About us

Optrics is an authorized ManageEngine Partner with expertise in customized network solutions.

read more

Optrics Call Answer Guarantee
Toll Free: 1-877-386-3763
Direct: 1-780-430-6240

If you have any questions, call us during regular business hours, and you will always speak with a person.
Monday to Friday, 8am - 5pm MST

Firewall Analyzer

Log analytics and configuration management software for network security devices

ManageEngine Firewall Analyzer is an agent less log analytics and configuration management software that helps network administrators to centrally collect, archive, analyze their security device logs and generate forensic reports out of it.

"The implementation was so easy and it immediately started showing me how much inbound and outbound traffic was passing through our firewalls. I now use Firewall Analyzer daily!"
Phil Avella, Manager,Information Systems, Thunder Bay District Health Unit

Overview

What is Firewall Analyzer?

The real-time event response system and Integrated Compliance Management module automates your end point security monitoring, network bandwidth monitoring and security & compliance auditing. Firewall Analyzer eases your Device Configuration Management by providing out-of-the-box reports and alerts for configuration changes. Firewall Analyzer is vendor-agnostic and supports almost all open source and commercial network firewalls like Check Point, Cisco, Juniper, Fortinet, Snort, Squid Project, SonicWALL, Palo Alto and more, IDS/IPS, VPNs, Proxies and other related security devices

  or  Try It Free!

Compliance Management

  • Automate compliance audits with out-of-the-box reports for Regulatory Mandates such as PCI-DSS, ISO 27001, SANS, NERC-CIP, NIST and SANS
  • Get your firewall security validated with security audit and device configuration analysis reports

Firewall Configuration Change Management

  • Get instant notification on 'who' made 'what' changes, 'when' and 'why' to your firewall configuration
  • Get a complete trail of all the changes done to your firewall configuration with Change Management reports

User internet activity monitoring

  • Monitoring internet usage (overuse or misuse) of employees in your organization
  • Get real-time notifications when a user tries to access restricted sites

Network Traffic and Bandwidth Monitoring

  • Monitor network traffic and get instant notifications upon sudden spikes in bandwidth
  • Analyze which user,protocol group or network activity is consuming more bandwidth with interface-wise live bandwidth usage reports

Network Security Management

  • Get detailed information on all possible network attacks and security breaches in your network
  • Know which viruses are active on the network, the hosts that are affected and more

Firewall Policy Management

  • Find out the anomalies in the firewall policies and rectify them to improve the firewall performance
  • Identify the highly used rules, which can be optimized to enhance the network security
  • Identify the unused rules and modify/remove them to improve your firewall performance

Real-time VPN and Proxy Server Monitoring

  • Obtain active VPN users, user-specific & user group specific VPN usage, sessions, and bandwidth consumed
  • Monitor the outgoing traffic through the proxy, obtain details on users generating traffic, websites accessed and bandwidth consumed

Network Forensic Audits

  • Search the logs and pinpoint the exact log entry which indicates the cause of the security event in minutes
  • Find the data quickly and repetitively using advanced log search & generate reports based on search results

Log Analysis

  • Centrally collect,analyze and archive logs from all your security devices such as Microsoft ISA, NetScreen, SonicWALL, WatchGuard, Squid Proxy and more
  • Extract the security and bandwidth information from flow data like IPFIX with extensions and Cisco

Why Choose Firewall Analyzer?

Unlock the Real Value of Your Security Devices

  • Supports an extensive array of perimeter security device logs which include firewalls, VPNs, IDS/IPS and proxy servers
  • Provides a wide range of reports for external threat monitoring, change management and regulatory compliance

Meet Dynamic Business Needs Quickly

  • Rapidly transforms perimeter security device logs into actionable information
  • Generates reports in user friendly formats like PDF and CSV formats
Request a Quote  or  Try It Free!

 

Productivity Improvement for IT / MSSP

  • From product deployment to report generation in minutes!
  • Real-time alerts to security events enable IT to respond instantaneously to security threats

Attractive TCO and Rapid ROI

  • No additional hardware required, minimal entry cost and maintenance inclusive subscription model ensures a low TCO
  • Competitively priced. Quick deployment, instant results, reduced IT overhead ensures rapid ROI

Features

Firewall Compliance

  • Firewall Compliance Management
  • PCI DSS Compliance Report
  • ISO 27001:2013 Compliance Report
  • SANS Compliance Report
  • NIST Compliance Report
  • NERC CIP Compliance Report
  • Security Audit & Configuration Analysis Report
  • Configuration Change Management Report

Firewall Device Management

  • Firewall Policy Overview Report
  • Firewall Used Rules Report
  • Firewall Unused Rules Report
  • Firewall Security Management
  • Firewall Policy Optimization Report

Network Security Reports

  • Firewall Reports
  • Virus, Attack, & Security Reports
  • VPN Reports
  • Application Reports for Firewall
  • Proxy Server Reports

Traffic & Bandwidth Reports

  • Real-time Bandwidth Monitoring
  • Bandwidth Monitoring
  • Traffic Analyzer
  • URL Monitoring
  • Employee Internet Usage Monitoring

Anomaly & Bandwidth Alerts

  • Firewall Alerts
  • Alert Notifications
  • Alert Administration

MSSP Features

  • Managed Firewall Service
  • Dashboard and User based Views
  • Rebranding the Web Client

Admin Audit & Archive

  • Firewall Admin Reports
  • Firewall Log Archiving for Compliance

OpManager Integration

  • ManageEngine OpManager Integration

Log Forensic Analysis

  • Raw & Formatted Log Search and Reports

Firewall Log Analysis

  • Check Point
  • Cisco PIX Device
  • Cisco ASA Device
  • CyberGuard
  • Fortigate

Security Device Log Analysis

  • Microsoft ISA
  • NetScreen
  • SonicWALL
  • WatchGuard
  • Squid Proxy
Request a Quote  or  Try It Free!

Documentation

Here you can find product documentation, brochures and guides. If you have any questions please feel free to contact us and one of our specialists will address your inquiry as soon as possible.

Request a Quote  or  Try It Free!

Supported Firewalls

Firewall Analyzer is compatible with the following firewall devices.

Company Firewall/Version WELF Certified Other Log Format
3Com 3Com X-family Version 3.0.0.2090 or later
Earlier versions will work to a lesser extent
 
Anchiva Secure Gateway Series 200, 500, 800, 1000, 2000 or higher  
Applied Identity Identiforce  
ARKOON Network Security ARKOON 2.20 or higher
Astaro Astaro Security Linux v7.0, v8.0 or higher
Aventail Extranet Center v3.0 or higher
AWStats Most versions  
Barracuda VF250 Version 5.4.1 or higher
BlueCoat SG Series, Proxy Server, Proxy SGOS 6.4.5.2  
Check Point Log import from all versions and
LEA support for R54 and above
VSX Firewalls - Virtual Edition supported
 
Cimcor CimTrak Web Security Edition or later  
Cisco Systems

Cisco Pix Secure Firewall v 6.x, 7.x,
Cisco ASA - Virtual Contexts supported
Cisco IOS 3005, 1900, 2911, 3925
Cisco FWSM - Virtual Contexts supported
Cisco VPN Concentrator
Cisco CSC-SSM Module v6.3.x or higher
Cisco SSL WebVPN or SVC VPN
Cisco IronPort Proxy
Cisco Botnet module

Clavister Most versions
CyberGuard CyberGuard Firewall v4.1, 4.2, 4.3, 5.1 or higher
Cyberoam Cyberoam Firewall version: 9.5.4 or higher
D-Link Most DFL versions
DP Firewalls DP Firewall 1000-GE or higher
Electronic Consultants IPTables Firewall
Fortine FortiGate family, SSL VPN (v300A, v310B or later)
Webfilter, DLP, IPS modules, IPSec and VDOMs supported.
FreeBSD Most versions
Funkwerk Enterprise Communications Funkwerk UTM
Global Technologies Gnatbox (GB-1000) 3.3.0+ or higher
Huawei    
Ingate Ingate firewall: 1200, 1400, 1800/1880 or later
Inktomi Traffic Server, C?Class and E?Class
IPCop IPCop Firewall Version 1.4.17 / 1.4.18 or higher
Juniper Networks
  • Juniper SRX series

SRX100, SRX210, SRX220, SRX240, SRX650, SRX1400, SRX3400, SRX3600, SRX5600, SRX5800

SRX - Security and Application logs, VDOM support

  • NetScreen series

NetScreen most versions of Web Filter & Spam Modules

  • IDP, SSL VPN series

4500 & 6500, New Format Logs

  • ISG series

2000

  • 6360, 8350 series

Kerio Winroute
Lenovo Security Technologies LeadSec
Lucent Security Management Server V. 6.0.471 or higher
McAfee
(formerly Secure Computing)

SnapGear, SG580, Sidewinder (uses SEF Sidewinder Export Format),

Firewall Enterprise - Sidewinder (S4016)

Microsoft

Microsoft ISA (Firewall, Web Proxy, Packet Filter, Server 2006 VPN) or later
Server 2000 and 2004or later,
W3C Log Format,
Threat Management Gateway (TMG)

NetApp NetCache
NetASQ F10, F100 v3.x or higher
NetFilter Linux Iptables
Netopia S9500 Security Appliance v1.6 or higher
Network-1 CyberwallPLUS-WS, CyberwallPLUS-SV or later
Opzoon Firewall ISOS v5 or later
Palo Alto Palo Alto Firewalls PA 5000 series, PANOS 4.1.0 or later
Recourse Technologies ManHunt v1.2, 1.21 or higher
Ruijie Firewall
Securepoint Securepoint UTM Firewalls
Snort Most versions
SonicWALL SOHO3, SOHO TZW, TELE3 SP/TELE3 Spi, PRO 230, 2040, 3060, 4060, 5060, TZ 100/ TZ 100w, TZ 170, TZ 170 Wireless, TZ 170 SP Wireless, TZ 200/ TZ 200w, TZ 210/ TZ 210w, NSA 240, NSA 2400, NSA 2400MX, NSA 3500, NSA 4500, NSA 5000, NSA E5500, NSA E6500, NSA E7500, NSA E8500, NSA E8510 or later , Sonic OS 5.8.x and above (supports "IPFIX with extensions")
Squid Project Squid Internet Object Cache v1.1, 2.x or higher
St. Bernard Software iPrism 4.1, Proxy server 7110
Stonesoft Firewall version 5.5 or higher
Sun Microsystems SunScreen Firewall v3.1 or higher
Vyatta Vyatta Firewall -IPv4 Firewall, IPv6 Firewall, Zone-Based Firewall
WatchGuard

All Firebox Models v5.x, 6.x, 7.x, 8.x, 10.x, 11 or higher
Firebox X series, x550e, x10e, x1000, x750e or later

XTM version 11.9

WebMarshal Most versions  
Zywall Most versions

System Requirements

This section lists the minimum system requirements for installing and working with EventLog Analyzer - Distributed and Standalone editions

  • Hardware Requirements

    The minimum hardware requirements for installing and working with Standalone and Distributed Editions are given below.

    • 1GHz Pentium Dual Core processor or equivalent
    • 1 GB of RAM*
    • 1 GB of disk space*
    • Monitor that supports 1024x768 resolution
    • For installing OpManager v12.0, following are the recommended hardware and software requirements. 

      Hardware Requirement for v12.0 : 

      Firewall Processor RAM Size OS Windows OS Linux DataBase
      500 logs/sec Intel Xeon
      Quad Core, 3.5 GHz
      8 GB 2012 R2 / 2012 / 2008 R2 / 2008 / 2003 Server / Vista / v7 / 2000 Professional SP4 RedHat 4.x and above, Debian 3.0, Suse, Fedora and Mandrake MS SQL 2000, 2005, 2008 and 2012 Or OpManager bundled PostgreSQL
      More than 500 logs/sec Intel Xeon Quad Core 3.5 GHz 16 GB 2008 R2 64 bit / 2012 R2 CentOS 64 bit or any linux distribution with glibc >= 2.3 and X libraries installed MSSQL 2008 and 2012 or OpManager bundled PostgreSQL

      *The following table recommends the disk space and RAM size requirements of the system where it's installed. The disk space and RAM size requirements depends on the number of devices sending log information to Firewall Analyzer, the number of firewall log records received per second or the firewall log data received per day by Firewall Analyzer.

      Recommended Minimum RAM Requirement

      Log Records Rate RAM Size
      Up to 100 Logs/sec 1 GB
      100 - 500 Logs/sec 2 GB
      500 - 1000 Logs/sec 4 GB
      Above 1000 Logs/sec 4 GB (64 Bit)
      Above 1000 Logs/sec 8 GB

      Hard Disk Space Requirement

      The split up is: Archive+Index+MySQL=Total
      Log Records Rate For 1 Day For 1 Week For 1 Month
      50 Logs/sec 1+0.5+10.5=12GB 5+3+30=38 GB 18+7+75=100 GB
      100 Logs/sec 2+1+15=18 GB 10+5+50=65 GB 35+15+100=150 GB
      300 Logs/sec 6+3+31=40 GB 30+15+105=150 GB 100+45+295=440 GB
      500 Logs/sec 10+5+75=90 GB 50+25+225=300 GB 170+70+480=720 GB
      1000 Logs/sec 20+10+150=180 GB 95+45+500=640 GB 325+125+950=1.4 TB
      Log Records Rate For 3 Months For 6 Months For 1 Year
      50 Logs/sec 60+25+125=210 GB 120+40+160=320 GB 240+90+300=630 GB
      100 Logs/sec 110+50+240=400 GB 220+80+320=720 GB 450+170+580=1.2 TB
      300 Logs/sec 280+120+600=1 TB 500+200+800=1.5 TB 900+350+1250=2.5 TB
      500 Logs/sec 470+230+1100=1.8 TB 900+400+2100=3.4 TB 1700+700+3600=6 TB
      1000 Logs/sec 920+480+2100=3.5 TB 1750+750+4200=6 TB 2850+1250+6400=10.5 TB

      Hard Disk Space Requirements for v12.0 : 

      Firewall (up to 500 logs/sec)
      (To maintain 1 day archive logs)
      Firewall (More than 500 logs/sec)
      90 GB  To process every 500 logs/sec in addition, at least we need 90 GB in addition

      CPU Requirements

      • Dedicated machine has to be allocated to process more than 200 logs per second.
      • Dual core processors are needed to process more than 500 logs per second.
      • Quadra core processors are needed to process more than 1000 logs second.

      RAM Requirements

      • Number of firewalls handled by the Firewall Analyzer will increase the requirement of the above RAM values. So it is better to have RAM value higher than the suggested value in case of having more than 5 firewalls.

      Separate Installation

      • Firewall Analyzer server and MySQL database can be installed in separate machines, in case of higher log rate with low-end CPU machines.

      Hard Disk Requirements for more months

      • The above Hard Disk space requirement projected is for one month. If you need to archive the logs for more number of months, multiply the above requirements with the number of months based on your requirement.

      Note:The Log Records Per Second is the total log records received per second from all the configured devices.

    • PostgreSQL Performance Improvement Parameters

      PostgreSQL Performance Improvement Parameters (for Firewall Analyzer version 7.5 Build 7500 onwards)

      For better performance, we recommend replacing the existing PostgreSQL parameters mentioned in postgres_ext.conf available under <Firewall Analyzer Home>\pgsql\data\directory

      Parameters Comments
      port = 33336 This change requires Firewall Analyzer Application/Service restart
      shared_buffers = 128 MB Minimum requirement is 128 KB. This change requires Firewall Analyzer Appplication/Service restart
      work_mem = 12 MB Minimum requirement is 64 KB.
      maintenance_work_mem = 100 MB Minimum requirement is 1 MB.
      checkpoint_segments = 15 Logfile segments minimum 1 and 16 MB each
      checkpoint_timeout = 11 minutes Range: 30 seconds to 1 hour
      checkpoint_completion_target = 0.9 checkpoint target duration is 0.0 - 1.0
      seq_page_cost = 1.0 This parameter is measured in an arbitrary scale
      random_page_cost = 2.0 This parameter is measured in same scale as above
      effective_cache_size = 512MB  
      synchronous_commit=off  
    • Supported Operating Systems

      It has been tested to run on the following operating systems and versions:

      WindowsR

      • Windows 8
      • Windows 7
      • Windows NT
      • Windows 2000
      • Windows XP
      • Windows Vista
      • Windows 2000 Server
      • Windows 2003 Server
      • Windows 2008 Server
      • Windows 2012 Server

      Linux

      • Ubuntu 9.1.10
      • Fedora 12
      • OpenSuSE 11.2
      • CentOS 5.5
      • Red Hat RHEL
      • Mandrake
      • Mandriva
      • Debian

      VMware

      Note: For Distributed Edition - Admin Server only

      For version 7.4 Build 7400 or earlier

      If The Distributed Edition Admin Server is installed in SuSE Linux, then

      • Locate and open mysql-ds.xml file in <Firewall_Analyzer_Home>/server/default/deploy
      • Find the following line and replace localhost, with corresponding IP Address/DNS resolvable name of the current system where Firewall Analyzer Distributed Edition Admin server is installed.

      <connection-url?jdbc:mysql://localhost:33336/firewall>/connection-url>

    • Supported Web Browsers

      It has been tested to support the following browsers and versions:

      • Internet Explorer 8 and later
      • Firefox 4 and later
      • Chrome 8 and later
    • Supported Databases

      Bundled with the product

      • PostgreSQL

      External Databases

      • MS SQL 2000
      • MS SQL 2005
      • MS SQL 2008
      • MS SQL 2012
    • MySQL Performance Improvement Parameters

      MySQL Performance Improvement Parameters (for Firewall Analyzer version 7.4 Build 7400 or earlier)

      For better performance, we recommend replacing the existing MySQL parameters mentioned in startDB.bat/sh, available under <FirewallAnalyzerHome>\bin directory, with the following MySQL parameters changes for the corresponding RAM Size.

      RAM Size MySQL Parameters For Windows Installation MySQL Parameters For Linux Installation
      512 MB Default configuration as given in startDB.bat Default configuration as given in startDB.sh
      1 GB --innodb_buffer_pool_size=300M --key-buffer-size=150M --max_heap_table_size=150M --tmp_table_size=100M --table-cache=512 --innodb_buffer_pool_size=300M --key-buffer-size=150M --max_heap_table_size=150M --tmp_table_size=100M --table-cache=512
      2 GB --innodb_buffer_pool_size=900M --key-buffer-size=600M --max_heap_table_size=350M --tmp_table_size=100M --table-cache=512 --innodb_buffer_pool_size=900M --key-buffer-size=600M --max_heap_table_size=350M --tmp_table_size=100M --table-cache=512
      3 GB --innodb_buffer_pool_size=900M --key-buffer-size=600M --max_heap_table_size=350M --tmp_table_size=100M --table-cache=512 --innodb_buffer_pool_size=1400M --key-buffer-size=1000M --max_heap_table_size=350M --tmp_table_size=100M --table-cache=512
      4 GB --innodb_buffer_pool_size=900M --key-buffer-size=600M --max_heap_table_size=350M --tmp_table_size=100M --table-cache=512 --innodb_buffer_pool_size=1800M --key-buffer-size=1200M --max_heap_table_size=350M --tmp_table_size=100M --table-cache=512

Pricing

Perpetual

Firewall Analyzer Premium Edition
Products
License Fee
AMS*
$1,488
$298
$2,975
$595
$7,113
$1,423
$11,238
$2,248
$14,988
$2,998
$26,238
$5,247
Firewall Analyzer Distributed Edition
Products
License Fee
AMS*
$17,495
$3,499
$29,995
$5,999
$39,995
$7,999
$49,995
$9,999
$59,995
$11,999

Subscription Edition

Firewall Analyzer Premium Edition
Products
License Fee
AMS*
$595
Included
$1,190
Included
$2,845
Included
$4,495
Included
$5,995
Included
$10,495
Included
Firewall Analyzer Distributed Edition
Products
License Fee
AMS*
$6,995
Included
$11,995
Included
$19,995
Included
$24,995
Included
$29,995
Included

* Annual Maintenance & Support Fee

  or  Try It Free!

Videos

Request a Quote  or  Try It Free!