Firewall Analyzer                      Firewall Log Analysis & Reporting

ManageEngine Firewall
Analyzer                                                   Prices Start at $395

Firewall Log Analysis & Reporting Software

ManageEngine® Firewall Analyzer is a web based, agent-less, firewall log analysis and reporting software that monitors, collects, analyses, archives, and generates reports on enterprise-wide Firewall's, VPN's, IDS, and Proxy servers (see
supported devices). Firewall Analyzer will help network security administrators & MSSP (Managed Security Service Providers) to monitor bandwidth usage, detect intrusions & anomaly behaviors, audit traffic, and monitor employee web usage activities efficiently.


A Firewall is an important perimeter defense tool that protects your network from attacks. Security tools like Firewalls, VPN, and Proxy Servers generate a huge quantity of traffic logs, which can be mined to generate a wealth of security information reports.

ManageEngine Firewall Analyzer is a web-based, cross-platform, log analysis tool that helps network administrators and managed security service providers (MSSP) to understand how bandwidth is being used in their network. Firewall Analyzer analyzes logs received from different firewalls and generates useful reports and graphs. Trend analysis, capacity planning, policy enforcement, and security compromises are some of the critical decisions that are made simpler using Firewall Analyzer.

Benefits of using Firewall Analyzer:

Employee Internet Monitoring:
  • Website accessed by the employees in your organization.
  • Protocols used by them for communication.
  • Working Hour and Non-Working Hour internet usage details and trends
  • Firewall Rules used by your employees and their usage pattern.
  • Get notification as when an employee tries to access restricted sites.
  • To identify internet abuse, and excessive internet usage.
  • Get notified on anomalies like sudden spike in internet usage.
  • Keep tabs of employee internet transactions that are leading to attacks / virus in your environment.
  • Compare current internet usage with your historical data to enable you to make firewall policy changes.
  • Get live internet bandwidth graphs with finer details of inbound and outbound traffic flows.
Data Center Security and Enterprise Security:

Firewall Analyzer is used in Data Centers, Security Operation Centers to monitor firewall's and intrusion detection systems to obtain insights like the following:
  • Get to know who is contacting your servers from where, when, and how.
  • Identify your busy servers and do capacity planning.
  • Obtain an executive summary of your network security posture like number & type of attacks, viruses, failed logons, security events and denied events.
  • Get to know who was denied access in your network, with respect to each server and their protocols. Thus feeling reassured that your firewall rules are working.
  • Get to know your firewalls rules in action and their usage trend.
  • Get to know the protocol usage trend in your servers.
  • See your network in action through nice readable, intuitive graphs.
  • Get notified on anomaly events like sudden spike in the number of connections in your servers and traffic usage in your servers.
  • Get Live Internet Bandwidth Graphs with Inbound and Outbound split-up.
  • Obtain events split-up of your servers based on severity and get notified on emergency / critical events on your servers.
  • Get to know the amount of traffic through your site-to-site VPN.
  • Identify the busy tunnel and do capacity planning.
  • Remove / reduce the unnecessary traffic going through your VPN tunnel by cleaning up your rules.
  • Detect your network configuration errors like wrong DNS etc.
Log Management for Compliance:

Firewall Analyzer can collect, archive, analyze, and report on all the firewall logs which can prove useful during your network audits for meeting regulatory compliance.

  • Store / Archive logs for years together, to meet your compliance needs.
  • Get compliance reports like successful logins, logoff and failed logins.
  • Store your individual firewall log records and do historical trend analysis using the archived firewall logs whenever required.
  • Automatic log reception from firewalls without the use of probes or agent installations.
Managed Firewall Services Support for MSSP:

Firewall Analyzer offers profitable Managed Firewall Services for Managed Security Service Providers (MSSP), which will help you to track intrusions, manage user website access, audit traffic and also help you to manage your customer's network bandwidth usage efficiently.

  • Centralized log management for heterogeneous devices.
  • Manage multiple firewalls from the single installation.
  • User-specific firewall views, whereby you as an administrator can assign customers to their respective firewalls and each customer will have access to only his respective firewall details.
  • Create custom dashboard views which could be based on the different geographical locations or nature of business or any other specific requirements of your customer.

Firewall Analyzer uses a built-in syslog server to store the firewall logs, and provides comprehensive reports on firewall traffic, security breaches, and more. This helps network administrators to arrive at decisions on bandwidth management, network security, monitor web site visits, audit traffic, and ensure appropriate usage of networks by employees. The collected logs are parsed and stored in the inbuilt MySQL database for analysis and report generation.

Firewall Analyzer Highlights

Multiple Device Support – support for most leading enterprise firewalls, vpn, ids & proxy servers.

MSSP support – user-based firewall views, anomaly detection filters for network behavioral analysis aid Managed Security Service Providers to manage multiple client networks.

Real-time Alerting – set threshold-based alerts and instant e-mail notifications when alerts are triggered.

Flexible Log Archiving
– archive all log data, or modify archiving intervals depending on disk space.

– view traffic trends and determine usage patterns and peak hours.

Instant Reports – generate over 100 pre-defined reports on bandwidth usage, protocol usage, and more.

Powerful Multi-level Drill-down – drill down from traffic reports to see top hosts, top protocols, top website's, and more.

Security Analysis – analyze denied requests, top denied URL's, and more.

VPN / Squid Proxy Reports – view VPN statistics, VPN usage details, squid usage, top talkers, website details, and more.

Custom Reports
– define reporting criteria, set graph parameters, and save reports.

Scheduled Reporting
– set up schedules for reports to be generated and emailed automatically.

Anytime, Anywhere Access & Management
– web-based user interface lets you view event details in real-time from any system on the network.

Built-in Database
– comes with an integrated MySQL database that is already configured to store all log data. No external database configurations are needed.

Host OS Support
– Can be installed and run on Windows and Linux-based systems making it suitable for deployment in a wide range of enterprises.

Screen Shots

firewall analyzer dashboard firewall analyzer traffic reports firewall analyzer web usage reports
Executive Dashboard Firewall Traffic Reports Web Usage Reports
firewall analyzer protocol traffic drill down firewall analyzer vpn analysis report firewall analyzer vpn report drill down
Protocol Traffic Drill Down VPN Analysis Report VPN Report Drill Down
firewall analyzer squid top talkers report firewall analyzer squid website details report firewall analyzer squid usage summary
Squid Top Talkers Report Squid Website Details Report Squid Usage Summary
firewall analyzer protocol trend reports firewall analyzer traffic trend report firewall analyzer archived log files
Protocol Trend Report Traffic Trend Report Archived Log Files
firewall analyzer anomoly detection filters firewall analyzer streaming & chat report firewall analyzer compliance reports
Anomoly Detection Filter Streaming & Chat Report Cisco Pix & IDF Compliance Reports


Supported Firewalls

Firewall Analyzer is compatible with the following firewall devices.

Company Firewall/Version WELF Certified Other Log Format
3Com 3Com X-family Version or later   avaliable
Applied Identity Identiforce  
ARKOON Network Security ARKOON 2.20  
Astaro Astaro Security Linux v4  
Aventail Extranet Center v3.0  
AWStats Most versions  
BlueCoat SG Series  
Check Point log import from all versions and
LEA support for R54 and above
Cimcor CimTrak Web Security Edition  
Cisco Systems Cisco Pix Secure Firewall v 6.x, 7.x,
Cisco ASA, Cisco IOS, Cisco FWSM, & Cisco VPN Concentrator
CyberGuard CyberGuard Firewall v4.1, 4.2, 4.3, 5.1  
D-Link Most DFL versions  
Fortinet FortiGate family
FreeBSD Most versions  
Global Technologies Gnatbox (GB-1000) 3.3.0+  
Ingate Ingate firewall: 1200, 1400, 1800/1880  
Inktomi Traffic Server, C—Class and E—Class  
Lenovo Security Technologies LeadSec   available
Lucent Security Management Server V. 6.0.471  
Microsoft ISA Microsoft ISA (firewall, web-proxy, packet filter) Server 2000, 2004, & 2006  
NetApp NetCache  
NetASQ F10, F100 v3.x  
NetFilter Linux Iptables  
Netopia S9500 Security Appliance v1.6  
Juniper Networks NetScreen Most versions
Network-1 CyberwallPLUS-WS, CyberwallPLUS-SV  
Recourse Technologies ManHunt v1.2, 1.21  
Secure Computing Sidewinder
Snort Most versions  
SonicWALL SOHO3, SOHO TZW, TELE3 SP/TELE3 Spi, TZ 170, TZ 170 Wireless, TZ 170 SP Wireless, PRO 230, 2040, 3060, 4060, 5060  
Squid Project Squid Internet Object Cache v1.1, 2.x  
St. Bernard Software iPrism 3.2  
Sun Microsystems SunScreen Firewall v3.1  
WatchGuard All Firebox Models v5.x, 6.x, 7.x, 8.x
Zywall Most versions  


If you have any questions or want to download trail version, please send an e-mail to rlee@develcon.com or contact a Develcon sales representative near you.


Enterprise Management Products

Network & Server Monitoring
Application Monitoring
WAN Traffic Monitoring &
IT HelpDesk with Asset
Storage(SAN) Management
Syslog/EventLog Monitoring
Firewall Monitoring

EMS/NMS Solution

WebNMS Framework

Automation Testing Toolkit

SNMP & MIB Testing Tool
Network Simulation Toolkit



© 2011, Develcon Inc. All rights reserved.