Product Reviews

No Holes Here

Firewall Analyzer knows what your firewalls are doing.

Many products out there give admins peace of mind. Firewall Analyzer by eIQ Networks is one I’ve grown especially fond of.

Firewall Analyzer, particularly the more expensive Enterprise Edition, can collect data from hundreds of firewalls from some 25 vendors. It can then correlate data from traffic, event, content, and attack logs to figure out the type of attack, severity, and where it came from. The software translates cryptic syslogs from an array of firewalls into understandable reports. And because you don’t want to spend all day staring at firewall reports, Firewall Analyzer can send alerts based on thresholds that you define.

I loaded the Standard version first, which went in pretty easily. I then performed the "configure firewall" function and added the IP address of my firewall (the tools uses autodiscovery to ease the installation of devices), which set off a message asking if I wanted to allow access to the analyzer, which, of course I did.

By clicking the edit button, you can select your firewall and decide if you want the "fwasyslog" service to collect the log file. By selecting the latter option, you can change the port to any port you prefer.

The Configure Firewall
The Configure Firewall lists available firewalls by IP or name, and it can add them to the reporting pool. (Click image to view larger version.)

I checked the logs created and saw that everything was operating as it should be. Since the installation put an icon on my desktop, I thought I’d find something interesting if I double-clicked it. Instead I was brought to the Internet Optimizer screen we’ve all seen a bazillion times.

Satisfied with the Standard version, I then loaded the Enterprise version, which offers more reports and more detail such as which user is doing what and when, and what DNS names are being resolved to what IP addresses.

A strength of Firewall Analyzer is its reporting. Each report lists each specific action, protocol and port that the analyzer listened on, so I had no problems seeing where my problem areas were. Through integration with Active Directory, reports can be customized based on the role and rights of the user.

Reports can move from the general—number of visitors and bytes transferred per day—to the highly detailed. Want to know how many attacks and emergencies have occurred? No problem. Care to know how many Ping of Death attacks occurred last Thursday, what IP addresses they went after, and the source of the attack? A simple Firewall Analyzer report can do the trick.

Because firewalls can collect reams and reams of data, you can decide how much data to collect and analyze. To further reduce bandwidth and storage, Firewall Analyzer can be configured to only pass along the delta or changes to log files. Reports can be formatted as PDFs, HTML, Excel, or Word docs, all complete with tables, graphs, and detailed summaries.

The analyzer doesn’t tell you how to fix errors or problems it finds, but that’s OK; most admins already know that stuff.

Firewalls collect an awful lot of data, and Firewall Analyzer can do more than track down attacks. This tool can also track bandwidth use, protocol use, Web visitors and internal use including the categorization of URLs, and hunt down downloading of inappropriate content.

Firewall Analyzer can be loaded on most Windows machines from NT 4 (with SP6) up to Server 2003. It should be noted here that on XP boxes, only one Web site can be running at a time. Firewall Analyzer also has a built-in Apache Web server.

If you want to make sure there are no holes in your firewall (or find the ones there), take a look at Firewall Analyzer. The last thing you need is some outside entity poking through company data.

About the Author

Jim Idema, MCSE, CNA, is president of Idema Enterprises Computer Consulting, a West Michigan-based computer consulting firm specializing in networking solutions to business.

comments powered by Disqus

Reader Comments:

Sat, Mar 29, 2008 sizeaspem Kyrgyzstan

How to Backup PlayStation2 Games on cd???
Pls, help me!

Tue, Sep 14, 2004 Raghavendra Hyderabad

Sir,
Can you send me details for MCSE cerfication examination

Mon, May 3, 2004 Anonymous Anonymous

No real-time? What's the use??

Sat, Apr 17, 2004 Gangaraju Hyderabad, India

a good product for the security admins

Tue, Mar 2, 2004 Samuel India

Good Description of a Good Product which alerts us about the possible threats and thwarts disasters by analyzing huge firewall -logs.

Tue, Mar 2, 2004 sridhar california

couple of screenshots of the reports would have been helpful.

Tue, Mar 2, 2004 Anonymous Anonymous

eEcellent article that describes a very easy to use solution that offers best value for money.

Tue, Mar 2, 2004 Anonymous Anonymous

best firewall product I have ever used

Tue, Mar 2, 2004 Anonymous Anonymous

excellent

Tue, Mar 2, 2004 Anonymous Anonymous

excellent product

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.