Wrapper Started as Daemon STATUS | wrapper | 2006/10/14 14:46:46 | Launching a JVM... INFO | jvm 1 | 2006/10/14 14:46:47 | Wrapper (Version 3.1.1) INFO | jvm 1 | 2006/10/14 14:46:47 | INFO | jvm 1 | 2006/10/14 14:46:48 | This evaluation copy is valid for 29 days INFO | jvm 1 | 2006/10/14 14:47:14 | Failed to start the server. Please refer logs for more details INFO | jvm 1 | 2006/10/14
Checkpoint LEA not getting the action field
Hi I've successfully setup a LEA connection with my Checkpoint management station, enabled tracknig and reporting is working. Though I'm not getting any data in "Security Reports" and 'VPN Reports'. After checking out the retrieved log in <fwa_dir>/Firewall/server/default/archive/<ip> I can't see the action of each log entry. This is probably why I can't see "Top Denied Hosts' etc. So my question, how do I get the action (drop, accept, etc.) into the logs? And will this also solve my empty 'VPN Reports'?
Report Scheduling
Hi Support I want to configure Report profile such that at every evening (say 5 pm ) I should get the report for the previous 8 hrs. I tried configuring hourly report and scheduled this report to run at 4:30 pm howver I get report only for 1 hour and even in that sometimes I just get a mail without attachment. and the mails says that there is error in report generation. How can I achive this. I am using build 4012. Regards
Manage Engine vs other Firewall analyzers
Hi, We are currently evaluating several firewall log analyzers/reporting products and so far in a google search of "firewall log analyzer" sawmill and manageengine tops the list. Not to mention loglogic, splunk, phpsyslog-ng, etc. etc. Anyone here who have experienced using those products? So far, I am particularly biased to manageengine... My boss really wants me to dig into sawmill further.. I just want to convince him a little more. How does manageengine compares to sawmill? Other log analyzer
Astaro V6
I want to use Astaro6 and need to know how to configure the firewall. At the moment I was able to handle the export of the logs but they are not recognized by the Analyzer. Which logs must be sent to the analyzer to work.
DNS Resolution Not Working Properly
For some reason the DNS resolution feature works but does not resolve all addresses. It resolves all internal addresses with no problem. But for some of the external addresses it does not. If i do a manual nslookup on some of the addresses it resolves them fine, but firewall analyzer does not. Any solutions.
URL not shown
Hi, I am testing Firewall Analyzer. My network is: a DMZ with four servers (mail, dnn, web...) and a local network. In all report, I can't see URL (from my servers) visited by internauts. I see the rate beetween the four servers, their public IP address but no precision about what the has done the visitors. I have a Fortigate 60 firewall. I there a special settiing to do ? Thanks
Traffic reports
Dear Support I would line to seek clarifications on the definition of the "Top hosts - Sent" "Top hosts - Received" in the traffic reports. For eg how is sent traffic to be interpreted It is the traffic sent out of the firewall interface (irrespective of the interface of firewall i.e inside and outside) or it is the traffic sent out from the LAN to the internet Regards
Netscreens
I am using multiple Netscreens and exporting syslogs to FWA. I have everything checked but debug in the Netscreens. FWA reports for attacks is always empty, other reports seem OK. What should I look for ? Also, I would like to look for 'flood' in the logs since I am particularly interested in ICMP and SYNDOS floods. So far I can't find them in reports. Thanks
Features for 4020
Dear Folks, Following are the list of features that we are taking for our next build 4020. Please feel free to pour in your valuable suggestions. New Features: 1. Support for User Based Firewall View i.e certain users can view certain firewalls. 2. Advanced Search with AND, OR options. Options to save Search Result as PDF reports. 3. Anomaly detection based on known trend history. 4. New reports like Peer to Peer reports which helps you to identify scans New Devices Support: 1. Cisco VPN Concentrator,
Syslog in local machine
Hi: I have Linux server and running Firewall Analyzer in the same machine. I can't get the syslog. What happend??? Thanks
Which has more info: WELF or SYSLOG?
Is one format better than the other? I have a Fortigate box that can send logs via syslog or welf formats - does one provide more detail than the other? I notice in a post here there were issue generating the virus report which showed some syslog messages - does welf also provide these messages? Should I send both formats to FA to cover my bases? Thanks in advance, TJ
User Internet Usage/URL monitoring
Hi, I was wondering if someone can tell me about a good (freeware if possible) tool that can be used to monitor user activity from their desktop machines to the internet. Basically I want to montor the websites that each user is accessing. Thanks, HS.
MS RADIUS (IAS)
Is it supported? It seems like FA expects radius logs via syslog (which IAS doesn't appear to support - only logging to a file, local event log and a SQL box). I suppose if FA could read a local table we could log direct from IAS to a MySQL table in FA... Is there any chance FA could just download and parse the log files via FTP or UNC etc? I guess the only other way around this would be to run an eventlog-> syslog client on the IAS server and given the format of the syslog message FA is expecting,
Logs archived but cannot load
Dear Support I have enabled the log archiving in the fw analzer. But in the file archived it doed not show me " load " button to load in database instead it aonly shows me delete. secondly I have confirured the Netscreen firewall 208 to export logs to mange engine FW analyser and syslog server. On the syslog server a days file size is almost 3 GB where as in fw analyser it is just of 220 - 250 MB. I see something fishy in the log generation by the fw analyzer. Pls guide. Regards
Report not generating....Critical
Hai , We have been testing and analysing the Firewall Log Analyzer for the last one week.We have found out the following problems in this tool.. 1. I have set the file creation interval and archiving with the default values.But I have found that archiving is not happending automatically. I have to manually give the Zip now command from the Archive options. Why it is not archiving automatically? 2. Today I have found another problem which I am not able to correct till the moment. The disk space on
Time based Report + Unassigned Traffic
I have two queries 1 . Is it possibel to get time based report i.e for a particular time slot in a day. 2. Most of the traffic paasing is marked as unassigned. So how can be that analyzed. Is there any patch available for fixing that. Regards
Firewall Analyzer Service Pack 1 (Build 4010) Available !!!
Dear All, We are very happy to announce Firewall Analyzer 4 Service Pack 1 (Build 4010) is released. To get the complete build follow the below URL. manageengine.adventnet.com/products/firewall/download.html To get the Service Pack follow the below URL. This Service Pack can be applied over build number 4002 or 4003. Users who are using build number 4000 or 4001 kindly contact us through support@fwanalyzer.com. Same Service Pack can be applied for both Windows and Linux. manageengine.adventnet.com/products/firewall/service-packs.html
Real-Time Live Reports
hi support, are the reports generated by the firewall analyzer real-time? the reports that im getting are not changing (the graphs/data) even if i do something at the client's machine connected in the firewall. i only see the graphs/data change if i restart the firewall analyzer. please advise. thanks
MS Radius
i'm running FW analyzer Build Version : 4.0.1 Build Number : 4012 to analyze a PIX firewall logs,my problem is that Microsoft Radius report show me nothing.
blocked port reports
hi, is the firewall analyzer capable of generating report regarding the number of ports blocked? what are the ports blocked, the source of who is "attacking" the ports, etc. thanks
Next Page