Configuring NetScreen Firewall

Firewall Analyzer supports most versions of NetScreen Firewall Appliance (OS 3.x, 4.x, 5.x,...). You can either enable WELF or Syslog format.

Enable Syslog Messages and Disable WebTrends Messages using the NetScreen Administration Tools Console

1. Log in to the NetScreen GUI.
2. Click Configuration> Report Settings> Syslog in the left pane of the NetScreen GUI.
3. Select the Enable Syslog Messages check box.
4. Select the Trust Interface as Source IP for VPN and Include Traffic Log check box.
5. Type the IP address of the Firewall Analyzer server and syslog port (514) in the Syslog Host Name / Port text box.
6. All other fields will have default values.
7. Click Apply to save the changes.
8. Click Configuration> Report Settings> WebTrends in the left pane of the NetScreen GUI
9. Clear the Enable WebTrends Messages check box.
10. Click Apply to save the changes.
    

In certain versions of NetScreen firewall there is an option to record the completion of a transaction. Please select this option (if available) in the NetScreen firewall to enable Firewall Analyzer to measure the sent and received bytes from the firewall traffic logs.

Uncheck the TCP option. This will make the firewall to send syslogs in the configured UDP port.

If you would like to send NetScreen logs in WELF to Firewall Analyzer, the you need to Disable Syslog Messages and Enable WebTrends Messages in the above steps. For more information, refer the NetScreen documentation.

Configure/Enable Syslog Messages for Netscreen Firewall device using CLI Console:

Execute the following commands to configure syslog via CLI:

Syngress > set syslog config 10.23.23.2 facilitates local0 local0 Syngress > set syslog config 10.23.23.2 port 514 Syngress > set syslog config 10.23.23.2 log all Syngress > set syslog enable

Configure/Enable WebTrends for Netscreen Firewall device using CLI Console:

Execute the following commands to configure WebTrends via CLI:

Syngress > set webtrends host-name 10.23.23.2 Syngress > set webtrends port 514 Syngress > set webtrends enable

Configure/Enable SNMP Protocol for Netscreen Firewall device

Using CLI Console:

To add a new SNMP community: (Skip this step, if you have already defined a community)

set snmp community "<community name>" Read-Only Trap-off version {any | v1 | v2c}

To enable the SNMP Manager running in Firewall Analyzer to make queries to SNMP Agent running in the firewall:

set snmp host "<community name>" <Firewall Analyzer IP> [src-interface <interface through which Firewall Analyzer is connected>]

Example: The following command example defines the IP address '10.5.1.24' as member of the SNMP community named 'olympia':

set snmp host "olympia" 10.5.1.24 [src-interface inside]

Enable SNMP manageability on the interface through which the SNMP manager in Firewall Analyzer communicates with the SNMP agent in the NetScreen device.

set interface <interface name> manage snmp

Using Web UI:

To add a new SNMP community: (Skip this step, if you have already defined a community)

• Log in to the Netscreen web interface
  
• Go to Configuration > Report Settings > SNMP > New Community
  

• Enter the following settings:

  • Community Name: <community name>
  • Permissions:
  • Write: (select)
  • Trap: (clear)
  • Including Traffic Alarms: (clear)
  • Version: ANY (select)
  • Hosts IP Address/Netmask and Trap Version:<Firewall Analyzer IP address>
• Click Apply.

To enable the SNMP Manager running in Firewall Analyzer to make queries to SNMP Agent running in the firewall:

• Go to Configuration > Report Settings > SNMP
  

• Edit community to add SNMP Manager IP <Firewall Analyzer IP address> and the source interface (interface through which Firewall Analyzer connects firewall) to that community. Under communities section, you will find the option to edit community. If SNMP Agent does not have a community, click 'New Community' button and provide community string, SNMP Manager IP address <Firewall Analyzer IP address> and the source interface (interface through which Firewall Analyzer connects firewall) to that community.

• Click Apply.

Enable SNMP manageability on the interface through which the SNMP manager in Firewall Analyzer, communicates with the SNMP agent in the NetScreen device.

• Go to Network > Interfaces > Edit (for ethernet1)
  

• Enter the following settings:

  • Service Options:<no change>
  • Management Services: SNMP

• Click OK.