For the latest Troubleshooting Tips on Firewall Analyzer, visit the Troubleshooting Tips on the website or the public user forums.
The log files are located in the <Firewall Analyzer Home>/logs directory. Typically when you run into a problem, you will be asked to send the serverout.txt file from this directory to Firewall Analyzer Support.
Internet Explorer throws this error when you try to open an exported PDF report in the web browser itself. This is a known issue, and we are working on resolving it. For now, save the report to your local machine, and open it using the regular PDF software that you use (Adobe Acrobat Reader or xpdf)
The inbuilt PostgreSQL database of Firewall Analyzer could get corrupted if other processes are accessing these directories. Kindly exclude the Firewall Analyzer installation directory 'ManageEngine' (it could be in C:ManageEngine or D:ManageEngine) from both the Backup process and Anti-Virus Scans.
To increase the time limit of web client time out, follow the steps given below:
The above changes will affect all the web clients connected to the FWA server.
- Shutdown/stop the Firewall Analyzer application
- Changes for Firewall Analyzer version 7.5 (Build 7500) onwards:
- Rename/remove the C:ManageEngineFirewalllogs directory into logs_old directory.
- Change the "session-timeout" value (default value is 30 minutes) as per your requirement (say 60 minutes), in the file given below and save the file,
C:ManageEngineFirewallconfweb.xml
- Changes for Firewall Analyzer version 7.4 (Build 7400) or earlier:
- Rename/remove the C:ManageEngineFirewallserverdefaultlog directory into log_old directory.
- Change the "session-timeout" value (default value is 30 minutes) as per your requirement (say 60 minutes), in the two files given below and save the files,
C:ManageEngineFirewallserverdefaultconfweb.xml
C:ManageEngineFirewallserverdefaultdeployjbossweb-tomcat50.sarconfweb.xml
- Restart the Firewall Analyzer Server.
Alternatively, you can install the "Auto IE Refresher" in your machine for IE browser and monitor the pages from your machine.
Reference pages:
http://www.softpedia.com/get/Internet/Other-Internet-Related/Auto-IE-Refresher.shtml
http://www.download.com/AutoRefresher-for-IE/3000-12512_4-10293579.html
If you are unable to open the client and want to apply the license and troubleshoot a Firewall Analyzer installation, copy the license file in the <Firewall Analyzer Home>/troubleshooting directory and execute the applyLicense.bat file available in the same directory to apply the license.
Permission to access PostgreSQL to troubleshoot
- Open the pg_hba.conf file which is under <Firewall Analyzer Home>pgsqldata directory and add the line
host all all <IP address of the remote machine to be used to trouble shoot>/32 trust
after the line
host all all 127.0.0.1/32 trust
and save the file.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
to
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all <IP address of the remote machine to be used to trouble shoot>/32 trust
# IPv6 local connections:
host all all ::1/128 trust
Enter a proper ManageEngine license file
" during installation.
This message could be shown in two cases:
Case 1: Your system date is set to a future or past date. In this case, uninstall Firewall Analyzer, reset the system date to the current date and time, and re-install Firewall Analyzer.
Case 2: You may have provided an incorrect or corrupted license file. Verify that you have applied the license file obtained from ZOHO Corp.,
If neither is the reason, or you are still getting this error, contact licensing@manageengine.com
The web server port you have selected during installation is possibly being used by another application. Configure that application to use another port, or change the Firewall Analyzer web server port.
If Firewall Analyzer is running as a service in SUSE Linux machine and on reboot the Firewall Analyzer service is not getting started, carry out the following procedure.
![]()
- Open a Command window with Super User privileges, on the SUSE Linux machine
- Execute the YaST program. The YaST Control Center screen opens up
- In that, select System > System Services (Runlevel) menu. The System Services (Runlevel): Details screen open up.
- In the table displayed, select the Expert Mode and firewallanalyzer service.
- Set the default runlevel after booting to 2 & 5. Refer the image given below.
- Select Set and OK
- Exit the command window
- Now reboot the machine again
Probable cause: An instance of MySQL is already running on this machine
Solution: Shut down all instances of MySQL and then start the Firewall Analyzer server.
Probable cause: Port 33336 is not free
Solution: Kill the other application running on port 33336. If you cannot free this port, then change the MySQL port used in Firewall Analyzer.
Port 8500 needed by Firewall Analyzer is being used by another application. Please free the port and restart Firewall Analyzer
" when trying to start the server.Probable cause: The default web server port used by Firewall Analyzer is not free.
Solution: Kill the other application running on port 8500. If you cannot free this port, then change the web server port used in Firewall Analyzer.
Probable cause: It is due to invalid host information in the etc/hosts directory.
Solution: Change it to the following format, you will be able to start the application and get reports.
/etc/hosts
Entry should be like:
127.0.0.1 mini localhost
Solution: Instead of giving mapped network drive, you give UNC path (\\ComputerName\SharedFolder\Resource) (e.g., \\cherry\log\isa_log*.w3c).
If the issue still persist, check the following:
Probable cause: Graphs are empty either because there is no traffic is passing through the firewall or if firewall traffic is not sufficient enough to populate the reports table of Firewall Analyzer.
Solution: If you are starting Firewall Analyzer for the first time or if you are shutting down and restarting Firewall Analyzer, it will wait for the reports table to be populated with 5000 log records for the first time. From the next time onwards, Firewall Analyzer will populate reports table once in 7 minutes or once it receives the next 5000 records, whichever is earlier. You can check for the number of records received in " Packet Count " icon shown in top right corner in client UI. This will list out the details like the number of logs received and also the last received log time. It is better to run the server continuously and check whether 5000 records are collected. Do not stop and restart the server in-between!
Moreover, for viewing the already collected log records in the reports, kindly do the following:
- Login into Firewall Analyzer client UI. You will be seeing the Dashboard page.
- Replace the URL shown in your browser with the following URL.
http://localhost:8500/fw/genreport.do- Wait for sometime. Once the reports are generated an empty page will be shown.
- Now remove genreport.do from the URL and just type http://localhost:8500/fw alone.
- Now you will be able to see the report data.
You cannot see Live Reports for SonicWALL firewalls because the time duration attribute is not supported in the SonicWALL log files.
Since Firewall Analyzer processes log files as and when they are received, traffic values of 0.0MB or 0.0% may be displayed initially when the amount of traffic is less than 10KB. In such a case, wait until more data is received to populate the report tables.
This could be happening because bandwidth information is not being captured in the log file. Ensure that your Check Point firewall has been configured to generate both regular and accounting log files. While regular log files contain information regarding firewall activity, the accounting log file contains the bandwidth and session information.
Verify if intranets have been configured correctly. If you have specified IP addresses that are not actually behind the firewall, you will get zero values in the reports.
Trend reports show historical data for the corresponding traffic statistics shown in the report. Hence time changes from the Global Calendar, or top-n value changes from the Show bar on the report, do not affect these reports.
Firewall Analyzer checks for the entry "arg=your URL" in the firewall logs to populate and show URL in report data. If this entry is not present in the firewall logs then the reports wouldn't be showing any URL information.
Supported Platform:
- Ubuntu 9.1.10
- Fedora 12
- OpenSuSE 11.2
- CentOS 5.5
Prerequisite:
The GNU/Linux platform requires Qt 4.5 to be installed. Your package manager system should automatically install this for you.
Steps:
- Download Nipper libraries from https://www.manageengine.com/products/firewall/download-third-party-utilities.html according to your platform
- Install the rpm or deb according to your Operating System
- Connect to Firewall Analyzer web client and type the following URL: 'http://<host name>:8500/fw/userConfig.do'
- In that, there is an option to provide the path in which you have installed 'Nipper'. For ex: '/usr/bin/nipper'
- Click on Save link
After performing the above steps, go to Setting > Device Rule > Add Device Info, the option to generate compliance report for the device will be enabled.