Troubleshooting Tips
For the latest Troubleshooting Tips on Firewall Analyzer, visit the Troubleshooting
Tips on the website or the public
user forums.
- Where do I find the log files to send to Firewall Analyzer Support?
The log files are located in the <Firewall Analyzer Home>/logs
directory. Typically when you run into a problem, you will be asked to
send the serverout.txt file from this directory to Firewall
Analyzer Support.
-
Internet Explorer says "Error opening this document. File cannot be found" when I try to open an exported PDF report.
Internet Explorer throws this error when you try to open an exported PDF report in the web browser itself. This is a known issue, and we are working on resolving it. For now, save the report to your local machine, and open it using the regular PDF software that you use (Adobe Acrobat Reader or xpdf)
-
I am having a Cisco PIX, but I only see Traffic IN and not Traffic OUT?
- You need to configure your Intranets in order to separate inbound
and outbound traffic. The Inbound Outbound Traffic report will
show the traffic details about inbound traffic ( traffic coming
into LAN ) and outbound traffic ( traffic going out of LAN ) of
the firewall.When configured, the Inbound Outbound Traffic Reports
shows you which hosts and what protocol groups have been contributing
the most traffic on either side of the firewall. Please follow
the instructions available for Setting
Up Intranets.
- Typical firewall logs are in the following format: 16.1.1.1
www.yahoo.com 10 bytes 1MB (i.e. Source-IP Destination-IP
Bytes-Sent Bytes-Received). But Cisco PIX does not provide a split-up
of bytes-sent and bytes-received, but just provides a cumulative
BYTES info. In most of the cases/protocols, RECEIVED will be more
than SENT with respect to the source who originated the transaction.
So we assume BYTES in Cisco PIX as RECEIVED. And in the case of
FTP, Cisco PIX provides another log to identify the direction of the traffic. In that
case, based on FTP put/get, we will determine whether the traffic
is SENT or RECEIVED.
- I find that Firewall Analyzer keeps crashing or all of a sudden stops collecting logs. What could be the reason?
The inbuilt PostgreSQL database of Firewall Analyzer could get corrupted if other processes are accessing these directories. Kindly exclude the Firewall Analyzer installation directory 'ManageEngine' (it could be in C:\ManageEngine or D:\ManageEngine) from both the Backup process and Anti-Virus Scans.
-
How to increase the time limit of web client time out?
To increase the time limit of web client time out, follow the steps given below:
- Shutdown/stop the Firewall Analyzer application
Changes for Firewall Analyzer version 7.5 (Build 7500) onwards:
- Rename/remove the C:\ManageEngine\Firewall\logs directory into logs_old
directory.
- Change the "session-timeout" value (default value is 30 minutes) as per your requirement (say 60 minutes), in the
file given below and save the file,
C:\ManageEngine\Firewall\conf\web.xml
Changes for Firewall Analyzer version 7.4 (Build 7400) or earlier:
- Rename/remove the C:\ManageEngine\Firewall\server\default\log directory into log_old
directory.
- Change the "session-timeout" value (default value is 30 minutes) as per your requirement (say 60 minutes), in the
two files given below and save the files,
C:\ManageEngine\Firewall\server\default\conf\web.xml
C:\ManageEngine\Firewall\server\default\deploy\jbossweb-tomcat50.sar\conf\web.xml
- Restart the Firewall Analyzer Server.
The above changes will affect all the web clients connected to the FWA server.
Alternatively, you can install the "Auto IE Refresher" in your machine for IE browser and monitor the pages
from your machine.
Reference pages:
http://www.softpedia.com/get/Internet/Other-Internet-Related/Auto-IE-Refresher.shtml
http://www.download.com/AutoRefresher-for-IE/3000-12512_4-10293579.html
-
How to apply license for troubleshooting after Trial or Registered license expiry?
If you are unable to open the client and want to apply the license and troubleshoot a Firewall Analyzer installation, copy the license file in the <Firewall Analyzer Home>/troubleshooting directory and execute the applyLicense.bat file available in the same directory to apply the license.
-
How to get permission to access PostgreSQL to troubleshoot?
Permission to access PostgreSQL to troubleshoot
- Open the pg_hba.conf file which is under <Firewall Analyzer Home>\pgsql\data directory and add the line
host all all <IP address of the remote machine to be used to trouble shoot>/32 trust
after the line
host all all 127.0.0.1/32 trust
and save the file.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
to
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all <IP address of the remote machine to be used to trouble shoot>/32 trust
# IPv6 local connections:
host all all ::1/128 trust
|
-
Firewall Analyzer displays "
Enter a proper ManageEngine license file " during installation.
This message could be shown in two cases:
Case 1: Your system date is set to a future or past date.
In this case, uninstall Firewall Analyzer, reset the system date to the current
date and time, and re-install Firewall Analyzer.
Case 2: You may have provided an incorrect or corrupted license
file. Verify that you have applied the license file obtained from ZOHO Corp.,
If neither is the reason, or you are still getting this error, contact licensing@manageengine.com
-
When I try to access the web client, another web server comes up. How is this possible?
The web server port you have selected during installation is possibly
being used by another application. Configure that application to
use another port, or change the Firewall Analyzer web server port.
-
Firewall Analyzer is running as a service in SUSE Linux machine. On reboot, Firewall Analyzer service is not getting started. How to overcome this?
If Firewall Analyzer is running as a service in SUSE Linux machine and on reboot the Firewall Analyzer service is not getting started, carry out the following procedure.
- Open a Command window with Super User privileges, on the SUSE Linux machine
- Execute the YaST program. The YaST Control Center screen opens up
- In that, select System > System Services (Runlevel) menu. The System Services (Runlevel): Details screen open up.
- In the table displayed, select the Expert Mode and firewallanalyzer service.
- Set the default runlevel after booting to 2 & 5. Refer the image given below.
- Select Set and OK
- Exit the command window
- Now reboot the machine again
-
MySQL-related errors on Windows machines.
Probable cause: An instance of MySQL is already running on this machine
Solution: Shut down all instances of MySQL and then start the Firewall Analyzer server.
Probable cause: Port 33336 is not free
Solution: Kill the other application running
on port 33336. If you cannot free this port, then change
the MySQL port used in Firewall Analyzer.
-
Firewall Analyzer displays "
Port 8500 needed by Firewall Analyzer
is being used by another application. Please free the port and restart Firewall
Analyzer " when trying to start the server.
Probable cause: The default web server port used by Firewall
Analyzer is not free.
Solution: Kill the other application running
on port 8500. If you cannot free this port, then change
the web server port used in Firewall Analyzer.
-
Unable to start the application in Linux
Probable cause: It is due to invalid host information in the etc/hosts directory.
Solution: Change it to the following format, you will be able to start the application and get reports.
/etc/hosts
Entry should be like:
127.0.0.1 mini localhost
-
Firewall Analyzer not importing logs from mapped network drive, if Firewall Analyzer is running as service.
Solution: Instead of giving mapped network drive, you give UNC path (\\ComputerName\SharedFolder\Resource) (e.g., \\cherry\log\isa_log*.w3c).
If the issue still persist, check the following:
- The account in which Firewall Analyzer service runs must have full privilege to that shared drive
- If the Firewall Analyzer machine is in a domain xxxxx and the shared machine/drive is in a workgroup (i.e., cross domain), Firewall Analyzer will not fetch the logs unless the full domain admin privilege is available.
-
Why am I seeing empty graphs?
Probable cause:Graphs are empty either because there
is no traffic is passing through the firewall or if firewall traffic
is not sufficient enough to populate the reports table of Firewall
Analyzer.
Solution: If you are starting Firewall
Analyzer for the first time or if you are shutting down and restarting
Firewall Analyzer, it will wait for the reports table to be populated
with 5000 log records for the first time. From the next time onwards,
Firewall Analyzer will populate reports table once in 7 minutes
or once it receives the next 5000 records, whichever is earlier.
You can check for the number of records received in " Packet
Count " icon shown in top right corner in client UI. This will
list out the details like the number of logs received and also the
last received log time. It is better to run the server continuously
and check whether 5000 records are collected. Do not stop and restart
the server in-between!
Moreover, for viewing the already collected log records in
the reports, kindly do the following:
- Login into Firewall Analyzer client UI. You will be seeing
the Dashboard page.
- Replace the URL shown in your browser with the following
URL.
http://localhost:8500/fw/genreport.do
- Wait for sometime. Once the reports are generated an empty
page will be shown.
- Now remove genreport.do from the URL and just type
http://localhost:8500/fw alone.
- Now you will be able to see the report data.
-
I can't see the Live Reports for my SonicWALL firewall
You cannot see Live Reports for SonicWALL firewalls because the time duration attribute is not supported in the SonicWALL log files.
-
Why are some traffic values shown as 0.0MB or 0.0%?
Since Firewall Analyzer processes log files as and when they are received, traffic values of 0.0MB or 0.0% may be displayed initially when the amount of traffic is less than 10KB. In
such a case, wait until more data is received to populate the report tables.
- Why do I see zero results for kilobytes transferred in the reports for Check Point firewall?
This could be happening because bandwidth information is
not being captured in the log file. Ensure that your Check Point firewall has been configured to generate both regular
and accounting log files. While regular log files contain information regarding firewall activity, the accounting log file contains the bandwidth and session information.
- Why do the Intranet Reports show zero results?
Verify if intranets have been configured correctly. If you have specified IP addresses that are not actually behind the firewall, you
will get zero values in the reports.
-
Why doesn't Trend Reports take time values or top-n values into account?
Trend reports show historical data for the corresponding traffic statistics shown in the report. Hence time changes from the Global
Calendar, or top-n value changes from the Show bar on the report, do not affect these reports.
- My firewall is sending WELF logs, but the reports do not
show any URL information?
Firewall Analyzer checks for the entry "arg=your
URL" in the firewall logs to populate and show URL in report
data. If this entry is not present in the firewall logs then the reports
wouldn't be showing any URL information.
- In the Compliance Report field, the following message appears: 'Unable to generate compliance report. Reason: Failed to locate Nipper. Click here to enable it'. What should I do?
Supported Platform:
- Ubuntu 9.1.10
- Fedora 12
- OpenSuSE 11.2
- CentOS 5.5
Prerequisite:
The GNU/Linux platform requires Qt 4.5 to be installed. Your package manager system should automatically install this for you.
Steps:
- Download Nipper libraries from http://www.manageengine.com/products/firewall/download-third-party-utilities.html according to your platform
- Install the rpm or deb according to your Operating System
- Connect to Firewall Analyzer web client and type the following URL: 'http://<host name>:8500/fw/userConfig.do'
- In that, there is an option to provide the path in which you have installed 'Nipper'. For ex: '/usr/bin/nipper'
- Click on Save link
After performing the above steps, go to Setting > Device Rule > Add Device Info, the option to generate compliance report for the device will be enabled.
|