The Firewall Analyzer team is constantly working on enhancements to improve its product offering. Here’s an overview of all the new vendors, log formats, and reports supported by Firewall Analyzer.
1. New supported vendor: F5 BIG-IP Local Traffic Manager
F5 Networks is located in more than 30 countries and has more than 20 years experience in network security for both on-premises and multi-cloud environments. BIG-IP Local Traffic Manager enables you to control network traffic, selecting the right destination based on server performance, security, and availability.
Firewall Analyzer lets you collect, archive, and analyze F5 BIG-IP Local Traffic Manager device syslogs, as well as generate security and forensic reports. Firewall Analyzer customers can now fetch syslogs for F5 BIG-IP Local Traffic Manager as well as generate the following:
- High-level overview on live traffic to identify bandwidth utilization
- Detailed security analytics on attacks, viruses, spam, security events, denied events, denied URLs, and failed logons
- In-depth traffic usage reports on different users, protocols, applications, cloud services, and VPNs
- Custom reports for unique requirements
- Forensic log analysis using search reports that provide intricate details on the individual raw log responsible for a specific event
- Alerts based on syslogs
2. New reports supported for Vyatta, Huawei, and Check Point
2.A. Rule management report: Along with syslog reporting, Firewall Analyzer can now fetch firewall rule-sets and their configurations using CLI with different protocols like SSH, SCP, TFTP, and TELNET. It generates the rule management reports shown below for Vyatta, Huawai, and Check Point* firewall devices.
*Rules and configurations for Check Point firewalls are fetched using Check Point API versions R-80.10 and above.
2.A.A. Policy Overview Report: Lists all the rules and policies written in the firewall. Further rules can be filtered according to:
- Allowed/denied rules
- Inbound/outbound rules
- Inactive rules
- Logging disabled rules
- Over permissive any-to-any rules
2.A.B. Policy Optimization Report: Identifies shadow, redundancy, generalization, correlation, and grouping anomalies of the existing rules that impact the performance of the firewall.
2.A.C. Rule Reorder Report: Suggestions on changing the rule position by correlating the number of rule-hits, complexities, and anomalies. This change might help in improving rule performance.
2.A.D. Rule Cleanup Report*: Lists all the unused rules, objects, and interfaces present under a firewall.
*The Rule cleanup report for Vyatta firewall is not yet available, but will be available soon.
2.B. Change Management Report: Firewall Analyzer automatically fetches configurations based on the logout syslog received from the firewall device and generates configuration change management reports for Vyatta, Huawai, and Check Point* firewall devices.
*Configurations for Check Point firewalls are fetched using the Check Point API.
This report helps you find who made what changes, when, and why. Not only that, it sends alerts to your phone in real time when changes happen. This report ensures that all the configurations and subsequent changes made in the firewall device are captured periodically and stored in the database.
2.C. Compliance Reports: Firewall Analyzer also generates out-of-the-box industry standard compliance reports for SANS, PCI-DSS, NIST, ISO, and NERC-CIP. With these, security admins can track the configuration compliance status for Vyatta and Huawai firewall devices.
Download Firewall Analyzer and check out all the latest updates now!
** Optrics Inc. is an Authorized ManageEngine partner
The original article can be found here: