users are unknown
Hi, How can I set IP Addresses to the users, For example in the Reports--> URL Reports There are list of IP Addresses but the users are unknown, like below: Top Allowed URLs : Host User Url Hits Total Bytes(MB) 192.168.1.5 Unknown http://host10.aparat... 1 21.91 10.0.8.20 Unknown http://dl2.inlangu..... 2 18.34 192.168.1.5 Unknown http://sharing.shafa... 1 12.13 192.168.1.5 Unknown http://n2-attach.y.... 1 7.01 Others - - 3911 116.63 What Should I do to solve this issue? Best Regards,
Local Authentcaiton disabled
Hi, I cannot login locally to the firewall analyzer anymore. It was working properly until yesterday but today the local authentication for admin user suddenly disabled and it does not show it to me anymore and I just can login as a domain user. Please guide me what should I do to solve this problem Best Regards
Firewall analyzer monitoring Bw
hi all, i just want to know if i can use the firewall analyzer as a tool to translate ASA syslogs like a person built a session and teared it down, and to show me how much Bw he used and for how long he used a specific site like facebook. thanks mahmoud
Error initialization of Vm Java
Error occurred during initialization of VM Could not reserve enough space for object heap Could not create the Java virtual machine. This is a 32bit machine, 2GB ram, winserver 2003, and 599mb in use This happened after the installation and cannot run the firewall analizer
Admin Reports Empty results Commands Executed
When I axecute default report "AdminReports" the executed commands fields are empty. Allthough I am sure there were commands executed. Leo
Issue with SNORT/BARNYARD2/SYSLOG data
Hi, I'm trying to get our SNORT logs within Firewall Analyzer, without any success... I have tried all SYSLOG format available in Barnyard2, but all appear as "Unsupported Logs Received" in FA. # Barnyard2 Usage Examples: # output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode default # output alert_syslog_full: sensor_name snortIds1-eth2, server xxx.xxx.xxx.xxx, protocol udp, port 514, operation_mode complete # output log_syslog_full:
Help ManageEngine with Iptables
Hi, How configure my ManageEngine (Analyze) for analise rules on Iptables? Tanks..
High Availability Mode
Hi, Can i Install FWA in high availability mode (either with load balancer or cluser with SAN involved for storage)? thanks,
Bandwidth Utlization of PC
Guys, This should be a noob question. How can we check the bandwidth or traffic flow from a PC to another PC connected in between by a Metro Ethernet. This is monitoring activities of the pc's and the utilization. Thanks.
How to configure Blue coat AV proxy log
Does firewall analyzer supports Blue Coat AV proxy? If so how to configure so that all events are filtered in firewall analyzer. Also advise if its fesible to extract events based on virus infected connections.
Firewall Analyzer Configuration
Hi, I want to know after we configured firewall device through Firewall Analyzer and it started logging automatically is there any other specific configuration needed to set ? or every important config will be done automatically ? Cause i can see many reports that automatically generated from Firewall Analyzer . Best Regards
Showing wrong timing in firewall analyzer
HI, I am using latest firewall analyzer trail version(64 bit) 7.2. Now server showing wrong timing on firewall analyzer. Kindly let us know regarding the same to solve this problem. Regards, Arshad Ahmed
Firewall Analyzer, Live Report (Smnp), DFL-800
Hello I am a new user for Firewall Analyzer.. I have just installed Firewall Analyzer. But i cant see live reports (SMNP) I configured and forwared Syslogs and SMNP to my Firewall Analyzer from DFL-800 Firewall. And i think all settings are correct. Must i wait for 24 hours or my settings ircorrect ? Another question, can i live monitoring. I mean, can i view realtime traffic in the FAnalyzer.. I watched your demo, firewall analyzer very good and usefully a software.. Thanks
Exclude IP from detecting as ATTACK
Hi, We have Cisco ASA firewall generating %ASA-2-106016: Deny IP spoof messages and was detected as "Attack" on Firewall Analyzer. Is firewall analyzer classify attack from the log messages sent by the firewall devices ? If we have verified the source is valid and this attack is false alarm, is there anyway we can exclude the source from being flaged as attack on firewall analyzer ? We can configure on Cisco ASA firewall not send syslog message with ID 106016. But this is not the right way
FTP Passive vs. Active
Is there a setting somewhere in the Firewall Analyzer to set FTP to allow Active/Passive connections?
Can you support the ssg-1000, ssg-550, ssg-520, ssg-320 devices?
Hi all, Can you support the Juniper's ssg-1000, ssg-550, ssg-520 and ssg-320 firewall devices? Thank you in advance.
reccomendation for monitoring of enterprise firewalls
Hi all, May i know if firewall analyzer or is there any manage engine product that can monitor various makes of firewalls just through a single console? Would like to be able to monitor event logs, firewall syslogs, firewall health status, IDS/IPS logs. Pls advise. THks in advance.
Sonicwall Logs - Mapped to Alert Profile Selections
Problem is whenever I try to make an alert profile I cannot seem to get the Log Information from the sonicwall mapped to the Alerts. I never get any alerts even though I have a ton of data in the system. I need to get some alerts for attack response but for some reason I cannot come up with a proper alert that will notify anyone. Sonicwall NSA 3500 / SonicOS 5.8 / Flow Reporting configured with IPFIX with Extenstions as well as Syslog with all debug selected as the information detail. Thanks In Advance
ISO 27001
Hello, I am looking for a possibility to generate ISO 27001 compliance reports with Firewall Log Analyzer 7 with which i have integrated Checkpoint R70, BlueCoat SG 4 and Edenwall VPN. Secondly, I want to integrate CSV format logs from Edenwall VPN server to Firewall Log Analyzer 7. Please help me regarding both the problems. Thanks in advance and congrats for a good and affordable product. Suvansh
Bind firewall analyzer log servers to single IP in multihome
I need to bind the firewall analyzer syslog servers to a single IP address on a machine with multiple addresses. Is there a way to do this? I searched the forums and found information on doing this with service desk but not with firewall analyzer. Thanks, Sherm
Alert profile criteria - Firewall Analyzer 7
Hi, How can i setup alert profile criteria for a particular port to be filtered from sending notification ? For example, i have an alert profile configured with criteria to match cisco ASA firewall messages with ID 106006 and i would like to add another criteria to EXCLUDE certain port number. Regards kok kiong
Alert data fields go blank
First I have to say I am impressed with FWA. I have been configuring it to fit my needs and i have run into a snag with alerts. My alerts are configured correctly and I receive the data needed from them but after an hour or two those fields are blank. I am encountering situations where i need to look at past alerts but the data needed is no longer there. My question: Is there a way to extend the viewing time of data from an alert? Thanks for your patience. Brown
AD Authentication in Linux (Debian)
Hi, I'm using v7.4 on Linux servers (Debian 6/64b) and can't manage to find how to setup AD integration! In the "External Authentication Settings" tab, I only get the Radius box... Can someone point me to some documentation or link where requirements/dependencies are listed? Many thanks, Julien
AD Authentication Question
I have enabled AD authentication on my Firewall Analyzer implementation and am wondering if there is a way to default the login option to my domain login instead of "Local Authentication". I am not planning on using local authentication unless there's a problem with my AD so I really would like to not have to change the logon method everytime (plus other users have asked about this option). Thanks.
ManageEngine® Firewall Analyzer 7.4 Released
ManageEngine® Firewall Analyzer 7.4 Released We are happy to announce the release of ManageEngine Firewall Analyzer 7.4 (GA) Download Standalone Edition Distributed Edition Existing Customers Existing users can seamlessly migrate from 7021/ 7020 build to the 7400 release build. Download the Service Pack. What's new in this release? 7.4 - Build 7400 - Distributed Edition GA release of Firewall Analyzer Distributed Edition. New Features - Admin Server The general features available in this release
monitor juniper ssg 520
Hi, now Firewall Analyzer can monitor the traffic of juniper ssg 520 firewall?
Leave the exisiting data alone!
Just a thought for future releases....If FWA is unsinstalled from a machine why not leave the server data behind...it's kind of stupid that it doesn't.
Dashboard/Traffic Overview is empty
Hi downloaded demo version, connected to asa firewall, get some syslog but cannot see any data: live report shows no data traffic report shows no data except for Event generated events,. Any ideas why i cannot see live data? Thanks
Not receiving logs
Hi, My "advanced search" give empty output, how do i check if firewall analyzer receving logs ? I have verified that the firewall is sending logs to firewall analyzer. Thanks. Regards kok kiong
Firewall Analyzer 7 - Firewall Availability Alert
Hi, I have enabled the Firewall Availability Alert under Settings TAB of Firewall Analyzer. I keep receiving notification that firewall analyzer did not receive logs from the firewall but this is not the case. I have tried this on 2 firewall analyzer (version 7) and both behaved the same. Logs are received on the firewall analyzers. Is this a bug or something ? Thanks. Regards kok kiong
Pfsense 2.0.1
Hi there, I'm running several Pfsense firewalls and would like to use the "firewall analyzer". However, the syslog messages coming from Pfsense does not seem to be supported. Are there any plans to support this version of Pfsense (2.0.1)? I believe Pfsense has been supported in the past, so i can't imagine it is that hard to support the most recent...
Attack Reports Empty
I am testing FA on my PIX 525. One of the features that I do not see working is Attack Reports. How can this feature be enabled?
Negative values on one firewall out of two
We have two Cisco ASA 5520 firewalls we are monitoring. One displays traffic correctly (positive values), the other shows all traffic values as NEGATIVE numbers on the live traffic reports. I have verified: 1. The server time zone is set correctly, and has appropriate DST patches installed 2. Both firewalls have the same Time Zone configured 3. both Firewalls have the same NTP source, and are showing the same time/date/year Any thoughts? Jason
Importing of Alert Profile
Hi, How to import alert profile? Any help? Regards, S.Seetha
Live Report empty
Hello Team We are testing Firewall Analyzer to produce various statistics from some+ firewalls. Basically all the FWs (ScreenOS) sends the syslog messages to a syslog collector (NSM box) which relay a copy of the logs to a workstation running Firewall Analyzer. The point is that on Live Report all the graphs are empty, and the source IP for each firewall is the IP of the NSM box. Also setting the SNMP is impossible since the IP of the device couldn't be changed. Do you have any workaround on it?
Problem after update to 7021
After form 7001 to 7021 it is not possible anymore to change the field IPAddress under Settings/Device Rule. We have the premium license. In version 7001 the help shows: If the Firewall Analyzer is not receiving the logs directly from the Firewall device (i.e., the logs are received from a log forwarder tool), to fetch the rules from the Firewall device, configure the IP Address of the actual Firewall. Configure the IP Address, using Secondary Info > IP Address field. Is this a bug or the new behavior?
Can you upgrade on Linux using command line (non gui)?
I have remote SSH access only to my Firewall Analyzer. I need to know if there is a way to upgrade via a command line rather than using gui? Thanks!
Juniper SRX visualize Interface-Specific Firewall Filter Counters
can I visualize this count ?
Evaluating Firewall Analyser
Hi Guys New to the product and just digesting the wealth of info it provides. Running Checkpoint cluster (R75) and pulling in reports ok. However there doesnt seem to be any info under the VPN reports section so wondered if i was missing something. Also i have created a number of report profiles. Each profile is looking at a seperate VLAN. Some of the reports however show top host info whilst others dont despite showing trafffic etering or leaving the vlan. Thanks
Firewall analyzer problem
Error occurred during initialization of VM Could not reserve enough space for object heap Could not create the Java virtual machine. This is a 32bit machine, 2GB ram, winserver 2003, and 599mb in use This happened after the installation and cannot run the firewall analizer
Next Page