Managing Protocol Groups
A protocol group is a set of related protocols typically used for a common
purpose. The Protocol Groups link lets you define
protocols as well as protocol groups, so that you can
identify traffic that is unique to your enterprise. Most of the common enterprise
protocols are already included in Firewall Analyzer under appropriate groups.
You can also export and import protocol lists in to Firewall Analyzer
Some of the important protocol groups include the following:
||HTTP, HTTPS, Gopher
||Includes protocols used to access IP traffic (the Internet)
||POP, SMTP, IMAP
||Includes protocols used to send or receive e-mail traffic
FTP, TFTP, FTPS
|Includes protocols used to transfer files through FTP
||Includes protocols used to access telnet services
Click the Protocol Groups link to view the list of protocol
groups and the corresponding protocols.
The View by Group box lets you view the list, one protocol
group at a time.
The Unassigned protocol group contains all the protocols that
are not assigned to any group.
||Some firewalls interpret protocols at Layer 4 (Application
Layer), which means that a combination of port and protocol is identified
as an application, and written into the log file. For example, tcp
protocol on port 80 is identified as http traffic.
Hence http is shown in the Protocols column. Other firewalls
interpret protocols at Layer 3 only, which means only the port and
protocol values are written into the log file. Hence, in the same
example, tcp/80 is shown in the Protocols column.
Operations on Protocols
icon next to a protocol to delete it from the protocol group. Once a protocol
is deleted, all the database records related to that protocol will be
deleted. Click the
icon to move a protocol from the current protocol group to another.
Click the Add Protocol link or the
icon next to it to add a new protocol, and assign it to a protocol group.
Remember to enter the protocol value exactly as it appears in the log
file. If you want to add it to a new protocol group, click the icon next to the Protocol
Group text box to add a New Protocol Group, and enter the name of the new protocol group and click Add. From the list
of Available Protocol Identifiers, move the required
protocols to the Selected Protocol Identifiers to be included in this protocol group. Please note that a protocol
can belong to only one protocol group at a time.
Click the Add Protocol Identifier link or the icon to add a new protocol identifier. And, to specify the range for the protocol identifier click the Add Protocol Identifier Range link or the icon and specify the From Port & To Port of the protocol identifier, and select between tcp or udp for the Layer 3 Protocol.
||When you see the
icon next to the Unassigned protocol group on the Dashboard,
you need to add the protocols and assign them to protocol groups in
Operations on Protocol Groups
Click the Add Protocol Group link or
icon next to it to add a new protocol group. In the popup window that
opens, enter a unique group name, and a short description. From the list
of protocols currently not assigned to any protocol group, choose the
protocols to be included in this protocol group. Please note that a protocol
can belong to only one protocol group at a time.
Select the protocol group from the list and click the Edit Protocol
Group or the icon to edit the properties of that protocol group. In the popup window
that opens, you can edit the protocol group's description, add currently
ungrouped protocols, or remove existing protocols from this protocol group.
To delete a protocol group, select the protocol group from the list and
click the Delete Protocol Group link or the
icon next to it. The protocol group is deleted, and all associated protocols
are put in the Others protocol group.
Operations on Protocols
Click the Add Protocol link or icon next to it to add a new protocol. In the popup window that
opens, enter a unique protocol name. From the list
of protocol groups currently available, choose the
protocol group to which this protocol needs to be included. You can also add new Protocol Group to assign this Protocol, using icon next to Protocol Group combo box. Please note that a protocol
can belong to only one protocol group at a time. From the list
of Available Protocol Identifiers currently available, choose the
Protocol Idetifiers to be included in this Protocol, send it to the Selected Protocol Identiers list. You can add new Protocol Identifiers, as per your requirement, using Add Protocol Identifier link. You can add new range of ports for the selected Layer 3 Protocol as Protocol Identifiers, using Add Protocol Identifier Range link. Click OK button to complete the operation and Cancel button to abort the operation.
Select the protocol from the list and click the Edit Protocol or the icon to edit the identifiers of that protocol. In the popup window
that opens, you can edit the protocol's identifiers, add new protocol identifiers, or remove existing protocol identifiers from this protocol.
To delete a protocol, select the protocol from the list and
click the Delete Protocol link or the icon next to it. The protocol is deleted, and all associated protocol identifiers
are put in theAvailable Protocol Identifiers list.
How to group the unassigned Protocols
Generally used protocols like Mail, Web, FTP, Telnet, etc., have been configured as Groups. However, the unknown protocols can be grouped as per your requirement.
- Click on the 'Unassigned' in protocol group under Traffic Statistics, which shows all the unknown protocols.
- Click on Assign and Select 'All' under Hits and select the 'Multiple Selection', which lists all the unassigned protocols.
- Select the protocols and group it under protocol group and assign the appropriate protocol.
- If you do not find a protocol group, click on the sign to add a new protocol group.
Once you configure the protocols to protocol groups, you will not receive any unassigned protocol after the time of assigning. Once you assign the protocols, the reports will show the assigned protocols only from the assigning time. Hence, in the reports generate earlier to the protocol assignment, you will see only the unassigned protocols and in the upcoming reports, you can find the newly assigned protocols under their appropriate protocol group.
If you are not sure of the protocols, which needs to be assigned, kindly check the application that uses the port/protocol. You can also check the raw log in the <Firewall Analyzer Home>\server\default\archive\<firewall IP address> folder.
Export and Import Protocol Lists
The list of protocols and protocol groups defined can be exported from and imported in to Firewall Analyzer
in XML file format. This will reduce your manual effort to define protocols and protocol groups.
Export the existing protocol lists
Export - Click Export menu link. The existing protocol list will be downloaded as an XML file (ProtocolList.xml), through your browser into your client machine.
Import protocol lists
Import - Click Import menu link. On clicking the link, Select Protocol List file to import: screen pops-up. In that, you will find Browse button besides the 'No files selected' text. Use the 'Browse' button to locate the XML file. Click Import button to import the list in to Firewall Analyzer server and Cancel button to cancel the import list file operation.