- Inbound / Outbound Traffic
- Internet / Intranet Reports
- VPN Usage & Trend
- Protocol Usage
- Firewall Rules Report
- Sites Accessed by Users
- Firewall Device Audit Report
ManageEngine Firewall Analyzer is an agent-less log analytics and configuration management software that helps network administrators to centrally collect, archive, analyze their security device logs and generate forensic reports out of it.
Firewall Analyzer is vendor-agnostic and supports almost all open source and commercial network firewalls such as Check Point, Cisco, Juniper, Fortinet, Palo Alto and more.
The real-time event response system and Integrated Compliance Management module automates your end point security monitoring, network bandwidth monitoring and security & compliance auditing. Firewall Analyzer eases your Device Configuration Management by providing out-of-the-box reports and alerts for configuration changes. Firewall Analyzer is vendor-agnostic and supports almost all open source and commercial network firewalls like Check Point, Cisco, Juniper, Fortinet, Snort, Squid Project, SonicWALL, Palo Alto and more, IDS/IPS, VPNs, Proxies and other related security devices.
“The implementation was so easy and it immediately started showing me how much inbound and outbound traffic was passing through our firewalls. I now use Firewall Analyzer daily!”
Phil Avella, Manager,Information Systems, Thunder Bay District Health Unit
Why Choose Firewall Analyzer?
- Unlock the Real Value of Your Security Devices
- Supports an extensive array of perimeter security device logs which include firewalls, VPNs, IDS/IPS and proxy servers
- Provides a wide range of reports for external threat monitoring, change management and regulatory compliance
- Meet Dynamic Business Needs Quickly
- Rapidly transforms perimeter security device logs into actionable information
- Generates reports in user friendly formats like PDF and CSV formats
Log analytics and configuration management software for network security devices
Gaining network activity insights and keeping abreast about firewall log is a challenging task as the security tool generates a huge quantity of traffic logs. Introducing Firewall Analyzer, an agent less log analytics and configuration management software that helps network administrators to understand how bandwidth is being used in their network. Firewall Analyzer is vendor-agnostic and supports almost all open source and commercial network firewalls such as Check Point, Cisco, Juniper, Fortinet, Palo Alto and more.
Firewall Policy Management
Firewall Analyzer monitors and reports the Firewall rules / policies / ACLs usage. Firewall Analyzer fetches all the rules of the Firewalls and provides rule wise usage reports. With the help of the reports, you can analyze the usage and effectiveness of the Firewall rules and fine tune the Firewall rules for optimal performance.
Compliance Management
- Automate compliance audits with
out-of-the-box reports for Regulatory Mandates such as PCI-DSS, ISO 27001,
SANS, NERC-CIP, NIST and SANS - Get your firewall security validated
with security audit and device configuration analysis reports
Firewall Configuration Change Management
- Get instant notification on ‘who’ made
‘what’ changes, ‘when’ and ‘why’ to your firewall configuration - Get a complete trail of all the changes
done to your firewall configuration with Change Management reports
User internet activity monitoring
- Monitoring internet usage (overuse or
misuse) of employees in your organization - Get real-time notifications when a user
tries to access restricted sites
Network Traffic and Bandwidth Monitoring
- Monitor network traffic and get instant
notifications upon sudden spikes in bandwidth - Analyze which user,protocol group or
network activity is consuming more bandwidth with interface-wise live
bandwidth usage reports
Network Security Management
- Get detailed information on all possible
network attacks and security breaches in your network - Know which viruses are active on the
network, the hosts that are affected and more
Firewall Policy Management
- Find out the anomalies in the firewall
policies and rectify them to improve the firewall performance - Identify the highly used rules, which
can be optimized to enhance the network security - Identify the unused rules and
modify/remove them to improve your firewall performance
Real-time VPN and Proxy Server Monitoring
- Obtain active VPN users, user-specific &
user group specific VPN usage, sessions, and bandwidth consumed - Monitor the outgoing traffic through the
proxy, obtain details on users generating traffic, websites accessed and
bandwidth consumed
Network Forensic Audits
- Search the logs and pinpoint the exact
log entry which indicates the cause of the security event in minutes - Find the data quickly and repetitively
using advanced log search & generate reports based on search results
Log Analysis
- Centrally collect,analyze and archive
logs from all your security devices such as Microsoft ISA, NetScreen,
SonicWALL, WatchGuard, Squid Proxy and more - Extract the security and bandwidth
information from flow data like IPFIX with extensions and Cisco
Firewall Compliance
- Firewall Compliance Management
- PCI DSS Compliance Report
- ISO 27001:2013 Compliance Report
- SANS Compliance Report
- NIST Compliance Report
- NERC CIP Compliance Report
- Security Audit & Configuration Analysis Report
- Configuration Change Management Report
Firewall Device Management
- Firewall Policy Overview Report
- Firewall Used Rules Report
- Firewall Unused Rules Report
- Firewall Security Management
- Firewall Policy Optimization Report
Network Security Reports
- Firewall Reports
- Virus, Attack, & Security Reports
- VPN Reports
- Application Reports for Firewall
- Proxy Server Reports
Traffic & Bandwidth Reports
- Real-time Bandwidth Monitoring
- Bandwidth Monitoring
- Traffic Analyzer
- URL Monitoring
- Employee Internet Usage Monitoring
Anomaly & Bandwidth Alerts
- Firewall Alerts
- Alert Notifications
- Alert Administration
MSSP Features
- Managed Firewall Service
- Dashboard and User based Views
- Rebranding the Web Client
Admin Audit & Archive
- Firewall Admin Reports
- Firewall Log Archiving for Compliance
OpManager Integration
- ManageEngine OpManager Integration
Log Forensic Analysis
- Raw & Formatted Log Search and Reports
Firewall Log Analysis
- Check Point
- Cisco PIX Device
- Cisco ASA Device
- CyberGuard
- Fortigate
Security Device Log Analysis
- Microsoft ISA
- NetScreen
- SonicWALL
- WatchGuard
- Squid Proxy
Firewall Analyzer is compatible with the following firewall devices.
| Company | Firewall/Version | WELF Certified | Other Log Format |
|---|---|---|---|
| 3Com |
3Com X-family Version 3.0.0.2090 or later Earlier versions will work to a lesser extent |
✓ | |
| Anchiva | Secure Gateway Series 200, 500, 800, 1000, 2000 or higher | ✓ | |
| Applied Identity | Identiforce | ✓ | |
| ARKOON Network Security | ARKOON 2.20 or higher | ✓ | ✓ |
| Astaro | Astaro Security Linux v7.0, v8.0 or higher | ✓ | ✓ |
| Aventail | Extranet Center v3.0 or higher | ✓ | ✓ |
| AWStats | Most versions | ✓ | |
| Barracuda | VF250 Version 5.4.1 or higher | ✓ | ✓ |
| BlueCoat | SG Series, Proxy Server, Proxy SGOS 6.4.5.2 | ✓ | |
| Check Point | Log import from all versions and LEA support for R54 and above VSX Firewalls – Virtual Edition supported |
✓ | |
| Cimcor | CimTrak Web Security Edition or later | ✓ | |
| Cisco Systems | Cisco Pix Secure Firewall v 6.x, 7.x, Cisco ASA – Virtual Contexts supported Cisco IOS 3005, 1900, 2911, 3925 Cisco FWSM – Virtual Contexts supported Cisco VPN Concentrator Cisco CSC-SSM Module v6.3.x or higher Cisco SSL WebVPN or SVC VPN Cisco IronPort Proxy Cisco Botnet module |
✓ | |
| Clavister | Most versions | ✓ | |
| CyberGuard | CyberGuard Firewall v4.1, 4.2, 4.3, 5.1 or higher | ✓ | |
| Cyberoam | Cyberoam Firewall version: 9.5.4 or higher | ✓ | |
| D-Link | Most DFL versions | ✓ | |
| DP Firewalls | DP Firewall 1000-GE or higher | ✓ | |
| Electronic Consultants | IPTables Firewall | ✓ | |
| Fortine | FortiGate family, SSL VPN (v300A, v310B or later) Webfilter, DLP, IPS modules, IPSec and VDOMs supported. |
✓ | ✓ |
| FreeBSD | Most versions | ✓ | |
| Funkwerk Enterprise Communications | Funkwerk UTM | ✓ | |
| Global Technologies | Gnatbox (GB-1000) 3.3.0+ or higher | ✓ | |
| Huawei | ✓ | ||
| Ingate | Ingate firewall: 1200, 1400, 1800/1880 or later | ✓ | |
| Inktomi | Traffic Server, C?Class and E?Class | ✓ | |
| IPCop | IPCop Firewall Version 1.4.17 / 1.4.18 or higher | ✓ | |
| Juniper Networks |
SRX100, SRX210, SRX220, SRX240, SRX650, SRX1400, SRX3400, SRX3600, SRX5600, SRX5800 SRX – Security and Application logs, VDOM support
NetScreen most versions of Web Filter & Spam Modules
4500 & 6500, New Format Logs
2000
|
✓ | ✓ |
| Kerio | Winroute | ✓ | |
| Lenovo Security Technologies | LeadSec | ✓ | |
| Lucent | Security Management Server V. 6.0.471 or higher | ✓ | |
| McAfee (formerly Secure Computing) |
SnapGear, SG580, Sidewinder (uses SEF Sidewinder Export Format), Firewall Enterprise – Sidewinder (S4016) |
✓ | ✓ |
| Microsoft | Microsoft ISA (Firewall, Web Proxy, Packet Filter, Server 2006 VPN) or later Server 2000 and 2004or later, W3C Log Format, Threat Management Gateway (TMG) |
✓ | |
| NetApp | NetCache | ✓ | |
| NetASQ | F10, F100 v3.x or higher | ✓ | |
| NetFilter | Linux Iptables | ✓ | |
| Netopia | S9500 Security Appliance v1.6 or higher | ✓ | |
| Network-1 | CyberwallPLUS-WS, CyberwallPLUS-SV or later | ✓ | |
| Opzoon | Firewall ISOS v5 or later | ✓ | |
| Palo Alto | Palo Alto Firewalls PA 5000 series, PANOS 4.1.0 or later | ✓ | |
| Recourse Technologies | ManHunt v1.2, 1.21 or higher | ✓ | |
| Ruijie | Firewall | ✓ | |
| Securepoint | Securepoint UTM Firewalls | ✓ | |
| Snort | Most versions | ✓ | |
| SonicWALL | SOHO3, SOHO TZW, TELE3 SP/TELE3 Spi, PRO 230, 2040, 3060, 4060, 5060, TZ 100/ TZ 100w, TZ 170, TZ 170 Wireless, TZ 170 SP Wireless, TZ 200/ TZ 200w, TZ 210/ TZ 210w, NSA 240, NSA 2400, NSA 2400MX, NSA 3500, NSA 4500, NSA 5000, NSA E5500, NSA E6500, NSA E7500, NSA E8500, NSA E8510 or later , Sonic OS 5.8.x and above (supports “IPFIX with extensions”) |
✓ | |
| Squid Project | Squid Internet Object Cache v1.1, 2.x or higher | ✓ | |
| St. Bernard Software | iPrism 4.1, Proxy server 7110 | ✓ | |
| Stonesoft | Firewall version 5.5 or higher | ✓ | |
| Sun Microsystems | SunScreen Firewall v3.1 or higher | ✓ | |
| Vyatta | Vyatta Firewall -IPv4 Firewall, IPv6 Firewall, Zone-Based Firewall | ✓ | |
| WatchGuard | All Firebox Models v5.x, 6.x, 7.x, 8.x, 10.x, 11 or higher Firebox X series, x550e, x10e, x1000, x750e or later XTM version 11.9 |
✓ | ✓ |
| WebMarshal | Most versions | ✓ | |
| Zywall | Most versions | ✓ |
System Requirements
This section lists the minimum system requirements for installing and working with EventLog Analyzer – Distributed and Standalone editions
- Hardware RequirementsThe minimum hardware requirements for installing and working with Standalone and Distributed Editions are given below.
- 1GHz Pentium Dual Core processor or equivalent
- 1 GB of RAM*
- 1 GB of disk space*
- Monitor that supports 1024×768 resolution
- For installing OpManager v12.0, following are the recommended hardware and software requirements.
Hardware Requirement for v12.0 :
Firewall Processor RAM Size OS Windows OS Linux DataBase 500 logs/sec Intel Xeon
Quad Core, 3.5 GHz8 GB 2012 R2 / 2012 / 2008 R2 / 2008 / 2003 Server / Vista / v7 / 2000 Professional SP4 RedHat 4.x and above, Debian 3.0, Suse, Fedora and Mandrake MS SQL 2000, 2005, 2008 and 2012 Or OpManager bundled PostgreSQL More than 500 logs/sec Intel Xeon Quad Core 3.5 GHz 16 GB 2008 R2 64 bit / 2012 R2 CentOS 64 bit or any linux distribution with glibc >= 2.3 and X libraries installed MSSQL 2008 and 2012 or OpManager bundled PostgreSQL *The following table recommends the disk space and RAM size requirements of the system where it’s installed. The disk space and RAM size requirements depends on the number of devices sending log information to Firewall Analyzer, the number of firewall log records received per second or the firewall log data received per day by Firewall Analyzer.
Recommended Minimum RAM Requirement
Log Records Rate RAM Size Up to 100 Logs/sec 1 GB 100 – 500 Logs/sec 2 GB 500 – 1000 Logs/sec 4 GB Above 1000 Logs/sec 4 GB (64 Bit) Above 1000 Logs/sec 8 GB Hard Disk Space Requirement
The split up is: Archive+Index+MySQL=Total
Log Records Rate For 1 Day For 1 Week For 1 Month 50 Logs/sec 1+0.5+10.5=12GB 5+3+30=38 GB 18+7+75=100 GB 100 Logs/sec 2+1+15=18 GB 10+5+50=65 GB 35+15+100=150 GB 300 Logs/sec 6+3+31=40 GB 30+15+105=150 GB 100+45+295=440 GB 500 Logs/sec 10+5+75=90 GB 50+25+225=300 GB 170+70+480=720 GB 1000 Logs/sec 20+10+150=180 GB 95+45+500=640 GB 325+125+950=1.4 TB Log Records Rate For 3 Months For 6 Months For 1 Year 50 Logs/sec 60+25+125=210 GB 120+40+160=320 GB 240+90+300=630 GB 100 Logs/sec 110+50+240=400 GB 220+80+320=720 GB 450+170+580=1.2 TB 300 Logs/sec 280+120+600=1 TB 500+200+800=1.5 TB 900+350+1250=2.5 TB 500 Logs/sec 470+230+1100=1.8 TB 900+400+2100=3.4 TB 1700+700+3600=6 TB 1000 Logs/sec 920+480+2100=3.5 TB 1750+750+4200=6 TB 2850+1250+6400=10.5 TB Hard Disk Space Requirements for v12.0 :
Firewall (up to 500 logs/sec)
(To maintain 1 day archive logs)Firewall (More than 500 logs/sec) 90 GB To process every 500 logs/sec in addition, at least we need 90 GB in addition CPU Requirements
- Dedicated machine has to be allocated to process more than 200 logs per second.
- Dual core processors are needed to process more than 500 logs per second.
- Quadra core processors are needed to process more than 1000 logs second.
RAM Requirements
- Number of firewalls handled by the Firewall Analyzer will increase the requirement of the above RAM values. So it is better to have RAM value higher than the suggested value in case of having more than 5 firewalls.
Separate Installation
- Firewall Analyzer server and MySQL database can be installed in separate machines, in case of higher log rate with low-end CPU machines.
Hard Disk Requirements for more months
- The above Hard Disk space requirement projected is for one month. If you need to archive the logs for more number of months, multiply the above requirements with the number of months based on your requirement.
Note:The Log Records Per Second is the total log records received per second from all the configured devices.
- PostgreSQL Performance Improvement Parameters
PostgreSQL Performance Improvement Parameters (for Firewall Analyzer version 7.5 Build 7500 onwards)
For better performance, we recommend replacing the existing PostgreSQL parameters mentioned in postgres_ext.conf available under <Firewall Analyzer Home>\pgsql\data\directory
Parameters Comments port = 33336 This change requires Firewall Analyzer Application/Service restart shared_buffers = 128 MB Minimum requirement is 128 KB. This change requires Firewall Analyzer Appplication/Service restart work_mem = 12 MB Minimum requirement is 64 KB. maintenance_work_mem = 100 MB Minimum requirement is 1 MB. checkpoint_segments = 15 Logfile segments minimum 1 and 16 MB each checkpoint_timeout = 11 minutes Range: 30 seconds to 1 hour checkpoint_completion_target = 0.9 checkpoint target duration is 0.0 – 1.0 seq_page_cost = 1.0 This parameter is measured in an arbitrary scale random_page_cost = 2.0 This parameter is measured in same scale as
aboveeffective_cache_size = 512MB synchronous_commit=off - Supported Operating SystemsIt has been tested to run on the following operating systems and versions:
WindowsR
- Windows 8
- Windows 7
- Windows NT
- Windows 2000
- Windows XP
- Windows Vista
- Windows 2000 Server
- Windows 2003 Server
- Windows 2008 Server
- Windows 2012 Server
Linux
- Ubuntu 9.1.10
- Fedora 12
- OpenSuSE 11.2
- CentOS 5.5
- Red Hat RHEL
- Mandrake
- Mandriva
- Debian
VMware
Note: For Distributed Edition – Admin Server only
For version 7.4 Build 7400 or earlier
If The Distributed Edition Admin Server is installed in SuSE Linux, then
- Locate and open mysql-ds.xml file in <Firewall_Analyzer_Home>/server/default/deploy
- Find the following line and replace localhost, with corresponding IP Address/DNS resolvable name of the current system where Firewall Analyzer Distributed Edition Admin server is installed.
<connection-url?jdbc:mysql://localhost:33336/firewall>/connection-url>
- Supported Web BrowsersIt has been tested to support the following browsers and versions:
- Internet Explorer 8 and later
- Firefox 4 and later
- Chrome 8 and later
- Supported Databases
Bundled with the product
- PostgreSQL
External Databases
- MS SQL 2000
- MS SQL 2005
- MS SQL 2008
- MS SQL 2012
- MySQL Performance Improvement Parameters
MySQL Performance Improvement Parameters (for Firewall Analyzer version 7.4 Build 7400 or earlier)
For better performance, we recommend replacing the existing MySQL parameters mentioned in startDB.bat/sh, available under <FirewallAnalyzerHome>\bin directory, with the following
MySQL parameters changes for the corresponding RAM Size.RAM Size MySQL Parameters For Windows Installation MySQL Parameters For Linux Installation 512 MB Default configuration as given in startDB.bat Default configuration as given in startDB.sh 1 GB –innodb_buffer_pool_size=300M
–key-buffer-size=150M
–max_heap_table_size=150M
–tmp_table_size=100M
–table-cache=512–innodb_buffer_pool_size=300M
–key-buffer-size=150M
–max_heap_table_size=150M
–tmp_table_size=100M
–table-cache=5122 GB –innodb_buffer_pool_size=900M
–key-buffer-size=600M
–max_heap_table_size=350M
–tmp_table_size=100M
–table-cache=512–innodb_buffer_pool_size=900M
–key-buffer-size=600M
–max_heap_table_size=350M
–tmp_table_size=100M
–table-cache=5123 GB –innodb_buffer_pool_size=900M
–key-buffer-size=600M
–max_heap_table_size=350M
–tmp_table_size=100M
–table-cache=512–innodb_buffer_pool_size=1400M
–key-buffer-size=1000M
–max_heap_table_size=350M
–tmp_table_size=100M
–table-cache=5124 GB –innodb_buffer_pool_size=900M
–key-buffer-size=600M
–max_heap_table_size=350M
–tmp_table_size=100M
–table-cache=512–innodb_buffer_pool_size=1800M
–key-buffer-size=1200M
–max_heap_table_size=350M
–tmp_table_size=100M
–table-cache=512