07-02-2014 07:01 AM
This came up as a question during a class and to my knowledge there is not a way to limit the number of logged in administrators, however the student asking presented a reasonable case; In a service provider or large enterprise environment during a network event multiple administrators log into the firewall and begin looking at filtered logs. Once more than about three get logged in the performance of the MP becomes significant enough to impede those administrators as they search for interesting log events.
My initial recommendation is to have the logs pointed at a log collection tool, and have the administrators use that tool for the filtered views. Is that the only way to manage this type of load?
07-02-2014 09:28 AM
Hello gelgin,
As far as the firewall is concerned, the management plane would definitely take heavy toll if there are multiple administrators filtering traffic logs at the same time. In order to cope up with Service providers and Enterprise level environments, we have a central managing system (virtualized or hardware based) called 'Panorama' where is specially dedicated for logging and reporting purposes. Its a central management system that manages several firewall together and can be ready in situations like yours.
More on Panorama:
Panorama Administrator's Guide 6.0 (English)
If Panorama is not an option, you can enable syslogging on the firewall and certainly leverage third party vendors like SPLUNK and SPICEWORKS.
Hope that helps!
Thanks and regards,
Kunal Adak
07-02-2014 09:28 AM
Hello gelgin,
As far as the firewall is concerned, the management plane would definitely take heavy toll if there are multiple administrators filtering traffic logs at the same time. In order to cope up with Service providers and Enterprise level environments, we have a central managing system (virtualized or hardware based) called 'Panorama' where is specially dedicated for logging and reporting purposes. Its a central management system that manages several firewall together and can be ready in situations like yours.
More on Panorama:
Panorama Administrator's Guide 6.0 (English)
If Panorama is not an option, you can enable syslogging on the firewall and certainly leverage third party vendors like SPLUNK and SPICEWORKS.
Hope that helps!
Thanks and regards,
Kunal Adak
07-02-2014 09:54 AM
And thats what I thought... I pointed him in those directions as well... Maybe its worth a feature request for environments that may have operational constraints that demand the use of the firewall vs. an offline approach?
07-03-2014 03:27 PM
A maximum number of logged in users would be a good feature. Let me know if you have a Feature Request number for this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
