Response title
This is preview!
Move this topic
Watchguard x750e and 9.0 firmware
in Firewall Analyzer
•
5 years ago
Does anyone have this working on a watchguard platform running the latest firmware?
I'm batting 000 trying to get this software to work.
I can import logs and it shows records are being imported ( these are the xml logs generated from the watchguard)
Any thoughts?
I'm batting 000 trying to get this software to work.
I can import logs and it shows records are being imported ( these are the xml logs generated from the watchguard)
Any thoughts?
Replies(10)
Re: Watchguard x750e and 9.0 firmware
5 years ago
Hi,
Good Day!
Thanks for your interest shown in our product, Firewall Analyzer.
We do support the following versions of Watchguard Firewall:
7.x --> Modules Supported: -- firewalld and http
8.x --> all traffic except VPN, Virus and Attack
However, for 8.x version, the XML log file format can be imported by Firewall Analyzer.
Please refer the following sample logs of Watchguard, that we support as of now:
<191>firewalld[149]: allow out eth1:1 48 tcp 20 128 10.7.2.71 63.215.73.136 4734
80 syn (Proxied-HTTP/S)
<188>http-proxy[19231]: [10.7.2.71:4431
64.86.136.9:80/330/13918/568306806428df6ffeeba8.swf?clickTAG=http%3A%2F%2Fad%2Eyiel
dmanager%2Ecom%2Fclick%2C6QwAADUCAAAybQEAXYgAAAEAxQAAAAYAAf8DCwEABgK
BQwAABM8AAAAAAAAAAAAAAAAAAAAAAAA
8.0 sample log:
<142>2007-06-11 11:03:41 Advent-xCore700 disp="Allow" cfm[16907]: pri="6" policy="HTTP-proxy-01" src_ip="10.10.xxx.xxx" dst_ip="216.35.xxx.xxx" pr="http/tcp" src_port="2024" dst_port="80" src_intf="1-Trusted" dst_intf="0-External" src_ip_nat="66.39.xxx.xxx" src_port_nat="11475" rc="525" msg="HTTP Request" proxy_act="HTTP-Proxy-SBTI" op="GET" dstname="www.adventnet.com" arg="/include/javascript/jsfuncs.js" sent_bytes="459" rcvd_bytes="236"
If the log format is different from above, we would appreciate if you could send us the more samples of log files to analyze for version 9.0. I assure you that the log files would be kept confidential. You can upload the sample log files in the following link:
http://bonitas.adventnet.com/upload/index.jsp?to=support@fwanalyzer.com
The sample logs are found under the location, <Firewall Analyzer Home>\server\default\archive\<Firewall IP address> folder.
Further, by default, the logs of WatchGuard Firewall does not have the bytes information, it just has the size of the packet and header length.
In order to enable the bytes information, please go to Fireware proxy ->
Properties -> Proxy action: View/Edit Proxy button -> check mark "Send a log message with summary information for each transaction".
Kindly get back to us for any further assistance and looking forward to assist you,
Thanks
Best Regards
Sam
Good Day!
Thanks for your interest shown in our product, Firewall Analyzer.
We do support the following versions of Watchguard Firewall:
7.x --> Modules Supported: -- firewalld and http
8.x --> all traffic except VPN, Virus and Attack
However, for 8.x version, the XML log file format can be imported by Firewall Analyzer.
Please refer the following sample logs of Watchguard, that we support as of now:
<191>firewalld[149]: allow out eth1:1 48 tcp 20 128 10.7.2.71 63.215.73.136 4734
80 syn (Proxied-HTTP/S)
<188>http-proxy[19231]: [10.7.2.71:4431
64.86.136.9:80/330/13918/568306806428df6ffeeba8.swf?clickTAG=http%3A%2F%2Fad%2Eyiel
dmanager%2Ecom%2Fclick%2C6QwAADUCAAAybQEAXYgAAAEAxQAAAAYAAf8DCwEABgK
BQwAABM8AAAAAAAAAAAAAAAAAAAAAAAA
8.0 sample log:
<142>2007-06-11 11:03:41 Advent-xCore700 disp="Allow" cfm[16907]: pri="6" policy="HTTP-proxy-01" src_ip="10.10.xxx.xxx" dst_ip="216.35.xxx.xxx" pr="http/tcp" src_port="2024" dst_port="80" src_intf="1-Trusted" dst_intf="0-External" src_ip_nat="66.39.xxx.xxx" src_port_nat="11475" rc="525" msg="HTTP Request" proxy_act="HTTP-Proxy-SBTI" op="GET" dstname="www.adventnet.com" arg="/include/javascript/jsfuncs.js" sent_bytes="459" rcvd_bytes="236"
If the log format is different from above, we would appreciate if you could send us the more samples of log files to analyze for version 9.0. I assure you that the log files would be kept confidential. You can upload the sample log files in the following link:
http://bonitas.adventnet.com/upload/index.jsp?to=support@fwanalyzer.com
The sample logs are found under the location, <Firewall Analyzer Home>\server\default\archive\<Firewall IP address> folder.
Further, by default, the logs of WatchGuard Firewall does not have the bytes information, it just has the size of the packet and header length.
In order to enable the bytes information, please go to Fireware proxy ->
Properties -> Proxy action: View/Edit Proxy button -> check mark "Send a log message with summary information for each transaction".
Kindly get back to us for any further assistance and looking forward to assist you,
Thanks
Best Regards
Sam
Leave a comment on fwa_support's reply
Re: Watchguard x750e and 9.0 firmware
5 years ago
Sam,
I just sent the logs to you.
Let me know what you find.
Chris
I just sent the logs to you.
Let me know what you find.
Chris
Leave a comment on knack_me's reply
Re: Watchguard x750e and 9.0 firmware
5 years ago
Sam,
Do you have an update onthis issue? I am also very interested in being able to analyze fireware 9.0 logs.
Do you have an update onthis issue? I am also very interested in being able to analyze fireware 9.0 logs.
Leave a comment on sasuazo's reply
Re: Watchguard x750e and 9.0 firmware
5 years ago
I need monitor the Watchguards 750e as well.
Leave a comment on Anonymous's reply
Re: Watchguard x750e and 9.0 firmware
5 years ago
Hi Chris,
Thanks for getting back to us.
We found that the logs were in 'xml' format, which we do not support as of now. I will let you know once we support the 'xml' format.
However, we do support the syslog format for version 9.0 and we would like to send the logs in syslog format. Hence, kindly configure your Watchguard to send the logs in syslog format as we support the syslog formats in a live environment.
Still if you have any issues in syslog format, we would appreciate if you could send us the samples of log files to analyze. I assure you that the log files would be kept confidential. You can upload the sample log files in the following link:
http://bonitas.adventnet.com/upload/index.jsp?to=support@fwanalyzer.com
The sample logs are found under the location, <Firewall Analyzer Home>\server\default\archive\<Firewall IP address> folder.
Further, by default, the logs of WatchGuard Firewall does not have the bytes information, it just has the size of the packet and header length.
In order to enable the bytes information, please go to Fireware proxy ->
Properties -> Proxy action: View/Edit Proxy button -> check mark "Send a log message with summary information for each transaction".
Kindly get back to us for any further assistance.
Thanks
Best Regards
Sam
Thanks for getting back to us.
We found that the logs were in 'xml' format, which we do not support as of now. I will let you know once we support the 'xml' format.
However, we do support the syslog format for version 9.0 and we would like to send the logs in syslog format. Hence, kindly configure your Watchguard to send the logs in syslog format as we support the syslog formats in a live environment.
Still if you have any issues in syslog format, we would appreciate if you could send us the samples of log files to analyze. I assure you that the log files would be kept confidential. You can upload the sample log files in the following link:
http://bonitas.adventnet.com/upload/index.jsp?to=support@fwanalyzer.com
The sample logs are found under the location, <Firewall Analyzer Home>\server\default\archive\<Firewall IP address> folder.
Further, by default, the logs of WatchGuard Firewall does not have the bytes information, it just has the size of the packet and header length.
In order to enable the bytes information, please go to Fireware proxy ->
Properties -> Proxy action: View/Edit Proxy button -> check mark "Send a log message with summary information for each transaction".
Kindly get back to us for any further assistance.
Thanks
Best Regards
Sam
Leave a comment on fwa_support's reply
Re: Watchguard x750e and 9.0 firmware
5 years ago
Sam,
WIth the 9.0 software, there is no way to extract raw log files out for you to analyse.
Maybe wit hthe release of v9.1 next month there might be a better way to export log files in something other than xml format.
Chris
WIth the 9.0 software, there is no way to extract raw log files out for you to analyse.
Maybe wit hthe release of v9.1 next month there might be a better way to export log files in something other than xml format.
Chris
Leave a comment on knack_me's reply
Re: Watchguard x750e and 9.0 firmware
5 years ago
"In order to enable the bytes information, please go to Fireware proxy ->
Properties -> Proxy action: View/Edit Proxy button -> check mark "Send a log message with summary information for each transaction".
I may be being a bit dense... I do not see a "Fireware Proxy" tab/option/action anywhere in my WatGuard Policy Manager or System Manager... We do not have the Web interface enabled...
Can you give me "more detailed" instructions... Or a different way to enable this "summary data"?
Leave a comment on Anonymous's reply
Re: Watchguard x750e and 9.0 firmware
5 years ago
Hi,
Since, we don't have a Watchguard Firewall in our environment, we had posted in "Watchguard Forums" to know the procedure for enabling the bytes information in logs. Below are the links for the forum posts,
http://www.watchguard.com/forum/default.asp?action=9&boardid=2&read=12990&fid=43
Path: Boards --> Fireware Board --> Logging and Reports --> Bytes information in logs.
http://www.watchguard.com/forum/default.asp?action=9&read=6888&fid=43&BoardID=2#31981
Path: Boards --> Fireware Board --> Logging and Reports --> Enabling bytes info: in version 8.3 with Fireware addon.
We hope the above helps and please get back to us for further clarifications.
Thanks and Regards,
Pravin
Since, we don't have a Watchguard Firewall in our environment, we had posted in "Watchguard Forums" to know the procedure for enabling the bytes information in logs. Below are the links for the forum posts,
http://www.watchguard.com/forum/default.asp?action=9&boardid=2&read=12990&fid=43
Path: Boards --> Fireware Board --> Logging and Reports --> Bytes information in logs.
http://www.watchguard.com/forum/default.asp?action=9&read=6888&fid=43&BoardID=2#31981
Path: Boards --> Fireware Board --> Logging and Reports --> Enabling bytes info: in version 8.3 with Fireware addon.
We hope the above helps and please get back to us for further clarifications.
Thanks and Regards,
Pravin
Leave a comment on fwa_support's reply
Re: Watchguard x750e and 9.0 firmware
3 years ago
pls tell me how to change default logo in watchgaurd x750e series firewall
Leave a comment on Guest's reply
Re: Watchguard x750e and 9.0 firmware
3 years ago
Hi.
Thanks for getting back to us.
Would you like to change the default logo for Watchgaurd x750e
series firewall? Then, you need to contact the Watchguard Support.
ManageEngine®
Firewall Analyzer is a web based, agent-less, firewall log analysis and
reporting software. The software application monitors, collects,
analyzes, and archives logs from enterprise-wide network perimeter
security devices and generate reports.
The devices are, Firewalls, Proxy servers, Intrusion Detection System
(IDS)/Intrusion Prevention System (IPS), and Virtual Private Networks
(VPN) (seecomplete list of devices supported). Two
prominent features of the application are network monitoring and
security reports.
Please get back to us for further queries/issues.
Thanks
Best Regards
Sam
Firewall & EventLog Analyzer
Toll Free: +1 888 720 9500
Check our Website and forums for latest updates....
Looking for a Event Log & Compliance Solution? Try our Event
Log Analyzer....
Follow us on Twitter
ZOHO Corporation
(formerly AdventNet Inc.)
Leave a comment on fwa_support's reply
Change topic type
Link this topic
Provide the permalink of a topic that is related to this topic
Reply to Anonymous's discussion