Intranet Settings
Under the Intranet Settings I set both an IP range of 192.168.111.1-254 as well as added the IP addresses of servers and remote VPN users. Last night I transfered a 350MB file. FA reported this as unassigned protocal. I do see under the unassigned protocals the connection between 111.2 and 111.35. As I understand setting the Intranet settings should make FA at least report this as internal network communication. Should I redo the Intranet settings to JUST the IP range? Any tips? As it is right now
Remove syslog server
Hi all, I am trying to delete one of the syslog servers running in firewall analyzer, but the red cross seems to be greyed out, so it's in no way possible to stop or delete any new added virtual syslog servers. Any help would be appreciated ;) Greets
Import CheckPoint 4.1 Logs (LogViewer Export)
Its possible to import Logs from the CheckPoint 4.1 LogViewer export function ? its possible to import other CheckPoint logs format ? (LEA connection its not possible for me. I cant change the Firewall configuration for now to evaluate this product.. sorry. I have to import the checkpoint logs from files in the first evaluation step)
Need help with DNS Resolution and a Request
I am currently having trouble with DNS resolution. I'm trying FA for possible use in a business setting to monitor web activity, VPN, etc. I am able to pull data from our Cisco Pix but the only IP that resolves to a name is the FA server (192.168.10.7) and the "Top URL's" graph says "No Data". My DNS/WINS/DHCP/Active Directory server runs on another machine (192.168.10.5). My intranet settings are set to 192.168.10.0 with a subnet mask of 255.255.255.0. I am considering this product for use but DNS
unassigned protocols
any are so few protocol groups setup? anyone have a more comprehensive list?
FWA stops gathering data
It seems that overnight, FWA stops gathering data and the system it is installed on has to be restarted. Also, when I import data (as I had to today from logs missed on the weekend), the fwa stops collecting data and has to be restarted. As a result, my evaluation is looking rather spotty. I can't get more than a day or two worth of contiguous data. I am running 4.0.0+Cisco ALL Fix Any thoughts, guys?
Blocking proxy servers from accessing my ftp server
Hi, I run a ftp server (using BPftp Server) as well as manage a network... I want to restrict my server to the users with actual IPs i.e. I want to block users who are accessing through proxy server. Seeking for help.
alert profiles and no inward data
Hi, 1. Do you have examples of working alert profiles for Pixes. Your doco gives no examples as to how to configure these. Also what quantifies as an alert, is it just a log that matches set criteria? 2. My reports show no inward data even though I have configured the intranet settings? 3. Also is there a way to look at the raw logs other than sql queries to work out what the box is receiving to set alerts reports etc? bakes
Configuring NAT in Watchguard Firebox Edge50
Hi, I am having watchguard firebox edge 50, I have given one public IP for the firewall, I have one WEBserver which is in the trusted network. I need to give public ip for the webserver also. How do I Nat this public Ip for the webserver. I am not getting any options or menus for the doing the NAT, Kindly Help My email ID is jacob.tp@rediffmail.com
NetScreen 25 and 5 no interface data being displayed.
We are monitoring the NetScreen 25 and 5 and we are not receiving any data from the interfaces. Please help?
No Device Added
Hi, I've installed FirewallAnalyzer on Linux with NetflowAnalyzer on same server. Tcpdump shows packets from cisco pix, but still I have no logs in the Fw Analyzer and packet count shows no packets... syslog config appears to be correct and shows up status.... no idea what else to try...please help..
Log Import & Reports
I have a PIX firewall which logs to a unix syslog - at this stage I can't change the logging to FA as this is a remote site. I have successfully imported the log files into FA - this can be seen by viewing the Import Log files screen - I see the log filename and approx 500 000 records. The problem I have is there are no reports for the days that I have imported, how do I get FA to generate reports for these days?
Cisco PIX 6.3(4) help.
We have a Cisco PIX 506, v. 6.3.(4). The syslog is being sent to the server with Firwall Analyzer on UDP port 1025. We are not using the Cisco Emblem format for logs. Right now we have informational level set for syslogs from the PIX This has been up and running now for 2 days. Today it seems no logs are being analyzed. Yesterday everything seemed fine. This afternoon I noticed that all reports now say "No Data Available". In terms of setting up, we just had the PIX send the syslog to the ip address
Request: Give all report table the ability to drill down.
Right now if you look at any graphical report in the system with a table attached (such as the Top Protocol Groups - Received report on the Protocol Usage reports screen), you can drill down into the data by click on the bar on the graph, but not by clicking on the line items in the table immediately below the graph. From a usability standpoint, you should be able to click on either. You should also be able to click on entries in the "view all" table to drill down into them just as you can by clicking
Please make tcp/udp identifiers customizable.
Currently your product expect port identifiers to be in the format: 80/tcp or 80/udp Netscreen firewalls send the ports in this format: tcp/port:80 or udp/port:80 It would be nice if this was user definable so that we could have a configuration page to specify the format of of the tcp and udp port identifiers. Something like: UDP Identifier Format: [udp/port:#] TCP Identifier Format: [tcp/port:#] Then on the protocol page we could simply put it in as port 80 and check TCP and/or UDP boxes or use
Incorrect format specified
Syslog traffic is flowing, but in the top right hand corner all I get is error messages saying that the data is in the incorrect format. I am sending data from a Netscreen-25 firewall/vpn device. The main page says "no firewall is configured to send data" (which is incorrect). And in the devices all it says is data received from "unsupported devices" Can you please help? I have logged a technical support ticket "but everyone was busy on other calls".
Bluecoat Proxy Support
Have you any plans to support Bluecoat SG equipment
Top URLs blank , Top Users
Good program. Needs some tweaking. Problem I am having is the Top URLs graph is blank. I have been running the program for about 18 hours and still nothing. Same situation with Top Users. Just one big bar graph saying users. No specific users. Please advise.
Top Reciv'd Hosts
I initiated a web download of 20meg and my host address never came up as a while other listed. (others listed were 0% recivied. )
Recommending Product
This software is great, and is exactly what I could recommend to customers for monitoring thier network, but this software is so new and doesnt seem to be "out of the box" ready IMHO. I will watch the progression and see how it goes. I do hope that the defualt install will evolve into a more *compatible* for the lack of a better word, result and not requiring that much management at the start. Thanks. Guest
Everything is being logged as unknown protocol.
I'm running a Netscreen 208 setup to send Webtrends to the Firewall Anaylzer server (running 4.0 trial). All the traffic is being listed as an unknown protocol. If I go to the home screen and click on the yellow question mark icon next to the "Unassigned" in the "Protocol Group" column I get a popup window with an empty list titled: "List of Unknown Protocols for null" This is probably related to another problem I've encountered. If I go to Settings/Device Details and click on "Edit <device name>"
WELF logs being interpreted incorrectly. Quotes problem.
I posted another message about problems with protocols not being identified and being unable to change my device settings. I believe I've found the problem. Your WELF log parser reads quotes as literal values. So when it gets a log line like (straight from the archive directory): id=firewall time="2005-08-18 20:19:13" fw="vpn" pri=5 rule=130 proto="udp/port:1198" src=172.22.14.34 dst=84.119.100.217 sent=181 rcvd=67 duration=32 msg="Action:Permit" It's reading items like "udp/port:1198" as \"udp/port:1198\"
Problem !
hi guys, I got problem with this software, am trying to configure the program nut it is not detecting any device. also it is not generating any report.
Cisco 7600 Router firewall support
Dear All, We are receiving queries like, the following log is not parsed by Firewall Analyzer. <166>%FWSM-6-302014: Teardown TCP connection 219487791 faddr 10.200.168.34/33943 gaddr 10.162.115.72/41949 laddr 10.162.115.72/41949 duration 0:00:01 bytes 3394 (TCP FINs) Those who are all Interested can get a patch for this by sending a mail to support@fwanalyzer.com. with regards, Firewall-Support
Fortinet support
Dear All, We are receiving more support queries/forum requests regarding Fortinet support. Often we encounter the following question. Below is the Sample Record of which the ManageEngine Firewall Analyzer Product does not support, <189>date=2005-08-12 time=09:12:41 device_id=FG400A2904500279 log_id=0022010001 type=traffic subtype=allowed pri=notice vd=root SN=49941 duration=70 policyid=1 proto=6 service=http status=accept src=192.168.1.102 srcname=192.168.1.102 dst=202.133.237.122 dstname=202.133.237.122
Checkpoint NG & Firewall Analyzer not working
I've followed the docs for configuring the Firewall Analyzer to monitor my NG firewall & it doesn't work..the firewall port (18184) is listening (authenticated) but there is no connection or traffic..please advise
NetScreen 208 - Web Usage Reports
I am using Firewall Analyzer to receive logs from a NetScreen 208. The reporting is great on most things, but I am seeing "no data available" for the web usage reports. Is there a piece of the configuration I am missing? Thank you!
VPN Statistics
Does this product support the Cisco VPN concentrator or will you be adding support for this device. Thanks
netscreen firewalls
Hello, I am wondering if native syslog of various firewalls and some proprietary log formats are supported? Is there a method for us to send log samples to see if you can create/include support for those firewalls via patch releases or instructions on how to do it ourselves? Before looking at this product, I would be interested in having windows event logs, snort logs, watchguard, netscreen firewalls, and sonicwall firewalls be supported in one product - the addition of web type logs (iis and apache)
LSMS v5.1
this soft support log from Lucent Security Management Server 5.1? in the firewall compatibility list is the version 6.0.471 ...
Are all features supported by all firewalls?
Hi, Are all of FA's features available for all firewalls? For example, am I likely to get VPN or Virus reports from a PIX? many thanks, alec
ManageEngine Firewall Analyzer Released
ManageEngine Firewall Analyzer Released We are glad to announce the release of ManageEngine Firewall Analyzer 4 :-) Download | Read More About Firewall Analyzer Firewall Analyzer is a web-based firewall log analysis tool that analyzes logs from most enterprise firewalls, proxy servers, and Radius servers, to show you reports on bandwidth usage, VPN statistics, firewall traffic, and more. What's in there? On the reporting front, 1. Pre-defined reports on firewall traffic, with separate reports on