In addition to traditional syslog-based reporting, Firewall Analyzer now extends support for ‘IPFIX with extensions’ NetFlow based reporting. Firewall Analyzer started supporting NetFlow format for Cisco security devices Cisco Adaptive Security Appliances (ASA) version 8.2 (2) and now have extended this to SonicWALL’s SonicOS 5.8.x platforms, which support the ‘IPFIX with extensions’ standard.

IPFIX - A better alternative to Syslog

IPFIX data flow format offers many advantages for IT Managers:

• The data is structured and this ensures quicker query responses
• Supports One to Many relationship with datagrams which makes it more scalable
• With fewer datagram required for data transfer IPFIX doesn’t overload the network
• IPFIX messages can be easily cross referenced with other messages which provides better correlation

‘IPFIX with extensionss’ supports both static and dynamic flows and provides unparalleled insight into application traffic analysis, bandwidth monitoring, threat detection, user activity tracking, and more.

Firewall Analyzer Flow-based Reporting for SonicWALL firewalls running SonicOS v5.8 & above

Enable ‘IPFIX with extensions’ flow reporting in SonicWALL next generation firewalls (running on SonicOS v5.8.x platform) and configure the firewall to direct the flows to Firewall Analyzer. Both Static flows and Dynamic flows from SonicWALL are ‘collected’ by Firewall Analyzer, which then analyzes the received flows and generates a variety of network traffic and security reports.

The reports are:

• Live Reports
• Traffic Reports
• Protocol Usage Reports
• Web Usage Reports
• Mail Usage Reports
• FTP Usage Reports
• Telnet Usage Reports
• Streaming & Chat Sites Reports
• Event Summary Reports
• Inbound Outbound Reports
• Intranet Reports
• Internet Reports
• Security Reports
• Virus Reports
  
• Attack Reports
  
• Protocol Trend Reports
  
• Traffic Trend Reports
  
• Event Trend Reports
  
• URL Reports
• Application Reports

Future versions will support VPN and Spam reports.