User guide

ManualsBrandsMSI ManualsHome building and DecorSupero CSE-M35S

261

262

263

264

265

266

267

268

269

270

ManageEngine Firewall Analyzer :: User Guide

260

Zoho Corp.

3. I am not getting Attack Reports in CheckPoint firewall?

Firewall Analyzer looks for the attribute attack in the CheckPoint firewall logs to

generate the attack reports.

4. Firewall Analyzer shows the destination site (example: www.yahoo.com) but it is

not showing the complete URL (example: www.yahoo.com/index.html)?

It looks for the attribute resource in the log.

Example log is as follows:

id=leafirewall time="16Aug2006 7:43:56" action="accept" orig="AHFW_1"

i/f_dir="outbound" i/f_name="eth0" has _accounting="1" product="VPN-1 &

FireWall-1" __policy_id_tag="product=VPN-1 & FireWall-1[db_tag={55E82635-

247B-44 B7-9E29-

42EDE0F57E2C};mgmt=FW_MGMT;date=1155671079;policy_name=N2H2_Filter

ed]" rule="22" rule_uid="{5A131CD7-BCBA -4859-AB39-43594A24931A}"

rule_name="HTTP Outbound" service_id="http" src="xxx.xxx.xxx.xxx"

s_port="2624" dst="xxx.xxx.xxx.xxx" service="http" proto="tcp"

xlatesrc="xxx.xxx.xxx.xxx" xlatesport="57700" xlatedport="Unknown" NAT

_rulenum="94" NAT_addtnl_rulenum="internal"

resource="http://www.yahoo.com/index.html" start_time="16Aug2006

7:43:56" segment_time="16Aug2006 7:43:56" elapsed="0:00:00" packets="11"

b ytes="1161" client_inbound_packets="6" client_outbound_packets="5"

server_inbound_packets="5" server_outbound_p ackets="6"

client_inbound_bytes="753" client_outbound_bytes="408"

server_inbound_bytes="408" server_outbound_by tes="753"

client_inbound_interface="eth0" client_outbound_interface="eth0"

server_inbound_interface="eth1" serv er_outbound_interface="eth1" __pos="7"

__nsons="0"

5. Why do I see zero results for kilobytes transferred in the reports for Check Point

firewall?

This could be happening because bandwidth information is not being captured in

the log file. Ensure that your Check Point firewall has been configured to generate

both regular and accounting log files. While regular log files contain information

regarding firewall activity, the accounting log file contains the bandwidth and

session information. Please refer the Configuring Check Point Firewall's section for

help on creating the accounting log file.

6. I am getting only Unknown Events in Event Overview graphs in the dashboard?

CheckPoint firewall logs do not have the priority or severity fields. Event Overview

graph groups Events based on severity. As there is no severity in check point

logs, Firewall Analyzer puts default value as Unknown severity and hence Event

Overview shows only Unknown Events. If you drill down that group or by clicking

the More link, you can get complete Events.