Used Rules Not Shown for Cisco ASA (FWA)
For every transaction happening in Cisco Firewall, an rule
configured in it matches. This matched policy along with complete
transaction detail is audited through Message-ID 106100. Please follow
the below link which provides more information about the same. This
message identifier will provide information for both accepted and
denied transactions.
The
log containing the above information is forwarded to Firewall Analyzer
machine via syslog. We parse these information to get the "Used"
rules. This information is populated in "Firewall Rules Report" -->
"Top Used Rules" report.
Categorization is based on ACL group and not based on ACL entries.
The information that is provided by Cisco as part of syslog message is
the "ACL" name. So with the help of complete access-list fetched from
the firewall, we can show "Unsed Rules" based on "ACL" and not fine
grained to ACL entries.
To find out which
particular ACL entry is used or not, please click on the particular
rule name in "Firewall Rules Report" --> "Top Used Rules", you will
be able to see the entries in it with corresponding hit count.
New to ADSelfService Plus?
Related Articles
Fix for Cisco ASA showing 0.0.0.0.0.0 for source and Destination for build 9900
Thank you for your time during the call. Please follow the below steps and check on the issue: 1) Stop the NetFlow Analyzer Service. 2) Open Command prompt as administrator and navigate to NetFlow_Home/bin and execute startDB.bat two times for ...
FIX for NFA-10250 for ASA issue and OUT traffic not shown for devices
This Patch is applicable only over the NetFlow Analyzer build 10250 Please download and unzip the patch file from the below link: https://uploads.zohocorp.com/Internal_Useruploads/dnd/NetFlow_Analyzer/o_19uprk25h3r21ci71tru24t1ule1/Fix.zip It ...
Barracuda Firewall support-FWA 12100
Please follow below steps when apply the fix. Stop the Firewall Analyzer service. Move the FirewallService.jar from <OpManager_Home>\lib location to a different directory Download the updated FirewallService.jar and save it in the above folder ...
Mssql custom port & custom instance issue: FWA
The below fix has to be applied after ensuring the bcp files are copied and the native client is installed. 1. Go <HOME>\conf location, open database_params.conf file. 2. Add 'instanceName = <db instance Name>' parameter in the url. ...
Upgrade steps from build 12.6 or above to 12.7
Note: NetFlow Analyzer version 12.7 has PostgreSQL data migration from 10.21 to 14.7 Tomcat - 8.5.43 to 9.0.71 JDBC driver changes postgresql-42.4.0.jar to postgresql-42.5.1.jar jtds-1.2.2.jar to mssql-jdbc-8.4.1.jre8.jar Disk Space in the NetFlow ...