Firewall Analyzer offers an exhaustive set of Firewall device compliance reports that help to address the security audit, configuration audit, and compliance audit requirements. The feature ensures that all the configurations and subsequent changes made in the Firewall device are captured periodically and stored in the database. The configuration data is used to generate various reports. The reports are changes in running (current) configuration, startup (default) configuration and conflict in configurations between startup and running. Firewall Analyzer generates alerts for the configuration changes. This feature is available for all Firewall devices that have CLI commands to fetch the configuration.
The Firewall Change Management Reports are available for all Firewall devices. Firewall Change Management Report keeps track of all the changes done to a Firewall configuration from the time the device is configured to be monitored by the Firewall Analyzer. It fetches Firewall device configuration using Telnet or SSH protocols.
This page describes the Firewall Change Management reports, alerts and the procedure to configure the device.
Security Administrator can keep track of the Firewall configuration changes with the periodic reports and real time alerts. Firewall Analyzer provides complete trail of configuration changes since the time it started to manage the changes in the Firewall device.
Click the Dashboard > Security Overview graph > Config Changes events > Show Changes link to get the difference between any two configuration versions. The screen displays critical information about who made the changes, at what time and on which file. The changes in configurations like Modified, Added and Deleted are highlighted in Blue, Green and Red colors respectively. Have a look at the snap shot of Configuration Difference screen below.
Startup-Running Conflict Report
The changes between current versions of the Startup and running configuration files are displayed in this report. In this report also who, what, when and which questions are answered and the changes are marked in color. Select <Firewall> device reports > Change Management Reports > Startup-Running Conflict Report link to get the conflict report. Look at the screen shot of conflict report.
Change Management Email Alert
You can get a real time alert via Email or SMS when a configuration change is made. This will reduce your reaction time drastically to rectify any erroneous configuration. Have a look at the Email message.
Context based Change Management Email Alert
You can change the format of real time alert via Email or SMS when a configuration change is made. This can be configured in the Firewall Analyzer in the userConfig.do screen.
Have a look at the Email message.
Description of Startup and Running configuration
The security appliance loads the configuration from a text file, called the startup configuration.
When you enter a command, the change is made only to the running configuration in memory. You must manually save the running configuration to the startup configuration for your changes to remain after a reboot.
In short, running configuration is temporary and startup configuration is permanent.
Firewall Analyzer provides the following Change Management Reports:
Running Configuration Changes Report
The report shows all the changes done to the running configuration for the given period of time along with when and who did the particular change.
Startup Configuration Changes Report
The report shows all the changes done to the startup configuration for the given period of time along with when and who did the particular change.
Current Startup-Running Conflict Report
The report will show the current conflicts between the startup and running configurations.
How to configure the Firewall device to get change management reports
The Firewall Analyzer fetches the Firewall device configuration on the following occasions:
While fetching configuration from the device for the first time, Firewall Analyzer will not set any pager to get the complete configuration data at one shot. Once the configuration is fetched, the pager is set to default. The default value of pager settings are given below:
Report Filter links
On the top right side of the Report screen, there will be three combo boxes. They are:
The Top 5 combo box lets you choose the level of detail in the reports. By default, the top five values are shown.
Below each graph click the Hide Table link to hide the table. Click the Show Table link to see the table again.
The Filter by combo box lets you choose the field of filter in the reports. There will be three field values for filtering. They are:
The Export as combo box lets you choose the format of the reports for export. There will be two formats for exporting. They are:
Click on the PDF to export this report to PDF. Click on the CSV to export this report to CSV format (comma separated values).