This article applies to:
- Security Reporting Center 2.X
- WebTrends Firewall Suite 4.X
Symptoms:
- Protocols are listed as 'other' in the graphs of Check Point Firewall-1 reports
Causes:
In the Check Point Firewall-1 interface, users are allowed to define services according to protocols by their choice. This can cause problems during the analysis of those log files, if the protocols in the log files are not defined in the Protocol tab within the Options configuration.
Protocols from your log files are associated with a type of traffic for the purpose of reports. Protocols not included in the Protocol in Log File list (found in Options | General Firewall Activity | Protocol tab), and not associated with a type of traffic, are reported as "other".
Resolution:
To prevent traffic being reported as "other", make sure all services defined within the Check Point Firewall-1 setup have also been added to the Protocol configuration, found in Options. This will ensure that your reports are correctly generated.
Review the list of protocols in the Log File and Type of Traffic list to see how protocols are currently defined.
If you have protocols in your log file that are not included or are mis-identified, the list should be edited to address those protocols.
To access the Log File and Type of Traffic list, follow these steps.
- Select Options from the Tools menu.
- Expand the General Firewall Activity options.
- Click Protocols.
Use this dialog box to associate protocols that appear in your log files with types of traffic. Your firewall may be set up to log protocols that are not included in this list.
Notes:
To determine whether protocols are defined correctly, run a General Firewall Activity report and view the Incoming Protocol Usage and Outgoing Protocol Usage tables. These tables display the protocols as they are found in the log file. You can compare these protocols to those found in the Protocols Options dialog box. Any protocols not listed here that apply to one of the pre-defined categories should be added.
- This article was previously published as:
- NETIQKB561