Understanding firewall policies and their effectiveness in defending against network threats.
These are the questions asked during Firewall Analyzer training.
Does your application support configuration analysis for Check Point devices?
We can not add Check Point Firewall in Firewall Analyzer with CLI credentials. By importing the configuration files (objects.C, objects.C_41, objects_5_0.C, rules.C, rulebases.fws, rulebases_5_0.fws) as a zipped format, Firewall Analyzer can generate the "Security Audit Report".
Standard, Change Management & Rule Management reports can not be generated for Check Point firewalls using Firewall Analyzer.
Can I get any specific version of Start-up (or) Running configuration from the application?
Yes, we can fetch the specific version of Start-up/Running configuration from the Change Management reports. This also helps us to compare different versions of Start-up/Running configuration and to find the difference between them.
While adding device rule, test credential got failed. What should I do?
Connect to the device using a standard TELNET/SSH tool (Putty) from the Firewall Analyzer server and then ensure that credentials given in Firewall Analyzer are in the same sequence similar to TELNET/SSH tool. Additionally, we need to ensure the login credentials are proper.
I have a Firewall with VDOMs. Will Firewall Analyzer fetch and analyze their configurations?
Yes, Firewall Analyzer can fetch the configuration from VDOMs.
Is it possible to ignore a line/configuration, so that it won't appear as a configuration change in Change Management Report?
Yes, we can use the "Exclude Criteria" feature (available under Settings-->Firewall-->Firewall Server) to ignore a line/configuration in Change Management Report.
Please refer the below link to know more about Exclude Criteria : http://help.fwanalyzer.com/configuration-exclude-criteria-v12
How to get immediate notification for configuration change if anyone performed those changes anonymously?
While adding the firewall under Device Rule, under "Reports" section select "Generate Change Management Report". This will give an option to add the e-mail address to notify whenever there is any configuration change occurred in the firewall.
Can I roll-back any specific configuration using Firewall Analyzer?
No, we can not roll back the configuration in the Firewall using Firewall Analyzer.
Is there a report to verify who changed the configuration?
Yes, "Changed by" section of Change Management Report shows the User name, who performed the configuration change.
Can we update the Rule re-order position change automatically in Firewall?
Firewall Analyzer helps to analyze the usage of each rule and suggests the position of the rule for optimum performance. Using Rule Re-order, Firewall Analyzer can not change the position of the rule in the firewall. Based on the Rule re-order suggestion Network Admin can change the position in the firewall.
I have to know what kind of command executed in the device over a period of time. Will Firewall Analyzer helps in getting such information?
Firewall Analyzer provides a pre-defined "Admin Report" with Successful User Logon, Successful User Logff, Denied User Logon & Commands Executed information. We can select a period of time in the calendar to view the commands executed for the same time.
For adding device in Firewall Anlayzer , we can use SNMP, is there any other method to do it?
Just configure the device to export syslogs into our server, device will be automatically added.
How to import data to change management i.e. currently under change management I have no data
Change Management will populate the data automatically. Consequently, Firewall Analyzer can detect rule/policy changes happened in the device, provided if you already configured device-rule for that particular device in the application.
Does Firewall Analyzer supports Fortigate? And how does it help with Fortigate logs?
Log reporting and configuration analysis is fully supported for Fortigate firewalls. You can export Syslog and Device-Rule, which will show you complete reports as explained in training-1.
I want to download configuration based on whatever I did in application. Will the Firewall Analyzer show me the information? If yes then how?
Yes, whenever a user logs in to the CLI, and make any changes and logs out. We receive a syslog and based on the received logs we can trigger a configuration fetch.