ManageEngine™ Firewall Analyzer 4.0 Read Me

Notes: This readme file was current at the time of product release. However you should check for documentation updates at the Firewall Analyzer web site: http://www.fwanalyzer.com/

Table of Contents

  1. About Firewall Analyzer 4.0
  2. Release Overview
    1. 4.0.2 - Build 4022
    2. 4.0.2 - Build 4021
    3. 4.0.2 - Build 4020
    4. 4.0.1 - Build 4010
    5. 4.0.0 - Build 4003
    6. 4.0.0 - Build 4002
    7. 4.0.0 - Build 4001
    8. 4.0.0 - Build 4000 (GA)
  3. System Requirements
    1. Platform Requirements
    2. Web Browser Requirements
  4. Installation
    1. Installing and Uninstalling
    2. Default ports used by Firewall Analyzer
  5. Starting and Shutting Down
  6. Known Issues and Limitations
  7. Document Set
  8. Contact Information
  9. About AdventNet
  10. License Agreement

1. About Firewall Analyzer 4.0

Firewall Analyzer is an easy-to-use, web-based tool that provides in-depth analysis of incoming and outgoing network activity through firewalls, VPNs, and proxy servers. Firewall Analyzer analyzes these logs and generates useful reports on bandwidth usage, user trends, detect anomalies, and firewall activity.

Such information helps IT administrators manage their enterprise networks proactively and also accelerates the troubleshooting process.

2 Release Overview

The new features, bug fixes and limitations in each of the release are mentioned below,

4.0.2 - Build 4022

Bug Fixes

  1. "No Data Available" issue caused due to FirewallRecords_Tmp table getting full has been fixed.
  2. Issue with quotes in RuleName for Cisco Pix firewall has been fixed.
  3. Issue with parsing of User information from CheckPoint Firewall has been fixed.
4.0.2 - Build 4021

Bug Fixes

  1. Negative connection ID support for Cisco Pix firewall has been provided.
  2. VPN report issues in CheckPoint firewall fixed.
  3. Number of records in Firewall Rules report can now be configured through limits.xml.
  4. Port information getting appended to source and destination ip address has been fixed.
  5. Issue related to source and destination criteria in report profile creation has been fixed.
4.0.2 - Build 4020

New Features and Enhancements

  1. Anomaly detection filters for Network Behavioral Analysis
  2. Internationalisation and Chinese language support.
  3. User-based firewall views.
  4. Firewall-based Intranet Settings.
  5. Advanced Search
  6. Create reports from search results.
  7. Cisco PIX & Identiforce Firewall Admin reports for compliance.
  8. Streaming & Chat site reports.
  9. Peer to Peer attack reports.
  10. Edit alert profiles.
  11. Enhanced custom report profile creation.
  12. HTML Mails for Alert Profiles and Anomaly Profiles.
  13. Provision to test mail server settings.
  14. Option for receiving reports in PDF instead of ZIP.
  15. Rebranding of PDF reports.
  16. Customizable number of records in scheduled (PDF) reports.
  17. Quick Reports for firewalls and squid proxies.
  18. Native syslog support for WatchGuard.
  19. BlueCoat proxy log support.
  20. Identiforce Gateway support.
  21. Netfilter Linux IPTables support.
  22. SNORT syslog support.
  23. NetCache log support.
  24. Squid AWStats support.

Bug Fixes

  1. Time based grouping of records while importing the logs which spans across days.
  2. Re-addition of CheckPoint firewall in Firewall Analyzer, whenever you restart CheckPoint firewall/Management station, is not required now onwards.
  3. When you select Last Day in the calendar, data was shown in 4 hours aggregate. It has been fixed such that it will be shown in 5 minutes aggregate.
  4. Fortigate virus log getting displayed in Security Reports rather than in Virus reports has been fixed.
  5. FTP directory import issue in Windows has been fixed.

Known Issues

  1. The inbuilt MySQL database of Firewall Analyzer could get corrupted if other processes are accessing these directories. Kindly exclude the Firewall Analyzer installation directory 'AdventNet' (it could be in C:\AdventNet or D:\AdventNet) from both the Backup process and Anti-Virus Scans.

4.0.1 - Build 4010

New Features and Enhancements

  1. 20% to 30% improvement in performance.
  2. Netscreen native log format support.
  3. Zywall support.
  4. FreeBSD support.
  5. Microsoft ISA (firewall, web-proxy, packet filter) Server support.
  6. Cisco ASA support.
  7. IPSec VPN support for Cisco PIX - firewall reports capture duration of traffic and IPSec VPN client IP address.
  8. NetASQ support.
  9. Improved FWSM support - both UDP (with and with out connection id) and TCP connection logs support.
  10. Checkpoint LEA support for versions R54 and above.
  11. On demand DNS Resolution of IP addresses in reports.
  12. Report view customization to configure the device specific reports to be shown in Device Tree and the Reports page.
  13. Destination based Filter Criteria option provided in Include/Exclude filters for Add Report Profile.
  14. Directory level recursive import of log files.
  15. Importing of archived files in .zip format is supported.
  16. Provision to Change Archive Location from the default location to the location of choice.
  17. Drill-down for Traffic Statistics has been provided.
  18. View reports of most type of archived firewall log files.
  19. Enhanced Alert Criteria selection in Alert Profile creation.
  20. Support for analysis of denied logs in WatchGuard firewall.

Bug Fixes

  1. Issue regarding MySQL port 33336 being occupied by an earlier run of Firewall Analyzer has been fixed.
  2. Out of memory issue while archiving huge log files have been fixed.

Limitation

  1. Working hour and Non-Working hour traffic details for external hosts (hosts outside the intranet) will not be available in the Firewall Analyzer reports.
  2. Viewing reports of archived log files of Microsoft ISA Server is not currently supported.
4.0.0 - Build 4003

Bug Fixes

  1. Integrates the fix for MySQL Bug in Win 2003 SP1

4.0.0 - Build 4002

New Features and Enhancements

  1. The following reports have been added newly :
    • Attack Reports
    • Internet Reports
    • Inbound and Outbound Traffic reports
  2. Global "Search" in the product.
  3. Desktop Tray Icon for Windows.
  4. Automatic web-client connection, using the default browser, once the server has been started.
  5. URL reports for Cisco PIX.
  6. HTTP and FTP URL reports.
  7. Destination based report information included in most reports.
  8. Remote access VPN support in Cisco PIX.
  9. Import log support for Check Point.
  10. Exhaustive known protocol list support.
  11. Up Link Speed and Down Link Speed support to calculate % IN Traffic and % OUT traffic.
  12. Additional denied log messages support in Cisco PIX.
  13. Conversation reports added in drill down.
  14. Importing of archived files (.gz format) created by Firewall Analyzer.
  15. FTP Utility added in Support tab, to send the support information file.
  16. Ignore UnParsed Records while importing.

4.0.0 - Build 4001

This is a bug fix release.

Bug Fixes

  1. Cisco PIX EMBLEM log format support.
  2. Cisco PIX UNIX syslog format support.
  3. Netscreen quot problem.
  4. Wrong Hostname display in Top Inbound/Outbound Protocol drill down from Traffic Statistics table.
  5. Additional default protocol addition.
  6. Protocol identification issue which caused unknown protocol.

4.0.0 - Build 4000

The general features available in this release include,

The reporting features available in this release include,

3. System Requirements

3.1 Platform Requirements

Hardware Platform

Please refer our website for recommended system requirements.

Software Platform

3.2 Web Browser Requirements

4. Installation

This section explains the key steps for installing Firewall Analyzer. Refer the User Guide for detailed Firewall Analyzer installation information.

4.1 Installing on Windows

    1. Double-click the AdventNet_ManageEngine_FirewallAnalyzer_4_windows.exe file to launch setup program
    2. Follow the instructions as they appear on the screen. Once the installation is complete you will notice a Note tray icon, which provides you with the following options.

      Option Description
      Firewall Server Status This option provides you details like Server Name, Server IpAddress , Server Port, Server Status.
      Start WebClient This option will open up your default browser and connect you to the web login UI of Firewall Analyzer Server, provided the server has already been started.
      Shutdown Server This option will shutdown the Firewall Analyzer Server.

      Note: The tray icon option is only available for Windows !

Uninstalling from Windows
  1. Click on Start > Programs > ManageEngine Firewall Analyzer 4 > Uninstall Firewall Analyzer to uninstall Firewall Analyzer from the machine.

4.2 Installing on Linux

  1. Assign execute permission to the AdventNet_ManageEngine_Firewall_Analyzer_4_linux.bin file using the following command:
    chmod a+x AdventNet_ManageEngine_Firewall_Analyzer_4_linux.bin
  2. Execute the following command:
    ./AdventNet_ManageEngine_Firewall_Analyzer_4_linux.bin

    Note: If you get an error message stating that the temp directory does not have enough space, try executing this command with the -is:tempdir <directoryname> option (where <directoryname> is the absolute path of an existing directory)
    ./AdventNet_ManageEngine_Firewall_Analyzer_4_linux.bin -is:tempdir <directoryname>

  3. Follow the instructions in the setup program.

    Uninstalling from Linux
    1. Navigate to the <FirewallAnalyzer_Home>/server/_uninst directory and execute the following command to uninstall Firewall Analyzer:
      ./uninstaller.bin

4.3 Default Ports

The following are the default ports used by Firewall Analyzer:

Web Server port (to access from a web browser) : 8500

Firewall Listener port (to direct firewall, proxy, Radius logs) : 514, 1514

MySQL port (to connect to the built-in MySQL database): 33336

5. Starting and Shutting Down

5.1 Starting in Windows

  1. Click on Start > Programs > ManageEngine Firewall Analyzer 4 > Firewall Analyzer to start the server.
    Alternatively you can navigate to the <FirewallAnalyzer_Home>\bin folder, and invoke the run.bat file.
  2. Once the server has successfully started, you can either use the Start WebClient tray-icon Note option or alternatively open a web browser and type the URL, http://<hostname>:8500
    (replace <hostname> with the name of the machine on which Firewall Analyzer is installed, and 8500 with the web server port specified during installation).

    Shutting Down from Windows
    1. Click on Start > Programs > ManageEngine Firewall Analyzer 4 > Shutdown Firewall Analyzer to shut down the server. Alternatively you can navigate to the <FirewallAnalyzer_Home>\bin folder, and invoke the shutdown.bat file. As already mentioned, you can also make use of the tray-icon Note option Shutdown Server.

5.2 Starting in Linux

  1. Navigate to the <FirewallAnalyzer_Home>/bin directory and execute the run.sh file to start the Firewall Analyzer server.
  2. Once the server has successfully started, open a web browser and type the URL, http://<hostname>:8500
    (replace <hostname> with the name of the machine on which Firewall Analyzer is installed, and 8500 with the web server port specified during installation)

    Shutting down from Linux

    1. Navigate to the <FirewallAnalyzer_Home>/bin directory, and execute the shutdown.sh file to shut down the server.

6. Known Issues and Limitations

The following are the limitations of this release:
  1. Radius logs are analyzed only if sent as UDP datagrams.
  2. Load into DB for archived Radius log files are not supported.

7. Document Set

The documentation set for this product includes:

The printable PDF version of the User Guide is available at http://manageengine.adventnet.com/products/firewall/help.html

8. Contact Information

Technical Support: support@fwanalyzer.com

Website: http://www.fwanalyzer.com/ | http://manageengine.adventnet.com/products/firewall/

Toll-free : +1 888 720 9500

Firewall Analyzer licenses usually include the right to patches, service packs, and minor upgrades apart from technical support for one (1) year from the date of purchase. After the first year, Maintenance must be renewed on an annual basis.

9. About AdventNet®

Enabling Management Your Way™
AdventNet provides affordable software in the areas of network applications and database tools. With a broad product portfolio and an active customer base ranging from enterprises, equipment vendors and service providers, AdventNet has emerged as a very affordable and high-quality alternative to expensive software that is common in the industry. AdventNet is headquartered in Pleasanton, CA with offices in NJ,
MA, India, UK, China and Japan and has a well-trained partner base around the globe.

Visit us at http://www.adventnet.com

Copyright © 2005, AdventNet Inc. All rights reserved.

AdventNet, ManageEngine, Enabling Management Your Way are trademarks of AdventNet, Inc. All other trademarks are the property of their respective owners.

10. License Agreement

This License Agreement details the policy for license of AdventNet ManageEngine Firewall Analyzer (Licensed Software) on the following topics:

Please read the following license carefully, before either (i) completing the electronic order or download of the Licensed Software from an authorised website, or (ii) installing the Licensed Software from media that was delivered after being ordered by alternative order process, as applicable. You acknowledge that you have read this License Agreement, have understood it, and agree to be bound by its terms. If you do not agree to the terms and conditions of this Agreement, either (i) exit the web site page without continuing the ordering process, or (ii) return the provided unused media and documentation within thirty (30) days from the date of shipment of the Licensed Software for a full refund of your payment, as applicable.

1. Evaluation License

AdventNet grants to you a non-exclusive, non-transferable, Evaluation License for trial and evaluation of the Licensed software, in binary object code form, for a period of thirty (30) days from the date of download or installation. This License begins upon downloading or installing the Licensed Software and ends thirty (30) days thereafter ("Evaluation Period").

If you are not willing to use the Licensed Software, after the Evaluation Period, delete all the copies installed in your computer with immediate effect. You are forbidden from using the Licensed Software for any other use or otherwise offering it for resale under the terms of this Section 1. AdventNet retains all rights not specifically granted to you herein.

2. Commercial License

Subscription License: As part of your choosing to license the Subscription Model, AdventNet grants you a fee-bearing, non-exclusive, non-transferable, worldwide license to Use the Licensed Software including user documentation that you have downloaded from or received on media provided by AdventNet, including all updates, where applicable, provided that such access and Use of the License Software is in accordance with the Single Installation License granted by AdventNet. "Use" means storing, loading, locating, installing, executing or displaying the Licensed Software as part of your application. “Single Installation License” means that one copy of the Licensed Software can be installed only in one CPU.

Under the Subscription License, the Licensed Software is licensed only for the intended duration. If the Licensee does not renew the Subscription beyond the duration, Licensee agrees to stop using the software, and remove the software from Licensee's systems.

To continue using the Licensed Software beyond the subscribed duration, you must renew your license at least 10 days before the expiry of the term. As part of the Subscription License, all Updates, Upgrades, e-mail support for problem reporting and online access to product documentation to the Licensed Software will be provided to you at no additional cost during the intended period.

3. Third Party Products

The Licensed Software may contain software which originated with third party vendors and without limiting the general applicability of the other provisions of this Agreement, you agree that (a) the title to any third party software incorporated in the Licensed Software shall remain with the third party which supplied the same; and (b) you will not distribute any such third party software available with the Licensed Software, unless the license terms of such third party software provide otherwise.

4. Restrictions on Use

In addition to all other terms and conditions of this Agreement, you shall not:

(i) install one copy of the Licensed Software on more than one CPU;
(ii) remove any copyright, trademark or other proprietary notices from the Licensed Software or its copies;
(iii) make any copies except for one back-up or archival copy, for temporary emergency purpose;
(iv) rent, lease, license, sublicense or distribute the Licensed Software or any portions of it on a standalone basis or as part of your application;
(v) modify or enhance the Licensed Software;
(vi) reverse engineer, decompile or disassemble the Licensed Software.
(vii) allow any third parties to access, use or support the Licensed Software.

5. Technical Support

AdventNet provides support that includes email support for problem reporting, product updates, and online access to product documentation for a period of one year. AdventNet specifically excludes upgrades from the support program. Upgrade to the Licensed Software will be provided as part of the Subscription License Fee.

6. Ownership and Intellectual Property

AdventNet owns all right, title and interest in and to the Licensed Software. AdventNet expressly reserves all rights not granted to you herein, notwithstanding the right to discontinue or not to release any Licensed Software and to alter prices, features, specifications, capabilities, functions, licensing terms, release dates, general availability or characteristics of the Licensed Software. The Licensed Software is only licensed and not sold to you by AdventNet.

7. Audit

AdventNet has the right to audit your Use of the Licensed Software by providing at least seven (7) days prior written notice of its intention to conduct such an audit at your facilities during normal business hours.

8. Confidentiality

The Licensed Software contains proprietary information of AdventNet that are protected by the laws of the United States and you hereby agree to take all reasonable efforts to maintain the confidentiality of the Licensed Software. You agree to reasonably communicate the terms and conditions of this Agreement to those persons employed by you who come into contact with or access the Licensed Software, and to use reasonable efforts to ensure their compliance with such terms and conditions, including but not limited to, not knowingly permitting such persons to use any portion of the Licensed Software for a purpose that is not allowed under this Agreement.

9. Warranty Disclaimer

AdventNet does not warrant that the Licensed Software will be error-free. Except as provided herein, the Licensed Software is furnished "as is" without warranty of any kind, including the warranties of merchantability and fitness for a particular purpose and without warranty as to the performance or results you may obtain by using the Licensed Software. You are solely responsible for determining the appropriateness of using the Licensed Software and assume all risks associated with the use of it, including but not limited to the risks of program errors, damage to or loss of data, programs or equipment, and unavailability or interruption of operations.

Because some jurisdictions do not allow for the exclusion or limitation of implied warranties, the above exclusions or limitations may not apply to you.

10. Limitation of Liability

In no event will AdventNet be liable to you or any third party for any special, incidental, indirect, punitive or exemplary or consequential damages, or damages for loss of business, loss of profits, business interruption, or loss of business information arising out of the use or inability to use the program or for any claim by any other party even if AdventNet has been advised of the possibility of such damages. AdventNet's entire liability with respect to its obligations under this agreement or otherwise with respect to the Licensed Software shall not exceed the amount of the named developer license fee paid by you for the Licensed Software.

Because some jurisdictions do not allow the exclusion or limitation of liability for incidental or consequential damages, the above exclusions or limitations may not apply to you.

11. Indemnification

AdventNet agrees to indemnify and defend you from and against any and all claims, actions or proceedings, arising out of any claim that the Licensed Software infringes or violates any valid U.S. patent, copyright or trade secret right of any third party; so long as you provide; (i) prompt written notice to AdventNet of such claim; (ii) cooperate with AdventNet in the defense and/or settlement thereof, at AdventNet's expense; and, (iii) allow AdventNet to control the defense and all related settlement negotiations. The above is AdventNet's sole obligation to you and shall be your sole and exclusive remedy pursuant to this Agreement for intellectual property infringement.

AdventNet shall have no indemnity obligation for claims of infringement to the extent resulting or alleged to result from (i) any combination, operation, or use of the Licensed software with any programs or equipment not supplied by AdventNet; (ii) any modification of the Licensed Software by a party other than AdventNet; and (iii) your failure, within a reasonable time frame, to implement any replacement or modification of Licensed Software provided by AdventNet.

12. Termination

This Agreement is effective until terminated by either party. You may terminate this Agreement at any time by destroying or returning to AdventNet all copies of the Licensed Software in your possession. AdventNet may terminate this Agreement for any reason, including but not limited to your breach of any of the terms of this Agreement. Upon termination, you shall destroy or return to AdventNet all copies of the Licensed Software and certify in writing that all know copies have been destroyed. All provisions relating to confidentiality, proprietary rights, non-disclosure, and limitation of liability shall survive the termination of this Agreement.

13. General

This Agreement shall be construed, interpreted and governed by the laws of the State of California exclusive of its conflicts of law provisions. This Agreement constitutes the entire agreement between the parties, and supersedes all prior communications, understandings or agreements between the parties. Any waiver or modification of this Agreement shall only be effective if it is in writing and signed by both parties hereto. If any part of this Agreement is found invalid or unenforceable, the remainder shall be interpreted so as to reasonable effect the intention of the parties. You shall not export the Licensed Software or your application containing the Licensed Software except in compliance with United States export regulations and applicable laws and regulations.

©2006 AdventNet, Inc. All Rights Reserved.