These are the questions asked during Firewall Analyzer training.
FAQ's
Does Firewall Analyzer support PCI standards report for the Vyatta 5600 device?Yes, the Vyatta 5600 device is added recently. Upgrade the product with the latest service pack.
Is there any report like category wise UTM report? Like what category is using more bandwidth?Yes, Firewall Analyzer provides the Allowed/Blocked categories in URL Report under 'Reports' section.
Can we have 'Peek hours' report?Yes, there are slew of bandwidth reports, Firewall Analyzer provides the report based on 'Working hours' and 'Non-Working hours' in 'Trend' reports.
Can I export the firewall rules to CSV format?Yes, Firewall Analyzer provides the export option for PDF and CSV formats.
Does Firewall Analyzer support Huawei firewalls?Yes, the Huawei device is added recently. Upgrade the product with the latest service pack.
Can I make firewall rule/policy change through this tool?Currently no, Firewall Analyzer is an out and out reporting software. However, this is in the product roadmap.
Does Firewall Analyzer generate reports on firewall policies?Firewall Analyzer provides the following policy reports Policy overview reportManually documenting all firewall rules and reviewing them on a regular basis is an arduous and time-consuming task. To solve this issue, you can use Firewall Analyzer to fetch the entire set of rules written in the firewall. Policy optimization reportFirewall Analyzer’s policy optimization feature identifies shadow rules, redundancy, generalization, correlation, and grouping anomalies. These anomalies negatively impact firewall performance, and removing them will help you optimize rule efficiency. Rule reorder reportFirewall Analyzer provides suggestions on rule position by correlating the number of rule hits with rule complexity and anomalies. It can estimate the performance improvement for a suggested change. With the help of this report, you get an understanding of how to organize firewall rules to maximize speed. Rule cleanup reportFirewall Analyzer provides a detailed list of all unused firewall rules, objects, and interfaces. The Rule Cleanup feature gives you a high-level overview of which rules, objects, and interfaces can be removed or deactivated.
Can I delete a firewall policy through this tool?No, we can not delete a policy using FIrewall Analyzer. It's purely a reporting application. However, you can use another tool called Network Configuration Manager (NCM) to take action on the device. The feature which is add/edit/delete the policies from the Firewall Analyzer is in the product roadmap.
Is Network Configuration Manager (NCM) combined with Firewall Anaylzer?No, It's a separate tool. But, when you install ManageEngine OpManager, all these tools come bundled as Add-ons.
We have 10 SonicWALL devices connected with the Site-to-Site VPN. Is it recommended to use a single Firewall Analyzer for all devices or install on each location?Yes, you can use Standalone Firewall Analyzer for the all 10 SonicWALL devices. But, if the total log rate is more than 2000, or the devices are geographically apart, we would suggest 'Distributed' edition.
There is Firewall Analyzer option in OpManager, does this version has all the features of Firewall Analyzer?Yes, Firewall Analyzer is available along with OpManager as IT Operations & Management (ITOM) suite of products. The Firewall Analyzer can be activated by simply applying license. You can also get a standalone Firewall Analyzer product.
Can we have AD credentials as Firewall Analyzer authentication?Yes, you can use AD for external authentication for Firewall Analyzer user credentials
Can I use the Firewall Analyzer demo or test set up through the Internet?Yes, please visit our demo page: http://demo.fwanalyzer.com
Does Firewall Analyzer check the policy ID of multiple firewalls to generate reports? Because we need to maintain the IDs of multiple firewalls.Yes, we generate the rule management reports based on the Policy ID for single/multiple firewall(s).
Can we use Firewall Analyzer to audit cloud firewalls?As of now, Firewall Analyzer does not support cloud firewalls. Please send the sample logs with details of cloud firewall. Please contact firewall analyzer support for further details.fwanalyzer-support@manageengine.com
What is meant by 'Trend report'?Trend Reports analyze traffic over a period and present graphs that make analysis and forecasting easy.
Why do I need this tool when I have a Cyberoam that can provide me this kind of reports and user activity monitoring? Firewall Analyzer supports multiple vendor firewalls. If your customer switches to some other vendor firewall, he need not change the analyzer product. He can continue using Firewall Analyzer. User activity monitoring is only a part of the Firewall Analyzer functionality. It has much more capability which can be used to protect your network.
Can reports on internet usage be generated if a proxy is being used?Yes, report can be generated even if the proxy is used.
How do we identify users accessing website/black listed Internet IPs? I want to know if a user or machine is connected to blacklisted IP addresses over the internet?By creating a custom report with black list IP filter, you can get the report. Please refer below links. By creating a custom report with black list IP filter, you can get the report. Please refer below links. http://help.fwanalyzer.com/log-filters-v12
How much HDD is required to manage number of firewalls?Hard disc requirement is purely based on the Syslog flow rate and the data retention time period. Example:If there are 100 logs/sec flow rate and we want to retain the data for 1 month, then we need approximately 150 GB of HDD.
For more information on System Requirement, please refer the below link, http://help.fwanalyzer.com/firewall-system-requirements-v12
Can I get an alert from the application if there are no syslogs received from devices?Yes, we can create an Availability Alert profile under Settings-->Firewall-->Firewall Server-->Availability Alert. This will notify via e-mail when Firewall Analyzer does not receive Syslogs from the firewall for a certain period of time.
Syslog forwarding port in the application says failed. What should I do?If the given Syslog listening port(s) are occupied by any other application/process, then Firewall Analyzer will not be able to use the same port and it will show the status as "Failed". We need to ensure that the same port is not occupied by another application/process.
Can we create a report for raw data and schedule it?Yes. Using the Raw Search option we can perform search for any given criteria and save those search results in the form of a Report. Additionally, this report can be scheduled.
I am Unable to start the application automatically once the Firewall Analyzer server is restarted. What could be the problem?The "Startup Type" of Firewall Analyzer Service should be set to "Automatic", so that the service will restart automatically when there is a Server reboot. Also, if the Firewall Analyzer is running as an "Application" (i.e. using the run.bat from CMD), then upon a reboot of Server, Firewall Analyzer won't start automatically. Hence, it's recommended to run the Firewall Analyzer as a service.
Though the Device is forwarding the syslogs to the Firewall Analyzer server but device not added? i) Log in to Firewall Analyzer Web Client and click on "Settings" tab-->Firewall--> "Syslog server" and check if, the corresponding port(s) (configured in firewall for forwarding logs) is "UP".
ii) Check if any firewall ( like Windows Firewall or any other ) is blocking the packets.
iii) Check if there is any unsupported logs under Settings-->Firewall-->Firewall Server-->Device Details. If yes, then delete them and check.
I am Unable to see the Application/Virus reports for Cisco devices in the product(Firewall Analyzer) Web-UI. What is the issue?Usually syslogs from Cisco ASA does not contain "Application" and "Virus" attribute.
Hence, the Application Report and Virus Report in Firewall Analyzer will be empty for Cisco ASA firewalls.
Can we add devices manually in the Firewall Analyzer?We do not need to add firewalls manually in Firewall Analyzer. Once you configure the Firewall, you have to forward Syslogs to Firewall Analyzer Server, the firewalls be added automatically in application. Exception: In case of Check Point Firewalls, we need to add the device in Firewall Analyzer.
Is there any other protocol used in Firewall Analyzer other than syslog?We can use SNMP to generate Live Traffic and update Link speed for devices and interfaces.
Can I get any specific version of Start-up (or) Running configuration from the application?Yes, we can fetch the specific version of Start-up/Running configuration from the Change Management reports. This also helps us to compare different versions of Start-up/Running configuration and to find the difference between them.
While adding device rule, the test credential has failed. What should I do?Connect to the device using a standard TELNET/SSH tool (Putty) from the Firewall Analyzer server and then ensure that the credentials given in Firewall Analyzer are in the same sequence similar to TELNET/SSH tool. Additionally, we need to ensure that the login credentials are correct.
I have a Firewall with VDOMs. Will Firewall Analyzer fetch and analyze their configurations?Yes, Firewall Analyzer can fetch the configuration from VDOMs.
Is it possible to ignore a line/configuration, so that it won't appear as a configuration change in Change Management Report?Yes, we can use the "Exclude Criteria" feature (available under Settings-->Firewall-->Firewall Server) to ignore a line/configuration in Change Management Report.
Please refer the below link to know more about Exclude Criteria : http://help.fwanalyzer.com/configuration-exclude-criteria-v12
How to get immediate notification for configuration change if anyone performed those changes anonymously?While adding the firewall under Device Rule, under "Reports" section select "Generate Change Management Report". This will give an option to add the e-mail address to notify whenever there is any configuration change occurred in the firewall.
Can I roll-back any specific configuration using Firewall Analyzer?No, we can not roll back the configuration in the Firewall using Firewall Analyzer.
Is there a report to verify who changed the configuration?Yes, "Changed by" section of Change Management Report shows the User name, who performed the configuration change.
Can we update the Rule re-order position change automatically in Firewall? Firewall Analyzer helps to analyze the usage of each rule and suggests the position of the rule for optimum performance. Using Rule Re-order, Firewall Analyzer can not change the position of the rule in the firewall. Based on the Rule re-order suggestion Network Admin can change the position in the firewall.
I have to know what kind of command is executed in the device over a period of time. Will Firewall Analyzer help getting such information?Firewall Analyzer provides a pre-defined "Admin Report" with Successful User Logon, Successful User Logff, Denied User Logon & Commands Executed information. We can select a period of time in the calendar to view the commands executed for the same time.
How to import data to change management i.e. currently under change management I have no dataChange Management will populate the data automatically. Consequently, Firewall Analyzer can detect rule/policy changes happened in the device, provided if you already configured device-rule for that particular device in the application.
Does Firewall Analyzer supports Fortigate? And how does it help with Fortigate logs?Log reporting and configuration analysis is fully supported for Fortigate firewalls. You can export Syslog and Device-Rule, which will show you complete reports as explained in training-1.
I want to download the list of all the configuration changes I did in application. Will the Firewall Analyzer show me the information? If yes then how?Yes, whenever a user logs in to the CLI, and make any changes and logs out. We receive a syslog and based on the received logs we can trigger a configuration fetch.
