Firewall Analyzer Release Notes

Listed here are the feature enhancements, bug fixes and limitations of each release update of Firewall Analyzer.

  • 12.3 Build 123027

    Enhancements

    • The 'Automatic/On-click/No lookup' options of Resolve DNS in global settings synchronized for all widgets.
    • Two more SMS service Clickatell and AppSMS supported to send SMS notifications for 'Alarms, Configuration changes, and Availability Alerts'

    Issues fixed

    • 123396 - If dashboard data is with '\', in its drilldown page data is shown without '\' . The issue is resolved to display it properly.
    • 121669 - When Traffic Conversation Table in Interface drilldown page is expanded, it was displaying only top 10 rows. Issue fixed to display complete data.
    • 123760 - In CCTV view, Operator can view unauthorized device's Live Traffic. Issue is fixed by hiding it.
    • 122774 - In one of the 'Proxy Reports', when Search icon is clicked, empty page was displayed. Issue fixed to display appropriate page.
    • 123955 - 'No Data' message not internationalized in some graphs, issue fixed by internationalizing it.
    • 122298 - In dashboard traffic and security statistics report, when Search icon is clicked, empty page was displayed. Issue fixed to display appropriate page.
    • 124212 - 'In' & 'Out' legends in Device Summary graph were not internationalized, issue fixed by internationalizing it.
    • 121712 - Fixed memory handling issue, during user association and manual IP mapping when device is deleted.
    • 123826 - Fixed an issue in reimport option of manual IP mapping.
    • 120736 - Fixed issues in FWA Availability alert page UI and Disable notification link in the alert notification mail
    • 122140 - Fixed an issue in script error handling, when a schedule is added for Compliance report without selecting any type of standards.
    • 125095 - In standard compliance reports, if clicked to drill down the report, the table values are not displayed. Fixed the issue for table value display.
    • 125093 - User with '\' character could not be added, for 'End Users' reports. Fixed the issue to add user.
    • 123942 - There was an UI alignment issue in NetFlow widget populated in OpManager's End Users report. Fixed the issue to align the UI.
    • 122493 - In the dashboard, snapshot view of Cloud Users report, fixed the issue of missing 'Expand View' icon.
    • 124899 - Fixed the issue in Disable notification option of the change management alert notification mail.
    • 124613 - When TLS option was configured in Mail Server settings, mail notifications for alerts were not sent. Fixed the issue to send mails.
    • 124090 - Fixed the misalignment issue in Policy Overview report table. This was for MS SQL database.
    • 122970 - When a new report type is added with the existing name, 'Success' message is displayed. Fixed the issue to display 'Failed' message.
    • 125067 - Fixed the issue to populate rule details of SRX devices, when the configuration file is not having network object details.
    • 125059 - In the 'Unused Rules' report of 'Rule Management', the resource criteria is not applied properly. Fixed the issue to apply the resource criteria properly.
    • 4245966 - In FWA, log entries for unsuccessful console login attempt on Cisco ASA devices are not there. Fixed the issue to get entries.
    • 4206352 - Issue, in SonicWALL log parsing for protocol, is fixed.
    • 4086698 - All the IPs are not getting resolved into names, when 'Resolve DNS' is set to 'Automatic'. Fixed the issue to resolve all IPs.
    • 4250080 - When scheduled PDF report page count is more than 100, the total page count in PDF footer was not proper. Fixed the issue for proper page count.
    • 4300246 - Fixed the out of memory error generated when change management report was accessed.
  • 12.3 Build 123008

    Issue fixes

    1. Device rule configuration using SCP protocol was not functioning in build 12300. Now this issue is fixed.
    2. Sometimes, SRX marked as unsupported device, if Firewall Analyzer receives unsupported log as the very first record. Now, wait time is added to check more received logs to avoid unparsed error.
    3. System performance and custom dashboard view were missing when logged in for the first time. Now the issue is fixed and the user can view both.
    4. Editing widget "Top N Hosts by Traffic" and selecting Protocol under category makes the widget to show data of protocol-group by traffic. Now, the issue is fixed by showing Protocol-Group instead of Protocol in dashboard widget - edit section.
    5. 'Live Syslog Viewer' status shown as 'undefined' when we do continuous refresh. Now the status message handling issue is fixed in the server side to show proper status in the UI for continuous refresh.
    6. Increased the data dumb volume from base table 'Firewall Records' to next level data table for database performance increase.
    7. Inventory Interface snapshot traffic conversation report's last row was not shown properly in UI. Now the issue is fixed and the report loads the data properly.
    8. Graph units option provided in the Inventory LiveReports page was not in proper sequence. This is issue is fixed and the units are now shown in proper order like kbps,mbps and gbps.
    9. When the user selects all predefined reports while creating a report profile, received PDF shows all the reports name in the home page without proper alignment. Now, Alert Message added for Report Profile reports selection

    New Features

    1. Previously, there was no option to view the selected time-period of each dashboard widgets. Now, sub-header details will be shown in each widgets with device information along with time-period applied.
  • 12.3 Build 12300

    New Devices/Log Formats Supported

    1. Trend Micro IWSVA 6.5
    2. Palo Alto VPN logs
    3. FortiGate Management logs
    4. Juniper SRX Management logs
    5. SonicWall IPSec VPN logs
    6. New easy to use revamped web client

    New Features

    1. 'Insider Threat' reports to track internal user's cloud application usage
    2. Drill down for all dashboard reports
    3. Exclude IP/IP range/network from reporting
    4. URL and VPN reports for Inventory report user drill down
    5. Live report for Proxy servers
    6. Live report drill down for device and interfaces from Inventory
    7. Interface Live Traffic widgets in Custom Dashboard
    8. End User widgets in Custom Dashboard
    9. Anomaly Alerts based on Country
    10. User specific reports for Proxy servers
    11. Option to export report as CSV on demand
    12. Option to use Management IP address to fetch device configuration
    13. Option to configure 'Row Count' for on-demand PDF/CSV report export
    14. More reports for Rules in Device snapshot

    Bug Fixes

    1. SRX policy parsing issue for Compliance & PolicyOverview report
    2. Live Report out-traffic spike based on SNMP fixed
    3. Fortigate 5.2.4 Device rule ssh connection issue fixed
    4. VPN Usage Trend report issue fixed
    5. PDF issue in non English client side language issue fixed
    6. Export to PDF issue fixed for Rule-Reorder recommendation report
    7. SNMP V3 configuration issue without community fixed
    8. Drill-down issue for Usernames which contains slash in it.
    9. Squid proxy log user name parsing issue
    10. Fortigate VPN log parsing issue
    11. Issue in Paloalto country name parsing
    12. Issue in Checkpoint denied status when value is 'drop' in syslog
  • 12.2 Build 12200

    For 8500 upgrade

    New Features

    • Firewall Analyzer is integrated with OpManager
    • New easy to use revamped web client

    New Device/Logs/Reports

    • WebMarshal Proxy Server
    • Juniper-SRX - VDOM logs support
    • McAfee - SideWinder Firewall
    • i-Filter Proxy Server
    • PfSense open source firewall
    • Cisco-Meraki (Proxy) and FireSight module support

    For 12000 & 12100 upgrade

    New Features:

    1. SNMP based reports
      • Live Report
      • Bandwidth Alert
    2. Unassigned protocol grouping
    3. Live Syslog Viewer
    4. Packet-Count / Flow-rate / Syslogs server details page
    5. "View Report" option from 'Import Log' list page
    6. Import/Export option for Report,Alert and Protocol-Groups
    7. On-demand pdf/csv export option in Policy Tab
    8. Active VPN connection trend report
    9. User Configuration/Raw Configuration pages
    10. Device grouping
    11. Compliance:
      • Policy Overview/Optimization - schedule option
      • Unused rules - Calendar option
    12. 'Total & Others' row for all default reports table data
    13. Filter option for all default reports
    14. "Firewall Log Level" settings page for debugging
    15. PDF export for Inventory page Widgets
    16. Server/Client side PDF export option for Scheduled reports

    Issue Fixes:

    1. Inventory - Device drill down - Top 10 widgets - Fixed missing scroll down option
    2. Bundled check-point device dll & opsec.exe.
    3. Fixed the missing "View All" option missed in all default Reports.
    4. Fixed URL Report parsing issue for Palo-Alto
    5. Cisco-Meraki (Proxy) and FireSight device support
    6. Administrator/ Operator specific page view issues fixed
    7. Fixed showing two scroll-bar in Security Audit page.
  • 12.0 Build 12000

    GA release of Firewall Analyzer Distributed Edition.

    New Features - Admin Server

    There are no new features available for Admin Server in this release

    New Features - Collector Server

    All the features available in this release of Firewall Analyzer Standalone Edition (see below) is available for Collector Server of Distributed Edition

    12.0 - Build 12000 - Standalone Edition

    The general features available in this release are:

    New Features

    • Firewall Analyzer is integrated with OpManager
    • New easy to use revamped web client.
  • 8.5 Build 8500

    GA release of Firewall Analyzer Distributed Edition.

    New Features - Admin Server

    There are no new features available for Admin Server in this release

    New Features - Collector Server

    All the features available in this release of Firewall Analyzer Standalone Edition (see below) is available for Collector Server of Distributed Edition

    8.5 - Build 8500 - Standalone Edition

    The general features available in this release are:

    New Features

    • 'Cloud Control Reports' feature
    • Rule reorder and recommendation
    • AD User vs IP address mapping for reports
    • Change management, security audit and unused rules reports for WatchGuard firewall
    • Industry standard compliance reports and policy optimization for PaloAlto firewall

    New Device/Logs/Report

    • WebMarshal Proxy Server
    • Juniper-SRX - VDOM logs support
    • McAfee - SideWinder Firewall

    Issue Fixes

    • Fixed XSS Vulnerability identified in-house, all forms, all URL parameters, and login page
    • Instead of first device quick report is shown for all devices in dashboard. Fixed this issue
    • TLS issue in Email configuration is fixed
    • Custom Reports not getting generated with MS SQL database. Fixed the issue
    • Cisco VPN log parsing issue, for log id - 722051, is fixed
    • In SonicWALL device reports, 'Duration' value is displayed as '0'. This issue is fixed
    • Issue in PaloAlto log parsing, if the URL field contains comma, is fixed
    • In 'Report' tab, if we click 'View Report' link of 'VPN Trend Report', no data is displayed. Fixed the issue
    • In Professional edition of the product, there are no 'Save', 'Cancel' buttons in 'Firewall Availability Alert' page. Fixed the issue
    • If Juniper SRX syslog contains kernel logs, the logs get overwritten while parsing. Fixed the issue
  • 8.3 Build 8300

    8.3 - Build 8300 - Distributed Edition

    GA release of Firewall Analyzer Distributed Edition.

    New Features - Admin Server

    There are no new features available for Admin Server in this release

    New Features - Collector Server

    All the features available in this release of Firewall Analyzer Standalone Edition (see below) is available for Collector Server of Distributed Edition

    8.3 - Build 8300 -Standalone Edition

    The general features available in this release are:

    New Features

    • Policy/Rule Optimization
      • Anomaly Rules Reports (Correlation, Generalization, Shadowed, and Redundant Rules)
      • Rule Grouping Recommendation
      • Rule Cleanup Recommendation
    • Options provided in the Device Rule UI:
      • Fetch Policy, Configuration based on TFTP, SCP protocols
      • Login banner support
    • Change management and Unused rules reports for Palo Alto firewalls
    • Industry Standard Compliance reports (PCI-DSS, SANS, NIST, ISO, NERC-CIP) for Juniper-SRX device
    • Indexing Traffic logs along with security logs for fine grained advanced search results
    • Performance improvement to support more logs/sec
    • Alert and Search based on Country, Application
    • Application and Security reports for Juniper-SRX device
    • Security Reports for Microsoft-ISA
    • 'Denied Login Users' report for NetScreen

    New Device/Logs/Reports

    • iPrism
    • Huawei
    • BlueCoat Proxy SGOS 6.4.5.2
    • Juniper-SRX - Security and Application logs
    • Watchguard XTM version 11.9

    Issue Fixes

    • Issue in, populating URL length > 2500 characters, is fixed
    • Support extended for User Group information of Squid proxy server
    • Issue in, populating the URL information for Cisco, is fixed
    • Fixed issue in scheduled fetch of user details from Active Directory.
    • Wrong listing of Cisco denied URLs issue is fixed
    • Zywall log format change issue fixed
  • 8.1 Build 8110

    8.1 - Build 8110 - Distributed Edition

    GA release of Firewall Analyzer Distributed Edition.

    New Features - Admin Server

    There are no new features available for Admin Server in this release

    New Features - Collector Server

    All the features available in this release of Firewall Analyzer Standalone Edition (see below) is available for Collector Server of Distributed Edition

    8.1 - Build 8110 -Standalone Edition

    The general features available in this release are:

    New Features
    • Industry Standard Compliance reports for Cisco and Fortigate devices,
      • PCI-DSS
      • ISO-27001 (2013)
      • NERC-CIP
      • NIST
      • SANS

    New Device/Logs/Reports

    • SonicWALL SSL-VPN appliance
    • 'Application Report' supported for D-Link, Clavister and WatchGuard firewalls
    • 'Category Report' supported for D-Link and Palo-Alto firewalls
    • 'VPN & Interface Reports' supported for Cyberoam devices

    Issue Fixes

    • Optimized D-Link device log parser to handle the heavy log flow rate
    • Issue, while handling Banner for CLI SSH, is fixed
    • Alert generated for wrong bandwidth % criteria. This issue is fixed
    • In the 'URL Report' for Fortigate devices, the URL column displayed 'Destination IP Address' instead of 'Destination Name'. The issue is fixed
    • If the Cisco device, while fetching the rules, it was throwing timeout if the 'enable' mode in the device is kept enabled. This issue is fixed
  • 8.0 Build 8000

    8.0 - Build 8000 - Distributed Edition

    GA release of Firewall Analyzer Distributed Edition.

    New Features - Admin Server

    There are no new features available for Admin Server in this release

    New Features - Collector Server

    The general features available in this release include,

    • Collector Server contains all the features of Firewall Analyzer Standalone Edition (see below)

    8.0 - Build 8000 -Standalone Edition

    The general features available in this release are:

    New Features

    1. New Devices supported:
      • Opzoon firewall device
      • Stonesoft firewall device
      • Barracuda device
      • McAfee Firewall Enterprise (Sidewinder (S4016)) logs
      • SonciWALL device - Management, Application control and SSL-VPN logs
      • Palo Alto (PANOS 4.1.0) logs
      • FortiOS 5.x VPN logs
    2. New user interface
    3. Policy/Rule overview reports for Cisco and Fortigate firewalls with real-time and export options
    4. On-demand fetching of complete (raw) device configuration in file
    5. Country/Geo-location reports with export and schedule options
    6. Trend report for VPN connection
    7. Option to view/export Live Reports in Mbps or Gbps
    8. Zoom In/Out option for Live Bandwidth reports of device and interfaces
    9. Export/Import option for Protocol Groups page
    10. 'Rebranding' support for alert notification E-mails
  • 7.6 Build 7600

    7.6 - Build 7600 - Distributed Edition

    GA release of Firewall Analyzer Distributed Edition.

    New Features - Admin Server

    There are no new features available for Admin Server in this release

    New Features - Collector Server

    The general features available in this release include,
    • Collector Server contains all the features of Firewall Analyzer Standalone Edition (see below)

    7.6 - Build 7600 -Standalone Edition

    The general features available in this release are:

    New Features

    1. New Devices supported:
      • FortiGate - FortiOS 5.x logs supported
      • NetASQ
      • PaloAlto - Application reports
      • Bluecoat - Virus reports
    2. Option to identify non standard protocols (Unknown Protocol) detail in your network.
    3. Email alert notification when Firewall Analyzer fails to write the logs in archive
    4. SFTP/SSH protocol support to import logs from remote machines
    5. Optionally, traffic logs can be indexed and searched
    6. Advanced Search can now be used to find the exact Port/Protocol details
    7. Showing the conversation (source/destination/protocol) details for anomaly alert in mail
    8. Troubleshooting tool to apply License file in case of product license expiry
    9. Users with 'Guest' privilege can now access the'Compliance' tab
    10. Firewall Analyzer will henceforth be using PostgreSQL database (applies to fresh install of full build only)

    Bug Fix

    1. Wrong alert message showing double the number of managed devices compared to the License count has been fixed
    2. Fixed the Windows Authentication issue in Admin server MS SQL setup
    3. SonicWALL device interface name parsing issue is fixed
    4. Fixed the issue to retain the Y-axis value as integer in Time Series graph in PDF export
    5. Allowed URL reports will now be populated for Palo Alto devices
    6. Parsing issue of Juniper SSL logs fixed
    7. Native OS (German and French) Installation issue fixed
    8. 'DisplayName' of the device will be shown now in Change Management alerts, Anomaly alerts and Compliance reports instead of 'ResourceName'
  • 7.4 Build 7400

    7.4 - Build 7400 - Distributed Edition

    GA release of Firewall Analyzer Distributed Edition.

    New Features - Admin Server

    The general features available in this release include,
    • Dedicated compliance section for device rules configurations, firewall rules monitoring, change management reports and alerts for each collector server

    New Features - Collector Server

    The general features available in this release include,
    • Collector Server contains all the features of Firewall Analyzer Standalone Edition

    7.4 - Build 7400 -Standalone Edition

    The general features available in this release are:

    New Features

    1. Supports 'IPFIX with extensions' based flows (for SonicOS 5.8) - reports include top URLs, applications, users, viruses, attacks, intrusions, spyware, etc.
    2. Dedicated compliance section for device rules configurations, firewall rules monitoring, change management reports and alerts
    3. Detailed reports for applications accessed through Check Point and SonicWALL devices
    4. Consolidated VPN traffic reports for user-groups
    5. 'Exclude criteria' option now allows users to generate configuration change management reports that excludes certain specific lines or text
    6. Importing 'Local Host' log directory is now supported
    7. 'Intranet Settings' can now be configured for multiple devices
    8. For FTP log import from remote hosts, in addition to specifying time interval users can now specify 'Schedule Start Time'
    9. 'Scheduled Reports' can be now saved in the machine running Firewall Analyzer
    10. Active Directory or RADIUS can be set as default authentication for Firewall Analyzer login
    11. Active Directory Users can now be imported at the Organizational Unit level, Group level and Individual User level

    Bug Fix

    1. Fixed indexing of Juniper IDP attack logs
    2. Increased the default value of row count of reports in PDF format from 10 to 100
    3. Fixed the usability issue in Scheduling Device Rule
    4. Fixed the Parser Rule issue for Cisco Message Id 713119
    5. Fixed Change Management Alert issue when difference in configuration content has dollar symbol in it
    6. Fixed the 'device credentials test button' issue
    7. Fixed issue in detecting dynamic file name changes, during scheduled import
    8. The issue with 'SNMP community string with special characters' to access the interface is fixed
    9. The issue in parsing unused ACEs of Cisco firewall is fixed
  • 7.2 Build 7021

    GA release of Firewall Analyzer.

    7.2 - Build 7021 - Standalone Edition

    The general features available in this release are:

    Bug Fix

    • Optimized the connection between Firewall and Firewall Analyzer, to fetch rules
  • 7.2 Build 7020

    GA release of Firewall Analyzer.

    7.2 - Build 7020 - Distributed Edition

    GA release of Firewall Analyzer Distributed Edition.

    New Features - Collector Server

    • Collector Server contains all the features of Firewall Analyzer Standalone Edition

    7.2 - Build 7020 - Standalone Edition

    The general features available in this release are:

    New Features and Enhancements

    1. New Device/Log Format supported
      • Palo-Alto Firewall
      • Juniper SSLVPN 6500
      • Check Point VSX firewalls
      • FortiGate WebFilter, DLP, IPS modules and IPSec support
    2. Application reports for Fortigate firewalls based on Application Control service
    3. Support for Virtual Firewalls of Cisco, Fortigate, and Check Point devices. By default, each context/vdom is displayed as separate device
    4. Alerts based on bandwidth utilization of a specific interfaces
    5. Client UI and email notification for Firewall Status Alerts for the following conditions:
      • Lack of disk space
      • Syslog server down
    6. View unused ACEs details of ACLs, for Cisco devices available in Unused Rules report
    7. Real-time Syslog collection from Squid proxy server supported
    8. Complete time duration details of the VPN user sessions available in 'VPN User Session Details' reports under VPN Reports
    9. Option to export 'VPN User Session Details' report to other formats, while clicking 'View All' link
    10. Zone based and interface specific Live reports using SNMP for Netscreen devices
    11. Change Management Report for Juniper SRX device available
    12. Option to fetch Rules and Configurations for any CLI supported device to get Unused Rules, Compliance and Change Management reports
    13. New format for Email alert to cater for context based Configuration Changes
    14. Optional privilege available to 'Guest' user to view the generated alerts for the assigned device(s)
    15. Optional privilege available to 'Guest' user to view the Report Profile(s) assigned by Administrators

    Bug Fixes

    1. Identifying Device IP address from the logs imported from Blue Coat proxy server
    2. Collecting intermittent logs of VPN sessions support for SonicWALL, Cisco, Checkpoint and Netscreen Firewall devices
    3. Added page navigation component in 'Raw Log Search' result page
    4. Importing log files with non-English names/folders from remote machines using FTP is supported
    5. Allowed special characters in SNMP Community string to fetch SNMP data from devices
    6. Issue in Diagnose Connections when the interface name had special characters

    Known Issue

    • You can not use Active Directory or RADIUS Server Authenticated Admin user credentials for Data Collection in Admin Server (i.e., from Edit Collector Details page of Collector Settings)

For further information please contact Firewall Analyzer Support.

A single platter for comprehensive Network Security Device Management