A Firewall is an important perimeter defense tool that protects your network from attacks. Security tools like Firewalls, VPN, and Proxy Servers generate a huge quantity of traffic logs, which can be mined to generate a wealth of security information reports.

ManageEngine Firewall Analyzer is a web-based, cross-platform, log analysis tool that helps network administrators and managed security service providers (MSSP) to understand how bandwidth is being used in their network. Firewall Analyzer analyzes logs received from different firewalls and generates useful reports and graphs. Trend analysis, capacity planning, policy enforcement, and security compromises are some of the critical decisions that are made simpler using Firewall Analyzer.

Benefits of using Firewall Analyzer:

Employee Internet Monitoring:

• Website accessed by the employees in your organization.
• Protocols used by them for communication.
• Working Hour and Non-Working Hour internet usage details and trends
• Firewall Rules used by your employees and their usage pattern.
• Get notification as when an employee tries to access restricted sites.
• To identify internet abuse, and excessive internet usage.
• Get notified on anomalies like sudden spike in internet usage.
• Keep tabs of employee internet transactions that are leading to attacks / virus in your environment.
• Compare current internet usage with your historical data to enable you to make firewall policy changes.
• Get live internet bandwidth graphs with finer details of inbound and outbound traffic flows.

Data Center Security and Enterprise Security:

Firewall Analyzer is used in Data Centers, Security Operation Centers to monitor firewall's and intrusion detection systems to obtain insights like the following:

• Get to know who is contacting your servers from where, when, and how.
• Identify your busy servers and do capacity planning.
• Obtain an executive summary of your network security posture like number & type of attacks, viruses, failed logons, security events and denied events.
• Get to know who was denied access in your network, with respect to each server and their protocols. Thus feeling reassured that your firewall rules are working.
• Get to know your firewalls rules in action and their usage trend.
• Get to know the protocol usage trend in your servers.
• See your network in action through nice readable, intuitive graphs.
• Get notified on anomaly events like sudden spike in the number of connections in your servers and traffic usage in your servers.
• Get Live Internet Bandwidth Graphs with Inbound and Outbound split-up.
• Obtain events split-up of your servers based on severity and get notified on emergency / critical events on your servers.
• Get to know the amount of traffic through your site-to-site VPN.
• Identify the busy tunnel and do capacity planning.
• Remove / reduce the unnecessary traffic going through your VPN tunnel by cleaning up your rules.
• Detect your network configuration errors like wrong DNS etc.

Log Management for Compliance:

Firewall Analyzer can collect, archive, analyze, and report on all the firewall logs which can prove useful during your network audits for meeting regulatory compliance.

• Store / Archive logs for years together, to meet your compliance needs.
• Get compliance reports like successful logins, logoff and failed logins.
• Store your individual firewall log records and do historical trend analysis using the archived firewall logs whenever required.
• Automatic log reception from firewalls without the use of probes or agent installations.

Managed Firewall Services Support for MSSP:

Firewall Analyzer offers profitable Managed Firewall Services for Managed Security Service Providers (MSSP), which will help you to track intrusions, manage user website access, audit traffic and also help you to manage your customer's network bandwidth usage efficiently.

• Centralized log management for heterogeneous devices.
• Manage multiple firewalls from the single installation.
• User-specific firewall views, whereby you as an administrator can assign customers to their respective firewalls and each customer will have access to only his respective firewall details.
• Create custom dashboard views which could be based on the different geographical locations or nature of business or any other specific requirements of your customer.

Firewall Analyzer uses a built-in syslog server to store the firewall logs, and provides comprehensive reports on firewall traffic, security breaches, and more. This helps network administrators to arrive at decisions on bandwidth management, network security, monitor web site visits, audit traffic, and ensure appropriate usage of networks by employees. The collected logs are parsed and stored in the inbuilt MySQL database for analysis and report generation.

Multiple Device Support – support for most leading enterprise firewalls, vpn, ids & proxy servers.

MSSP support – user-based firewall views, anomaly detection filters for network behavioral analysis aid Managed Security Service Providers to manage multiple client networks.

Real-time Alerting – set threshold-based alerts and instant e-mail notifications when alerts are triggered.

Flexible Log Archiving – archive all log data, or modify archiving intervals depending on disk space.

Trending – view traffic trends and determine usage patterns and peak hours.

Instant Reports – generate over 100 pre-defined reports on bandwidth usage, protocol usage, and more.

Powerful Multi-level Drill-down – drill down from traffic reports to see top hosts, top protocols, top website's, and more.

Security Analysis – analyze denied requests, top denied URL's, and more.

VPN / Squid Proxy Reports – view VPN statistics, VPN usage details, squid usage, top talkers, website details, and more.

Custom Reports – define reporting criteria, set graph parameters, and save reports.

Scheduled Reporting – set up schedules for reports to be generated and emailed automatically.

Anytime, Anywhere Access & Management – web-based user interface lets you view event details in real-time from any system on the network.

Built-in Database – comes with an integrated MySQL database that is already configured to store all log data. No external database configurations are needed.

Host OS Support – Can be installed and run on Windows and Linux-based systems making it suitable for deployment in a wide range of enterprises.

Firewall Analyzers supports the following device logs. For complete details on the type of logs supported in each of these devices, please refer here.

Applied Identity	Microsoft ISA
ARKOON	NetApp
Astaro	NetASQ
Aventail	NetFilter
AWStats	Netopia
BlueCoat	NetScreen
Check Point	Network-1
Cimcor	Recourse Technologies
Cisco PIX	Snort
CyberGuard	SonicWALL
FreeBSD	Squid Project
Fortinet and Fortigate	St. Bernard Software
Global Technologies (GNAT)	Sun Microsystem
Ingate	WatchGuard
Inktomi	Zywall
Lucent