Verify if intranet's have been configured correctly. If you have specified IP addresses that are not actually behind the firewall, you will get zero values in the reports.
Availability alert triggered based on log processed time. If syslogs are not processed within the schedule time, alert will be triggered. You can see log processing time of specific firewall in Settings > Firewall > Firewall Server > Live Packet Count.
To identify external hosts, you need to configure your intranets in Intranet Settings link of the Settings tab. When configured, all hosts outside your configured intranets will be considered as external hosts. You can see the external hosts in Reports > Firewall Reports > Internet Reports.
Protocols in Reports
Different firewalls denote the port numbers in the logs in different ways, for example, http:80 can be shown as tcp:80, http:80, etc. Hence, the protocol identifiers are grouped as Protocols and then to Protocol Groups. We found that the reports using Protocols are much usable than the reports based on port numbers. Hence, we show the Protocols in the reports. If all the unassigned protocols assigned to Protocols and Protocol Groups, there would not be any issue of unknown protocols.
Assigning Unassigned Protocols
There will be some unassigned protocols as few protocols are not grouped.
You can view the port details of theunassigned protocols:
Click on the tool icon beside the Firewall name under Devices in the Inventory tab.
In the pop-up window, select Last 6 hours.
It will show all the unassigned protocols along with port numbers.
We have configured the generally used protocols as Groups like Mail, Web, FTP, Telnet, etc. However, you can group the unknown protocols as per your requirement. Configuring Unassigned Protocol will be a one-time activity.
Click on the Unassigned in Protocol Group under Traffic Statistics, which shows all the unknown protocols.
Click on Assign and Select All under Hits and select the Multiple Selection, which lists all the unassigned protocols.
Select the protocols and group it under Protocol Group and assign the appropriate protocol.
If you do not find a Protocol Group, click on the '+' sign to add a new Protocol Group.
Note:Once you assign the protocols, the reports will show the assigned protocols and the newly assigned protocols under their appropriate protocol group only from the assigned time. You will see the unassigned protocols in the reports generated earlier to the assigned time.
If you find that the reports based on ports, please assign specific protocols to the corresponding port numbers and create a custom report to view the details.
Checking the port numbers
Check the port number by clicking on Settings > Protocol Groups > Click on the drop down menu against 'View by Group'and select the appropriate protocol. This will show the protocol identifiers with port numbers.
You can also check the raw log in the folder <Firewall Analyzer Home>serverdefaultarchive<DNS(or)IP addressHot> folder to know the protocol type and port numbers (You can open the file using a notepad).
Firewall Analyzer uses SCP configuration export command to fetch configuration from firewall. Choose SCP protocol and try again.
If device rule fails, provide inbound access for scp port (tcp/22) in Firewall Analyzer server and try.
If it still fails, take screenshot of firewall CLI and send it to fwanalyzer-support@manageengine.com along with <Firewall Analyzer Home>/logs folder.
Add Device Rule > Select Report > Generate Change Management Report check box to generate configuration change management report.
Under the Notification Options, enter the Email address of the user(s), who need to be informed via Email when any configuration change happens.
Check if any other application or service is using that port. If Yes, kill the process and restart the product. Ensure that the killed process does not affect the machine.
Windows:
Linux:
Command tcpdump -i <interface> host <firewall IP address> port <UDP port>
If you want to fetch the rules/configurations from the individual virtual firewalls (virtual domain) separately, select the option 'Display Virtual Domains in the below resources list.' in Assign Profile page. It lists both the virtual firewalls (virtual domain) and the physical devices in the Select Device drop down list.