| Welcome to... | ||||||||
 A real-time session monitor for your firewall |
||||||||
|
||||||||
| Online Help | ||||||||
|
FirePlotter is a powerful utility that lets you monitor the traffic is passing through your Cisco or FortiNet firewall. It enables you to see how many sessions, what type of sessions (email, web browsing, file transfer ... ), which direction (inbound or outbound) and how much bandwidth is being used by each (Kbits/sec). This information is displayed in real-time in both tabular and graphical format providing updated real-time snapshots of network availability. Before searching this extensive help page it may be worth watching all of the 3 minute training video that sums up in seconds what it can take several minutes to read:  FirePlotter Training Video - 3 minutes 
The FirePlotter Known Bugs page is worth checking if you are
experiencing any difficulties: see:
Known BugsFirePlotter Online Help is divided into the following sections: How to Quick Search this Online Help Page Quick Start Guide Upgrades Free Mode vs. Licensed Mode FirePlotter Controls & Views View Modes: Basic & Advanced Understanding Zoom In, Active Filters and Summary Filters How to "find" an IP address in FirePlotter Setting Up Your Cisco ASA/PIX Firewall for FirePlotter Setting Up Your FortiNet FortiGate Firewall for FirePlotter FirePlotter.ini FirePlotter Licensing Troubleshooting FirePlotter Error Messages (Help Codes) Further Help
Tip - How
to Quick Search this Help PageDid you know that in any web page (on all websites) you can press and hold down [CTRL-F] at any time and a Find Window like this will open?  You can use [CTRL-F] to search this Online Help page. Simply press [CTRL-F] and then type in the text you are searching for. Use the Previous and Next buttons to move through the page. Press the red X in top right of the Find Windows to close it.
Quick Start GuideFirePlotter is easy to get going and use. FirePlotter supports Microsoft Windows 2000/XP/2003/Vista. FirePlotter supports all Cisco ASA/PIX Firewalls (v6.x, v7.23 and above (more >>) and 8.x) and FortiNet FortiGate Firewalls (v2.8 and v3.0). FirePlotter uses a SSH (secure shell) or telnet session to the firewall to get the firewall's real-time session information. So all you need to do to get FirePlotter working is make sure you can connect and login to the firewall using SSH or telnet. If you don't already know how to do this then see the "Setting Up" sections (Cisco/FortiNet) below. FirePlotter quickly answers questions like "Who is using my bandwidth?", "What is using my bandwidth?", Who is eating my bandwidth?" or "What is eating my bandwidth?". To connect FirePlotter all you need is: 1) the IP address of the Cisco or FortiNet firewall 2) to be able to access the firewall using ssh or telnet protocol 3) working SSH or telnet login credentials with admin/enable rights* *for FortiNet this must be the "admin" username. Enter this data into FirePlotter fields at the top and press Connect and you are away into the wonderful world of finally seeing what is really happening on your internet connection(s)! We generally recommend using SSH rather than telnet to connect FirePlotter to your firewall. This is because SSH provides a secure encrypted connection, this means that your firewall session data that is transmitted between the firewall and FirePlotter is not able to be sniffed/hacked. Also, if you are connecting to a Cisco ASA or PIX firewall , SSH is better optimised for performance on these platforms than telnet.
UpgradesTip - If you are upgrading your version of FirePlotter, please remember to backup your C:\Program Files\FirePlotter\FirePlotter.ini file if you've changed it, as it gets overwritten by the upgrade process. There may be differences in the format of FirePlotter.ini between released versions of FirePlotter. So you may need to re-create your FirePlotter settings in FirePlotter.ini after an upgrade.
Free Mode vs. Licensed
ModeFirePlotter can be run in Free Mode or (paid for) Licensed mode - see the differences between the two here: Free vs. Licensed Mode - Comparison Chart
FirePlotter Controls & ViewsThe FirePlotter windows can be divided into 5 sections: Menu Bar Connection Bar, Session Tables Section, Graphical Bandwidth Plotting Section, Control Bar Section and Status Bar:
Menu Bar The File Menu provides options to "Open fireplotter.ini" (see FirePlotter.ini) and the "Exit" the application. The "View", "Mode" (View Mode) menu option can be used to toggled between "Basic" and "Advanced" View Modes (see View Modes: Basic & Advanced). The Help Menu options are: "Online Help" (taking you to this web page), "Check for Updates Online" (taking you to a web page to check you have the latest version of FirePlotter) and "About FirePlotter" (see FirePlotter Licensing). Connection Bar Here you can select Cisco ASA/PIX or FortiNet FortiGate firewall type, Connection Type (Telnet), enter the IP address or DNS name (e.g. 192.168.1.1 or firewall.test.com) and telnet login credentials for the firewall to be monitored.  Session Tables Section The traffic monitored by FirePlotter is divided into Inbound and Outbound. Inbound traffic is defined as sessions that is initiated from outside of the firewall passing inside. Outbound traffic is defined as any sessions that are initiated from the inside of the firewall passing to the outside. Until FirePlotter is developed to differentiate between all possible firewall interfaces, any DMZ ports on a firewall are considered as "inside". So sessions passing from DMZ(s) to Outside is considered as Outbound sessions and vice verse. Once FirePlotter is gathering real-time data you can double click in the Session Table Section on any of the Direction, Source IP, Source Port, Destination IP, Service /Destination IP, IP Protocol Fields, Sessions fields to zoom into specific real-time session information. So if you double click on a line in the Source IP address column with single IP address being displayed, you will drill down into all the sessions related to that IP address. Or if you click on a line in the Service/Destination Port column where it says HTTP (80) is being displayed you will drill down into all HTTP traffic passing through the firewall. Tip - once you have drilled down, you may choose to activate a Summary Filter - for example by Service/Destination - see Control Bar Tip - You can also click on any of the column headings to re-order into ascending order the whole session list by the data in that column. Tip - To reset back to the "Default view" - right-mouse click anywhere in the Session Table and select "default view" Tip - you can see what filters are active as you drill down by viewing the left portion of Status Bar at the bottom of the FirePlotter screen. The default view summarises the sessions by Inbound and Outbound sessions, and then by Service/Destination IP. Where Source IP field or Destination IP fields shows "..." then this indicates multiple addresses and may be double clicked on to get more information on what those IP addresses are. Where possible FirePlotter will resolve IP addresses to Fully Qualified Domain Names (FQDNs) or NetBIOS Names (optional). When an IP address is displayed in brackets e.g. (192.168.1.1) - this indicates that FirePlotter is still attempting to resolve a name to the IP address. See FirePlotter.ini for how to set name resolution options. Note that FirePlotter suppresses monitoring of its own SSH or telnet traffic on the session tables or graphing of traffic. Also please note for Cisco ASA/PIX users: Cisco do not provide session data in PIX 6.x for connections directly to the PIX interfaces. This means that management connections such as SSH or HTTPS are not displayed. This also means that VPN connections terminated at the PIX are not reported. However, in PIX 7.x this session data is provide and so FirePlotter can display bandwidth usage and session data for all connections terminated at the PIX interfaces (SSH, HTTPS, VPN etc). Graphical Bandwidth Plotting Section The graphical section displays Inbound and Outbound Bandwidth Usage in KBits/Second over time by Service/Destination Port. The colours of services are set in the FirePlotter.ini file. For example: Email (SMTP) traffic is red; Web Browsing (HTTP) is green; Secure HTTP (HTTPS) is gold; FTP is brown.
FirePlotter's
Graphical Bandwidth Plotting as well as graphing the total bandwidth
for the 8 configurable key protocols (  Control Bar In the Control Bar there is Summary drop down menu, providing the options to filter the selected real-time session data by: No summary, Source IP, Destination IP, Service/Destination Port, IP Protocol and Direction. Also here is the option to return to the Default view, change the refresh interval to 1,5,10,15, or 30 seconds and to Pause, Play and Refresh Now the real-time monitoring. For Online Help - press Help. To exit FirePlotter - press Exit.  Status Bar  From left to right the first part of the Status Section indicates the Active Filters currently applied to the session table view where D = Direction, SIP = Source IP Address, DIP = Destination IP Address, S/DP = Service /Destination Port Number, and IPP = IP Protocol. For more information on Active Filters see Session Table above. The View Mode setting of Basic or Advanced is next (see View Modes: Basic & Advanced). The next section indicates when the when the next update of session data will start and indicates on first connection how many blocks of data are being downloaded to get all the session data from the firewall, from then on it indicates a estimate in percentage (%) of sessions data to be downloaded. The next section displays total number of sessions at each refresh. The rightmost section displays the current time. Tip - You can use the Windows XP/Vista key combination of [Ctrl+Alt+PrtScn] to copy a screenshot of the ‘active’ window (in this case the FirePlotter application) to the clipboard at anytime. You can then paste this image into any other application of your choice.
Basic Mode lists only the key services (e.g. HTTP,
SMTP etc) and Advanced Mode shows all services passing through the
firewall. By default, Basic Mode will only monitor the services listed in the [Ports] section of the fireplotter.ini file (see FirePlotter.ini) e.g. HTTP, FTP, SMTP... This means that if a service/destination port is not configured in fireplotter.ini, then it will not show in FirePlotter Session Table or Graphical Bandwidth Plotting that is running in Basic View Mode. The only way to monitor service/destination ports that have not been configured in fireplotter.ini is to switch to Advanced View Mode. In Advanced View Mode FirePlotter will show all service/destination ports.
OK, Lets go through the many filtering views that FirePlotter gives you. When you first load FirePlotter it extracts the session table from your firewall and automatically displays the session table summarising by Service/Destination Port (as indicated at the bottom of the screen) and sorted by the ‘Direction’ and then ‘In Bytes/s’ columns. Notice that the Sessions column shows how many SMTP or HTTP sessions are passing through the firewall - something like this:
As an aside, notice, that if you click on the word Sessions at the top of the Session column (or any of the column titles) FirePlotter will re-order the session table display in descending value order. like this:
Now lets turn off the Summary filter by changing the Summary filter setting at the bottom of the screen. Notice you will now get a long list of all the sessions going through the firewall, one line per session (notice scroll bar on top right), and Summary Filter is set to No Summary (notice the session column again, now 1 session per line) - something like this:
OK, so now let's switch back to Summary Filter by Destination/Service Port. Now you can see that Sessions are summarised by Service again. Now lets zoom into a particular internal IP address. We know it is internal as we are selecting from an Outbound Sessions, so the source IP will be an internal device. Let's select 192.168.68.14 and double click on that...
Now because we clicked on 192.168.68.14 with Service/Destination Port of HTTP (Port 80), we now see all HTTP sessions relating to this device. Notice what the active filters are displaying in the Status Bar at the bottom of the screen, and notice that Summary Filter has switched to No Summary.
Once you have taken that in, then we can zoom in to see all the traffic (not just HTTP) that this device is sending through the firewall by double clicking in 192.168.68.14 again (highlighted above) - but this time we are not in a summary mode so now we get:
So to tidy up a bit we could turn on Summary Filter by Service Destination and we would get this, a nice summary of what just this device is doing:
Then we can click on the Default View Button to take us back to the starting point and explore other sessions in a similar manner. It's easy to understand and use the Zoom In mode and to read the Active Filter status and use the Summary Filter. Really Easy!
One thing you can do to find an IP address really easily right now is: From the Default screen first press Pause to stop it updating - so you can see the snapshot of all the sessions. Then change the drop down at the bottom left to Summarise By: Source IP. Then click the top of the Source IP address column to re-order the column by IP address in ascending order. You can then scroll down to the address you want, then double click to Zoom in to the specific IP address you want to. Once zoomed in - you might want to re-enable the Summary By Service/Destination Port if there are lots of connections. You can also re-enable Play so you can see in real-time what that IP address is doing.
For SSH connections: If you wish to allow FirePlotter to make a SSH connection to a Cisco ASA/PIX, you need to configure your ASA/PIX for SecureShell (SSH) connections. More information on configuring SSH on a Cisco Firewall click see:
Configuring PIX 6.x to
Accept SSH Connections
More information on configuring SSH on a Cisco
Firewall is available here from Cisco: Once ssh is configured on you Cisco ASA/PIX you can test SSH from the PC your are using for FirePlotter. You will need to connect to the firewall using a SSH utility like PuTTY. See http://www.putty.org/ For Telnet connections:
If you wish to allow FirePlotter to telnet to a Cisco
ASA/PIX, you need to configure which hosts are allowed in. To allow a
single host to telnet in via the inside interface:
More information on configuring telnet on a Cisco
Firewall is available here from Cisco: Once telnet is configured you can test telnet from the PC you are using for FirePlotter. You'll need to connect to the firewall using the Microsoft Windows Telnet client (standard in Windows/2000/XP, but see Installing Telnet in Windows Vista to get this working for Vista) To test the telnet connection, open an MS-DOS box type "telnet x.x.x.x" where is the IP address of the interface and press enter. You will then be prompted for login. Enter credentials to login. You should see a screen that looks like:
User Access
Verification
Password:
Type help or '?'
for a list of available commands.
firewall>
enable
Password:
********* Note: you may need to enter into FirePlotter Enable Username (optional), Enable Password, Telnet Username, Telnet Password - depending upon how your Cisco Firewall is configured. If during Telnet testing you are not prompted for Username then leave the FirePlotter Username field(s) blank. Note: if you are connecting FirePlotter to a Cisco ASA/PIX firewall via a VPN, you will need to have the "management-access outside" command set, in order for you to access the internal interface telnet IP address from the outside.
Note:
if you are using Cisco FWSM (Firewall Service Module) in a Cisco
Switch (in this example a Cisco 6513), then here are some tips on
how to set-up telnet access. These tips assume you have access to
the switch console port and login/enable credentials:
Note: FirePlotter is a powerful real-time tool that
can be used to augment Netflow analysis products.
Configuring your FortiNet Firewall to talk to FirePlotter is very easy. Note: it is a "feature" of FortiNet FortiGate firewalls that only the "admin" user login will provide session table information that FirePlotter needs. For SSH connections: To setup the FortiGate for SSH, using the web GUI login to your FortiGate with admin credentials, then go to System, Network and Edit the interface then select the SSH and ping tick boxes and click OK. Make a note of the IP address of the interface. Once SSH is configured on you FortiGate you can test SSH from the PC your are using for FirePlotter. You will need to connect to the firewall using SSH utility like PuTTY. See http://www.putty.org/ For Telnet connections: To setup the FortiGate for telnet, using the web GUI login to your FortiGate with admin credentials, then go to System, Network and Edit the interface then select the telnet and ping tick boxes and click OK. Make a note of the IP address of the internal interface. Note: FirePlotter usually will be used to talk to the the Internal interface of your firewall, but it can be any interface, although if it is internet facing interface you may not want to activate telnet for security reasons. Then test you can reach the firewall from this PC by running a ping test. This is done by opening a MS-DOS box on your PC (by clicking Start, Run and entering "cmd" and pressing enter for Windows 2000/XP, or by pressing the Windows Start button and typing "cmd" in the field that says Start Search. in Windows Vista. Then type ping x.x.x.x where is the IP address of the interface you activated for ping and telnet. If you get a response like:
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
If you get: ...then you need to ensure that the PC you are planning on using for FirePlotter is correctly configured to access the firewall. Check IP address, subnet, and default gateway. Further debugging of this problem is beyond the scope of this document. To test the telnet connection from the PC you are using for FirePlotter you must connect to the firewall using the Microsoft Windows Telnet client (standard in Windows/2000/XP, but see Installing Telnet in Windows Vista to get this working for Vista) To test the telnet connection, in the same MS-DOS box that you used for the ping test, type "telnet x.x.x.x" where is the IP address of the interface you activated ping and telnet on and press enter. You will then be prompted for login. Enter admin credentials to confirm that they work. You can expect to see something like this:
FG-1000A-GISS-FD
login: admin
Password: ********
Welcome ! FG-1000A-GISS-FD # If your login works, then you are now ready to use FirePlotter. Note: If you would like to set-up a username and password on your FortiGate for a user that can only use FirePlotter, restricting access to that capability only (no configuration changes allowed) then: on a FortiGate running v3.00 MR5 and above you can create an System, Admin, Access Profile with Access Control as "Maintenance" with "Read-Write" only, and all others set all to "None". Then apply that access profile to a new administrator username and password created in System Admin, Administrators. Then that username and password can be used for FirePlotter only. FirePlotter is installed by default in c:\Program Files\FirePlotter. In the install directory you can find the fireplotter.ini file that gives you the opportunity to customise FirePlotter. The fireplotter.ini file can be edited via the Menu Bar option: "File", "Open fireplotter.ini". By reading the in-file documentation you can see how to set up automatic login by setting the IP, and login details in the [Connection] Section. Also there is the ExternalInterfaces setting to set for FortiGates which interface is outside/internet facing interface (thus determining how FirePlotter shows In-bound & Out-bound sessions. The Default is ‘wan1, wan2, external and port2’ so if for example your internet side interface is Port1 on your FortiGate, just set ‘ExternalInterfaces=port1’ in [Connection] section. This setting is not required for Cisco Firewalls. In the [Display] section you can set the default refresh interval and whether name resolution uses Reverse DNS, NetBIOS or Firewall Configuration* (*Cisco only) - for more information on this see DNS or NetBIOS names not resolving? Also there is the opportunity to customise the text that FirePlotter displays in the Service/Destination Port column by modifying or adding to the [Ports] Section. In the [Protocols] section there is the opportunity to do the same for the IP Protocol column. In the [Colours] section there is the possibility to customise FirePlotter to display colours of your choice for the Service/Destination Port. The choice of colours are displayed both in the session list and the graphs. Colour choices are to be found here: www.fireplotter.com/doc/FirePlotterColours.htm Default fireplotter.ini file: ; FirePlotter.ini Once FirePlotter is running, to see your current licensing status for FirePlotter, go to the Menu Bar and select "Help", "About FirePlotter" to see a screen similar to the following:
FirePlotter can be downloaded and used right away, without any licensing being applied, in "Watch only" mode with the powerful Summary, Sort, Filter Advanced View Mode, and Zoom features disabled. "Watch only" mode does provide an excellent overview of your firewalls sessions and bandwidth usage in real-time. We do recommend that you request a 14-day license so you can experience FirePlotter with Summary, Sort, Filter and Zoom features enabled. See Free vs. Licensed Mode Comparison Chart for more information
A purchased License includes a concurrent usage count
which limits the total number of copies of FirePlotter allowed to be
installed within an organisation. To see the FirePlotter End User License Agreement (EULA) - please click here
FirePlotter Class 1 license for SMB
Firewall - 1 Year For information on how to view your current FirePlotter licence class - see FirePlotter Licensing See Buy FirePlotter for pricing.
TCP/IP Connection to host <IP address> failed (Check IP address and
Telnet enabled) - Error Message?
TCP/IP Connection to host <IP address> failed (Check IP address and Telnet enabled) - Error Message
If FirePlotter cannot make a connection to your
firewall once the Connect button has been pushed, then this error is
displayed: To test the telnet connection, open an MS-DOS box (Start, Run, and type cmd [Enter]) and in the MS-DOS windows type "telnet x.x.x.x" where is the IP address of the interface you activated ping and telnet on and press enter. You will then be prompted for login. Enter admin credentials to confirm that they work. If you are running Microsoft Vista and do not have telnet installed see Installing Telnet in Windows Vista. If they do, then you are now ready to use FirePlotter. If not then see Setting Up Your Cisco ASA/PIX Firewall for FirePlotter or Setting Up Your FortiNet FortiGate Firewall for FirePlotter. Username/Password Error - Error Message? If FirePlotter is not provided with correct login credentials for then this error message will be displayed. Check you have typed the correct telnet login (and for Cisco "enable") credentials. Also check Caps Lock is not active on your keyboard! If necessary use telnet to test the login credentials by opening an MS-DOS box (Start, Run, and type cmd [Enter]) and in the MS-DOS windows type "telnet x.x.x.x" where is the IP address of the interface you activated ping and telnet on and press enter. You will then be prompted for login. Enter admin credentials to confirm that they work. If you are running Microsoft Vista and do not have telnet installed see Installing Telnet in Windows Vista. Why are options disabled or greyed out?
If you do not have a license for FirePlotter then it defaults to
Free Mode (Watch Only) which only enables real-time monitoring and disables
(amongst other features) the ability to Zoom into session details.
So, for example, the Zoom feature in "Licensed" or "Evaluation" mode means you can drill down into a "..." entry in a session table entry to get more information about which IP addresses are creating sessions.
Other features such as Summary Options, Default View, Refresh now,
Refresh Interval, Pause, Play, FirePlotter.ini settings, Right Mouse
Click and other capabilities are all enabled in
"Licensed" or "Evaluation" mode. DNS or NetBIOS names not resolving? Wherever possible FirePlotter will
resolve IP addresses to Fully Qualified Domain Names (FQDNs) or
NetBIOS Names. When an IP address is displayed in brackets e.g.
(192.168.1.1) - this indicates that FirePlotter is still attempting
to resolve a name to the IP address. Why does FirePlotter cause my ASA/PIX firewall to run at 99% CPU utilization? If you are running ASA/PIX version 7 then you will need to upgrade to version 7.23 to avoid this problem. There is a bug in ASA/PIX version 7.22 that causes the firewall to run to 99% CPU utilization when a telnet (or SSH) session requests large quantities of data (which it does frequently). More >> Why does FirePlotter run slow and put my PC at 99% utilization? A limitation of the current FirePlotter design results in slow performance if the session count exceeds 2000 concurrent sessions. New algorithms planned are expected to increase this performance substantially. Why does FirePlotter generate queries to outside hosts on UDP port 137? FirePlotter performs a rDNS and
NetBIOS (UDP/137) lookup of the IP addresses, some of which will be
to outside hosts. If the IP addresses are resolvable (nameable) then
they are displayed alongside the individual IP address in the Source
IP and Destination IP columns of the Session Table. See
Session Table Section for more information. Suspicious traffic from a device/PC? On the PC with the suspicious application, use "netstat -o -a" to find the process ID of the application generating the traffic (check source port), and then use Task Manager to find that Process ID (In Task Manager go to View, select Columns to ensure PID is selected and so displayed).
Installing Telnet in
Windows Vista? What permanent files does FirePlotter install and use and where are they? All the following FirePlotter files (permanent and temporary) will be created in the FirePlotter programme directory (e.g. c:\Program Files\FirePlotter) when running WindowsXP/2000. In Windows Vista the permanent
files are installed in
c:\Program Files\FirePlotter, whilst the temporary files are in
c:\Users\[username]\AppData\Local\VirtualStore\Program
Files\FirePlotter Why can I not see connections "to" my Cisco Firewall e.g. my SSH or VPN sessions? Cisco does not provide session data about sessions directly connected to Cisco ASA/PIX interfaces. This includes protocols such as: Telnet, SSH, SNMP, ping, IPSEC VPN, ISAKMP, NAT-T and HTTPS. Note that FirePlotter will display the traffic that passes *through* the VPN. FirePlotter does not show any inbound stats on my Cisco Firewall? When FirePlotter gets session data from a Cisco firewall, the displayed statistics are related to the "direction of initiation". So a session that is outbound initiated (inside to out), for example, a session visiting a website, and that session then downloads a file using HTTP, that session download will then be displayed in FirePlotter as outbound HTTP byte counts. The data is displayed in this way as this is how Cisco chooses to provide it. So it follows then that inbound stats will only show if sessions have been initiated from the outside in. FirePlotter does not show any data from my FortiGate Firewall? If FirePlotter has successfully connected and authenticated to a FortiGate firewall, sometimes the credentials that have been used to login do not have sufficient rights to access the session data needed for FirePlotter to work. Note that the default admin account always does have sufficient rights for FirePlotter to operate correctly. If you would like to set-up a username and
password on your FortiGate for a user that can only use FirePlotter,
restricting access to that capability only (no configuration changes
allowed) then: How do I reset FirePlotter windows size and position? If run into windows resize problem then using regedit.exe delete: HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-WindowPosition. Does FirePlotter work on an Apple Mac? Yes - FirePlotter will work on an iMac running Parallels with Microsoft Vista and XP
Help Code: 0x1031 - Cisco Connection Lost Error Help Code: 0x1036 - Critical file is missing - program aborted This error occurs if a critical file is missing from the installation.
Please re-install FirePlotter remembering to backup your
FirePlotter.ini if any user modifications have been made.
This version of FirePlotter.EXE has intentionally expired.
Please download the latest version from
www.fireplotter.com Which Cisco ASA/PIX models are supported by FirePlotter? The following Cisco ASA/PIX models are supported:
PIX-501 Which FortiNet FortiGate models are supported by FirePlotter? The following FortiNet FortiGate models are supported:
FG-30B/FortiGate-30B
To assist in resolving any technical issues, please include the following information in your email*: 1) A description of the problem, if possible including screenshot of problem. 2) The PC Operating System (Vista, XP, 2003, W2K etc) you are running? 3) Make, Model and Firmware/OS Version of firewall? 4) The version of FirePlotter you are running? (in Help, About) 5) Are your using SSH or Telnet? 6) Is FirePlotter local to the firewall or being used over a remote link/VPN? 7) Detailed logging data for the problem. Please edit your C:\Program Files\FirePlotter\FirePlotter.ini file, and in the [Connections] section add the line "LogLevel=255" and save the file. Then re-create the problem, press Pause between a refresh cycles and then please attach to your email to us a (zipped) copy of all the *.txt files in the c:\Program Files\FirePlotter or c:\Users\[username]\AppData\Local\VirtualStore\Program Files\FirePlotter (Vista)*. Please note LogLevel=255 significantly reduces FirePlotter performance, so we recommend the line is removed once the technical issue is resolved. 8) What is a typical number of sessions that pass through the firewall? *Any confidential information (e.g. IP addresses) use Search & Replace to change to X.
|
||||||||
|
© 2000-2007 GISS (UK) Ltd |
