Firewall Analyzer - Middle East Workshop
Download as PPTX, PDF0 likes143 views
This document describes ManageEngine Firewall Analyzer, which provides log analytics and configuration management for network security devices. It allows users to view traffic statistics, security statistics, manage devices and rules, and analyze logs. The software monitors firewall activities, detects anomalies in rules, provides compliance reporting, and recommends best practices to improve security posture. It supports over 50 vendors and offers basic and distributed editions for organizations of different sizes.
![ configure terminal
logging enable logging timestamp
logging trap informational logging device-id {context-name |
hostname | ipaddress interface_name | string text}
logging host interface_name syslog_ip [udp/<syslog_port>]
Sample configuration of Cisco ASA.](https://image.slidesharecdn.com/firewall-181001125943/85/Firewall-Analyzer-Middle-East-Workshop-3-320.jpg)
Firewall Analyzer - Middle East Workshop
- 1. ManageEngine Firewall Analyzer Log analytics and configuration management software for network security devices
- 2. How to add the device in Firewall analyzer. Traffic Statistic. Security Statistic. Device Management Rule Management Agenda
- 3. configure terminal logging enable logging timestamp logging trap informational logging device-id {context-name | hostname | ipaddress interface_name | string text} logging host interface_name syslog_ip [udp/<syslog_port>] Sample configuration of Cisco ASA.
- 4. Live Traffic URL monitoring (Allowed and denied URL's) Web Usage(Http,Https). Admin Reports (logged in logged out,command execution) Intranet monitoring Internet monitoring Traffic Statistic.
- 5. Live Traffic Report(user based traffic)
- 6. URL monitoring(Allowed and Denied)
- 7. Web Usage (http and https)
- 8. Admin Reports (logged in logged out,commands execution)
- 9. Intranet monitoring & Internet monitoring
- 10. Virus Report Spam Report Attacks Report Security Report Security Statistic
- 11. Virus Report
- 12. Spam Report
- 13. Attacks Report
- 14. Security Report
- 15. VPN Report
- 16. o Device rule (change management and Policy fetching). Device Management
- 17. Rule fetching
- 19. • Configuration changes are recorded and time stamped • User responsible for the change is recorded • Total number and type of changes are listed • The changes in configurations like modified, added and deleted are highlighted Change Management
- 20. o Compliance policies o Rule Management o Policy Optimization. Compliance
- 21. • Supports different compliance formats such as PCI, ISO, SANS, NIST, NERC. • Continuously monitors your firewall rule changes. • Reports instantly on any rule misconfiguration. • Automatically schedules 'Security Audit Reports’. Compliance Reports
- 22. Improve your firewall performance by analyzing the firewall policy anomaly reports. Firewall Analyzer provides a detailed reports on the following anomalies: • Correlation • Generalization • Redundancy • Shadow • Grouping Policy Optimization
- 23. Shadow anomaly: In this case, second rule will never get hit. It is shadowed. Also, action is different for both the Rules.
- 24. 2. Redundancy anomaly: Shadow and Redundant Rules are more or less similar. If Action differs it is shadow, otherwise it is redundant. Case 1 (R1 is subset/equal of R2): Administrator can remove R1 Case 2 (R2 is subset of R1): Administrator can remove R2
- 25. Set alert notification on the following alert profiles: • Normal alert • Anomaly alert • Bandwidth alert Alert Profiles
- 26. • Search the raw logs of Firewall to pinpoint the exact log entry which caused the security activity. • Mine the security incidents using the advanced search of Raw Firewall logs. Forensic Analysis
- 27. Scheduling Reports Report Profiles: • Set up and automate report profiles for any number of devices on which Firewall Analyzer is reporting. Log Filters: • Log filters let you define filters for the log data that is reported on. Customized Reporting with Protocol Groups: • Firewall Analyzer groups protocols into Protocol Groups based on their function.
- 28. • Audits & analyzes the complete firewall security and configuration. • Provides a security audit report with rating. • Assess the best way to fix the issue. • Recommends best practices based on the report. Security Audit
- 29. Premium Edition • Supports up to 60 devices • For small and medium scale network Editions Distributed Edition Supports up to 1200 devices For large scale network
- 30. Support for more than 50 vendors
- 31. Firewall Analyzer is a technology partner with : Technology partnerships What our partner has to say about us: "This integration offers administrators an incredible amount of visibility into firewall systems. Application control goes deeper with detailed usage reports, while change management, security reporting, event trends, and a detailed compliance report for firewall configuration creates an immediate ROI for customers to present back to their stakeholders." — Ben Oster, WatchGuard
- 32. Some of our Customers
- 34. Get Certified and be a ITOM professional https://bit.ly/2pu9ZRc