Home » Firewall Reports » Change Management Reports

Firewall Compliance - Configuration Change Management Reports


Firewall Analyzer offers an exhaustive set of Firewall device compliance reports that help to address the security audit, configuration audit, and compliance audit requirements. The feature ensures that all the configurations and subsequent changes made in the Firewall device are captured periodically and stored in the database. The configuration data is used to generate various reports. The reports are changes in running (current) configuration, startup (default) configuration and conflict in configurations between startup and running. Firewall Analyzer generates alerts for the configuration changes. This feature is available for all Firewall devices that have CLI commands to fetch the configuration.

The Firewall Change Management Reports are available for all Firewall devices. Firewall Change Management Report keeps track of all the changes done to a Firewall configuration from the time the device is configured to be monitored by the Firewall Analyzer. It fetches Firewall device configuration using Telnet or SSH protocols.

 

This page describes the Firewall Change Management reports, alerts and the procedure to configure the device.

 

Security Administrator can keep track of the Firewall configuration changes with the periodic reports and real time alerts. Firewall Analyzer provides complete trail of configuration changes since the time it started to manage the changes in the Firewall device.

 

Show Changes

 

Click the Dashboard > Security Overview graph > Config Changes events > Show Changes link to get the difference between any two configuration versions. The screen displays critical information about who made the changes, at what time and on which file. The changes in configurations like Modified, Added and Deleted are highlighted in Blue, Green and Red colors respectively. Have a look at the snap shot of Configuration Difference screen below.

 

Show Changes in configuration

Startup-Running Conflict Report

 

The changes between current versions of the Startup and running configuration files are displayed in this report. In this report also who, what, when and which questions are answered and the changes are marked in color. Select <Firewall> device reports > Change Management Reports > Startup-Running Conflict Report link to get the conflict report. Look at the screen shot of conflict report.

 

Configuration conflict report

Change Management Email Alert

 

You can get a real time alert via Email or SMS when a configuration change is made. This will reduce your reaction time drastically to rectify any erroneous configuration. Have a look at the Email message.

 

Change Management Email alert notification

 

Context based Change Management Email Alert

 

You can change the format of real time alert via Email or SMS when a configuration change is made. This can be configured in the Firewall Analyzer in the userConfig.do screen.

 

Config context based Email Alert

 

 

Have a look at the Email message.

 

Context based Config Email Alert

 

 

Description of Startup and Running configuration

 

The security appliance loads the configuration from a text file, called the startup configuration.

When you enter a command, the change is made only to the running configuration in memory. You must manually save the running configuration to the startup configuration for your changes to remain after a reboot.

In short, running configuration is temporary and startup configuration is permanent.

Firewall Analyzer provides the following Change Management Reports:

  • Running Configuration Changes Report
  • Startup Configuration Changes Report
  • Current Startup-Running Conflict Report

Running Configuration Changes Report

The report shows all the changes done to the running configuration for the given period of time along with when and who did the particular change.

 

Startup Configuration Changes Report

The report shows all the changes done to the startup configuration for the given period of time along with when and who did the particular change.

 

Current Startup-Running Conflict Report

The report will show the current conflicts between the startup and running configurations.

 

  • The three configuration reports, Running Configuration Changes Report, Startup Configuration Changes Report, and Current Startup-Running Conflict Report are applicable only for Cisco devices. Only Running Configuration Changes Report is applicable for Netscreen and Fortigate devices.
  • The calendar date setting will not be applicable for this report. As name suggests, this report will show only conflicts/differences between the current startup and current running configurations.

 

 

 

How to configure the Firewall device to get change management reports

  • All the details/credentials required to connect to Firewall using Telnet/SSH should be given by the user in the Device Rule Info page. (Settings > Device Rule >Add Device Info link).
  • Fill all the details/credentials required to connect to the firewall using Telnet/SSH
  • Enable 'Generate Change Management Report' option to get Firewall Change Management Report. If any Notifications or scheduled reports are needed fill the details accordingly in the provided fields.

Firewall device configuration for Change Management report

 

The Firewall Analyzer fetches the Firewall device configuration on the following occasions:

  • Device logout - When ever Firewall Analyzer receives the device logout syslog
  • Periodical - The periodic schedule configured for fetching the device rules is applicable for fetching the configuration data also
  • On Demand - To fetch the configuration data when ever required, click Settings > Device Rule icon. It will open Device Rule page, in that page click the icon besides the 'View Config Changes' link

While fetching configuration from the device for the first time, Firewall Analyzer will not set any pager to get the complete configuration data at one shot. Once the configuration is fetched, the pager is set to default. The default value of pager settings are given below:

  • Cisco:        24 lines
  • Netscreen: 20 lines
  • Fortigate:   No pager

 

Report Filter links

 

On the top right side of the Report screen, there will be three combo boxes. They are:

  • Top 5
  • Filter by
  • Export as

Top 5

 

The Top 5 combo box lets you choose the level of detail in the reports. By default, the top five values are shown.

  • Top 5
  • Top 10
  • Top 15
  • Top 20
  • Top 25

Below each graph click the Hide Table link to hide the table. Click the Show Table link to see the table again.

 

Filter by

 

The Filter by combo box lets you choose the field of filter in the reports. There will be three field values for filtering. They are:

  • Source
  • Destination
  • Protocol
  • Summary

Export as

 

The Export as combo box lets you choose the format of the reports for export. There will be two formats for exporting. They are:

  • PDF
  • CSV

Click on the PDF to export this report to PDF. Click on the CSV to export this report to CSV format (comma separated values).

 

 

Copyright © 2013, ZOHO Corp. All Rights Reserved.
ManageEngine