In the era of globalization, more and more enterprises are making their presence across countries. Obviously, the offices, branches, factories, work places are spread across the globe. In this scenario, IT management related activities get fairly complex. IT/Network security for the distributed environment is not going to be an easy task.
Thus large enterprises need a solution capable of supporting a Enterprise Firewall Architecture. Managed Security Service Providers (MSSP) are also in need of a scalable, distributed solution along with secured and exclusive segmented views for their clients. MSSPs require a solution which can be deployed to take care of a block of geographical area.
Multi-national enterprises and MSSPs look out for a solution with following features:
Firewall Analyzer addresses this network security need for both large enterprises and MSSPs with its distributed monitoring firewall capabilities. Firewall Analyzer’s Enterprise edition acts as a comprehensive enterprise firewall management software. This enterprise firewall monitoring tool can scale up to monitor hundreds of devices, deployed at locations across the globe. To cater for the MSSPs, it offers customizable dashboards and user specific views.
Firewall Analyzer Enterprise edition is scalable and deployable in distributed model. It offers centralized monitoring of all distributed locations in a single console. It provides exclusive segmented secured for different users.
Addresses the demanding scalability needs of Worldwide Enterprise and MSSPs. Scales smoothly up to 1200 security devices.
Distributed architecture of the enterprise edition empowers to monitor devices in locations spread across the world.
With the unified console, you can monitor all the Firewall Analyzer Probe Servers deployed across the globe and the security devices monitored by the Probe Servers. Qualifies as a good candidate for Security Operations Center (SOC).
The Dashboard is customizable to enable role based views for different users. This customizability is much sought after feature of the Managed Security Service Providers (MSSP).
No frills and sleek communication between Probes and Central Server ensures that the bandwidth usage is kept minimal.
Firewall Analyzer - Salient Features
Firewall Analyzer Enterprise edition can be deployed using the steps given below:
After successfully installing and starting the Central Server and Probe Server(s), you can view all required reports for each Probe Server from Central Server Console.
Install Central Server
Once installed, start the Central Server.
Install Probe Server
Note: Before proceeding with installation of Probe Server(s), ensure that Central Server is installed, running and can be reached from the machine, in which Probe Server is to be installed.
Once installed, start the Probe server and configure the firewalls to send logs to the Probe Server.
General
We recommend distributed setup (Enterprise edition):
One Central Server is designed to manage 50 Probe Servers. However, we have carried out simulated testing in our laboratory, which effortlessly managed 20 Probe Servers.
You need to configure the proxy server details during Central Server installation, if the Central Server needs to pass through Proxy Server to contact Probe Servers.
Yes, you can. Ensure that the existing installation of Firewall Analyzer build is 12300 or later. To convert, you need download the Firewall Analyzer exe/bin of same version as the existing installation and install as Central Server. Then you need to convert the existing installation of Firewall Analyzer Standalone Server to Probe Server. We recommend to upgarde to the latest version before the conversion. Refer the procedure in the below help link:
Procedure to convert existing Professional Edition Firewall Analyzer installation to Enterprise Edition Probe Server
Once you have deleted the Probe Server, to re-add follow the procedure given below:
All the logs collected by the Probe Server are stored in the Probe Server database only. For archiving, there is a provision to forward the logs to the Central Server, but not for storing in the Central Server database.
Secured Communication Mode (HTTPS)
By default, the mode of communication is through HTTP. There is also an option to convert it to secured mode of communication HTTPS. Refer the procedure in the below help link, to setup secure communication mode between Central and Probe Server.
Click on Settings tab > Probe Settings link in Central Server UI and click on the Edit icon of specific Probe and select the appropriate protocol and configure the web server port details.
Licensing
Firewall Analyzer Enterprise edition license will be applied in Central Server. The number of devices for which the license is purchased, is utilized among the registered Probe Servers. You can keep adding the devices in various Probe Servers till the total number of licenses purchased get exhausted. View the number of devices managed by each Probe Server in the Probe Settings page.
If the number of devices being collectively managed by all the registered Probe Servers, exceed the number of License purchased, a warning message appears in the Central Server. In that scenario, you have various options.
Yes, there is no option to apply the license in Probe Server. The license applied in Central Server will be automatically propagated to all Probe Servers.
The managed/unmanaged status of devices in Probe Server are synchronized with Central Server during the data collection cycle, which happens at an interval of 5 minutes.