Firewall Analyzer - Release Notes

Listed here are the feature enhancements, bug fixes and limitations of each release update of Firewall Analyzer.

  • Release Overview
    1. 12.4 Build 124099

      New features/enhancements:

      1. Support ID: 5535440 - Check Point multi access layer supported for Rule Management.
      2. Option to enter 'Gateway Name' under 'Add Device Credential' page for Check Point firewalls.

      Issues fixed :

      1. Support ID: 5625819 - Unable to assign 'Credential Profile' while creating device rule. Fixed the issue.
      2. Support ID: 5625819 - Changing credential profile to none clears the default info in device rule. This issue is fixed.
      3. Support ID: 5474215 - Issue in 'column chooser', while selecting multiple column using 'control' key, is fixed for 'Raw Log Search' page.
      4. Weaker file permission for Nipper file has been fixed (CVE-2019-17421).
    2. 12.4 Build 124096

      New device/log format support :

      1. Support ID: 5485772 - Symantec Endpoint Protection 14 device.
      2. Support ID: 5585856 - Huawei default 'Syslog' format support along with existing MTN format.

      Enhancements :

      1. Support ID: 5535440 - VPN report supported for Check Point Log Exporter CEF format.
      2. The interface IP address field is empty when fetched via SNMP for Cisco Meraki and Sophos XG devices. Because of this issue, interface is not getting added in Firewall Analyzer. Enhanced to fetch interface IP address.

      Issues Fixed :

      1. Support ID: 5535440 - Fixed the Interface value parsing issue in Check Point Log Exporter CEF format.
      2. Support ID: 5605740 - Fixed the Palo Alto port scan attack parsing issue.
      3. Support ID: 5586838 - Fixed the SonicWALL device rule parsing issue for SonicOS 5.6
      4. Support ID: 5567083 - Fixed the SonicWALL device rule service group parsing issue.
      5. Support ID: 5586113 - Palo Alto ISO compliance standards > Firewall Management configuration details - fixed the device rule parsing issue.
      6. Bandwidth alert issues fixed:
        1. Bandwidth alert triggered frequently. Threshold criteria is not applied properly.
        2. Alert mail is not showing the 'latest log' message properly.
        3. In Alarms page, the bps, bps_in & bps_out values of the alert details message are not displayed properly.
      7. Fixed the Huawei device rule parsing issue.
      8. 'Availability Alert' is getting triggered for the lowest time selected in case of multiple alert case. Fixed the issue.
      9. 'Archive Security Settings' is reset to default values, when 'archived file' settings is changed. Fixed the issue.
      10. Internally identified 'local file inclusion' vulnerabilities are fixed to make the product secure.
    3. 12.4 Build 124088

      New device/log format support :

      1. Support ID: 5447104 - Kerio Control Firewall version 9.2.8

      New features and enhancements :

      1. Rule Cleanup Enhancements:
        1. Identify unused source, destination and service objects defined in used rules.
        2. Identify unused any port and protocols defined in the objects of used rules.
      2. Revamped the Rule Management report pages to improve the usability.
      3. Option to assign multiple collectors while creating Operator privilege users in Central server.
      4. A new device audit report for login, logout for devices.
      5. User based 'Commands executed' details for every configuration change.
      6. Log flow parsing rate has been improved to handle more proxy server logs.
      7. Source and Destination countries are now listed in the drop down for selection while creating 'Normal' alerts.
      8. Support ID: 5377251 - SSL VPN report supported for Sophos XG devices.
      9. Support ID: 5377251, 5045675 - Now users can search the source port, destination port and URL category as criteria in the 'Raw Search' report.
      10. Support ID: 5377251 - Rule enable and disable syslogs are parsed to show in 'Commands executed' report for Sophos XG in Admin reports.

      Issues Fixed :

      1. Support ID: 5518885 - Device rule addition got failed for VDOM devices, when we assign existing credential profiles. Fixed the issue.
      2. Support ID: 5519348 - Editing of Change Management report schedule was not working after the product restart. Fixed the issue.
      3. Support ID: 5465688 - Hit count mismatch between 'Denied Events' report under Security report and 'Raw Deny' logs in Raw Search for Palo Alto device is fixed.
      4. Support ID: 5485772 - Excluding the user name, if the user name is coming as IP address for proxy. Fixed the issue.
      5. Support ID: 5414153 - Excluding 'Management' syslogs from user name - IP address mapping. Fixed the issue.
      6. Support ID: 5465784 - WatchGuard traffic log parsing issue fixed.
      7. Support ID: 5024679 - Fixed the 'Directory' validation handling issue in 'Imported Logs' page.
      8. Support ID: 5407203 - VPN User transaction report showing different names in Custom report page issue is fixed.
      9. Internally identified SQL Injection, Remote Code Execution and Local File Inclusions vulnerabilities are fixed to make the product more secure.
      10. Support ID: 5547592, 5425257 - Fixed the SRX and Cisco device rule parsing issues.
      11. Support ID: 5539886, 5566735 - Unable to configure SNMP v3 due to community string being mandatory and special character limitation. This issue is fixed.
    4. 12.4 Build 124083

      Enhancement :

      1. Rule management and compliance reports for Stormshield devices using CLI.
    5. 12.4 Build 124068

      Enhancements :

      1. Rule management and compliance reports for Juniper NetScreen devices using SSH protocol.
      2. Added SSH protocol to fetch configuration files for Sonicwall Firewall.
      3. Rule management and compliance reports for SonicWALL devices using API.
      4. Configuration diff page has been enhanced with 'Lines around Changes' option.
      5. In Discovery page, option to configure port has been provided.
      6. SonicWALL device rule UUID supported to display it along with rule name in Policy Overview and Optimization reports.
      7. Virus report supported for Cisco FirePOWER devices.
      8. API Document has been released for public.
      9. New columns source 'src' & destination 'dst' interface added for Policy Optimization report.

      Issues Fixed :

      1. The timezone was not handled properly while parsing FirePOWER log. Fixed the issue.
      2. WatchGuard SSH connection close was not handled properly. Fixed the issue.
      3. Change Management support provided for Sophos XG User Name and Password content.
      4. Devices with same name caused license count issue in Central Server. This issue is fixed.
      5. Active VPN trend report was not showing 24 hours data. The issue has been fixed.
      6. Cisco WebVPN events were not detected properly. The issue has been fixed.
      7. Machine name parsing has been added in AD user/IP mapping.
      8. Sophos XG admin log parsing issue fixed.
      9. SonicWALL duration value parsing issue fixed.
      10. Policy Overview XLS format export issue fixed.
      11. Few device configuration parsing issues fixed.
    6. 12.4 Build 124053

      Issue Fixed:

      1. Device credential validation failed issue has been fixed for Juniper SRX and Cisco FirePOWER devices.
    7. 12.4 Build 124052

      New features and enhancements :

      1. For Cisco FirePOWER devices - Rule impact analysis supported.
      2. In the 'Policy Optimization' report, provided options for pie chart and table drill down.
      3. Search' option in the 'Policy Overview' report is enhanced to provide results for CIDR and multiple values (comma separated) with multiple columns combined.
      4. Source, Destination and Service object details can be viewed in 'Object Repetitiveness' reports of the 'Rule Impact' analysis reports from the product UI.
      5. Option to export 'Security Audit' report as HTML from the product UI.
      6. Widget specific refresh option is provided in Firewall reports, Proxy reports, Custom reports and all the expand view pages.
      7. Retain the time period in expand view of Firewall reports, Proxy reports and Custom report pages.
      8. In the case of device credential validation, all commands execution status has been shown in the main results page.
      9. Alarm profiles enhancements in 'Settings' tab,
        • Option to view profile specific alerts and it's details.
        • Option to export as PDF, CSV and XLS for alert profiles.
        • Option to clear alerts generated for profiles in single click.
      10. 'Cloud Repository' list page enhancements in 'Settings' tab,
        • A new search option.
        • Page navigation component given with top-N select option.
        • Sorting option given for the table headers.
      11. New custom options are provided in the add 'Device Credential' page for below parameters,
        • Timeout.
        • FWA Server IP.
        • isManagedbyPanorama for PaloAlto.

      Issues Fixed :

      1. Support ID: 4978071 - Fixed the Japanese characters garbled issue in the policy overview report.
      2. Support ID: 5383226 - New added/updated/deleted cloud services data not effective till the application is restarted. Fixed the issue.
      3. Support ID: 5382799 - In the Aggregated search report 'VPN Usage report' was shown as empty for Cisco ASA device. Fixed the issue.
      4. Support ID: 5273379 - Timezone parsing issue for Sophos XG device is fixed.
      5. Support ID: 5363136 - Wrong values are displayed in 'From Time' and 'To Time' fields of the custom schedule option. Fixed the issue.
      6. Support ID: 5402088 - In the 'VPN User Transaction' report, new column 'Source IP Address' added.
      7. Support IDs: 5377292, 5400991 - Few duplicate and unused i18n keys are removed.
      8. Support IDs: 5391699, 5399454 - ' Denied' log parsing issue for Juniper SRX and Netscreen devices fixed.
      9. Support ID: 17190 - 'Attack' log parsing issue for Sophos UTM device fixed.
      10. Support ID: 16319 - 'UserName' parsing issue for Fortigate device logs fixed.
    8. 12.4 Build 124044

      New features and enhancements :

      1. You can edit, rearrange and hide the default tabs in the horizontal menu.
      2. New custom tabs can also be added, edited, rearranged and deleted from the horizontal menu.
    9. 12.4 Build 124037

      New features and enhancements :

      1. Firewall Analyzer Standard Edition has been launched for SMEs with basic firewall log monitoring requirements.
      2. Firewall Analyzer Premium Edition is now renamed as Firewall Analyzer Professional Edition.
      3. Firewall Analyzer Distributed Edition is now renamed as Firewall Analyzer Enterprise Edition.
      4. Support ID: 5160784 - VPN report supported for Sophos UTM-9 device.

      Issues Fixed:

      1. Support ID: 5256108, 5266114 - Fixed Cisco ASA, Cisco Meraki device log parsing issue.
      2. Support ID: 5298823 - Fixed Sophos-XG550, Netscreen 6.3.0 r18.0 log parsing issue.
      3. Support ID: 5243703 - In custom schedule reports, row count restriction for PDF export removed.
      4. Support ID: 5364221 - While creating vdom device rule using credential profile, failed to update device credentials. Fixed the issue.
      5. Support ID: 5375112 - Export report failed, when the number of rows selected for custom reports is changed. Fixed the issue.
      6. Support ID: 5188524, 5209521 - 'Data-Crunch' message added as title in the device and interface live report graphs.
      7. Support ID: 5087229, 5273379 - Traffic conversation report displayed the total bytes value as 0, because of wrong unit conversion. This issue is fixed.
      8. Support ID: 5165994 - Cisco Firepower device was detected as Cisco device, due to some unsupported logs received from device. Fixed the issue.
      9. Support ID: 50191188 - In SNMP settings and Reports filter configuration pages, fixed the usability issues.
    10. 12.4 Build 124033

      Issues fixed :

      1. General: HTML Injection vulnerability issue in Google maps has now been fixed. (CVE-2017-11560)
    11. 12.4 Build 124025

      New device/log format support :

      1. Structured log format support for Juniper SRX.
      2. Log Event Extended Format (LEEF) custom log format support for PaloAlto.
      3. pfSense 2.5 version log format supported.

      New features and enhancements :

      1. Perform object definition level search in Policy Overview reports for any object/IP across existing rule set.
      2. Rule impact analysis enhancements:
        • Option to select custom blacklisted IPs (from file) in UI.
        • Object repetitiveness report for source, destination, and service objects.
      3. Device Rule page enhancements:
        • Option to add credential profile at the time of device rule configuration.
        • Unified the device rule configuration in Inventory device list and snapshot pages (Similar to the Settings page)
        • Device rule credential validation is made mandatory now using 'Validate' button.
        • Included validation status for rule and configuration commands
        • Change notification and schedule availability provided in the Change Management page.
      4. In the 'Search' reports page, CSV and XLS export options provided.
      5. In device and interface live traffic drill down pages, CSV and XLS options provided.
      6. Selected widgets can be exported as PDF or trigger an email(on-demand) from report pages.
      7. Search option has been provided for reports and inventory drill down pages. The same is also available in the respective expanded view page.
      8. Top 5 (Graph and Table), Top 10 (Graph and Table), Top 15 (Table only), Top 20 (Table only) options are provided in firewall reports and proxy reports.
      9. For easy navigation, 'Report' pages drill down can be expanded to full page instead of slide and the tabs are moved as left side menu in reports and inventory page.
      10. Selected report type will be retained as default for other selected devices.
      11. Option to show/hide filter section (log flow received, vendor and device-type) in 'Inventory' page.
      12. On demand PDF export of security audit page has been enhanced to look like the UI.

      Issues Fixed:

      1. The SQL injection vulnerability in 'SubmitQuery' page has been fixed.
      2. Support ticket ID: 4978071, 5148764 - Firewall Analyzer uses the secondary IP Address to export the configuration from SonicWALL devices. Fixed the issue.
      3. Support ticket ID: 5186465, 5169152 - Fixed Juniper SRX3400 , SRX4100 device rule parsing issue.
      4. Support ticket ID: 5251059 - Fixed PaloAlto (PAN-OS 8.0.16) device rule parsing issue.
      5. Support ticket ID: 5190721 - If the device has VDOM, Device (Physical-Device IP) not listed for SNMP configuration. Fixed the issue.
      6. Support ticket ID: 5160784 - Unable to update interface details if the interface-name contains .(dot) in it. Fixed the issue.
      7. Support ticket ID: 5200605 - No data in dashboard for a few FortiGate devices as the destination field contained junk characters. Fixed the issue.
      8. Support ticket ID: 5234629 - Port details are shown under 'Destination' column in reports, for SonicWALL firewalls. Fixed the issue.
      9. Support ticket ID: 5279308 - FortiGate firewall logs were dropped due to filename length limitation. Fixed the issue.
      10. Support ticket ID: 5339523 : Fixed Cisco object-groups parsing issue
    12. 12.4 Build 124024

      Issues Fixed:

      • General: Previously, when HTTPS was enabled in the WebClient, some unexpected loading issues were observed. This has now been resolved by upgrading the Tomcat version used in the product.
      • General: Scroll issue while listing custom dashboards has been fixed now.

      Vulnerability Fixes :

      • General: The 'local privilege escalation' vulnerability has now been fixed.
    13. 12.4 Build 124000

      Vulnerability Fixes :

      • JRE has been migrated to 1.8 and various vulnerabilities from JRE 1.7 have been eliminated. Highlights of JRE 1.8 migration:
        • General: Cipher algorithms AES-192 and AES-256 are supported in addition to AES-128 algorithm.
        • General: TLSv1.2 protocol is now supported by default.
    14. 12.3 Build 123324

      New device/log format support:

      1. Barracuda Next Generation Firewall (F-600 model) support.
      2. Cisco FirePOWER v6.3.0 and above with modified time stamp support.

      New features & enhancements:

      1. Rule management and compliance reports support with vendor API.
        1. PaloAlto.
      2. 'Rule Impact Analysis' functionality assesses the impact of a new rule, on the existing rules with anomalies, vulnerabilities and security threats analysis.
      3. On demand options available in UI for sending reports via email and exporting reports in CSV, Excel formats:
        1. For individual widgets.
        2. For all report pages and drill down report pages.
      4. New 'Tools' tab to help access the other network devices for availability check and basic monitoring.
      5. Change management configuration difference view has been enhanced to show clear information for PaloAlto and WatchGuard devices for XML format configurations.
      6. 'Custom time' option has been provided in 'Custom' report schedule section.
      7. 'Report type' and 'Report filter' options are moved from settings tab to reports tab for easy access.
      8. 'Resolve DNS' option has been moved from individual widgets into page-level in Firewall, Proxy and Custom report pages.
      9. A new list page is added under 'User-IP Mapping' table which shows the existing IP address or MAC address/User name details in the web UI.
      10. 'Edit Interface' now helps to change interface name and interface IP address and sub-net mask are made optional.
      11. In AD authentication, you can now configure scope to be auto assigned to users logging in for the first time, when auto login is enabled.

      Issues Fixed:

      1. For PaloAlto devices, Active VPN Users reports details are not displayed properly.This issue is fixed.
      2. Fixed the NTP configuration parsing issue, for Huawei devices.
      3. Fixed the Sophos UTM device rule parsing issue.
      4. Fixed the log parsing issue, for Sonicwall Blocked URL report.
      5. When any report profile is edited or deleted the assigned report filters got deleted. This issue is fixed.
      6. Main Tabs are not selected properly while redirecting from other reports and some sub-tabs.
      7. Fixed parsing issues for Cisco management, SRX and pfSense logs.
      8. Fixed the vulnerability issue in Alarm Profile page, when 'Run Script' option is selected.
      9. 'View Report' is not displayed in the 'Imported Logs' page, for some imported logs in the list. Fixed the issue.
      10. Remote host log file import failed due to missing parameter in security.xml file. Fixed the issue.
      11. When 'Intranet settings' is configured for a device, unable to add two IP networks. Fixed the issue.
      12. 'All Reports' in Firewall/Proxy server reports page, instead of displaying only reports of all firewalls in 'Firewall Reports' page and only reports of all proxy servers in 'Proxy Server Reports' page, reports of all the devices. Fixed the issue.
    15. 12.3 Build 123309

      New device/log format support:

      1. Log Exporter (CEF format) support for Check Point devices (R-77.3, R-80.10 with Jumbo Hotfix and R-80.20 versions)

      New features & enhancements:

      1. On demand PDF export option in Web UI has been enhanced using PhantomJS.
        1. Page level PDF export with multiple widgets.
        2. Individual widget level PDF export.
        3. PDF export for all drill-down report pages.
      2. Rule management and compliance support using vendor API.
        1. Sophos-UTM.
        2. Sophos-XG.
      3. Rule management and compliance support using CLI.
        1. Check Point devices R-80.1 and above.
      4. Message framework guideline for proper usage of all features and configuration pages.
      5. 'Bytes' and 'Hits' details are added in the Dashboard Top 'N' widget reports.
      6. Quick links and Help cards added in Diagnose Connection, Report Filter, Customize Report, Rule Management reports and Settings pages.

      Issues Fixed:

      1. Fixed the improper error handling message shown for 'Test connection' action in 'Device Rule' configuration page.
      2. Multiple IP ranges can't be added in Intranet settings page. Fixed the issue.
      3. Linux installation users were unable to save "Nipper" location in User Config page. Fixed the issue.
      4. Unable to configure SNMP v3. Fixed the issue.
    16. 12.3 Build 123304

      Issues Fixed:

      1. General: Previously, validation of session failed when the URL contained two or more consecutive backslashes. This vulnerability has been fixed now.
    17. 12.3 Build 123281

      New features:

      1. Cisco FirePOWER - Firewall policy, rule analysis, and compliance report support using CLI to fetch configurations.
      2. To prevent vulnerabilities, Firewall Analyzer now verifies each request parameters type and value before it is processed.

      Issues Fixed:

      1. Support-ID: 4882018 - In Japanese installation, if 'Trend graph' report is exported, it displays the same graph for hourly and weekly comparison graphs. This issue is fixed.
      2. Cisco Meraki is discovered as 'proxy server' instead 'firewall' in Firewall Analyzer. This issue is fixed.
      3. When server side PDF export is set as 'All', it is not working. This issue is fixed.
      4. When 'Denied User Report' is drilled down from Dashboard, page is empty. This issue is fixed.
      5. Raw search result displayed in the UI is grouped based on the specified criteria.
      6. Quick links are added for 'Credential Profile' page.
      7. Quick links are added for 'Archive Encryption' page under Security settings.
    18. 12.3 Build 123277

      Issues Fixed:

      1. General : The SQL injection vulnerability in 'getDeviceCompleteDetails' and 'getAssociatedCredentials' API's have been fixed.
    19. 12.3 Build 123268

      Enhancements:

      1. Check Point device API based Compliance Standards report.
      2. For all drill down pages of Inventory and Reports, provided export as CSV and Excel option.

      Issues Fixed:

      1. Delete button alignment issue in Device Rule list page is fixed.
      2. In the 'Traffic Statistics' graph, one of the 'Protocol' groups was assigned with 'Grey' color and it was looking odd. Changed the color to fix the issue.
      3. Loading of 'Dashboard' pages was slow, removed unwanted resource checks to fix the issue.
      4. The 'Delete' option was hidden in individual rows in Imported Logs, Device-Rule, Exclude-Criteria, Credential Profiles and Archived Files list pages. 'Delete' option is displayed as button to fix the issue.
      5. Removed the 'Group Chat' icon in vertical tab of UI.
    20. 12.3 Build 123263

      New Device Supported:

      1. VarioSecure firewall.

      Enhancements:

      1. Automatic Security Audit report generation for Check Point (R-80.10 & above) devices using API.
      2. CLI based Policy analysis, Rule management and Compliance support for pfSense firewall s.
      3. Added Line & Bar graph options for device and interface Live reports.

      Issues Fixed:

      1. Support-ID: 4909346 - Fixed the Device Rule configuration failure issue, in HA mode of FortiGate with VDOM setup.
      2. Support ID 4909346: Fixed the issue of showing password in plain text, in the Device Rule submit response.
      3. Support ID 4919514: Fixed the issue of embed widget not working, in CCTV view.
      4. Support ID 4927087: New column added to display Cisco ACE hex code in Raw search results page.
      5. Support ID 4553065: Fixed Squid proxy server parsing issue.
      6. Support ID 4934078, 4950793: Fixed the issue of wrong client IP assignment for Cisco VPN.
      7. Fixed the issue of Scheduled Rule fetching failure for Check Point, due to CLI connection attempt.
      8. Huawei device change management reports are loaded with full configuration instead of changes alone. Fixed the issue.
      9. Added default exclude criteria for SonicWall devices to remove dynamic key updates as changes from Change Management Report. Fixed the issue.
      10. Displayed inputs in response when Assign Credential Profile to a device is saved. Fixed the issue by removing the inputs and displaying only status.
      11. Policy Overview Schedule list page displayed schedule details of all the devices. Fixed the issue to display the schedule details of only selected devices.
      12. Was able to configure SNMP for Unmanaged devices. Fixed the issue.
      13. When working hours is updated in Advanced settings, it was reflected in General settings. Fixed the issue.
      14. No criteria is displayed for Policy Overview Scheduled reports when report specific criteria is provided. Fixed the issue.
      15. For proxy devices Live Traffic is displayed in dashboard but not in Inventory page. Fixed the issue.
      16. Device display name changes are not reflected in alarms page. Fixed the issue.
      17. In Raw Search mail content PDF Report, Criteria value had extra details other than user configured criteria. Removed those unconfigured criteria and fixed the issue.
      18. Exception thrown when Diagnose connections page is clicked in Settings tab. Fixed the issue.
      19. In Settings > User Management > Add/Edit User > Device list page, the deleted devices are also listed. Fixed the issue.
      20. In Configuration Changes Mail Notification, Mail content has Disable link in the start of the mail. Moved the Disable link message to end of the Mail to fix the issue.
      21. In Reports > Custom Report > Edit & Save the existing report profile, the success message was displayed as 'Report added successfully'. Message changed to fix the issue.
      22. UI issue: Properly conveyed the new category addition for Cloud Repository.
      23. UI issue: Fixed the improper Header alignment in API Access page.
      24. UI issue: Fixed the image misalignment issue in Inventory > Users tab.
      25. UI issue: Fixed the irrelevant Status message shown, when Device Rule for a device is deleted.
      26. UI issue: Fixed the issue of custom widget addition for Live Traffic without selecting a device, by ignoring the status message.
      27. UI issue: Fixed the issue of no redirection to reports page when the 'Unknown' user is clicked in Inventory > Users tab.
      28. UI issue: Added the missing 'Security settings' option in Admin server.
      29. UI issue: When device configuration fetching is in progress, other tabs cannot be accessed. This issue is fixed.
      30. UI issue: When no Firewall/Proxy was added, link to add device is displayed in Reports tab. Fixed the broken link issue to direct it to Getting Started page.
      31. UI issue: Settings tab, System sub-tab selection is not proper, while selecting Working Hours option. Fixed the issue.
      32. UI issue: Due to pagination, in Rule Management page the 'Export to Excel' option was hidden. The issue is fixed to display the option.
      33. UI issue: Remove the unwanted horizontal scroll displayed in Compliance > Standards > Schedule option.
      34. UI Change: Column header changed from 'SRC/DST Interface' to 'SRC/DST Zone' for Huawei devices in Policy Overview page.
      35. UI Change: In menu hover option, configured custom reports are displayed.
      36. UI Change: When a device is deleted from the Inventory page, 'Please wait...,' message is displayed.
      37. UI Change: Proper Enable/Disable SNMP configuration message is displayed in device snapshot page.
      38. UI Change: Graph misalignment with table is aligned in Policy Optimization page.
      39. UI Change: New help page links provided for Syslog server, Manual DNS and Security Audit report pages.
    21. 12.3 Build 123239

      Issues Fixed:

      1. General : There was an SQL injection vulnerability in the Alarms section. This issue has been fixed. (Refer: CVE-2018-20338)
      2. General : In Alarms, there was an XSS vulnerability in the Notes column. This issue has been fixed. (Refer: CVE-2018-20339)
    22. 12.3 Build 123237

      Issues Fixed:

      1. General : XSS vulnerability issue in domain controller has been fixed. (Refer: CVE-2018-19921)
    23. 12.3 Build 123231

      Issues Fixed:

      1. General : Apache's 'commons-beanutils' jar has been updated to version 1.9.3 due to 'Remote Code Execution' vulnerability in an older version. (Refer: CVE-2018-19403)
      2. General : Unauthenticated access to 'DataMigrationServlet' has been fixed. (Refer: CVE-2018-19403)
      3. General : The 'Browser Cookie theft' vulnerability has been fixed.
    24. 12.3 Build 123224

      Issues Fixed:

      1. XML External Entity Injection Vulnerability is fixed, while importing Custom Report/Alert profile.xml (Refer: CVE-2019-11677)
      2. Cross Site Scripting Vulnerability is fixed, while adding User defined DNS name. (Refer: CVE-2019-11676)
      3. Support-4811677: Raw Search returned no data if search period is more than a month. This issue is fixed
    25. 12.3 Build 123223

      Issue Fixed:

      1. In the Inventory Snapshot page, the pie chart had a legend status color mismatch. This issue has been fixed.
      2. The XSS vulnerability issue in updateWidget API has now been fixed. (Refer: CVE-2018-19288)
    26. 12.3 Build 123222

      Issue Fixed:

      1. Security vulnerability: SQL injection vulnerability in Mail Server settings has been fixed. (Refer: CVE-2018-18949)
    27. 12.3 Build 123218

      New Log Format Supported:

      1. Barracuda Email Security Gateway

      New Features and Enhancements:

      1. Policy/Rule analysis, compliance report support and fetching configuration using firewall vendor API
        • Check Point devices
      2. Policy/Rule analysis, compliance report support and fetching configuration using CLI
        • Vyatta firewalls
        • Huawei firewalls
      3. Added 'Tray' Icon for Windows installation to start, stop, and get status of Firewall Analyzer.
      4. Changed 'Support' tab look and feel.
      5. New widgets 'Active VPN Users' and 'VPN User Session Details' are added under VPN tab of Inventory Device drill down page.
      6. Quick links and Help cards provided for Discovery and Search reports.
      7. Selected 'Time Period' retained in all drill down snapshot reports, after zooming the time in live traffic widget.
      8. Enterprise Edition data exchange between Admin and Collector servers made secure for each requests and response.
      9. Firewall Analyzer startup time optimized; Made the internal modules to start in parallel.
      10. 'Raw Settings' page moved to 'Search' tab from 'Settings' page to avoid shuffling between tabs.

      Issues Fixed:

      1. SQL Injection vulnerability in Firewall Analyzer default reports has been fixed. (Refer: CVE-2019-11678)
      2. Support ID: 4795348 - Change Management report for SonicWALL displays user names, who do not have access to firewall configuration. Fixed the issue.
      3. Cisco-Meraki log parsing issue fixed.
      4. Log parsing of Sophos and Cyberoam devices tuned to handle more log rate.
      5. Occasionally, 'Raw Tables' are not split properly, when log rate is high. Fixed the issue.
      6. In 'Rules Report' page, if the number of rows is less than 10, the CSV, Excel export option is missing. Fixed the issue.
      7. SNMP settings page is not closed automatically on successful configuration from 'Inventory' snapshot and list page.
      8. Fixed the issue of removing unnecessary API calls when criteria based 'Search' reports is loaded.
      9. Fixed the issue of table border misalignment for all the report table grids.
      10. Fixed the issue of headers for PaloAlto and NetScreen devices in 'Policy Overview' report by changing the 'Source Interface' & 'Destination Interface' headers to 'Source Zone' & 'Destination Zone'.
      11. When 'Only on Week Days' option is selected in 'Daily-Schedule', it was not working. This issue is fixed.
      12. 'Policy Overview' tab name changed.
      13. 'Unused Rule' header name changed.
      14. In 'Remote Host' option of 'Import Logs' page, the selected file is not getting marked. This issue is fixed.
      15. Fixed the issue of device name display in 'Live Traffic' widget even after the device is unselected.
      16. Fixed the issue of unrestricted 'Save' in 'Live Traffic' widget, if no device is selected.
      17. Fixed the issue of 'Icon' only option for horizontal menu change is not working in Central-Server.
      18. Fixed the issue of empty 'Standards' page, when the status of all firewall devices is 'UnManaged'.
      19. When 'Intranet Settings' is saved without any criteria, instead of alert message, it is getting saved. Fixed the issue to show alert message.
      20. In the 'Inventory - Device' detail widget, page redirection happens only when text is clicked. Fixed the issue for page redirection when clicked anywhere in the device row.
      21. Fixed the issue of missing 'On Demand' column header in 'Device Rule' settings page.
      22. Fixed the issue of missing tool tips for few icons.
      23. For Windows firewall, UDP port unblock rules added for Syslogs packets.
      24. For Windows firewall, TCP port unblock rules added for Telnet and SSH.
    28. 12.3 Build 123208

      Enhancement:

      • Menu hover feature helps to access all sub tab options without the hassle of navigation.
    29. 12.3 Build 123197

      New Device Supported:

      • F5 firewall device.

      New Features & Enhancements:

      • Horizontal menu bar made as default.
      • 'Add-Device' menu added to export Syslogs from firewalls.
      • SSH or Telnet based 'CLI terminal' to access firewalls from Firewall Analyzer.
      • 'Getting Started GUI' to guide the user to add devices and reports.
      • 'Quick links' and 'Help cards' for settings and report pages.
      • For trial and registered users, 'Live Chat' facility to contact sales-engineering team.
      • Introduced 'Password Policy' configuration for user management.
      • Login page customization for rebranding custom images.
      • In all report pages, optimized alignment of widgets.
      • Firewall Analyzer users can set their default menu bar (horizontal or vertical) using 'Menu Bar' menu.

      Issues Fixed:

      • Support ID: 4502293 - Fixed the issue of failure to fetch the device rule for Fortigate Vdom, because 'Pager' command was not working.
      • Support ID: 4502293 - Fixed the issue of failure to display of rule management reports for Vdom firewalls.
      • 'Select Policy' menu not working properly in Firefox browser. Fixed the issue.
      • Fixed the drill down issue in 'Dashboard - Security - Top N Attacks by Hits'.
      • Single device and all devices selection not working in 'Short summary' page of 'Inventory' device lists. Fixed the issue.
      • If the widget subtitle contains 'drill down link' - we need to provide the drill down/redirect to inventory action, when we click the link alone
      • In the 'Inventory - Short summary' page, 'Create Report/Alert Profile' tabs missing, navigating after add or edit from the 'Intranet, Exclude Host, Availability Alert' pages. Fixed the issue.
      • Minor UI enhancements in 'Inventory' page.
      • In the Firewall Analyzer - Distributed Edition - Admin Server, when a firewall was deleted, there was no processing message shown. Fixed the issue to show firewall delete processing message.
      • 'Delete widget' was not working in the 'Reports - Standard Report' page. Fixed the issue.
      • In the 'Inventory - Devices - Protocols' page, 'Protocol identifier' options were missing. Fixed the issue.
      • In the 'Active VPN Trend Report' page, Y-axis values were not displayed properly & was throwing NullPointerException while drill-down. Fixed these issues.
      • In the 'Device Rule, Exclude Criteria, Protocol Groups, Device Groups, Intranet Settings, Cloud-Repository, Exclude Hosts, SNMP settings, Alarm Profiles and User-IP Mapping (DHCP, AD/Proxy, Manual Mapping)' pages, to edit an entry you have to click on it. Now a proper 'Edit' icon is provided for each entry.
    30. 12.3 Build 123194

      Enhancement:

      • Firewall Analyzer now extends customization options to the login page. You can now choose to show/hide the copyrights and also change the background to an image of your choice.
    31. 12.3 Build 123186

      Issues Fixed:

      • SQL Injection vulnerability in Global Search has been fixed.
    32. 12.3 Build 123185

      Issue Fixed:

      • SQL injection vulnerabilities in unauthenticated servlets has been fixed.
    33. 12.3 Build 123182

      Issues Fixed:

      • When Alarm profile is exported, alarm profile created by other users is not available in the xml file. This issues is fixed to show all profiles.
      • When syslog is imported, the IP address of the device was updated with link-local IP. Now the device is added with local IP.
      • Device rule configured firewall is listed as first resource in drop down of configuration related reports. This issue is fixed.
      • In Policy Overview page, drill down on some of the services showed no data. This issue is fixed.
      • SMS Setting shows 'Not Configured', even after 'SMPP' or 'SMS Gateway (Clickatell)' is configured. This issue is fixed.
      • Unknown protocol report drill down showed sent and received as kilobytes (KB), where as it is in bytes. Changed the header to fix this issue.
      • When the Report Profile is edited, 'Run on Week Days' could not be selected. This issues is fixed.
      • If schedule for Search Report is created, it did not get added properly. The issue is fixed.
      • In the Device Detail page, executed report profile details are not displayed. The issue is fixed.
      • Support ID: 4594278 - Raw Search result page sorting not working. Fixed the issue.
      • When Working Hour is configured, ranges like 8-12,15-18,19,20,21 were not allowed. The issue is fixed.
      • Assigning Credential Profile without selecting a profile was not throwing any error. This issue is fixed.
      • If only Traffic Log is selected, raw search was not allowed. Fixed the issue.
      • In Standards > Edit Settings page, after editing when Save button is clicked, page refreshes and goes to different device. This is fixed.
      • In the Inventory snapshot page, device edit slide comes over user settings page.This issues is fixed.
      • 'All device' option for 'operator' user in Snapshot page has been removed.
      • In the Collector list page, if any action is performed, the page will be refreshed automatically.
      • In the Inventory > Users list page, 'username' search was not working. This issue is fixed.
      • In the Alarms page of Operator user, Close icon-title is not shown properly on hover. This issue is fixed.
      • Free license text is removed from the DE Alert image.
      • For 'Operator' user, Support page icon was not working. Fixed the issue.
    34. 12.3 Build 123177

      Enhancements :

      • Support - 4709829: Added SSH protocol to fetch WatchGuard firewall configuration.
      • In Anomaly alert criteria page, a help message 'CIDR and CSV formats are allowed' has been added to Source and Destination fields.
      • When Report Profiles are created, removed unnecessary API call to improve UI performance.
      • In Cloud Services page of Inventory, 'Add repository' option is provided.

      Issues Fixed:

      • Support - 4669580: SNMP based Live Report of PaloAlto devices was not working properly. This issue is fixed.
      • Local File Inclusion vulnerability is fixed.
      • Device drill down from Policy Optimization page of Dashboard was not working. The issues is fixed and redirected to Optimization page.
      • In Firewall Live Traffic widget of Inventory page, when 'Gbps' is selected as unit, the values shown were not accurate. The issue is fixed to plot the graph with granular values.
      • Alarm Profile notification option 'Run As Script' didn't accept arguments. The issue is fixed.
      • Support - 4623647: In Import Log page, Local Schedule option was not shown even when the client can be accessed from localhost.
      • Support - 4697639: In Fortigate syslog, VPN close log has duplicate entry which led to incorrect data. Handled it to fix the issue.
      • Support - 4723997: Traffic Trend Report graph was not plotted in order. This issue is fixed
      • Support - 4732194: Syslog port details were not shown properly in Device Details Page of Settings tab. The issue is fixed
      • Support - 4566694 : When a PaloAlto Rule Name contains 'index' value, wrong unused rule list is displayed. The issue is fixed.
      • Support - 4707871: Checkpoint VPN log parsing issue is fixed.
      • In MSSQL setup, Yearly table drop was not proper. The issue is fixed.
      • When extra device license was applied in the product, the manage and unmanage actions couldn't be performed till user restarts the product. This issue is fixed.
      • Header of SMS notification in Alert Profile page changed from 'Send Email based SMS' to 'Send SMS' to avoid misunderstanding.
      • In the Report Profile Notification page, a message "Use comma ',' separator for multiple mail ids" has been added for clear understanding.
      • Edit and Save Report Profile action returned wrong status message. The issue is fixed to show proper status message.
      • While saving Compliance Report Schedule, there was no status message. This issue is fixed to show the status message.
    35. 12.3 Build 123169

      Issues Fixed:

      • Security vulnerability: Cross site scripting(XSS) and arbitrary file read vulnerability in Fail Over has been fixed. (Refer: CVE-2018-12997CVE-2018-12998 )
    36. 12.3 Build 123164

      New device supported:

      • MikroTik

      New features:

      • Simulate firewall logs - You can simulate firewall logs for different vendors to check all the reports in Firewall Analyzer. Log simulation is available for Fortigate, PaloAlto, CheckPoint, Juniper SRX and Squid Proxy devices.

      Enhancements:

      • Added more than 3000 websites to the Cloud Repository.
      • Option to plot Dashboard Live traffic graph in 'Kbps/Mbps/Gbps' is available.
      • Support ID: 4598454 - Updated IP to Country database.
      • Support ID: 4573349 - When you import syslog, you can map the logs to the existing device.
      • Support ID: 4590527 - Export to CSV format option is available for expanded view of all 'Inventory' page widgets.
      • 'Admin Report' for PaloAlto available. It covers details of user login, log out, and commands executed.
      • Auto refresh option provide to 'Live Syslog Viewer' page.
      • Mail content format enhanced for scheduled 'Standards' report.
      • Additional tabs Bandwidth, Sites, Apps, and VPN are added in 'Device' inventory snapshot page for better access.
      • License count, number of managed devices and remaining devices count now available under ' License Management' page.
      • Now 'bps' value is formatted to readable format in Bandwidth Alert mail content.

      Issues Fixed:

      • Support ID: 4588018 - While creating Alarm profile, configuring more than 50 criteria makes the page unresponsive. This issue is now fixed.
      • Refresh option in 'Dashboard Live Traffic' widget was not working. Now the issue is resolved.
      • AD User-IP Mapping had two entry for an user with Old and New IP. The duplication issue is rectified now.
      • Support ID: 4579510 - Incorrect Rule Name was shown for Zyxel firewall. This issue is now fixed.
      • Support ID: 4480507 - Invalid Byte Sequence Error while loading FirewallRecords table is fixed.
      • While parsing Sonicwall configuration, network objects with IP-range and IPv6 objects were not handled properly. It is fixed now.
      • Finding 'Unused Objects' from configuration file had discrepancy. Now it is rectified.
      • In Japanese Installation, when logs are imported, reports were generated for current time instead of log time. This issue is resolved.
      • 'Edit Interface' & 'Edit Interface Names' were not working, when edited for the second time. This issue is now fixed.
      • Occasionally, the 'Inventory' page became empty when 'Back' icon was clicked. This issue is now resolved.
      • Even after changing display name of Firewall, ' Resource Name' was displayed when user was added from User Management page. Now the issue is fixed to show the device list with display name while assigning device.
      • When Credential Profile was edited, the 'Email' field became empty. Now the issue is fixed to show the given Email Id in that field.
    37. 12.3 Build 123156
      • License Agreement has been updated.
      • Promotions related to ITOM Events will be displayed in the UI header after login.
    38. 12.3 Build 123151

      Issues Fixed:

      • In Group Chat Module, "Operator" user was not restricted from viewing the list of users, their User ID and Email addresses. This issue has been fixed.
      • EncryptPassword.bat has been removed due to DOS attack.
      • Path Traversal vulnerability in uploadMib API has been fixed (Reported by Pulse Security).
    39. 12.3 Build 123137

      New features:

      • Introduced 'Audit Report' for all add, delete, and update actions done by Firewall Analyzer user. All the user actions are logged.
      • Option to search personal information like Email, phone number and user name across the product and replace them with another user is available under 'Privacy Settings'

      Enhancements:

      • 'Security Audit Report' is now available in PDF format. You can export the report in PDF format from client.
      • Disclaimer added in exported PDF & CSV to convey availability of Personally Identifiable Information (PII) of GDPR.

      Issues Fixed:

      • Option to add new Custom Report was not visible in UI. Now the issue is fixed.
    40. 12.3 Build 123129
      • Path Traversal vulnerability in uploadMib API has been fixed.
      • The RemodeCodeExecution(RCE) vulnerability occurring while testing scripts has been fixed.
      • The SQL injection vulnerability in "FailOverHelperServlet" for the operation 'standbyprobestatus' has been fixed.
      • The SQL injection vulnerability in "FailOverHelperServlet" for the operation 'getprobenetworkshare' has been fixed.
      • In Group Chat Module, "Operator" user was not restricted from viewing the list of users, their User ID and Email addresses. This issue has been fixed.
      • Previously, "Operator" user was not restricted from viewing the URL monitors in the Inventory Page. This issue has been fixed.
      • Previously, "Operator" user was not restricted from being able to modify the background color and the tile color in the 3D floor view page. This issue has been fixed.
    41. 12.3 Build 123126

      Admin Server

      • Enterprise edition for 12.3 version
      • Data Migration tool for enterprise edition 8.5 customers to upgrade to 12.3

      Standalone/Collector Server

      • Compliance reports and Policy/Rule Management support for WatchGuard device
      • Compliance reports and Policy/Rule Management support for SonicWALL device.
      • Policy/Rule re-order report for PaloAlto device
    42. 12.3 Build 123092

      Enhancements

      • Default reports enhanced with drill down option to second and third level. Particularly for 'Unknown Protocols', you can drill down up to raw log level.
      • 'End User' feature moved to 'Firewall Inventory' tab. You can get 'End User' details from 'Users' Tab.
      • 'Rule Management' and 'Compliance Reports' files stored in Firewall Analyzer server directory are encrypted now.
      • User information is encrypted at the database storage.
      • 'CSV Export' option is available for 'Rule Management' reports.
      • 'Scheduled Report' mail format is enhanced to show properly aligned mail content.
      • Support - 4458020: In 'Change Management' report, new column has been added to show the IP address of user from which he did configuration changes.
      • Support - 4429668: 'Admin' report is available for Huawei Firewall. You can view user login, logout and command executed reports.

      Issues Fixed

      • Support - 4477638: Fixed the issue of incorrect data shown in 'Policy Optimization reports' for some PaloAlto devices.
      • Support - 4519337: Fixed the issue of not fetching configuration files from SonicWALL firewalls due to incorrect SCP command.
      • Support - 4497009: Fixed issues in 'Denied Events' and URL log parsing for Juniper SRX devices.
      • Support - 4510780: Fixed the issue of wrong time period shown in i-Filter reports data, due to non-processing of time stamp available in the logs.
      • Support - 4496764: Fixed the issue of mismatch in rules count of unused rules and total rules displayed for some PaloAlto firewalls.
      • Issue - 126991: In PaloAlto firewall 'Policy Overview' page, no data was displayed when clicked on some source and destination objects. This issue is fixed.
      • Fixed the issue of no data display in 'Total Bytes' column in Trend Micro device reports, due to non-processing of byte value available in the logs.
    43. 12.3 Build 123083

      Enhancements

      • Dashboard loading has been revamped and optimized for better performance.
      • In the Login page, iPhone/Android and iPad application download links have been included.
      • License expiry information in header had a few alignment issues. This has now been fixed.
      • User Icon with product details and about information has been moved to right top corner.
      • In the Inventory page, product based tabs have been moved horizontally.
      • Sign out option has been moved from Quick links to User details menu.
      • Support icon has been added for (Mail, Apply license, phone number, SIF, User guide, Videos, Service pack, ThreadDump, DB Query & view Logs) links.
      • In support page, the Query page under DB Query will be opened in a new window without ember.
    44. 12.3 Build 123070

      Vulnerability Fix

      • SQL injection vulnerabilities in Servlet's API has been fixed.
    45. 12.3 Build 123064

      Enhancements

      • Provision to configure each device in the Inventory itself. For a single device, you can configure Report, Alert, Device Rule, and SNMP in one place.
      • Ad-hoc reports are listed in the drill down page of 'Device' under Inventory.
      • 'Device' summary widget under Inventory, is enhanced to show more device configuration options.
      • Cloud Control Repository updated and new services added.
      • 'No Data' message will be displayed in widget header, if a widget has no data to display. If the widget has data, total number of rows will be displayed.
      • Reduced the 'Inventory' page loading time.
      • By default, indexing enabled for Security Logs.
      • Support Id: 4400799 - New widget added under drill down page of 'Cloud Control'. The widget shows all source IP addresses, who accessed the corresponding 'Cloud' service.

      Issues Fixed

      • Support Id: 4223153 - Bandwidth Alert profiles created with criteria 'mbps' were not working. This issue is fixed.
      • Support Id: 4223153 - URL report, date and priority parsing issues of pfSense firewall is fixed.
      • Support Id: 4275699 - When one Juniper SRX device was added it was displayed as two devices. This was due to absence of firewall name in some syslogs. This issue is fixed to show it as a one device.
      • Issue Id: 124479 - Earlier user couldn't edit the report filter while creating 'Report Profile'. Now 'Edit' option provided for the report filters to fix the issue.
      • Issue Id:126112 - After selecting custom time period in 'Inventory' drill down page, the end time was not shown properly. This issue is fixed.
      • Issue Id:126077 - In 'Add Credential Profile' page, 'Device Type' option is moved up near 'Protocol' for better accessibility.
      • Issue Id:126332 - In 'Device Rule' list page, sorting of any column, removed 'Fetch Rules' and 'Security Audit Report' icons. This issue is fixed.
    46. 12.3 Build 123057

      Vulnerability Fixes:

      • DDI-VRT-2018-02 – Unauthenticated Blind SQL Injection via /servlets/RegisterAgent
      • DDI-VRT-2018-03 – Unauthenticated Blind SQL Injection via /servlets/StatusUpdateServlet and /servlets/AgentActionServlet
      • DDI-VRT-2018-04 – Multiple Unauthenticated Blind SQL Injections via /embedWidget
      • DDI-VRT-2018-05 – Unauthenticated XML External Entity Injection via /SNMPDiscoveryURL
      • DDI-VRT-2018-06 – Unauthenticated Blind SQL Injection via /unauthenticatedservlets/ELARequestHandler and /unauthenticatedservlets/NPMRequestHandler
      • DDI-VRT-2018-07 – User Enumeration via /servlets/ConfServlet
    47. 12.3 Build 123045

      New device/log format support

      • Support Id: 4385377 - i-Filter Version10 device logs support

      Enhancements

      • System settings (General and logging) page added for Firewall Analyzer module to enhance the customization
      • Drill-down, from graph, for all reports along with table values
      • Labels for the reports graph for X and Y axis are shown
      • Custom time period has been shown properly in Inventory, Reports, Standards and End-Users reports based on earlier time selection
      • Inventory snapshot start-time and end-time shown for all time periods under clock icon
      • Filter option provided for source in live Syslog viewer

      Issues Fixed

      • Issue Id: 122137 - Missed internationalization keys in Compliance Standard Reports fixed.
      • Issue Id: 123950 - Non-internationalized Total & other key are internationalized in Firewall reports.
      • Issue Id: 125439 - Disabling VDOM in User Config option deletes all device rules configured.
      • Issue Id: 125440 - Newly supported 'Device Rule Vendor' list added in Credential Profile page.
      • Issue Id: 121670 - Log Level debug settings for logger-name not handled.
      • Issue Id: 125070 - Graph Unit is not internationalized in snapshot widget header.
      • Issue Id: 123955 - 'No Data' string in some graph is not internationalized.
      • Issue Id: 123859 - Live Report drill-down didn't pass proper time-range.
      • Issue Id: 125582 - While sorting the column in table data leads to table empty in Traffic Trend report.
      • Issue Id: 125598 - Getting 'NullPointerException' in weekly trend comparison reports page.
      • Issue Id: 125456 - Getting 'NullPointerException' while parsing SonicWall logs.
      • Support Id: 4343907 - Data movement to data tables isn't working due to large duration value in few Syslogs in SonicWALL device.
    48. 12.3 Build 123027

      Enhancements

      • The 'Automatic/On-click/No lookup' options of Resolve DNS in global settings synchronized for all widgets.
      • Two more SMS service Clickatell and AppSMS supported to send SMS notifications for 'Alarms, Configuration changes, and Availability Alerts'

      Issues Fixed

      • 123396 - If dashboard data is with '\', in its drilldown page data is shown without '\' . The issue is resolved to display it properly.
      • 121669 - When Traffic Conversation Table in Interface drilldown page is expanded, it was displaying only top 10 rows. Issue fixed to display complete data.
      • 123760 - In CCTV view, Operator can view unauthorized device's Live Traffic. Issue is fixed by hiding it.
      • 122774 - In one of the 'Proxy Reports', when Search icon is clicked, empty page was displayed. Issue fixed to display appropriate page.
      • 123955 - 'No Data' message not internationalized in some graphs, issue fixed by internationalizing it.
      • 122298 - In dashboard traffic and security statistics report, when Search icon is clicked, empty page was displayed. Issue fixed to display appropriate page.
      • 124212 - 'In' & 'Out' legends in Device Summary graph were not internationalized, issue fixed by internationalizing it.
      • 121712 - Fixed memory handling issue, during user association and manual IP mapping when device is deleted.
      • 123826 - Fixed an issue in reimport option of manual IP mapping.
      • 120736 - Fixed issues in FWA Availability alert page UI and Disable notification link in the alert notification mail
      • 122140 - Fixed an issue in script error handling, when a schedule is added for Compliance report without selecting any type of standards.
      • 125095 - In standard compliance reports, if clicked to drill down the report, the table values are not displayed. Fixed the issue for table value display.
      • 125093 - User with '\' character could not be added, for 'End Users' reports. Fixed the issue to add user.
      • 123942 - There was an UI alignment issue in NetFlow widget populated in OpManager's End Users report. Fixed the issue to align the UI.
      • 122493 - In the dashboard, snapshot view of Cloud Users report, fixed the issue of missing 'Expand View' icon.
      • 124899 - Fixed the issue in Disable notification option of the change management alert notification mail.
      • 124613 - When TLS option was configured in Mail Server settings, mail notifications for alerts were not sent. Fixed the issue to send mails.
      • 124090 - Fixed the misalignment issue in Policy Overview report table. This was for MS SQL database.
      • 122970 - When a new report type is added with the existing name, 'Success' message is displayed. Fixed the issue to display 'Failed' message.
      • 125067 - Fixed the issue to populate rule details of SRX devices, when the configuration file is not having network object details.
      • 125059 - In the 'Unused Rules' report of 'Rule Management', the resource criteria is not applied properly. Fixed the issue to apply the resource criteria properly.
      • 4245966 - In FWA, log entries for unsuccessful console login attempt on Cisco ASA devices are not there. Fixed the issue to get entries.
      • 4206352 - Issue, in SonicWALL log parsing for protocol, is fixed.
      • 4086698 - All the IPs are not getting resolved into names, when 'Resolve DNS' is set to 'Automatic'. Fixed the issue to resolve all IPs.
      • 4250080 - When scheduled PDF report page count is more than 100, the total page count in PDF footer was not proper. Fixed the issue for proper page count.
      • 4300246 - Fixed the out of memory error generated when change management report was accessed.
    49. 12.3 Build 123008

      Issues Fixed

      1. Device rule configuration using SCP protocol was not functioning in build 12300. Now this issue is fixed.
      2. Sometimes, SRX marked as unsupported device, if Firewall Analyzer receives unsupported log as the very first record. Now, wait time is added to check more received logs to avoid unparsed error.
      3. System performance and custom dashboard view were missing when logged in for the first time. Now the issue is fixed and the user can view both.
      4. Editing widget "Top N Hosts by Traffic" and selecting Protocol under category makes the widget to show data of protocol-group by traffic. Now, the issue is fixed by showing Protocol-Group instead of Protocol in dashboard widget - edit section.
      5. 'Live Syslog Viewer' status shown as 'undefined' when we do continuous refresh. Now the status message handling issue is fixed in the server side to show proper status in the UI for continuous refresh.
      6. Increased the data dumb volume from base table 'Firewall Records' to next level data table for database performance increase.
      7. Inventory Interface snapshot traffic conversation report's last row was not shown properly in UI. Now the issue is fixed and the report loads the data properly.
      8. Graph units option provided in the Inventory LiveReports page was not in proper sequence. This is issue is fixed and the units are now shown in proper order like kbps,mbps and gbps.
      9. When the user selects all predefined reports while creating a report profile, received PDF shows all the reports name in the home page without proper alignment. Now, Alert Message added for Report Profile reports selection

      New Features

      1. Previously, there was no option to view the selected time-period of each dashboard widgets. Now, sub-header details will be shown in each widgets with device information along with time-period applied.
    50. 12.3 Build 12300

      New Devices/Log Formats Supported

      1. Trend Micro IWSVA 6.5
      2. Palo Alto VPN logs
      3. FortiGate Management logs
      4. Juniper SRX Management logs
      5. SonicWall IPSec VPN logs
      6. New easy to use revamped web client

      New Features

      1. 'Insider Threat' reports to track internal user's cloud application usage
      2. Drill down for all dashboard reports
      3. Exclude IP/IP range/network from reporting
      4. URL and VPN reports for Inventory report user drill down
      5. Live report for Proxy servers
      6. Live report drill down for device and interfaces from Inventory
      7. Interface Live Traffic widgets in Custom Dashboard
      8. End User widgets in Custom Dashboard
      9. Anomaly Alerts based on Country
      10. User specific reports for Proxy servers
      11. Option to export report as CSV on demand
      12. Option to use Management IP address to fetch device configuration
      13. Option to configure 'Row Count' for on-demand PDF/CSV report export
      14. More reports for Rules in Device snapshot

      Issues Fixed

      1. SRX policy parsing issue for Compliance & PolicyOverview report
      2. Live Report out-traffic spike based on SNMP fixed
      3. Fortigate 5.2.4 Device rule ssh connection issue fixed
      4. VPN Usage Trend report issue fixed
      5. PDF issue in non English client side language issue fixed
      6. Export to PDF issue fixed for Rule-Reorder recommendation report
      7. SNMP V3 configuration issue without community fixed
      8. Drill-down issue for Usernames which contains slash in it.
      9. Squid proxy log user name parsing issue
      10. Fortigate VPN log parsing issue
      11. Issue in Paloalto country name parsing
      12. Issue in Checkpoint denied status when value is 'drop' in syslog
    51. 12.2 Build 12200

      For 8500 upgrade

      New Features

      • Firewall Analyzer is integrated with OpManager
      • New easy to use revamped web client

      New Device/Logs/Reports

      • WebMarshal Proxy Server
      • Juniper-SRX - VDOM logs support
      • McAfee - SideWinder Firewall
      • i-Filter Proxy Server
      • PfSense open source firewall
      • Cisco-Meraki (Proxy) and FireSight module support

      For 12000 & 12100 upgrade

      New Features:

      1. SNMP based reports
        • Live Report
        • Bandwidth Alert
      2. Unassigned protocol grouping
      3. Live Syslog Viewer
      4. Packet-Count / Flow-rate / Syslogs server details page
      5. "View Report" option from 'Import Log' list page
      6. Import/Export option for Report,Alert and Protocol-Groups
      7. On-demand pdf/csv export option in Policy Tab
      8. Active VPN connection trend report
      9. User Configuration/Raw Configuration pages
      10. Device grouping
      11. Compliance:
        • Policy Overview/Optimization - schedule option
        • Unused rules - Calendar option
      12. 'Total & Others' row for all default reports table data
      13. Filter option for all default reports
      14. "Firewall Log Level" settings page for debugging
      15. PDF export for Inventory page Widgets
      16. Server/Client side PDF export option for Scheduled reports

      Issues Fixed:

      1. Inventory - Device drill down - Top 10 widgets - Fixed missing scroll down option
      2. Bundled check-point device dll & opsec.exe.
      3. Fixed the missing "View All" option missed in all default Reports.
      4. Fixed URL Report parsing issue for Palo-Alto
      5. Cisco-Meraki (Proxy) and FireSight device support
      6. Administrator/ Operator specific page view issues fixed
      7. Fixed showing two scroll-bar in Security Audit page.
    52. 12.0 Build 12000

      GA release of Firewall Analyzer Distributed Edition.

      New Features - Admin Server

      There are no new features available for Admin Server in this release

      New Features - Collector Server

      All the features available in this release of Firewall Analyzer Standalone Edition (see below) is available for Collector Server of Distributed Edition

      12.0 - Build 12000 - Standalone Edition

      The general features available in this release are:

      New Features

      • Firewall Analyzer is integrated with OpManager
      • New easy to use revamped web client.
    53. 8.5 Build 8500

      GA release of Firewall Analyzer Distributed Edition.

      New Features - Admin Server

      There are no new features available for Admin Server in this release

      New Features - Collector Server

      All the features available in this release of Firewall Analyzer Standalone Edition (see below) is available for Collector Server of Distributed Edition

      8.5 - Build 8500 - Standalone Edition

      The general features available in this release are:

      New Features

      • 'Cloud Control Reports' feature
      • Rule reorder and recommendation
      • AD User vs IP address mapping for reports
      • Change management, security audit and unused rules reports for WatchGuard firewall
      • Industry standard compliance reports and policy optimization for PaloAlto firewall

      New Device/Logs/Report

      • WebMarshal Proxy Server
      • Juniper-SRX - VDOM logs support
      • McAfee - SideWinder Firewall

      Issues Fixed

      • Fixed XSS Vulnerability identified in-house, all forms, all URL parameters, and login page
      • Instead of first device quick report is shown for all devices in dashboard. Fixed this issue
      • TLS issue in Email configuration is fixed
      • Custom Reports not getting generated with MS SQL database. Fixed the issue
      • Cisco VPN log parsing issue, for log id - 722051, is fixed
      • In SonicWALL device reports, 'Duration' value is displayed as '0'. This issue is fixed
      • Issue in PaloAlto log parsing, if the URL field contains comma, is fixed
      • In 'Report' tab, if we click 'View Report' link of 'VPN Trend Report', no data is displayed. Fixed the issue
      • In Professional edition of the product, there are no 'Save', 'Cancel' buttons in 'Firewall Availability Alert' page. Fixed the issue
      • If Juniper SRX syslog contains kernel logs, the logs get overwritten while parsing. Fixed the issue
    54. 8.3 Build 8300

      8.3 - Build 8300 - Distributed Edition

      GA release of Firewall Analyzer Distributed Edition.

      New Features - Admin Server

      There are no new features available for Admin Server in this release

      New Features - Collector Server

      All the features available in this release of Firewall Analyzer Standalone Edition (see below) is available for Collector Server of Distributed Edition

      8.3 - Build 8300 -Standalone Edition

      The general features available in this release are:

      New Features

      • Policy/Rule Optimization
        • Anomaly Rules Reports (Correlation, Generalization, Shadowed, and Redundant Rules)
        • Rule Grouping Recommendation
        • Rule Cleanup Recommendation
      • Options provided in the Device Rule UI:
        • Fetch Policy, Configuration based on TFTP, SCP protocols
        • Login banner support
      • Change management and Unused rules reports for Palo Alto firewalls
      • Industry Standard Compliance reports (PCI-DSS, SANS, NIST, ISO, NERC-CIP) for Juniper-SRX device
      • Indexing Traffic logs along with security logs for fine grained advanced search results
      • Performance improvement to support more logs/sec
      • Alert and Search based on Country, Application
      • Application and Security reports for Juniper-SRX device
      • Security Reports for Microsoft-ISA
      • 'Denied Login Users' report for NetScreen

      New Device/Logs/Reports

      • iPrism
      • Huawei
      • BlueCoat Proxy SGOS 6.4.5.2
      • Juniper-SRX - Security and Application logs
      • Watchguard XTM version 11.9

      Issues Fixed

      • Issue in, populating URL length > 2500 characters, is fixed
      • Support extended for User Group information of Squid proxy server
      • Issue in, populating the URL information for Cisco, is fixed
      • Fixed issue in scheduled fetch of user details from Active Directory.
      • Wrong listing of Cisco denied URLs issue is fixed
      • Zywall log format change issue fixed
    55. 8.1 Build 8110

      8.1 - Build 8110 - Distributed Edition

      GA release of Firewall Analyzer Distributed Edition.

      New Features - Admin Server

      There are no new features available for Admin Server in this release

      New Features - Collector Server

      All the features available in this release of Firewall Analyzer Standalone Edition (see below) is available for Collector Server of Distributed Edition

      8.1 - Build 8110 -Standalone Edition

      The general features available in this release are:

      New Features
      • Industry Standard Compliance reports for Cisco and Fortigate devices,
        • PCI-DSS
        • ISO-27001 (2013)
        • NERC-CIP
        • NIST
        • SANS

      New Device/Logs/Reports

      • SonicWALL SSL-VPN appliance
      • 'Application Report' supported for D-Link, Clavister and WatchGuard firewalls
      • 'Category Report' supported for D-Link and Palo-Alto firewalls
      • 'VPN & Interface Reports' supported for Cyberoam devices

      Issues Fixed

      • Optimized D-Link device log parser to handle the heavy log flow rate
      • Issue, while handling Banner for CLI SSH, is fixed
      • Alert generated for wrong bandwidth % criteria. This issue is fixed
      • In the 'URL Report' for Fortigate devices, the URL column displayed 'Destination IP Address' instead of 'Destination Name'. The issue is fixed
      • If the Cisco device, while fetching the rules, it was throwing timeout if the 'enable' mode in the device is kept enabled. This issue is fixed
    56. 8.0 Build 8000

      8.0 - Build 8000 - Distributed Edition

      GA release of Firewall Analyzer Distributed Edition.

      New Features - Admin Server

      There are no new features available for Admin Server in this release

      New Features - Collector Server

      The general features available in this release include,

      • Collector Server contains all the features of Firewall Analyzer Standalone Edition (see below)

      8.0 - Build 8000 -Standalone Edition

      The general features available in this release are:

      New Features

      1. New Devices supported:
        • Opzoon firewall device
        • Stonesoft firewall device
        • Barracuda device
        • McAfee Firewall Enterprise (Sidewinder (S4016)) logs
        • SonciWALL device - Management, Application control and SSL-VPN logs
        • Palo Alto (PANOS 4.1.0) logs
        • FortiOS 5.x VPN logs
      2. New user interface
      3. Policy/Rule overview reports for Cisco and Fortigate firewalls with real-time and export options
      4. On-demand fetching of complete (raw) device configuration in file
      5. Country/Geo-location reports with export and schedule options
      6. Trend report for VPN connection
      7. Option to view/export Live Reports in Mbps or Gbps
      8. Zoom In/Out option for Live Bandwidth reports of device and interfaces
      9. Export/Import option for Protocol Groups page
      10. 'Rebranding' support for alert notification E-mails
    57. 7.6 Build 7600

      7.6 - Build 7600 - Distributed Edition

      GA release of Firewall Analyzer Distributed Edition.

      New Features - Admin Server

      There are no new features available for Admin Server in this release

      New Features - Collector Server

      The general features available in this release include,
      • Collector Server contains all the features of Firewall Analyzer Standalone Edition (see below)

      7.6 - Build 7600 -Standalone Edition

      The general features available in this release are:

      New Features

      1. New Devices supported:
        • FortiGate - FortiOS 5.x logs supported
        • NetASQ
        • PaloAlto - Application reports
        • Bluecoat - Virus reports
      2. Option to identify non standard protocols (Unknown Protocol) detail in your network.
      3. Email alert notification when Firewall Analyzer fails to write the logs in archive
      4. SFTP/SSH protocol support to import logs from remote machines
      5. Optionally, traffic logs can be indexed and searched
      6. Advanced Search can now be used to find the exact Port/Protocol details
      7. Showing the conversation (source/destination/protocol) details for anomaly alert in mail
      8. Troubleshooting tool to apply License file in case of product license expiry
      9. Users with 'Guest' privilege can now access the'Compliance' tab
      10. Firewall Analyzer will henceforth be using PostgreSQL database (applies to fresh install of full build only)

      Issues Fixed

      1. Wrong alert message showing double the number of managed devices compared to the License count has been fixed
      2. Fixed the Windows Authentication issue in Admin server MS SQL setup
      3. SonicWALL device interface name parsing issue is fixed
      4. Fixed the issue to retain the Y-axis value as integer in Time Series graph in PDF export
      5. Allowed URL reports will now be populated for Palo Alto devices
      6. Parsing issue of Juniper SSL logs fixed
      7. Native OS (German and French) Installation issue fixed
      8. 'DisplayName' of the device will be shown now in Change Management alerts, Anomaly alerts and Compliance reports instead of 'ResourceName'
    58. 7.4 Build 7400

      7.4 - Build 7400 - Distributed Edition

      GA release of Firewall Analyzer Distributed Edition.

      New Features - Admin Server

      The general features available in this release include,
      • Dedicated compliance section for device rules configurations, firewall rules monitoring, change management reports and alerts for each collector server

      New Features - Collector Server

      The general features available in this release include,
      • Collector Server contains all the features of Firewall Analyzer Standalone Edition

      7.4 - Build 7400 -Standalone Edition

      The general features available in this release are:

      New Features

      1. Supports 'IPFIX with extensions' based flows (for SonicOS 5.8) - reports include top URLs, applications, users, viruses, attacks, intrusions, spyware, etc.
      2. Dedicated compliance section for device rules configurations, firewall rules monitoring, change management reports and alerts
      3. Detailed reports for applications accessed through Check Point and SonicWALL devices
      4. Consolidated VPN traffic reports for user-groups
      5. 'Exclude criteria' option now allows users to generate configuration change management reports that excludes certain specific lines or text
      6. Importing 'Local Host' log directory is now supported
      7. 'Intranet Settings' can now be configured for multiple devices
      8. For FTP log import from remote hosts, in addition to specifying time interval users can now specify 'Schedule Start Time'
      9. 'Scheduled Reports' can be now saved in the machine running Firewall Analyzer
      10. Active Directory or RADIUS can be set as default authentication for Firewall Analyzer login
      11. Active Directory Users can now be imported at the Organizational Unit level, Group level and Individual User level

      Issues Fixed

      1. Fixed indexing of Juniper IDP attack logs
      2. Increased the default value of row count of reports in PDF format from 10 to 100
      3. Fixed the usability issue in Scheduling Device Rule
      4. Fixed the Parser Rule issue for Cisco Message Id 713119
      5. Fixed Change Management Alert issue when difference in configuration content has dollar symbol in it
      6. Fixed the 'device credentials test button' issue
      7. Fixed issue in detecting dynamic file name changes, during scheduled import
      8. The issue with 'SNMP community string with special characters' to access the interface is fixed
      9. The issue in parsing unused ACEs of Cisco firewall is fixed
    59. 7.2 Build 7021

      GA release of Firewall Analyzer.

      7.2 - Build 7021 - Standalone Edition

      The general features available in this release are:

      Issues Fixed

      • Optimized the connection between Firewall and Firewall Analyzer, to fetch rules
    60. 7.2 Build 7020

      GA release of Firewall Analyzer.

      7.2 - Build 7020 - Distributed Edition

      GA release of Firewall Analyzer Distributed Edition.

      New Features - Collector Server

      • Collector Server contains all the features of Firewall Analyzer Standalone Edition

      7.2 - Build 7020 - Standalone Edition

      The general features available in this release are:

      New Features and Enhancements

      1. New Device/Log Format supported
        • Palo-Alto Firewall
        • Juniper SSLVPN 6500
        • Check Point VSX firewalls
        • FortiGate WebFilter, DLP, IPS modules and IPSec support
      2. Application reports for Fortigate firewalls based on Application Control service
      3. Support for Virtual Firewalls of Cisco, Fortigate, and Check Point devices. By default, each context/vdom is displayed as separate device
      4. Alerts based on bandwidth utilization of a specific interfaces
      5. Client UI and email notification for Firewall Status Alerts for the following conditions:
        • Lack of disk space
        • Syslog server down
      6. View unused ACEs details of ACLs, for Cisco devices available in Unused Rules report
      7. Real-time Syslog collection from Squid proxy server supported
      8. Complete time duration details of the VPN user sessions available in 'VPN User Session Details' reports under VPN Reports
      9. Option to export 'VPN User Session Details' report to other formats, while clicking 'View All' link
      10. Zone based and interface specific Live reports using SNMP for Netscreen devices
      11. Change Management Report for Juniper SRX device available
      12. Option to fetch Rules and Configurations for any CLI supported device to get Unused Rules, Compliance and Change Management reports
      13. New format for Email alert to cater for context based Configuration Changes
      14. Optional privilege available to 'Guest' user to view the generated alerts for the assigned device(s)
      15. Optional privilege available to 'Guest' user to view the Report Profile(s) assigned by Administrators

      Issues Fixed

      1. Identifying Device IP address from the logs imported from Blue Coat proxy server
      2. Collecting intermittent logs of VPN sessions support for SonicWALL, Cisco, Checkpoint and Netscreen Firewall devices
      3. Added page navigation component in 'Raw Log Search' result page
      4. Importing log files with non-English names/folders from remote machines using FTP is supported
      5. Allowed special characters in SNMP Community string to fetch SNMP data from devices
      6. Issue in Diagnose Connections when the interface name had special characters

      Known Issue

      • You can not use Active Directory or RADIUS Server Authenticated Admin user credentials for Data Collection in Admin Server (i.e., from Edit Collector Details page of Collector Settings)
    61. For further information please contact Firewall Analyzer Support.

A single platter for comprehensive Network Security Device Management