The nuts and bolts of Firewall Analyzer

These are the questions asked during Firewall Analyzer training.


  • How much HDD is required to manage number of firewalls?
    Hard disc requirement is purely based on the Syslog flow rate and the data retention time period.
    If there are 100 logs/sec flow rate and we want to retain the data for 1 month, then we need approximately 150 GB of HDD.
    For more information on System Requirement, please refer the below link,
  • Is the drill down option available for the dashboard widgets?
    Yes, we can perform drill down analysis in the dashboard Widgets.
  • Can I get an alert from the application if there are no syslogs received from devices?
    Yes, we can create an Availability Alert profile under Settings-->Firewall-->Firewall Server-->Availability Alert. This will notify via e-mail when Firewall Analyzer does not receive Syslogs from the firewall for a certain period of time.
  • Syslog forwarding port in the application says failed. What should I do?
    If the given Syslog listening port(s) are occupied by any other application/process, then Firewall Analyzer will not be able to use the same port and it will show the status  as "Failed". We need to ensure that the same port is not occupied by another application/process.
  • Can we create a report for raw data and schedule it?
    Yes. Using the Raw Search option we can perform search for any given criteria and save those search results in the form of a Report.
    Additionally, this report can be scheduled.
  • Unable to start the application automatically once the Firewall Analyzer server is restarted. What could be the problem?
    The "Startup Type" of Firewall Analyzer Service should be set to "Automatic", so that the service will restart automatically when there is a Server reboot. Also, if the Firewall Analyzer is running as an "Application" (i.e. using the run.bat from CMD), then upon a reboot of Server, Firewall Analyzer won't start automatically. Hence, it's recommended to run the Firewall Analyzer as a service.
  • Device is forwarding the syslogs to the Firewall Analyzer server but device not added?
    i) Log in to Firewall Analyzer Web Client and click on "Settings" tab-->Firewall--> "Syslog server" and check if, the corresponding port(s) (configured in firewall for forwarding logs) is "UP".
    ii) Check if any firewall ( like Windows Firewall or any other ) is blocking the packets. 
    iii) Check if there is any unsupported logs under Settings-->Firewall-->Firewall Server-->Device Details. If yes, then delete them and check.
  • Unable to see the Application/Virus reports for Cisco devices in the product(Firewall Analyzer) Web-UI. What is the issue?
    Usually syslogs from Cisco ASA does not contain "Application" and "Virus" attribute. 
    Hence, the Application Report and Virus Report in Firewall Analyzer will be empty for Cisco ASA firewalls.
  • Can we add devices manually in the Firewall Analyzer?
    We do not need to add firewalls manually in Firewall Analyzer. Once you configure the Firewall, you have to forward Syslogs to Firewall Analyzer Server, the firewalls be added automatically in application.
    In case of Check Point Firewalls, we need to add the device in Firewall Analyzer.
  • Is there any other protocol used in Firewall Analyzer other than syslog?
    We can use SNMP to generate Live Traffic and update Link speed for devices and interfaces.