Manage Protocol Groups in Firewall Analyzer


    A protocol group is a set of related protocols typically used for a common purpose. The Protocol Groups link lets you define protocols as well as protocol groups, so that you can identify traffic that is unique to your enterprise. Most of the common enterprise protocols are already included in Firewall Analyzer under appropriate groups.

    You can also export and import protocol lists in to Firewall Analyzer

    Some of the important protocol groups include the following:

    Protocol Group Protocols Included Description
    Web HTTP, HTTPS, Gopher Includes protocols used to access IP traffic (the Internet)
    Mail POP, SMTP, IMAP Includes protocols used to send or receive e-mail traffic

    FTP

    FTP, TFTP, FTPS

    Includes protocols used to transfer files through FTP
    Telnet Telnet Includes protocols used to access telnet services

    Click the Protocol Groups link to view the list of protocol groups and the corresponding protocols. The View by Group box lets you view the list, one protocol group at a time.

    The Unassigned protocol group contains all the protocols that are not assigned to any group.

    Note: Some firewalls interpret protocols at Layer 4 (Application Layer), which means that a combination of port and protocol is identified as an application, and written into the log file. For example, tcp protocol on port 80 is identified as http traffic. Hence http is shown in the Protocols column. Other firewalls interpret protocols at Layer 3 only, which means only the port and protocol values are written into the log file. Hence, in the same example, tcp/80 is shown in the Protocols column.

    Operations on Protocols

    Click the Delete icon next to a protocol to delete it from the protocol group. Once a protocol is deleted, all the database records related to that protocol will be deleted. Click the Move icon to move a protocol from the current protocol group to another.

    Add Protocol

    Click the Add Protocol link and assign it to a protocol group. Remember to enter the protocol value exactly as it appears in the log file. If you want to add it to a new protocol group, click the Add icon next to the Protocol Group text box to add a new Protocol Group, and enter the name of the new protocol group and click Add.

    Add Protocol Identifier

    Click the Add Protocol Identifier link. And, to specify the range for the protocol identifier click the Add Protocol Identifier Range link and specify the From Port & To Port of the protocol identifier, and select between tcp or udp for the Layer 3 Protocol.

    From the list of Available Protocol Identifiers, move the required protocols to the Selected Protocol Identifiers to be included in this protocol group. Please note that a protocol can belong to only one protocol group at a time.

    Note: When you see the icon next to the Unassigned protocol group on the Dashboard, you need to add the protocols and assign them to protocol groups in this way.

    Operations on Protocol Groups

    Click the Add Protocol Group link or Add icon next to it to add a new protocol group. In the popup window that opens, enter a unique group name, and a short description. From the list of protocols currently not assigned to any protocol group, choose the protocols to be included in this protocol group. Please note that a protocol can belong to only one protocol group at a time.

    Select the protocol group from the list and click the Edit Protocol Group or the Edit icon to edit the properties of that protocol group. In the popup window that opens, you can edit the protocol group's description, add currently ungrouped protocols, or remove existing protocols from this protocol group.

    To delete a protocol group, select the protocol group from the list and click the Delete Protocol Group link or the Delete icon next to it. The protocol group is deleted, and all associated protocols are put in the Others protocol group.

    How to group the unassigned Protocols

    Generally used protocols like Mail, Web, FTP, Telnet, etc., have been configured as Groups. However, the unknown protocols can be grouped as per your requirement.

    1. Click on the 'Unassigned' in protocol group under Traffic Statistics, which shows all the unknown protocols.
    2. Click on Assign and Select 'All' under Hits and select the 'Multiple Selection', which lists all the unassigned protocols.
    3. Select the protocols and group it under protocol group and assign the appropriate protocol.
    4. If you do not find a protocol group, click on the Add sign to add a new protocol group.

    Once you configure the protocols to protocol groups, you will not receive any unassigned protocol after the time of assigning. Once you assign the protocols, the reports will show the assigned protocols only from the assigning time. Hence, in the reports generate earlier to the protocol assignment, you will see only the unassigned protocols and in the upcoming reports, you can find the newly assigned protocols under their appropriate protocol group.

     If you are not sure of the protocols, which needs to be assigned, kindly check the application that uses the port/protocol. You can also check the raw log in the <Firewall Analyzer Home>serverdefaultarchive<firewall IP address> folder.

    Export and Import Protocol Lists

    The list of protocols and protocol groups defined can be exported from and imported in to Firewall Analyzer in XML file format. This will reduce your manual effort to define protocols and protocol groups.

    Export the existing protocol lists

    Export - Click Export menu link. The existing protocol list will be downloaded as an XML file (ProtocolList.xml), through your browser into your client machine.

    Import protocol lists

    Import - Click Import menu link. On clicking the link, Select Protocol List file to import: screen pops-up. In that, you will find Browse button besides the 'No files selected' text. Use the 'Browse' button to locate the XML file. Click Import button to import the list in to Firewall Analyzer server and Cancel button to cancel the import list file operation.