A protocol group is a set of related protocols typically used for a common purpose. The Protocol Groups link lets you define protocols as well as protocol groups, so that you can identify traffic that is unique to your enterprise. Most of the common enterprise protocols are already included in Firewall Analyzer under appropriate groups.
Some of the important protocol groups include the following:
|Protocol Group||Protocols Included||Description|
|Web||HTTP, HTTPS, Gopher||Includes protocols used to access IP traffic (the Internet)|
|POP, SMTP, IMAP||Includes protocols used to send or receive e-mail traffic|
FTP, TFTP, FTPS
|Includes protocols used to transfer files through FTP|
|Telnet||telnet||Includes protocols used to access telnet services|
Click the Protocol Groups link to view the list of protocol groups and the corresponding protocols.
The View by Group box lets you view the list, one protocol group at a time.
The Unassigned protocol group contains all the protocols that are not assigned to any group.
|Some firewalls interpret protocols at Layer 4 (Application Layer), which means that a combination of port and protocol is identified as an application, and written into the log file. For example, tcp protocol on port 80 is identified as http traffic. Hence http is shown in the Protocols column. Other firewalls interpret protocols at Layer 3 only, which means only the port and protocol values are written into the log file. Hence, in the same example, tcp/80 is shown in the Protocols column.|
Click the icon next to a protocol to delete it from the protocol group. Once a protocol is deleted, all the database records related to that protocol will be deleted. Click the icon to move a protocol from the current protocol group to another.
Click the Add Protocol link or the icon next to it to add a new protocol, and assign it to a protocol group. Remember to enter the protocol value exactly as it appears in the log file. If you want to add it to a new protocol group, click the icon next to the Protocol Group text box to add a New Protocol Group, and enter the name of the new protocol group and click Add. From the list of Available Protocol Identifiers, move the required protocols to the Selected Protocol Identifiers to be included in this protocol group. Please note that a protocol can belong to only one protocol group at a time.
Click the Add Protocol Identifier link or the icon to add a new protocol identifier. And, to specify the range for the protocol identifier click the Add Protocol Identifier Range link or the icon and specify the From Port & To Port of the protocol identifier, and select between tcp or udp for the Layer 3 Protocol.
|When you see the icon next to the Unassigned protocol group on the Dashboard, you need to add the protocols and assign them to protocol groups in this way.|
Click the Add Protocol Group link or icon next to it to add a new protocol group. In the popup window that opens, enter a unique group name, and a short description. From the list of protocols currently not assigned to any protocol group, choose the protocols to be included in this protocol group. Please note that a protocol can belong to only one protocol group at a time.
Select the protocol group from the list and click the Edit Protocol Group or the icon to edit the properties of that protocol group. In the popup window that opens, you can edit the protocol group's description, add currently ungrouped protocols, or remove existing protocols from this protocol group.
To delete a protocol group, select the protocol group from the list and click the Delete Protocol Group link or the icon next to it. The protocol group is deleted, and all associated protocols are put in the Others protocol group.
Click the Add Protocol link or icon next to it to add a new protocol. In the popup window that opens, enter a unique protocol name. From the list of protocol groups currently available, choose the protocol group to which this protocol needs to be included. You can also add new Protocol Group to assign this Protocol, using icon next to Protocol Group combo box. Please note that a protocol can belong to only one protocol group at a time. From the list of Available Protocol Identifiers currently available, choose the Protocol Idetifiers to be included in this Protocol, send it to the Selected Protocol Identiers list. You can add new Protocol Identifiers, as per your requirement, using Add Protocol Identifier link. You can add new range of ports for the selected Layer 3 Protocol as Protocol Identifiers, using Add Protocol Identifier Range link. Click OK button to complete the operation and Cancel button to abort the operation.
Select the protocol from the list and click the Edit Protocol or the icon to edit the identifiers of that protocol. In the popup window that opens, you can edit the protocol's identifiers, add new protocol identifiers, or remove existing protocol identifiers from this protocol.
To delete a protocol, select the protocol from the list and click the Delete Protocol link or the icon next to it. The protocol is deleted, and all associated protocol identifiers are put in theAvailable Protocol Identifiers list.
Generally used protocols like Mail, Web, FTP, Telnet, etc., have been configured as Groups. However, the unknown protocols can be grouped as per your requirement.
Once you configure the protocols to protocol groups, you will not receive any unassigned protocol after the time of assigning. Once you assign the protocols, the reports will show the assigned protocols only from the assigning time. Hence, in the reports generate earlier to the protocol assignment, you will see only the unassigned protocols and in the upcoming reports, you can find the newly assigned protocols under their appropriate protocol group.
If you are not sure of the protocols, which needs to be assigned, kindly check the application that uses the port/protocol. You can also check the raw log in the <Firewall Analyzer Home>\server\default\archive\<firewall IP address> folder.