ASK THE EXPERT- MANAGEMENT FOR IDS AND FIREWALLS - Page 4

ciscomoderator · ‎07-18-2003

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss Management for IDS and Firewalls with Cisco expert Nadeem Khawaja. Nadeem supports Security related products, including Cisco Secure PIX Firewall, Cisco IOS Firewall, Cisco Secure Access Control Server UNIX & Windows NT and Cisco Secure Introduction Systems. He is a computer graduate and is a double CCIE in Routing & Switching and in Security. Feel free to post any questions relating to Management for IDS and Firewalls. Remember to use the rating system to let Nadeem know if you’ve received an adequate response.

Nadeem might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through August 1. Visit this forum often to view responses to your questions and the questions of other community members.

scottdaffron · ‎07-31-2003

Hi Nadeem.

I am looking for a log analysis tool for the PIX similiar to that of Checkpoint's (I know a dirty word) log file analyzer. I would think that to support multiple PIX's, the ideal product would have a robust back-end database tied into a syslog server (for data collection) and possibly a web front-end. It should support multiple PIX's, each supporting 10Mb+ bandwidth, with ALL traffic being logged.

I am NOT just looking for "summary" reports, but also want to search a given time frame by IP, protocol, port, etc, and see all matches for all traffic seen by the firewall. I would also need to see all/selected traffic in real-time, as it passes through the firewalls (for troubleshooting).

So far the only thing that I have come accross that seems to offer this functionality would be the suite of products from NetIQ. Can anyone else recommend some other ENTERPRISE reporting tools for the PIX?

Thanks in advance....

Scott Daffron

Sentara Healthcare

michael.kilpatrick · ‎07-31-2003

Simply put, I am looking for a log analysis tool for the PIX similiar to that of Checkpoint's (I know a dirty word) log file analyzer. I would think that to support multiple PIX's, the ideal product would have a robust back-end database tied into a syslog server (for data collection) and possibly a web front-end. It should support multiple PIX's, each supporting 10Mb+ bandwidth, with ALL traffic being logged.

I am NOT just looking for "summary" reports, but also want to search a given time frame by IP, protocol, port, etc, and see all matches for all traffic seen by the firewall. I would also need to see all/selected traffic in real-time, as it passes through the firewalls (for troubleshooting).

So far the only thing that I have come accross that seems to offer this functionality would be the suite of products from NetIQ. Can anyone else recommend some other ENTERPRISE reporting tools for the PIX?

Thanks in advance....

Scott Daffron

Sentara Healthcare

nkhawaja · ‎08-01-2003

Hi Scott,

Thanks for your question. I think CWSIM is a product you are looking for. Here are some of the links for this product.

http://www.cisco.com/warp/partner/synchronicd/cc/pd/wr2k/cwsims/prodlit/2152_pp.htm

http://www.cisco.com/en/US/products/sw/cscowork/ps5209/

Hope this helps.

Thanks

Nadeem Khawaja

ignacios · ‎08-01-2003

I have download vms 90 days trial. There are 4 files. I have tried uncompressing then but I cant. Is there any special process to uncompressing them?

Thanks.

nkhawaja · ‎08-01-2003

Hi,

Thanks for your question. Please download all the files in one folder and then open the file with .zip extension, through winzip.

Thanks

Nadeem Khawaja