ManageEngine® Firewall Analyzer is a web based, agent-less, firewall log analysis and reporting software. The software application monitors, collects, analyzes, and archives logs from enterprise-wide network perimeter security devices and generate reports. The devices are, Firewalls, Proxy servers, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), and Virtual Private Networks (VPN) (see complete list of devices supported below). Two prominent features of the application are network monitoring and security reports.
Which Firewall Analyzer Edition is suitable for you?
Firewall Analyzer is available in three editions addressing the requirements of small, medium businesses and large enterprises. Explore the editions and choose which version best suits your requirement.
What problems does it solve?
Firewall Analyzer helps network security administrators & IT Managers for bandwidth monitoring, and Firewall internet security events monitoring efficiently. The Firewall security events are, intrusion detection, virus attacks, denial of service attack, etc., anomalous behaviors, employee web activities, and web traffic analysis. It makes you visualize your enterprises network security. Capacity planning using trend analysis and detecting security compromises are some of the critical problems that are resolved using Firewall Analyzer. It generates admin reports, on all the firewall logs, addresses your network audit and regulatory compliance requirements. It monitors used/unused Firewall policies and policies can be optimized using Firewall settings. Employee web activities can be monitored with the help of proxy log analysis.
Firewall Analyzer provides a solution for Managed Security Service Providers (MSSP) to offer profitable Managed Firewall Services. The traffic monitoring and Firewall reporting application will help to track attacks, intrusions, manage user website access, audit traffic and also help to manage customer's network bandwidth usage efficiently.
What features does it offer?
Multiple Device/ Vendor Support, MSSP Support, Real-Time Alerting, Flexible Log Archiving, Capability to view traffic trends and usage patterns, Multi-level drill down into top hosts, protocols, web sites and more, VPN/ Squid Proxy Reports, Multi-varied Reporting Capabilities.
Note: If the Firewall device logs contains the time zone information, Firewall Analyzer processes it and normalizes it to time zone of Firewall Analyzer Server
Network Information for the IT Manager
Traffic and Security of Enterprise Network - Snapshot View
As a CIO/CSO/IT Manager of an enterprise, you would like to apprise yourself of the traffic usage and security threatening activities of the enterprises network.
Firewall Analyzer addresses your requirements. It provides a snapshot view of the network traffic and security events of your network in the form of a dashboard. The dashboard displays the graphical overview and statistical snapshot of the total network traffic distributed among the protocols and security events distributed among various categories.
For the network traffic, it addresses a critical question like who, when, and where, i.e., who (which host) is using your traffic, when (what time) the traffic was used, and where (which destination) the traffic was directed to. It provides trend of Internet traffic across the perimeter security devices.
For the network security, you can view the latest security events received (formatted or raw SysLogs) from a particular device. You can get alerted for any of these security events and pinpoint the exact event by drilling down the reports or searching.
It provides valuable information about usage of Firewall rules. It segregates the unused rules of the Firewall and lets you to manage the rules to optimize the Firewall performance.
There are slew of pre-built reports available in Firewall Analyzer. Firewall Analyzer allows you to create the management reports, for you to peruse.
Network Information for the Security / Network Administrator
Traffic and Security Analysis of Enterprise Network
As a Security/Network Administrator of your enterprise, you would like to constantly monitor the traffic usage and security threatening activities of the enterprises network.
You get a graphical overview and statistical snapshot of the total network traffic distributed among the protocols and security events distributed among various categories, in the dashboard.
There are slew of pre-built reports available in Firewall Analyzer. You have the quick traffic reports. From the quick reports you can find out the traffic usage by
top hosts who initiated the traffic
top destinations who received the traffic
top protocols used for communication
top requests received by the URL
top conversations between host and destination
top Firewall rules used, top VPN users
top hosts from where the attacks originated
From the quick reports you can find out the security incidents by
top denied events
top security events
top failed log-ons
This gives a comprehensive yet concise view of traffic usage and security events.
You can always drill down to any level of details (unto raw log level) you want. It allows you to create the network reports to be submitted to the management on daily basis.
You can search from heap of raw logs for forensic analysis and network audit. You can load and search the archived logs. The search results can be used to generate reports.
You can gather valuable information about usage of Firewall rules. You can modify or remove the unused rules.
You can get alerts triggered for anomaly and threshold conditions. You can administer the alerts (a bare bone trouble ticketing utitlity).