3 Replies Latest reply on Jan 8, 2015 9:51 AM by Rob Hum Jr

    Need to some hints/help for Firewall Reporter (Need to use Temporarily)

    Rob Hum Jr

      The Why:

      1. I know Firewall Reporter is EOL, but our Data Center has stringent base-lines.  Firewall Reporter is the software base-lined for this machine.
        1. In the Q2 of 2015 we will be refreshing/upgrading the data center, so this is only temporary.
      2. Our Security Dept. wants Firewall Reporter running again to pull their reports. 
        1. They do not want me to invest time in setting up Splunk (or like products) to report the information.

       

      The What:

      1. Upgraded McAfee Enterprise Firewall to 8.3.2.  (All was Fine)
      2. Installed McAfee Enterprise Firewall to 8.3.2P04.  (All was Fine)
      3. Firewall Reporter Expired. 
      4. It was reactivated.  (I was not here for this part)
        1. https://ssl.securecomputing.com/actform.cfm?productid=sr  (Assuming)
      5. Reporter was completely dead.  So v5.1 was installed from scratch.   (I was not here for this part)
      6. It was configured (as it was previously), reporter sees all the old data fine.   (About here I returned to the office)
      7. Data Collector was configured. After hours it collected nothing from the Enterprise Firewall Cluster.
      8. Data Collector and Enterprise Firewall Cluster were configured using the Firewall Report Guide.
        1. http://securecomputing.com/techpubs_download.cfm?id=2408
        2. http://securecomputing.com/techpubs_download.cfm?id=2407
      9. Data Collector Connects, but receives any data.
      10. McAfee won't support the software as it is EOL, which brought me here. ^_^

       

      The Question:

      I have not wire-sharked the connection yet, but the connection is not being blocked.  Does anyone know a log, or something simple to check before I start digging too deep? 

       

      Things Done:

      I restarted the Data Collector Service every change. 

      I gave it over an hour to start getting data.

      I looked for error logs that might be produced by Firewall Reporter in common McAfee log locations (like the ones for ePO, Enterprise Virus Scan, Host Intrusion, Framework), but I found nothing of value.

      I see no Deny/Attack events on the Firewall Cluster when a collection is going.  It connects, and nothing is sent/received.

      Just looking for any hints of what to look at... :-/