# ManageEngine Firewall Analyzer :: Supported Firewalls

Firewall Analyzer is compatible with the following firewall devices.

- [Firewall Analyzer Compatible Firewalls](#supported_firewalls)
- [Firewall Rule Management Support](#rule_management_support)
- [Firewall Rule Administration Support](#rule_administration_support)
- [Firewall Rule Risk Analysis Support](#Firewall_Rule_Risk_Analysis_Support)
- [Application Report Support](#application_report_support)
- [VPN Report Support](#vpn_report_support)
- [High Availability Monitoring Support](#high_availability_support)
- [NetFlow Log Support](#netflow_log_support)
- [Want rule, log reports of your device to get added?](#want_to_get_rule)

Click on the device name (if applicable) to see instructions on [configuring firewalls](https://www.manageengine.com/products/firewall/help/configure-firewalls-to-send-syslogs.html) for reporting and sending logs to the Firewall Analyzer.

> Firewall Analyzer provides detailed reports on network traffic and security insights derived from Syslog data across various firewall vendors. [Click here](https://www.manageengine.com/products/firewall/firewall-vendor-support.html) to learn more about the supported firewall vendors and available report types.

## Firewall Analyzer Compatible Firewalls

| Company | Firewall - Version | WELF Certified | Other Log Format |
|---|---|---|---|
| [Check Point](https://www.manageengine.com/products/firewall/checkpoint-firewall-analyzer.html) | Log import from all versions and LEA support for R54 and above<br>VSX Firewalls - Virtual Edition supported<br>Log Exporter support for versions R77.30, R80.10, R80.20 and R80.30<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-check-point-firewalls-lea.html) | ✓ |  |
| [Palo Alto](https://www.manageengine.com/products/firewall/palo-alto-firewall-log-analyzer.html) | Palo Alto Firewalls PA 5000 series, PANOS 4.1.0 or later supports VSYS<br>PA-5260, PA 5220, PA-5060, PA-5050, PA-3020, PA 850, PA-220, M-100, VM series<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-paloalto-firewalls.html) |  | ✓ |
| [Cisco Systems](https://www.manageengine.com/products/firewall/cisco-firewall-analyzer.html) | Cisco Pix Secure Firewall v 6.x, 7.x<br>Cisco ASA - Virtual Contexts supported<br>Cisco IOS 3005, 1900, 2911, 3925<br>Cisco FWSM - Virtual Contexts supported<br>Cisco VPN Concentrator<br>Cisco CSC-SSM Module v6.3.x or later<br>Cisco SSL WebVPN or SVC VPN<br>Cisco Botnet module<br>Cisco FireSight module<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-cisco-firewalls.html)<br>[How to configure with ASDM?](https://www.manageengine.com/products/firewall/help/configure-cisco-devices-asdm.html) |  | ✓ |
| Cisco FirePower | Cisco FirePower (v 6.3.0 or later), 2100 series and 4100 series<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-cisco-firepower-firewalls.html) |  | ✓ |
| [Fortinet](https://www.manageengine.com/products/firewall/fortigate-log-analysis.html) | FortiGate family<br>SSL VPN (v 300A, v 310B or later)<br>Webfilter, DLP, IPS modules, IPSec<br>VDOMs supported<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-fortinet-firewalls.html) | ✓ | ✓ |
| [Juniper Networks](https://www.manageengine.com/products/firewall/juniper-firewall-analyzer.html) | Juniper SRX series (SRX100, SRX210, SRX220, SRX240, SRX 550, SRX650, SRX1400, SRX1500, SRX3400, SRX3600, SRX 4100, SRX5600, SRX5800)<br>Security and Application logs, VDOM support<br>IDP, SSL VPN series<br>ISG series, NetScreen series<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-juniper-firewalls.html) | ✓ | ✓ |
| [SonicWALL](https://www.manageengine.com/products/firewall/sonicwall-firewall-analyzer.html) | SOHO, PRO, TZ, NSA series<br>Sonic OS 5.8.x and above. Supports IPFIX with extensions<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-sonicwall-internet-security-appliances.html) | ✓ |  |
| [WatchGuard](https://www.manageengine.com/products/firewall/watchguard-firewall-analyzer.html) | Firebox Models v5.x to 11+<br>XTM version 11.9<br>Firebox M Series, T Series<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-watchguard-firewalls.html) | ✓ | ✓ |
| [Huawei](https://www.manageengine.com/products/firewall/huawei-firewall-analyzer.html) | Huawei |  | ✓ |
| [pfSense](https://www.manageengine.com/products/firewall/pfsense-firewall-analyzer.html) | PfSense 2.2, 2.3, 2.4 or later<br>OPNsense firewall<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-pfsense-firewalls.html) |  | ✓ |
| [Sophos](https://www.manageengine.com/products/firewall/sophos-firewall-analyzer.html) | Security Linux v7.0, v8.0<br>UTM 9.0 or later (formerly Astaro)<br>XG v15, v16, v16.5, v17.0.x<br>Cyberoam 9.5.4 or later<br><br>[How to configure UTM?](https://www.manageengine.com/products/firewall/help/configure-sophos-utm-firewalls.html)<br>[How to configure XG?](https://www.manageengine.com/products/firewall/help/configure-sophos-xg-firewalls.html) | ✓ | ✓ |
| Zyxel | ZLD 4.25 or later<br><br>[How to configure?](https://www.manageengine.com/products/firewall/help/configure-zyxel-firewalls.html) |  | ✓ |

![tip](https://www.manageengine.com/products/firewall/help/images/tip.gif)

If the Firewall device logs contains the time zone information, Firewall Analyzer processes it and normalizes it to time zone of Firewall Analyzer Server.

## Firewall Rule Management Support

Firewall Analyzer provides the [rule management reports](https://www.manageengine.com/products/firewall/firewall-rule-management.html) for the given list of firewalls.

### Firewall Rule Management Report Support

| Devices | Mode | Overview | Optimization | Cleanup | Reorder | Impact | Tracking | Expiry Notification | Risk |
|---|---|---|---|---|---|---|---|---|---|
| Cisco ASA | CLI | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Cisco ASA | File | ✓ | ✓ | ✓ |  | ✓ |  | ✓ | ✓ |
| FortiGate | CLI | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| FortiGate | API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| PaloAlto | API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Check Point | API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Juniper SRX | CLI | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Sophos XG | API | ✓ | ✓ | ✓ | ✓ |  | ✓ | ✓ | ✓ |
| pfSense | CLI | ✓ | ✓ | ✓ | ✓ |  | ✓ | ✓ | ✓ |
| Zywall | CLI | ✓ | ✓ | ✓ |  |  | ✓ |  | ✓ |

### Firewall Compliance Management Report Support

Firewall Analyzer supports the [Compliance Management Report](https://www.manageengine.com/products/firewall/help/firewall-compliance-reports.html).

| Devices | Mode | Change Management | Standards | Security Audit | Config Backup |
|---|---|---|---|---|---|
| Cisco ASA | CLI | ✓ | ✓ | ✓ | ✓ |
| FortiGate | CLI | ✓ | ✓ | ✓ | ✓ |
| PaloAlto | API | ✓ | ✓ | ✓ | ✓ |
| Check Point | API | ✓ | ✓ | ✓ | ✓ |
| Juniper SRX | CLI | ✓ | ✓ | ✓ | ✓ |
| Sophos XG | API | ✓ | ✓ | ✓ | ✓ |
| pfSense | CLI | ✓ | ✓ | ✓ | ✓ |
| Zywall | CLI | ✓ | ✓ | ✓ | ✓ |

**Note:** Firewall Analyzer supports API auth-token based rule management reports for Fortigate, Paloalto, and Sophos UTM firewalls.

**Standards Compliance Reports Supported**

The following regulatory compliance reports are displayed in Pie chart graph of % complied and the details are listed in the table:

- [PCI-DSS](https://www.manageengine.com/products/firewall/pcidss-compliance-reports.html)
- [ISO 27001](https://www.manageengine.com/products/firewall/iso-compliance-reports.html)
- [NERC-CIP](https://www.manageengine.com/products/firewall/nerc-cip-compliance-reports.html)
- [NIST](https://www.manageengine.com/products/firewall/nist-compliance-reports.html)
- [SANS](https://www.manageengine.com/products/firewall/sans-compliance-reports.html)
- [GDPR](https://www.manageengine.com/products/firewall/gdpr-compliance-reports.html)
- [GLBA](https://www.manageengine.com/products/firewall/glba-compliance-reports.html)
- SOX
- [HIPAA](https://www.manageengine.com/products/firewall/hipaa-compliance-reports.html)
- [Basel-II](https://www.manageengine.com/products/firewall/basel-II-compliance-reports.html)
- GSMA
- SOC2 Type-II
- CIS Controls V8
- CJIS

## Firewall Rule Administration Support

Firewall Analyzer supports the [rule administration](https://www.manageengine.com/products/firewall/firewall-rule-administration.html) for the given list of firewalls.

| Devices | Mode | Network Object Add | Network Object Edit | Network Object Delete | Service Object Add | Service Object Edit | Service Object Delete | Security Rule Add | Security Rule Edit | Security Rule Delete |
|---|---|---|---|---|---|---|---|---|---|---|
| PaloAlto | CLI | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| PaloAlto | API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Check Point | CLI | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Check Point | API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| FortiGate | CLI | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| FortiGate | API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Cisco ASA | CLI | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |  | ✓ |
| Cisco FirePOWER | API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Juniper SRX | CLI | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Sophos XG | API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |  | ✓ |
| Vyatta | API | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |

## Application Report Support

[Application report](https://www.manageengine.com/products/firewall/application-reports.html) is supported for the following devices:

1. Check Point
2. Cisco FirePower
3. FortiGate
4. Juniper SRX
5. Palo Alto
6. Sonicwall
7. Sophos XG
8. WatchGuard

## VPN Report Support

[VPN report](https://www.manageengine.com/products/firewall/vpn-monitor.html) is supported for the following devices:

1. FortiGate Firewall
2. Cisco ASA, Cisco PIX, Cisco Firepower, Cisco VPN Concentrator and Cisco Meraki
3. Checkpoint Firewall
4. Paloalto Firewall
5. Juniper SRX Firewall
6. Sonicwall Firewall and Sonicwall SSLVPN appliance
7. Huawei Firewall
8. Pfsense Firewall
9. Netscreen Firewall
10. Sophos UTM Firewall
11. Sophos XG Firewall
12. Watchguard Firewall
13. Barracuda Firewall
14. Clavister Firewall
15. KerioControl Firewall
16. 3COM Firewall

## High Availability Monitoring Support

[High Availability Monitoring](https://www.manageengine.com/products/firewall/help/high-availability-monitoring.html?comaptible_firewalls) is supported for the following devices:

1. FortiGate
2. Check Point
3. Cisco
4. Cisco Firepower
5. Palo Alto
6. Juniper SRX
7. NetScreen
8. WatchGuard
9. Hillstone
10. Forcepoint
11. MGuard
12. Huawei
13. Pfsense
14. Sophos UTM
15. Sophos XG
16. SonicWall
17. Zywall
18. KerioControl Firewall
19. Barracuda
20. Stonesoft (ForcePoint)
21. F5 Big-IP Firewall
22. MikroTik
23. NSX Firewall

## NetFlow Log Support

| Vendor | NetFlow logs supported | Security report | Traffic report |
|---|---|---|---|
| Cisco | Cisco ASA version9 NetFlow logs |  | ✓ |
| Sonicwall | Sonicwall IPFix Netflow logs | ✓ | ✓ |

## Want rule, log reports of your device to get added?

https://creator.zohopublic.in/adventnetwebmaster/itom/form-embed/Firewall_Analyzer_Request_Device_Report_Support/GkDGHXxBNfHxKNpUH7NbPxhEgzzeb7V7vqp7aHWnm6RVt8G3SprDExHb96pmq6w9ChAeqwNTwGBGGbOYWjE48fCeSyYgzQ1RagWH?zc_Focus=false