Firewall Analyzer Distributed Edition
  • Highly scalable: Scale smoothly upto 1200 security devices
  • Distributed monitoring: Monitor multiple devices spread across the world
fw-diagram

In the era of globalization, more and more enterprises are making their presence across countries. Obviously, the offices, branches, factories, work places are spread across the globe. In this scenario, IT management related activities get fairly complex. IT/Network security for the distributed environment is not going to be an easy task.

Apart from large enterprises with requirement for scalable, distributed deployment, Managed Security Service Providers (MSSP) are also in need of scalable, distributed solution along with secured and exclusive segmented views for their clients and other requirements. MSSPs require a solution which can be deployed to take care of a block of geographical area.

Multi-national enterprises and MSSPs look out for a solution with following features:

  • Centralized monitoring
  • Truly scalable to meet the number of devices required to be monitored
  • Deployed in different geographical locations

Firewall Analyzer appreciates the Network security needs of large enterprises with global presence and MSSPs. It has come up with a distributed solution, which will scale up to monitor hundreds of devices and deployed at locations across the globe. To cater for the MSSPs, it offers customizable dashboards and user specific views.

Firewall Analyzer Distributed Edition is scalable and deployable in distributed model. It offers centralized monitoring of all distributed locations in a single console. It provides exclusive segmented secured for different users.

Benefits:

Scalable Solution for Global Enterprises

Addresses the demanding scalability needs of Worldwide Enterprise and MSSPs. Scales smoothly up to 1200 security devices.

Distributed Around the Globe

Distributed architecture empowers to monitor devices in locations spread across the world.

Unified Console

With the unified console, you can monitor all the Firewall Analyzer Collector Servers deployed across the globe and the security devices monitored by the Collector Servers. Qualifies as a good candidate for Security Operations Center (SOC).

Customizable Dashboard

The Dashboard is customizable to enable role based views for different users. This customizability is much sought after feature of the Managed Security Service Providers (MSSP).

Scarcely Used Bandwidth for Inter-Server Communication

No frills and sleek communication between Collectors and Admin Server ensures that the bandwidth usage is kept minimal.

Secured Inter-Server Communication using HTTPS

32 Bit and 64 Bit Installables available for both Windows and Linux

No restriction, Full feature set, Free evaluation for 30 days

Firewall Analyzer - Salient Features

 

How to Deploy - Firewall Analyzer - Distributed Edition

Firewall Analyzer Distributed Edition can be deployed using the steps given below:

  • Install and start the Admin Server first.
  • Install and start the Collector Server next.

After successfully installing and starting the Admin Server and Collector Server(s), you can view all required reports for each Collector Server from Admin Server Console. 

Install Admin Server

  • Download Firewall Analyzer Distributed Edition (ManageEngine_FirewallAnalyzer_DE_64bit.exe or ManageEngine_FirewallAnalyzer_DE.exe)
  • After accepting the licensing terms, select the mode as Admin Server.
  • Configure the proxy server details, in case Admin Server is behind a proxy server the details are required to contact the Collector Server(s).

Once installed, start the Admin Server.

Install Collector Server
Note:
Before proceeding with installation of Collector Server(s), ensure that Admin Server is installed, running and can be reached from the machine, in which Collector Server is to be installed.

  • Download Firewall Analyzer Distributed Edition (ManageEngine_FirewallAnalyzer_DE_64bit.exe or ManageEngine_FirewallAnalyzer_DE.exe)
  • After accepting the licensing terms, select the mode as Collector Server.
  • Configure the Admin Server Details such as, host name, port, and protocol.
  • In case Collector Server is behind a proxy server, enable the 'Use Proxy Server to contact Admin Server' check box and configure the proxy server details which is required to connect to the Admin Server.
  • Configure the Collector Server Details. Enter the HostName/IP/Nat IP address of the Collector Server, for Admin Server to connect. 

Once installed, start the Collector server and configure the firewalls to send logs to the Collector Server.

 

Frequently Asked Question

Firewall Analyzer - Distributed Edition

General

  1. Who should go for Firewall Analyzer - distributed setup (Distributed Edition)?

We recommend distributed setup (Distributed Edition):

  • If your's is a large enterprise, which have hundreds of security devices (like Firewalls, IPS, IDS), VPN devices and proxy devices to manage across different geographical locations.
  • If you are a Managed Security Service Provide (MSSP), having a large customer base spread across geographical locations.
  1. How many Collector Servers can a single Admin Server manage?

One Admin Server is designed to manage 50 Collector Servers. However, we have carried out simulated testing in our laboratory, which effortlessly managed 20 Collector Servers.

  1. During installation of Admin Server, I am prompted for Proxy Server details? When should I configure it?

You need to configure the proxy server details during Admin Server installation, if the Admin Server needs to pass through Proxy Server to contact Collector Servers.

  1. Can I convert the existing "Standalone" Firewall Analyzer installation to a "Distributed Setup"?

Yes, you can. Ensure that the existing installation of Firewall Analyzer build is 12300 or later. To convert, you  need download the Firewall Analyzer exe/bin of same version as the existing installation and install as Admin Server. Then you need to convert the existing installation of Firewall Analyzer Standalone Server to Collector Server. We recommend to upgarde to the latest version before the conversion. Refer the procedure in the below help link:
Procedure to convert existing Standalone Edition Firewall Analyzer installation to Distributed Edition Collector Server

  1. I have deleted the Collector Server from Admin Server. How do I re-add?

Once you have deleted the Collector Server, to re-add follow the procedure given below:

  • Reinitialize the Collector Server.
  • Re-register the Collector Server with Admin Server by executing the <Firewall Analyzer Home>\troubleshooting\registerWithAdminServer.bat/sh file.
  • Restart the Collector Server.
  1. Where the collected logs are stored, whether in Collector Server database or in both Collector Server and Admin Server databases?

All the logs collected by the Collector Server are stored in the Collector Server database only. For archiving, there is a provision to forward the logs to the Admin Server, but not for storing in the Admin Server database.

 
Secured Communication Mode (HTTPS)

  1. What is the mode of communication between Admin Server and Collector Server?

By default, the mode of communication is through HTTP. There is also an option to convert it to secured mode of communication HTTPS. Refer the procedure in the below help link, to setup secure communication mode between Admin and Collector Server.

  1. I have changed the Collector Server communication mode to HTTPS, after installation. How to update this info in Admin server?

Click on Settings tab > Collector Settings link in Admin Server UI and click on the Edit icon of specific Collector and select the appropriate protocol and configure the web server port details.


Licensing

  1. What are the "Licensing Terms" for Firewall Analyzer Distributed Edition?

Firewall Analyzer Distributed Edition license will be applied in Admin Server. The number of devices for which the license is purchased, is utilized among the registered Collector Servers. You can keep adding the devices in various Collector Servers till the total number of licenses purchased get exhausted. View the number of devices managed by each Collector Server in the Collector Settings page.

If the number of devices being collectively managed by all the registered Collector Servers, exceed the number of License purchased, a warning message appears in the Admin Server. In that scenario, you have various options.

  • Purchase license to manage the additional devices.
  • Otherwise, check the number of devices being managed by each Collector Server in the Collector Settings page in the Admin Server.
    • Go to the Admin Server License Management page and manually manage the licenses. Unmanage the lesser required devices and make the managed devices count equal to the number of licenses.
    • You can also remove a registered Collector Server in the Admin Server to make the managed devices count equal to the number of licenses.
  1. In Collector Server there no is option to apply the license? How the license get applied in the Collector Server?

Yes, there is no option to apply the license in Collector Server. The license applied in Admin Server will be automatically propagated to all Collector Servers.

  1. "License Restricted" alert is showing in Admin Server, even though I have unmanaged additional devices in Collector Server. Why?

The managed/unmanaged status of devices in Collector Server are synchronized with Admin Server during the data collection cycle, which happens at an interval of 5 minutes.
 

 

A single platter for comprehensive Network Security Device Management