ManageEngine Firewall Analyzer is an agent-less log analytics and configuration management software that helps network administrators to centrally collect, archive, analyze their security device logs and generate forensic reports out of it.

Firewall Analyzer is vendor-agnostic and supports almost all open source and commercial network firewalls such as Check Point, Cisco, Juniper, Fortinet, Palo Alto and more.

The real-time event response system and Integrated Compliance Management module automates your end point security monitoring, network bandwidth monitoring and security & compliance auditing. Firewall Analyzer eases your Device Configuration Management by providing out-of-the-box reports and alerts for configuration changes. Firewall Analyzer is vendor-agnostic and supports almost all open source and commercial network firewalls like Check Point, Cisco, Juniper, Fortinet, Snort, Squid Project, SonicWALL, Palo Alto and more, IDS/IPS, VPNs, Proxies and other related security devices.

“The implementation was so easy and it immediately started showing me how much inbound and outbound traffic was passing through our firewalls. I now use Firewall Analyzer daily!”
Phil Avella, Manager,Information Systems, Thunder Bay District Health Unit

Why Choose Firewall Analyzer?

  • Unlock the Real Value of Your Security Devices
  • Supports an extensive array of perimeter security device logs which include firewalls, VPNs, IDS/IPS and proxy servers
  • Provides a wide range of reports for external threat monitoring, change management and regulatory compliance
  • Meet Dynamic Business Needs Quickly
  • Rapidly transforms perimeter security device logs into actionable information
  • Generates reports in user friendly formats like PDF and CSV formats

Log analytics and configuration management software for network security devices

Gaining network activity insights and keeping abreast about firewall log is a challenging task as the security tool generates a huge quantity of traffic logs. Introducing Firewall Analyzer, an agent less log analytics and configuration management software that helps network administrators to understand how bandwidth is being used in their network. Firewall Analyzer is vendor-agnostic and supports almost all open source and commercial network firewalls such as Check Point, Cisco, Juniper, Fortinet, Palo Alto and more.

Firewall Policy Management

Firewall Analyzer monitors and reports the Firewall rules / policies / ACLs usage. Firewall Analyzer fetches all the rules of the Firewalls and provides rule wise usage reports. With the help of the reports, you can analyze the usage and effectiveness of the Firewall rules and fine tune the Firewall rules for optimal performance.

Compliance Management

  • Automate compliance audits with
    out-of-the-box reports for Regulatory Mandates such as PCI-DSS, ISO 27001,
  • Get your firewall security validated
    with security audit and device configuration analysis reports

Firewall Configuration Change Management

  • Get instant notification on ‘who’ made
    ‘what’ changes, ‘when’ and ‘why’ to your firewall configuration
  • Get a complete trail of all the changes
    done to your firewall configuration with Change Management reports

User internet activity monitoring

  • Monitoring internet usage (overuse or
    misuse) of employees in your organization
  • Get real-time notifications when a user
    tries to access restricted sites

Network Traffic and Bandwidth Monitoring

  • Monitor network traffic and get instant
    notifications upon sudden spikes in bandwidth
  • Analyze which user,protocol group or
    network activity is consuming more bandwidth with interface-wise live
    bandwidth usage reports

Network Security Management

  • Get detailed information on all possible
    network attacks and security breaches in your network
  • Know which viruses are active on the
    network, the hosts that are affected and more

Firewall Policy Management

  • Find out the anomalies in the firewall
    policies and rectify them to improve the firewall performance
  • Identify the highly used rules, which
    can be optimized to enhance the network security
  • Identify the unused rules and
    modify/remove them to improve your firewall performance

Real-time VPN and Proxy Server Monitoring

  • Obtain active VPN users, user-specific &
    user group specific VPN usage, sessions, and bandwidth consumed
  • Monitor the outgoing traffic through the
    proxy, obtain details on users generating traffic, websites accessed and
    bandwidth consumed

Network Forensic Audits

  • Search the logs and pinpoint the exact
    log entry which indicates the cause of the security event in minutes
  • Find the data quickly and repetitively
    using advanced log search & generate reports based on search results

Log Analysis

  • Centrally collect,analyze and archive
    logs from all your security devices such as Microsoft ISA, NetScreen,
    SonicWALL, WatchGuard, Squid Proxy and more
  • Extract the security and bandwidth
    information from flow data like IPFIX with extensions and Cisco

Firewall Compliance

  • Firewall Compliance Management
  • PCI DSS Compliance Report
  • ISO 27001:2013 Compliance Report
  • SANS Compliance Report
  • NIST Compliance Report
  • NERC CIP Compliance Report
  • Security Audit & Configuration Analysis Report
  • Configuration Change Management Report

Firewall Device Management

  • Firewall Policy Overview Report
  • Firewall Used Rules Report
  • Firewall Unused Rules Report
  • Firewall Security Management
  • Firewall Policy Optimization Report

Network Security Reports

  • Firewall Reports
  • Virus, Attack, & Security Reports
  • VPN Reports
  • Application Reports for Firewall
  • Proxy Server Reports

Traffic & Bandwidth Reports

  • Real-time Bandwidth Monitoring
  • Bandwidth Monitoring
  • Traffic Analyzer
  • URL Monitoring
  • Employee Internet Usage Monitoring

Anomaly & Bandwidth Alerts

  • Firewall Alerts
  • Alert Notifications
  • Alert Administration

MSSP Features

  • Managed Firewall Service
  • Dashboard and User based Views
  • Rebranding the Web Client

Admin Audit & Archive

  • Firewall Admin Reports
  • Firewall Log Archiving for Compliance

OpManager Integration

  • ManageEngine OpManager Integration

Log Forensic Analysis

  • Raw & Formatted Log Search and Reports

Firewall Log Analysis

  • Check Point
  • Cisco PIX Device
  • Cisco ASA Device
  • CyberGuard
  • Fortigate

Security Device Log Analysis

  • Microsoft ISA
  • NetScreen
  • SonicWALL
  • WatchGuard
  • Squid Proxy

Firewall Analyzer is compatible with the following firewall devices.

Company Firewall/Version WELF Certified Other Log Format

3Com X-family Version or later

Earlier versions will work to a lesser extent

Anchiva Secure Gateway Series 200, 500, 800, 1000, 2000 or higher  
Applied Identity Identiforce  
ARKOON Network Security ARKOON 2.20 or higher
Astaro Astaro Security Linux v7.0, v8.0 or higher
Aventail Extranet Center v3.0 or higher
AWStats Most versions  
Barracuda VF250 Version 5.4.1 or higher
BlueCoat SG Series, Proxy Server, Proxy SGOS  
Check Point Log import from all versions and
LEA support for R54 and above
VSX Firewalls – Virtual Edition supported
Cimcor CimTrak Web Security Edition or later  
Cisco Systems Cisco Pix Secure Firewall v 6.x, 7.x,
Cisco ASA – Virtual Contexts supported
Cisco IOS 3005, 1900, 2911, 3925
Cisco FWSM – Virtual Contexts supported
Cisco VPN Concentrator
Cisco CSC-SSM Module v6.3.x or higher
Cisco IronPort Proxy
Cisco Botnet module
Clavister Most versions
CyberGuard CyberGuard Firewall v4.1, 4.2, 4.3, 5.1 or higher
Cyberoam Cyberoam Firewall version: 9.5.4 or higher
D-Link Most DFL versions
DP Firewalls DP Firewall 1000-GE or higher
Electronic Consultants IPTables Firewall
Fortine FortiGate family, SSL VPN (v300A, v310B or later)
Webfilter, DLP, IPS modules, IPSec and VDOMs supported.
FreeBSD Most versions
Funkwerk Enterprise Communications Funkwerk UTM
Global Technologies Gnatbox (GB-1000) 3.3.0+ or higher
Ingate Ingate firewall: 1200, 1400, 1800/1880 or later
Inktomi Traffic Server, C?Class and E?Class
IPCop IPCop Firewall Version 1.4.17 / 1.4.18 or higher
Juniper Networks
  • Juniper SRX series

SRX100, SRX210, SRX220, SRX240, SRX650, SRX1400, SRX3400, SRX3600, SRX5600, SRX5800

SRX – Security and Application logs, VDOM support

  • NetScreen series

NetScreen most versions of Web Filter & Spam Modules

  • IDP, SSL VPN series

4500 & 6500, New Format Logs

  • ISG series


  • 6360, 8350 series
Kerio Winroute
Lenovo Security Technologies LeadSec
Lucent Security Management Server V. 6.0.471 or higher
(formerly Secure Computing)

SnapGear, SG580, Sidewinder (uses SEF Sidewinder Export Format),

Firewall Enterprise – Sidewinder (S4016)

Microsoft Microsoft ISA (Firewall, Web Proxy, Packet Filter, Server 2006 VPN) or later
Server 2000 and 2004or later,
W3C Log Format,
Threat Management Gateway (TMG)
NetApp NetCache
NetASQ F10, F100 v3.x or higher
NetFilter Linux Iptables
Netopia S9500 Security Appliance v1.6 or higher
Network-1 CyberwallPLUS-WS, CyberwallPLUS-SV or later
Opzoon Firewall ISOS v5 or later
Palo Alto Palo Alto Firewalls PA 5000 series, PANOS 4.1.0 or later
Recourse Technologies ManHunt v1.2, 1.21 or higher
Ruijie Firewall
Securepoint Securepoint UTM Firewalls
Snort Most versions
SonicWALL SOHO3, SOHO TZW, TELE3 SP/TELE3 Spi, PRO 230, 2040, 3060, 4060, 5060, TZ
100/ TZ 100w, TZ 170, TZ 170 Wireless, TZ 170 SP Wireless, TZ 200/ TZ
200w, TZ 210/ TZ 210w, NSA 240, NSA 2400, NSA 2400MX, NSA 3500, NSA
4500, NSA 5000, NSA E5500, NSA E6500, NSA E7500, NSA E8500, NSA E8510 or
later , Sonic OS 5.8.x and above (supports “IPFIX with extensions”)
Squid Project Squid Internet Object Cache v1.1, 2.x or higher
St. Bernard Software iPrism 4.1, Proxy server 7110
Stonesoft Firewall version 5.5 or higher
Sun Microsystems SunScreen Firewall v3.1 or higher
Vyatta Vyatta Firewall -IPv4 Firewall, IPv6 Firewall, Zone-Based Firewall
WatchGuard All Firebox Models v5.x, 6.x, 7.x, 8.x, 10.x, 11 or higher
Firebox X series, x550e, x10e, x1000, x750e or later

XTM version 11.9

WebMarshal Most versions  
Zywall Most versions

System Requirements

This section lists the minimum system requirements for installing and working with EventLog Analyzer – Distributed and Standalone editions

  • Hardware RequirementsThe minimum hardware requirements for installing and working with Standalone and Distributed Editions are given below.
    • 1GHz Pentium Dual Core processor or equivalent
    • 1 GB of RAM*
    • 1 GB of disk space*
    • Monitor that supports 1024×768 resolution
    • For installing OpManager v12.0, following are the recommended hardware and software requirements. 

      Hardware Requirement for v12.0 : 

      Firewall Processor RAM Size OS Windows OS Linux DataBase
      500 logs/sec Intel Xeon
      Quad Core, 3.5 GHz
      8 GB 2012 R2 / 2012 / 2008 R2 / 2008 / 2003 Server / Vista / v7 / 2000 Professional SP4 RedHat 4.x and above, Debian 3.0, Suse, Fedora and Mandrake MS SQL 2000, 2005, 2008 and 2012 Or OpManager bundled PostgreSQL
      More than 500 logs/sec Intel Xeon Quad Core 3.5 GHz 16 GB 2008 R2 64 bit / 2012 R2 CentOS 64 bit or any linux distribution with glibc >= 2.3 and X libraries installed MSSQL 2008 and 2012 or OpManager bundled PostgreSQL

      *The following table recommends the disk space and RAM size requirements of the system where it’s installed. The disk space and RAM size requirements depends on the number of devices sending log information to Firewall Analyzer, the number of firewall log records received per second or the firewall log data received per day by Firewall Analyzer.

      Recommended Minimum RAM Requirement

      Log Records Rate RAM Size
      Up to 100 Logs/sec 1 GB
      100 – 500 Logs/sec 2 GB
      500 – 1000 Logs/sec 4 GB
      Above 1000 Logs/sec 4 GB (64 Bit)
      Above 1000 Logs/sec 8 GB

      Hard Disk Space Requirement

      The split up is: Archive+Index+MySQL=Total

      Log Records Rate For 1 Day For 1 Week For 1 Month
      50 Logs/sec 1+0.5+10.5=12GB 5+3+30=38 GB 18+7+75=100 GB
      100 Logs/sec 2+1+15=18 GB 10+5+50=65 GB 35+15+100=150 GB
      300 Logs/sec 6+3+31=40 GB 30+15+105=150 GB 100+45+295=440 GB
      500 Logs/sec 10+5+75=90 GB 50+25+225=300 GB 170+70+480=720 GB
      1000 Logs/sec 20+10+150=180 GB 95+45+500=640 GB 325+125+950=1.4 TB
      Log Records Rate For 3 Months For 6 Months For 1 Year
      50 Logs/sec 60+25+125=210 GB 120+40+160=320 GB 240+90+300=630 GB
      100 Logs/sec 110+50+240=400 GB 220+80+320=720 GB 450+170+580=1.2 TB
      300 Logs/sec 280+120+600=1 TB 500+200+800=1.5 TB 900+350+1250=2.5 TB
      500 Logs/sec 470+230+1100=1.8 TB 900+400+2100=3.4 TB 1700+700+3600=6 TB
      1000 Logs/sec 920+480+2100=3.5 TB 1750+750+4200=6 TB 2850+1250+6400=10.5 TB

      Hard Disk Space Requirements for v12.0 : 

      Firewall (up to 500 logs/sec)
      (To maintain 1 day archive logs)
      Firewall (More than 500 logs/sec)
      90 GB  To process every 500 logs/sec in addition, at least we need 90 GB in addition

      CPU Requirements

      • Dedicated machine has to be allocated to process more than 200 logs per second.
      • Dual core processors are needed to process more than 500 logs per second.
      • Quadra core processors are needed to process more than 1000 logs second.

      RAM Requirements

      • Number of firewalls handled by the Firewall Analyzer will increase the requirement of the above RAM values. So it is better to have RAM value higher than the suggested value in case of having more than 5 firewalls.

      Separate Installation

      • Firewall Analyzer server and MySQL database can be installed in separate machines, in case of higher log rate with low-end CPU machines.

      Hard Disk Requirements for more months

      • The above Hard Disk space requirement projected is for one month. If you need to archive the logs for more number of months, multiply the above requirements with the number of months based on your requirement.

      Note:The Log Records Per Second is the total log records received per second from all the configured devices.

    • PostgreSQL Performance Improvement Parameters

      PostgreSQL Performance Improvement Parameters (for Firewall Analyzer version 7.5 Build 7500 onwards)

      For better performance, we recommend replacing the existing PostgreSQL parameters mentioned in postgres_ext.conf available under <Firewall Analyzer Home>\pgsql\data\directory

      Parameters Comments
      port = 33336 This change requires Firewall Analyzer Application/Service restart
      shared_buffers = 128 MB Minimum requirement is 128 KB. This change requires Firewall Analyzer Appplication/Service restart
      work_mem = 12 MB Minimum requirement is 64 KB.
      maintenance_work_mem = 100 MB Minimum requirement is 1 MB.
      checkpoint_segments = 15 Logfile segments minimum 1 and 16 MB each
      checkpoint_timeout = 11 minutes Range: 30 seconds to 1 hour
      checkpoint_completion_target = 0.9 checkpoint target duration is 0.0 – 1.0
      seq_page_cost = 1.0 This parameter is measured in an arbitrary scale
      random_page_cost = 2.0 This parameter is measured in same scale as
      effective_cache_size = 512MB  
    • Supported Operating SystemsIt has been tested to run on the following operating systems and versions:


      • Windows 8
      • Windows 7
      • Windows NT
      • Windows 2000
      • Windows XP
      • Windows Vista
      • Windows 2000 Server
      • Windows 2003 Server
      • Windows 2008 Server
      • Windows 2012 Server


      • Ubuntu 9.1.10
      • Fedora 12
      • OpenSuSE 11.2
      • CentOS 5.5
      • Red Hat RHEL
      • Mandrake
      • Mandriva
      • Debian


      Note: For Distributed Edition – Admin Server only

      For version 7.4 Build 7400 or earlier

      If The Distributed Edition Admin Server is installed in SuSE Linux, then

      • Locate and open mysql-ds.xml file in <Firewall_Analyzer_Home>/server/default/deploy
      • Find the following line and replace localhost, with corresponding IP Address/DNS resolvable name of the current system where Firewall Analyzer Distributed Edition Admin server is installed.


    • Supported Web BrowsersIt has been tested to support the following browsers and versions:
      • Internet Explorer 8 and later
      • Firefox 4 and later
      • Chrome 8 and later
    • Supported Databases

      Bundled with the product

      • PostgreSQL

      External Databases

      • MS SQL 2000
      • MS SQL 2005
      • MS SQL 2008
      • MS SQL 2012
    • MySQL Performance Improvement Parameters

      MySQL Performance Improvement Parameters (for Firewall Analyzer version 7.4 Build 7400 or earlier)

      For better performance, we recommend replacing the existing MySQL parameters mentioned in startDB.bat/sh, available under <FirewallAnalyzerHome>\bin directory, with the following
      MySQL parameters changes for the corresponding RAM Size.

      RAM Size MySQL Parameters For Windows Installation MySQL Parameters For Linux Installation
      512 MB Default configuration as given in startDB.bat Default configuration as given in
      1 GB –innodb_buffer_pool_size=300M
      2 GB –innodb_buffer_pool_size=900M
      3 GB –innodb_buffer_pool_size=900M
      4 GB –innodb_buffer_pool_size=900M