Home » Admin Settings

Managing Protocol Groups


 

A protocol group is a set of related protocols typically used for a common purpose. The Protocol Groups link lets you define protocols as well as protocol groups, so that you can identify traffic that is unique to your enterprise. Most of the common enterprise protocols are already included in Firewall Analyzer under appropriate groups.

 

You can also export and import protocol lists in to Firewall Analyzer

 

Some of the important protocol groups include the following:

 

Protocol Group Protocols Included Description
Web HTTP, HTTPS, Gopher Includes protocols used to access IP traffic (the Internet)
Mail POP, SMTP, IMAP Includes protocols used to send or receive e-mail traffic

FTP

FTP, TFTP, FTPS

Includes protocols used to transfer files through FTP
Telnet telnet Includes protocols used to access telnet services

 

Click the Protocol Groups link to view the list of protocol groups and the corresponding protocols.

The View by Group box lets you view the list, one protocol group at a time.

 

The Unassigned protocol group contains all the protocols that are not assigned to any group.

 

Some firewalls interpret protocols at Layer 4 (Application Layer), which means that a combination of port and protocol is identified as an application, and written into the log file. For example, tcp protocol on port 80 is identified as http traffic. Hence http is shown in the Protocols column. Other firewalls interpret protocols at Layer 3 only, which means only the port and protocol values are written into the log file. Hence, in the same example, tcp/80 is shown in the Protocols column.

Operations on Protocols

Click the delete icon next to a protocol to delete it from the protocol group. Once a protocol is deleted, all the database records related to that protocol will be deleted. Click the move icon to move a protocol from the current protocol group to another.

 

Click the Add Protocol link or the add icon next to it to add a new protocol, and assign it to a protocol group. Remember to enter the protocol value exactly as it appears in the log file. If you want to add it to a new protocol group, click the add icon next to the Protocol Group text box to add a New Protocol Group, and enter the name of the new protocol group and click Add. From the list of Available Protocol Identifiers, move the required protocols to the Selected Protocol Identifiers to be included in this protocol group. Please note that a protocol can belong to only one protocol group at a time.

 

Click the Add Protocol Identifier link or the add icon to add a new protocol identifier. And, to specify the range for the protocol identifier click the Add Protocol Identifier Range link or the add icon and specify the From Port & To Port of the protocol identifier, and select between tcp or udp for the Layer 3 Protocol.

 

When you see the unassigned icon next to the Unassigned protocol group on the Dashboard, you need to add the protocols and assign them to protocol groups in this way.

Operations on Protocol Groups

Click the Add Protocol Group link or add icon next to it to add a new protocol group. In the popup window that opens, enter a unique group name, and a short description. From the list of protocols currently not assigned to any protocol group, choose the protocols to be included in this protocol group. Please note that a protocol can belong to only one protocol group at a time.

 

Select the protocol group from the list and click the Edit Protocol Group or the edit icon to edit the properties of that protocol group. In the popup window that opens, you can edit the protocol group's description, add currently ungrouped protocols, or remove existing protocols from this protocol group.

 

To delete a protocol group, select the protocol group from the list and click the Delete Protocol Group link or the delete icon next to it. The protocol group is deleted, and all associated protocols are put in the Others protocol group.

Operations on Protocols

Click the Add Protocol link or add icon next to it to add a new protocol. In the popup window that opens, enter a unique protocol name. From the list of protocol groups currently available, choose the protocol group to which this protocol needs to be included. You can also add new Protocol Group to assign this Protocol, using add icon next to Protocol Group combo box. Please note that a protocol can belong to only one protocol group at a time. From the list of Available Protocol Identifiers currently available, choose the Protocol Idetifiers to be included in this Protocol, send it to the Selected Protocol Identiers list. You can add new Protocol Identifiers, as per your requirement, using Add Protocol Identifier link. You can add new range of ports for the selected Layer 3 Protocol as Protocol Identifiers, using Add Protocol Identifier Range link. Click OK button to complete the operation and Cancel button to abort the operation.

 

Select the protocol from the list and click the Edit Protocol or the edit icon to edit the identifiers of that protocol. In the popup window that opens, you can edit the protocol's identifiers, add new protocol identifiers, or remove existing protocol identifiers from this protocol.

 

To delete a protocol, select the protocol from the list and click the Delete Protocol link or the delete icon next to it. The protocol is deleted, and all associated protocol identifiers are put in theAvailable Protocol Identifiers list.

How to group the unassigned Protocols

Generally used protocols like Mail, Web, FTP, Telnet, etc., have been configured as Groups. However, the unknown protocols can be grouped as per your requirement.

  1. Click on the 'Unassigned' in protocol group under Traffic Statistics, which shows all the unknown protocols.
  2. Click on Assign and Select 'All' under Hits and select the 'Multiple Selection', which lists all the unassigned protocols.
  3. Select the protocols and group it under protocol group and assign the appropriate protocol.
  4. If you do not find a protocol group, click on the add sign to add a new protocol group.

Once you configure the protocols to protocol groups, you will not receive any unassigned protocol after the time of assigning. Once you assign the protocols, the reports will show the assigned protocols only from the assigning time. Hence, in the reports generate earlier to the protocol assignment, you will see only the unassigned protocols and in the upcoming reports, you can find the newly assigned protocols under their appropriate protocol group.

 

If you are not sure of the protocols, which needs to be assigned, kindly check the application that uses the port/protocol. You can also check the raw log in the <Firewall Analyzer Home>\server\default\archive\<firewall IP address> folder.

Export and Import Protocol Lists

 

The list of protocols and protocol groups defined can be exported from and imported in to Firewall Analyzer in XML file format. This will reduce your manual effort to define protocols and protocol groups.

 

Export the existing protocol lists

 

Export - Click Export menu link. The existing protocol list will be downloaded as an XML file (ProtocolList.xml), through your browser into your client machine.

 

Import protocol lists

 

Import - Click Import menu link. On clicking the link, Select Protocol List file to import: screen pops-up. In that, you will find Browse button besides the 'No files selected' text. Use the 'Browse' button to locate the XML file. Click Import button to import the list in to Firewall Analyzer server and Cancel button to cancel the import list file operation.

 

 

 

 

Copyright © 2013, ZOHO Corp. All Rights Reserved.
ManageEngine