Firewalls are essential for keeping creeps, bots and other unsavories out of your network. But having a firewall doesn’t make you safe. Having and using a properly configured and maintained firewall does.
So how do you know your firewall(s) is up to snuff? Firewall monitoring, that’s how. Firewall monitoring tools ensure proper function and security by tracking and analyzing key firewall stats such as number and type of sessions, bandwidth, and network traffic flowing through the firewall.
You should also know how many firewalls you have, brand, model, configuration, any supporting software or firmware, and location.
Many firewalls come with some form of built-in Firewall monitoring. Even the firewall that comes with Microsoft Windows has rudimentary Firewall monitoring you can set up to spot dropped packets. But most of the tools are, as we mentioned, are low level, and don’t offer nearly enough information to guarantee your firewall is doing all it should.
A better approach is a full, rich networking monitoring solution that offers Firewall monitoring and looks at your firewall in the context of the entire network and shows all tracked assets through one dashboard.
Unless you run your business out of your basement, chances are you have more than one firewall, and if you don’t – you probably should. This is all the more reason to manage this vital security asset through Firewall monitoring.
Unfortunately, too often firewalls are a case of ‘set them and forget them’, when should do the opposite. “Firewall monitoring is a crucial tool for optimizing existing firewall deployments in organizations of all sizes. However, many organizations neglect to track their firewall performance metrics and status until it is too late,” according to the blog Firewall Monitoring Best Practices by consultancy COMPUQUIP Technologies. “Before you can start monitoring the effectiveness of your firewalls, you need some kind of firewall monitoring tool. These tools can be used to keep track of data such as current rule configurations, alerts, and event logs (event logs are typically built into the firewall, but a monitoring tool can help users efficiently parse this information).”
COMPUQUIP offers managed services, but if you have or need a Firewall monitoring solution, why not let the network monitoring software that watches the rest of your network keep tabs on your firewalls as well?
Firewall monitoring is as rich as you want to make it. A good approach consists of some seven elements:
Discovery: Find all firewalls and related assets and gather all relevant details.
Monitoring/Data Collection: Define what data you want to gather about these assets and how you want to poll them.
Dashboards: Gain overview of firewall status through built-in general dashboard, then customize for more detailed or specific views.
Alerts: What good is Firewall monitoring if no one knows what was found? Here is where alerts come in, and are sent based on thresholds set by IT. If the firewall is down, obviously an alert should be sent such as through text or email to the appropriate IT professional. When certain firewall performance thresholds are exceeded, such as substandard performance, an alert can likewise be sent.
Actions and Automation: a key goal of Firewall monitoring is spotting problems before they turn into catastrophes. So, what do you do when you find an issue? Here's where a good Firewall monitoring solution can be configured to take action based upon specific conditions. For example, a firewall can be restarted, or through scripting, even more, detailed actions can be taken. This automation is critical to making IT as efficient as possible. Automation can also be applied to the discovery process where discoveries happen automatically to spot new firewalls and related assets.
Reports: Reports show what happened at a macro right down to micro-level, from current status to deep history.
Audits/Logs: Esecurityplanet.com advises auditing your firewall event logs periodically “to look for changes or anomalies that might suggest modifications to your firewall settings.”
How to Monitor a Cisco ASA VPN with Whatsup Gold
Enable and Configure SNMP for Network Monitoring
Four Types of Log Data to Manage and Monitor
Why Port Monitoring is Important for Security
What is Web Performance Monitoring and What is it Good for?
What is a Syslog Server and How Does it-Work?
A Brief History of Network Monitoring
Port Scanning101: What it is and What it Does
WhatsUp Gold delivers comprehensive and easy-to-use application and network monitoring that allows you to turn network data into actionable business information. By proactively monitoring all critical network devices and services, WhatsUp Gold reduces costly and frustrating downtime that can impact your business. With an all-new web-based interface, WhatsUp Gold lets you take control of your network infrastructure and applications for the important strategic work that drives results. In a marketplace overwhelmed with complexity, WhatsUp Gold provides simple deployment, robust scalability, groundbreaking usability, and fast return on investment.
Looking to start on the basics of IT infrastructure monitoring? Our alphabetized index is an excellent place to begin or extend your education. View all of our current topics.
Get our latest blog posts delivered in a weekly email.