ManageEngine Firewall Analyzer saves time and effort
June 09, 2019

ManageEngine Firewall Analyzer saves time and effort

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with ManageEngine Firewall Analyzer

ManageEngine Firewall Analyzer is used internally by the network team in IT. Prior to implementation, we had to log into each of our firewalls and look for information or dig through a lot of logs. That was tedious to the point of being useless. With Firewall Analyzer, we have a much cleaner interface to interact with, we can monitor multiple firewalls at once, set up easier alerts, and drill down as necessary. It saves us quite a lot of time and effort.
  • Live traffic monitor: Firewall Analyzer lets us monitor traffic as it flows through the firewalls. It also breaks it down according to what type of traffic (e.g., web, mail, FTP, etc.) it is. It lists the tops hosts, the top users from traffic, and a lot of other useful statistics, all in a very visual format.
  • Security Monitoring: Another good visual graph Firewall Analyzer provides is the security one, which shows us if we're being attacked, from where, by what, how many, etc. It will also send us alerts when there's an alarm of any kind on the firewall.
  • Reporting: We can run all sorts of custom reports, and that helps us both with compliance and informing management as to what's going on. It would be difficult to describe all the various kinds of things we can include in these reports, but they are extensive.
  • Extra Functionality: There are a few features we don't use, either because of the size of our enterprise, or the way we have our firewalls configured. But all the elements to monitor and report on these features are still there, oftentimes meaning it takes longer to get to something we actually do use in the interface.
  • Setup Time: The initial setup was very simple, mostly just adding IPs and a syslog server. But for many of the more advanced features, like the NOC view, it can take a lot of tweaking to get right.
  • Intuitiveness: The reporting, while detailed and better than reading a raw syslog, can be unintuitive at times. Drilling down can sometimes get one stuck in a weird rabbit hole that isn't entirely relevant, and it's hard to get back to somewhere useful without just starting over.
  • Firewall Analyzer has definitely freed up a lot of IT's time, by congregating logs and displaying them in a more useful, visual way.
  • The cost for licenses and proactive alerting, compared to the man-hours spent reactively through data, paid for itself in a few months.
  • There was no negative impact to users, and only some to IT staff who had to train on the software, which mostly consisted of videos and playing around with the software.
We used to use the built-in functionality of our Cisco ASA firewalls, and it was so complex as to be practically useless. There was no good way to find useful data without some kind of analyzer. We briefly tried Kiwi Syslog Server, but it wasn't much better, mostly just showing the logs we already tried to sift through, but color-coding them in case there was something we'd written a rule about.
Given the cost and features we demoed before implementation, we bought Firewall Analyzer because it did everything we needed it to for a reasonable price.
If your business has multiple firewalls, or even just one that really needs constant monitoring, Firewall Analyzer is great. It definitely cuts down on the sifting through raw data, and it puts all the firewall info right in one place. It can also check for various compliance standards (NIST, PCI DSS, &c.) if configured, although we do not use that at this time.
For a smaller shop with a single firewall, especially a SOHO type, I don't think this would add much value. It's definitely built for enterprise-level data and security.

ManageEngine Firewall Analyzer Feature Ratings

Policy planning and rule management
Automated Policy Orchestration
Not Rated
Device Discovery
Policy Compliance Auditing
Attack Path Simulation Testing
Not Rated
Anomalous Event or Behavior Deviation
Vulnerability Scans
Firewall Rule Cleanup
Not Rated