IPTables firewall host does not dislpay on dashboard
Dear Sr., For now I am testing trail version of the Firewall Analyzer 7.5 as stand-alone server. I configured Cisco ASA 5520 and Linux iptables host with shorewall iptables rule generation egine to send logs to the Firewall Analyzer. When I looked at the Firewall Analyzer dashboard, I saw only my CiscoASA but no linux host. In the "Live Syslog Viewer" window I see syslog entries from the linux host like this: <Linux HOST IP> <Firewall Analyzer IP> 1514 |6|Feb 4 21:44:37 <some name> kernel: Shorewall:loc2inet:REJECT:IN=eth0
ASA
Hi. I need some technical Help For cisco ASA 5510 I have Cisco ASA 5510 Firewall (version 8.2). My ISP give me two Public ip pool . Please find below example ip add details Outside interface ip :( 111.245.247.62 /255.255.255.252) My LAN Ip: 192.168.1.0/255.255.255.0 (user ip start:192.168.1.2/255.255.255.0) DMZ Ip is My local Subnet: 172.16.16.0/255.255.255.0 (My Server Ip add is:172.16.16.2/255.255.255.0) ISP Also Give Me one other 6 public Ip Pool (111.245.247.65
Displaying Time Graphs for Reports
HI Guys, Just wondered if anyone has found how to produce a 24hr graph against different filters. For Example we want to see when people are accessing social media and if this is outside of the lunch time period. Is this possible? Thanks
Firewall Analyzer Fail to run batch file
Hi, I am using a batch file under FWA Alert rules under the action run program. When the alert is trigerred, the batch file is not run. I confirmed the triggering since i have also email notification which is working normally. I can run the batch file normally under command line. I checked the path and it is ok. Here is the sample of the batch file @echo off c:\usr\bin\snmptrap -v 1 -c xxxxx yyyyy.1.3.6.7.2.1.3.1 yyyyy 1 6 '' .1.3.6.7.2.1.3.1.1.2 s "%1,%2,%3,%4,%5" Please help
Alert snmp trap not available
Hi, I cannot find alert action snmp trap on Firewall Analyser 7.5 build 7500. The data sheet says its possible may be i have missed out somewhere. The idea, I want to send trap from Firewall Analyser to Opmanager although it is integrated. For that matter, i would also need Firewall Analyser to process the traps since I am using an SMS gateway which is available on the Opmanager but not on FWA. Thanks
Export and Import DHCP logs
Hi, Our DHCP Server is established on Cisco Switch. I want to know how can I Export logs from DHCP server and import logs of DHCP into Firewall Analyzer. Cause if I understood correctly to enable the user/host name – IP mapping we just have to import DHCP logs in Firewall Analyzer. Could you please tell me how can I perform this action? Best Regards
Can't get firewall rules to import
I just setup the firewall analyzer and when I attempt to get the rules or do a compliance report I get this error: error: invalid command provided for fetching rules/access control list for rid ::1 Anyone know what the cause might be?
users are unknown
Hi, How can I set IP Addresses to the users, For example in the Reports--> URL Reports There are list of IP Addresses but the users are unknown, like below: Top Allowed URLs : Host User Url Hits Total Bytes(MB) 192.168.1.5 Unknown http://host10.aparat... 1 21.91 10.0.8.20 Unknown http://dl2.inlangu..... 2 18.34 192.168.1.5 Unknown http://sharing.shafa... 1 12.13 192.168.1.5 Unknown http://n2-attach.y.... 1 7.01 Others - - 3911 116.63 What Should I do to solve this issue? Best Regards,
Local Authentcaiton disabled
Hi, I cannot login locally to the firewall analyzer anymore. It was working properly until yesterday but today the local authentication for admin user suddenly disabled and it does not show it to me anymore and I just can login as a domain user. Please guide me what should I do to solve this problem Best Regards
Firewall analyzer monitoring Bw
hi all, i just want to know if i can use the firewall analyzer as a tool to translate ASA syslogs like a person built a session and teared it down, and to show me how much Bw he used and for how long he used a specific site like facebook. thanks mahmoud
Error initialization of Vm Java
Error occurred during initialization of VM Could not reserve enough space for object heap Could not create the Java virtual machine. This is a 32bit machine, 2GB ram, winserver 2003, and 599mb in use This happened after the installation and cannot run the firewall analizer
Admin Reports Empty results Commands Executed
When I axecute default report "AdminReports" the executed commands fields are empty. Allthough I am sure there were commands executed. Leo
Issue with SNORT/BARNYARD2/SYSLOG data
Hi, I'm trying to get our SNORT logs within Firewall Analyzer, without any success... I have tried all SYSLOG format available in Barnyard2, but all appear as "Unsupported Logs Received" in FA. # Barnyard2 Usage Examples: # output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode default # output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode complete # output log_syslog_full:
Help ManageEngine with Iptables
Hi, How configure my ManageEngine (Analyze) for analise rules on Iptables? Tanks..
High Availability Mode
Hi, Can i Install FWA in high availability mode (either with load balancer or cluser with SAN involved for storage)? thanks,
Bandwidth Utlization of PC
Guys, This should be a noob question. How can we check the bandwidth or traffic flow from a PC to another PC connected in between by a Metro Ethernet. This is monitoring activities of the pc's and the utilization. Thanks.
How to configure Blue coat AV proxy log
Does firewall analyzer supports Blue Coat AV proxy? If so how to configure so that all events are filtered in firewall analyzer. Also advise if its fesible to extract events based on virus infected connections.
Firewall Analyzer Configuration
Hi, I want to know after we configured firewall device through Firewall Analyzer and it started logging automatically is there any other specific configuration needed to set ? or every important config will be done automatically ? Cause i can see many reports that automatically generated from Firewall Analyzer . Best Regards
Showing wrong timing in firewall analyzer
HI, I am using latest firewall analyzer trail version(64 bit) 7.2. Now server showing wrong timing on firewall analyzer. Kindly let us know regarding the same to solve this problem. Regards, Arshad Ahmed
Firewall Analyzer, Live Report (Smnp), DFL-800
Hello I am a new user for Firewall Analyzer.. I have just installed Firewall Analyzer. But i cant see live reports (SMNP) I configured and forwared Syslogs and SMNP to my Firewall Analyzer from DFL-800 Firewall. And i think all settings are correct. Must i wait for 24 hours or my settings ircorrect ? Another question, can i live monitoring. I mean, can i view realtime traffic in the FAnalyzer.. I watched your demo, firewall analyzer very good and usefully a software.. Thanks
Exclude IP from detecting as ATTACK
Hi, We have Cisco ASA firewall generating %ASA-2-106016: Deny IP spoof messages and was detected as "Attack" on Firewall Analyzer. Is firewall analyzer classify attack from the log messages sent by the firewall devices ? If we have verified the source is valid and this attack is false alarm, is there anyway we can exclude the source from being flaged as attack on firewall analyzer ? We can configure on Cisco ASA firewall not send syslog message with ID 106016. But this is not the right way
FTP Passive vs. Active
Is there a setting somewhere in the Firewall Analyzer to set FTP to allow Active/Passive connections?
Can you support the ssg-1000, ssg-550, ssg-520, ssg-320 devices?
Hi all, Can you support the Juniper's ssg-1000, ssg-550, ssg-520 and ssg-320 firewall devices? Thank you in advance.
reccomendation for monitoring of enterprise firewalls
Hi all, May i know if firewall analyzer or is there any manage engine product that can monitor various makes of firewalls just through a single console? Would like to be able to monitor event logs, firewall syslogs, firewall health status, IDS/IPS logs. Pls advise. THks in advance.
Sonicwall Logs - Mapped to Alert Profile Selections
Problem is whenever I try to make an alert profile I cannot seem to get the Log Information from the sonicwall mapped to the Alerts. I never get any alerts even though I have a ton of data in the system. I need to get some alerts for attack response but for some reason I cannot come up with a proper alert that will notify anyone. Sonicwall NSA 3500 / SonicOS 5.8 / Flow Reporting configured with IPFIX with Extenstions as well as Syslog with all debug selected as the information detail. Thanks In Advance
ISO 27001
Hello, I am looking for a possibility to generate ISO 27001 compliance reports with Firewall Log Analyzer 7 with which i have integrated Checkpoint R70, BlueCoat SG 4 and Edenwall VPN. Secondly, I want to integrate CSV format logs from Edenwall VPN server to Firewall Log Analyzer 7. Please help me regarding both the problems. Thanks in advance and congrats for a good and affordable product. Suvansh
Bind firewall analyzer log servers to single IP in multihome
I need to bind the firewall analyzer syslog servers to a single IP address on a machine with multiple addresses. Is there a way to do this? I searched the forums and found information on doing this with service desk but not with firewall analyzer. Thanks, Sherm
Alert profile criteria - Firewall Analyzer 7
Hi, How can i setup alert profile criteria for a particular port to be filtered from sending notification ? For example, i have an alert profile configured with criteria to match cisco ASA firewall messages with ID 106006 and i would like to add another criteria to EXCLUDE certain port number. Regards kok kiong
Alert data fields go blank
First I have to say I am impressed with FWA. I have been configuring it to fit my needs and i have run into a snag with alerts. My alerts are configured correctly and I receive the data needed from them but after an hour or two those fields are blank. I am encountering situations where i need to look at past alerts but the data needed is no longer there. My question: Is there a way to extend the viewing time of data from an alert? Thanks for your patience. Brown
AD Authentication in Linux (Debian)
Hi, I'm using v7.4 on Linux servers (Debian 6/64b) and can't manage to find how to setup AD integration! In the "External Authentication Settings" tab, I only get the Radius box... Can someone point me to some documentation or link where requirements/dependencies are listed? Many thanks, Julien
AD Authentication Question
I have enabled AD authentication on my Firewall Analyzer implementation and am wondering if there is a way to default the login option to my domain login instead of "Local Authentication". I am not planning on using local authentication unless there's a problem with my AD so I really would like to not have to change the logon method everytime (plus other users have asked about this option). Thanks.
ManageEngine® Firewall Analyzer 7.4 Released
ManageEngine® Firewall Analyzer 7.4 Released We are happy to announce the release of ManageEngine Firewall Analyzer 7.4 (GA) Download Standalone Edition Distributed Edition Existing Customers Existing users can seamlessly migrate from 7021/ 7020 build to the 7400 release build. Download the Service Pack. What's new in this release? 7.4 - Build 7400 - Distributed Edition GA release of Firewall Analyzer Distributed Edition. New Features - Admin Server The general features available in this release
monitor juniper ssg 520
Hi, now Firewall Analyzer can monitor the traffic of juniper ssg 520 firewall?
Leave the exisiting data alone!
Just a thought for future releases....If FWA is unsinstalled from a machine why not leave the server data behind...it's kind of stupid that it doesn't.
Dashboard/Traffic Overview is empty
Hi downloaded demo version, connected to asa firewall, get some syslog but cannot see any data: live report shows no data traffic report shows no data except for Event generated events,. Any ideas why i cannot see live data? Thanks
Not receiving logs
Hi, My "advanced search" give empty output, how do i check if firewall analyzer receving logs ? I have verified that the firewall is sending logs to firewall analyzer. Thanks. Regards kok kiong
Firewall Analyzer 7 - Firewall Availability Alert
Hi, I have enabled the Firewall Availability Alert under Settings TAB of Firewall Analyzer. I keep receiving notification that firewall analyzer did not receive logs from the firewall but this is not the case. I have tried this on 2 firewall analyzer (version 7) and both behaved the same. Logs are received on the firewall analyzers. Is this a bug or something ? Thanks. Regards kok kiong
Pfsense 2.0.1
Hi there, I'm running several Pfsense firewalls and would like to use the "firewall analyzer". However, the syslog messages coming from Pfsense does not seem to be supported. Are there any plans to support this version of Pfsense (2.0.1)? I believe Pfsense has been supported in the past, so i can't imagine it is that hard to support the most recent...
Attack Reports Empty
I am testing FA on my PIX 525. One of the features that I do not see working is Attack Reports. How can this feature be enabled?
Negative values on one firewall out of two
We have two Cisco ASA 5520 firewalls we are monitoring. One displays traffic correctly (positive values), the other shows all traffic values as NEGATIVE numbers on the live traffic reports. I have verified: 1. The server time zone is set correctly, and has appropriate DST patches installed 2. Both firewalls have the same Time Zone configured 3. both Firewalls have the same NTP source, and are showing the same time/date/year Any thoughts? Jason
Next Page