What is FirePlotter?

FirePlotter Screenshot FirePlotter is a real-time session monitor for your firewall. FirePlotter simply shows you the traffic that is flowing through your internet connection moment to moment - in real-time. FirePlotter can also be described as a firewall traffic vizualizer, bandwidth analyzer, qos utility or connection monitor for your Cisco ASA/PIX firewall or FortiNet FortiGate firewall. FirePlotter can replay all the session data it collects for further detailed analysis.


Get License
 


Download 14 Day
full evaluation
of FirePlotter

 

Explore our Instant FirePlotter Demonstration

FirePlotter benefits include:

Blob Installed & running in less than a minute.

Blob Delivering critical insight into firewall activity.

Blob Helping to manage bandwidth more efficiently.

Blob Managing bandwidth more efficiently cuts costs.

Blob Increasing productivity, reducing liability.

FirePlotter helps IT Managers to discover:

Blob Hacker attacks, virus attacks and security breaches.

Blob Inappropriate internet usage by employees.

Blob Bandwidth utilization, protocol usage and web usage.

Blob When session count and bandwidth levels have been crossed.

Simply put, FirePlotter helps you to answer questions like:

Blob"Who or what is using my valuable bandwidth?".

Blob"What sessions are passing through the firewall?".

Blob"What is slowing down my internet connection?".

Blob"Why is the internet so slow?".

To learn more click Features or maybe Download Fireplotter now.

FirePlotter Team
August 2016

 

 

Shopping Cart

 x 
Cart empty

Testimonials

What FirePlotter users have said...

"I was able to resolve bandwidth issues within minutes after installing Fire Plotter." 

"I found the real-time operation of your product more useful than log analysis."
More...

Join Us

More Information

Top

Product News

See below for the news on the latest developments and improvements to FirePlotter.


July 2016 - FirePlotter 2.24 b160715 released!

Improvement:

- Added support for ASA5506-X (C1), ASA5506H (C1) ASA5506H-X (C1), ASA5506W-X (C1), ASA5508 (C1), ASA5508-X (C1), FG-800D (C3), FG-1200D (C3), FG-1500DT (C3), FG-3000D (C3), Fortigate-3100D (C3), FG-3200D (C3), FG-3700DX (C3), FG-3810D (C3), FG-3815D (C3), FG-5001C (C3), FG-5001D (C3).

- Added Registry entry HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\RestrictCiscoConfigAccess (REG_DWORD). Set to 1 to disable menu option to view Cisco Firewall Configuration (via RMC (Right Mouse Click) in Session Table when connected to Cisco firewall).

- Alert email includes hyperlink to FPR file that initially triggered the alert, for quick access to alert triggering data. .FPR needs to be associated manually with FirePlotter.exe.

Bug Fix:

- Handle Cisco ASA auto-enable feature - 'aaa authorization exec LOCAL auto-enable', which removes need for 'enable' if logon privilege high enough.

- Corrected typo in Alert email text.


December 2015 - FirePlotter 2.24 b151214 released!

Improvement:

- Added support for ASA5516 (C2 - Class 2 License), ASA5516-X (C2).

Bug Fix:

- None


December 2015 - FirePlotter 2.24 b151208 released!

Improvement:

- Added support for ASA5506 (C1- Class 1 License), ASAv (C2), Fortigate-30D-POE (C1), FortiWiFi-30D-POE (C1), Fortigate-30E (C1), FortiWiFi-30E (C1), Fortigate-50E (C1), FortiWiFi-50E (C1), Fortigate-51E (C1), FortiWiFi-51E (C1), Fortigate-60C-POE (C1), FortiGate-60D-POE (C1), FortiWiFi-60D-POE (C1), FortiGate-70D-POE (C1) FortiGate-70D-LENC (C1), FortiGate-90D-POE (C1), FortiWifi-90D-POE (C1), FortiGate-98D-POE (C1), FortiGate-400D (C2), FortiGate-600D (C3), FortiGate-900D (C3), FortiGate-3000D-DC (C3), FortiGate-3100D-DC (C3).

- Change code so offline data is more easy to view. Save files in FP directory, remove PID references, create connection to non-existent firewall but specify ASA or FortiGate to activate correct data parsing component.

- Added File -> Global Settings. On exit, display "Changes to Global Settings require FirePlotter to be restarted to take effect".

- Added File -> Open FirePlotter.ini. On exit, display "Changes to FirePlotter.ini require FirePlotter to be restarted to take effect".

- Fortinet have changed the way the SSH daemon operates, which needed an update to the SSH library used within FirePlotter.

Bug Fix:

- None


August 2015 - FirePlotter 2.24 b150806 released!

Improvement:

- Added support for FortiGate-VM64-Xen, FortiGate-VM32-Xen, FortiGate-1000D.

- Added flexability with Cisco enable prompt format.

- Added improve checking of stacked FirePlotter licenses.

- Added HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\ScreenResIgnore (REG_DWORD) checking. 1 = do not check minimum screen resolution requirement.

Bug Fix:

- None


March 2015 - FirePlotter 2.24 b150310 released!

Improvement:

- Added FortiGate-VM64-HV, FortiGate-VM32-HV, ASA 5520.

Bug Fix:

- Cisco 'enable' command problem related to new feature in FirePlotter 2.24 b150304 that lets the 'enable' command to be changed to 'login' (or any string) - when connecting to a new Cisco firewall without a Connection Profile, this string (default: enable) wasn't being sent correctly - now fixed.


March 2015 - FirePlotter 2.24 b150304 released!

Improvement:

- Enable Cisco 'enable' command to be changed to 'login' (or any string). This is required for FirePlotter to login to Cisco firewalls that are using login instead of enable. This setting is associated with Connection Profile and is added through Registry (regedit.exe) using String Value (REG_SZ) CiscoEnableToString=login at (HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-Profiles\[Connection Profile Name]).

- Email Alert SMTP port. Allow option to specify SMTP port in Global Settings -> Email Notification -> SMTP server. Options <server>, <server>:<port> or :<port>. Also have added support for encrypted SMTP alert messages. This automatically happens if the mail server offer TLS support.

- "Unknown Firewall" warning message. The message has been changed, when an unknown firewall model is detected, new message suggests upgrading to the latest version of FirePlotter which most likely will fix the problem.

Bug Fix:

- None.


Jan 2015 - FirePlotter 2.24 b150126 released!

Improvement:

- Added the FortiOS build number to the status bar string.

- Auto export to CSV now includes First Seen (time/date) column.

Bug Fix:

- Added new models: FortiGate-VM, FortiGate-80D, ASA5525-K7, FortiGate-300D, FortiGate-70D, FortiGate-1000D, FortiGate-92D, FortiWiFi-92D, FortiGate-94D-POE, FortiGate-200D-POE, FortiGate-240D-POE, FortiGate-280D-POE, FortiGate-500D, FortiGate-1500D, FortiGate-3600C, FortiGate-3700D.


May 2014 - FirePlotter 2.24 b140515 released!

Improvement:

- Added support for FortiGate-3240C.

Bug Fix:

- Fix Bidirectional session filter which under certain circumstances didn't work. e.g. Source IP 192.168.10.50 Destination IP 192.168.10.50


April 2014 - FirePlotter 2.24 b140409 released!

Improvement:

- Added support for FortiGate-90D-POE.


March 2014 - FirePlotter goes DevNet

News:

- FirePlotter has joined Cisco's recently introduced Cisco DevNet: the new Developer Program from Cisco. Signing up and investing in Cisco Devnet means the FirePlotter development team can get access to Cisco technical information quickly which will help them to develop and design further new and exciting features for FirePlotter.

CiscoDevNet



Jan 2014 - FirePlotter 2.24 Beta b140125 released!

Improvement:

- Added FirePlotter Startup password (File -> Global Settings -> Startup Password). If the password is lost, FirePlotter Startup password can be reset by uninstalling and re-installing FirePlotter. Note: Uninstall deletes all Connection Profiles. FirePlotter Registry Settings can be backed up via regedit.exe, by exporting HKEY_CURRENT_USER\Software\GISS-UK.com. Note: Connection Profile passwords are not included when HKEY_CURRENT_USER\Software\GISS-UK.com is restored (merge).

- FirePlotter Registry Settings now deleted on uninstall but not on upgrade.

- Added support for ScanSafe proxy data now included in Cisco ASA 9.1(3) session data.

- Added Support for bi-directional IP filters in Active or Session Filter Profile. Src and Dst IP filter value must be identical for bi-directional IP filter to operate. Note will not work for *not* (!) filter option.

- Added local time and date field to the message boxes reporting errors to aid technical support identify exactly when a message occured so it can be cross referenced in the debug log.

- If HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\SessionDoubleClick (DWORD) = 1 then user can use double click to Zoom on sessions instead of single click.

- Change IP Information site to http://cqcounter.com/whois/ip/<ip>.html as default but allow user definable with [pre][ip][post]

HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\IP-Information-Pre (String) HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\IP-Information-Post (String).

- If HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings\SendAlertFPR (DWORD) = 1 then we will send .FPR file with Alert email.

- .FPR can be loaded on command line with quoted full path. Allows Alert .FPR to be launched as long as .FPR has been associated with FirePlotter.exe in Windows Explorer.

- Remove File -> Global Settings -> Online Help reference and change Help buttons to be context sensitive.

- Remove orange colour from Connect button as can't work as default button (key that reacts to Enter key).

- Added support for FortiGate-3950B, ASA5580-40.

Bug Fix:

- 32x32, 24 bit, BMP had a black dot pixel which is now changed to red.

- If default Connection profile (not Auto Connect) has Alert Profile, and then another Connection profile is loaded without Alert Profile then original Alert profile is used.

- /Profile: on command line has stopped working - now fixed.


Aug 2013 - FirePlotter 2.24 Beta b130808 released!

Improvement:

- Add File -> Global Settings ->Email Notification.

- Add graph total bandwidth (black line).

- Add Alerts Profile Editor: Session Count, Total Bandwidth.

- Add Alert profile to File -> Global Settings -> Default Profiles.

- Add Alert Profile to Connection Profile Editor.

- Add Total Bandwidth values to main screen.

- Add * when alert triggered for Sessions and Bandwidth on main screen.

- Add Global Settings -> Graph Scale.

- Add RMC to graph which offers Help - Graphical Bandwidth Plotting Explained.

- Add LMC on Session Table to Zoom with DoNotShow option for experienced users.

- Various other minor improvements.

- Add support for FGT-30D, FWF-30D, FGT-60D, FWF-60D, FGT-90D, FWF-90D, FGT-140D, FGT-240D, FGT-200D.

Bug Fix:

- Various minor bug fixes.


Jun 2013 - FirePlotter 2.23 b130619 released.

Improvement:

- Added support for ASA-5545, FGT-60D, FWF-60D, FGT-800C, FortiWiFi-60CX-ADSL, FortiGate-VM32, FortiGate-VM64.

Bug Fix:

- On FortiGate FortiOS V5.x handle '--more--' in output data.

- For Cisco added check for IPv6 addresses ':' in 'name' string and ignore for now (will support later).


Jan 2013 - FirePlotter 2.23 b130131 released.

Improvement:

- Add ASA5525, Fortigate-800C, ASA5555

- Adapt better to Cisco and FortiNet firewall BIOS model name (individual letter) case changes. e.g. accept Fortigate-110C and FortiGate-110C

Bug Fix:

- None


Dec 2012 - FirePlotter 2.23 b121214 released.

Improvement:

- None

Bug Fix:


- Fixed displayed sessions fluctuating around 0 which could cause a crash.


- Fixed coping with FortiGate default action of automatically backing up the configuration introduced in v4.3 firmware - the 'Auto Config Backup...' message in CLI could cause connection failure. If detected, we now change delay wait for login prompt to 30 seconds.


Nov 2012 - FirePlotter 2.23 b121123 released.

Improvement:

- Add support for ASA-5515, ASA-5512, FortiGate-80C, FortiGate-200B and FortiGate-300C

Bug Fix:


- Add parsing support for Cisco OS 9.0.1 - format of data changed slightly by Cisco.

- Adapt to changes to ASA sub-interfaces e.g. insideE0/1.


Aug 2012 - FirePlotter 2.23 b120830 released.

Improvement:

- Validate path for .FPR when clicked on graph - must be ...\yy-mm-dd\xx-hour\

- Default click column sorting to Descending

- Add 'TimeZoneOffset' in Registry for FP-GlobalSettings HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-GlobalSettings (checked 1st) and connection profiles within FP-Profiles HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-Profiles\ (checked 2nd) DWORD to hold hour offset between recorded data and player timezone e.g. 3 or -1 etc.

- Add check for 0.0.0.0 in IsValidIP() as Cisco seem to have this as valid in session table and need to avoid 111.111.111.111 for invalid address .

Bug Fix:

- None.


Aug 2012 - FirePlotter 2.23 b120813 released.

Improvement:

- Added quick implement feature to handle 'enable <x>' in Cisco ASA/PIX, where <x> is 1-15. <x> is included after a <space> in the SSH Login name. If <space><x> is included in the SSH Login name then 'enable <x>' is sent to the Cisco host.

Bug Fix:

- Allow '.' along with other limited characters in profile name.


Aug 2012 - FirePlotter 2.23 b120806 released.

Improvement:

- New firewalls: FortiWifi-60CM.

Bug Fix:

- Change Connections Profile Editor and Quick Profile Save to only allow alphanumeric, space - _ characters in profile name (some characters, e.g. colon, were previously crashing FirePlotter as connection profile name is used in .fpr folder name).


Jul 2012 - FirePlotter 2.23 b120727 released.

Improvement:

- New firewalls: FG-100D, FG-621B, FortiGate-60C.

Bug Fix:

- None.


May 2012 - FirePlotter 2.23 b120521 released.

Improvement:

- Improvements in banner handling during authentication process to Cisco Firewalls.

Bug Fix:

- None.


April 2012 - FirePlotter 2.23 b120404 released.

Improvement:

- Right Mouse Click over session table now includes Edit Active Filter.

- Record interval, added 1, 5 and 10 minutes.

- New firewalls: FGT-621B, ASA 5512-X, 5515-X, 5525-X, 5545-X, 5585-X, 5585-SSP-20, 5585-SSP-40, 5585-SSP-60.

Bug Fix:

- None.



February 2012 - FirePlotter 2.23 b120213 released.

Improvement:

- Add new FortiGate 3040B.

Bug Fix:


- When trace lines showing only one protocol were being processed, one trace line wasn't being plotted.

- FortiGate banner wasn't being checked after FortiToken.

- FortiGate two-factor authentication wasn't working for FortiToken for FGT admin login.


November 2011 - FirePlotter 2.23 Beta b111121 released.

Improvement:

- Add "Pause on Session Filter Match" feature.

- Add support for FortiGate Two-Factor authentication and prompt for additional Token (set in Connectin Manager).

- Reduce complexity of Quick Connect Profile screen.

- Add "Reset cumulative totals when FirePlotter starts" option (set in Global Settings, Cumulative Totals).

- Switch byte counters for UINT64 allowing 20 digits (rather than UINT32 only 10 digits).

- Add to FP.INI TCP/515 LPD.

Bug Fix:

- Trace colour would be used for wrong traffic as IP Protocol wasn't being considered.

- Filters column sort were wrong for ascending/descending icon.

- Trying to edit first connection profile didn't actually load any data.

- SessionID wasn't being correctly converted (Hex to UINT) - might get wrong colours on session table.


November 2011 - FirePlotter 2.22 b111121 released.

Improvement:

- Add support for new FortiGates: 20C, 40C, 81CM, 300C, 600C, 1000C, 3140B, 5060SM, 5060FA, 5060SAP.


November 2011 - FirePlotter 2.22 b111114 released.

Improvement:

- The limit for [Port] definition in .INI was 2000 chars – it is now set to 4000.

- Add support for firewall Cisco ASA5585-SSP-10.


May 2011 - FirePlotter 2.22 b110513 released.

Improvements:


- We now support complex filters in Filter -> Session Filter Manager. (SrcIPFlt, DstIPFlt, DstSvcPrt, SourcePrtFlt, IPProtFlt & PolicyIDFlt)

- Filter field examples:

192.168.68.13 - same as current.

!192.168.68.13 - all apart from address specified.

192.168.68.0/255.255.255.0 - all from subnet specified (MUST be <ip>/<full mask>).

!192.168.68.0/255.255.255.0 - all apart from subnet specified.

192.168.1.99 192.168.68.0/255.255.255.0 - all from addresses specified.

!192.168.1.99 192.168.68.0/255.255.255.0 - all apart from addresses specified.

For all other numerical field follow the same format.

- You can change Live complex filters with Filter -> Change Live Filter.

- File -> Export Session Table now exports a snapshot of current session table in CSV format (that can imported directly into Microsoft Excel etc).

- File -> Global Settings -> Export setting gives the option to export a session table snapshot in CSV format along with standard each .fpr file that is recorded (beware - this can eats disk space!).

- Added 'Open folder after manual export'.

- Added to Filter Profiles: #10 Default with Basic View Mode & #11 Default with Advanced View Mode.

- Fixed Play after Export Session Table if already Paused.

- Moved location of column up and down arrow graphics to res (resource) directory.

- Manage Filters, Save Filters and Select Filter are now disabled with no license.

- Align Address field with Unit Name, Model & Firmware.

- Remove <> from Active Session Filter to give more space to actually filter values.

- If user changes filter by interacting with table reset Session Filter Profile.

- Session Filter Profile is no longer reset when Connecting or Opening Recorded Data.

- If auto loading Connection Profile but not auto connect then switch to QuickConnect all Connection fields are reset.

Bug Fix:

- Replace 'Sessions can hidden by Active Session Filter, View Mode: Basic and Download Filter' with 'Sessions can be hidden by Active Session Filter, View Mode Basic, Download Filters and Global Settings'.

- Sorting Bytes/s and Cum. Bytes resulted in opposite to Ascending/Descending.

- Connection Profile label on main screen typo (Connection).

- Pre-defined filters for 2x FortiNet Top Outbound HTTP also included references to '192.168.68.2'.

- FirePlotter.exe expire message was corrupting at the end as it was too longer.

- Connect fields labels for SSH Login and Password sometimes showed <Inactive> which should never happen.Unknown firewall worked initially as C3 but the 60 seconds lic expire check failed- fixed.


December 2010 - FirePlotter 2.22 b101207 released.

Improvements:


- Added Forward/Back buttons to navigate session browsing.

- Added Session Filter Profiles and Filters -> Session Filter Manager.

- Added Icon Buttons for "Home", "Save" for Session Filters also, and "Play", "Pause", "Reset" for monitoring control.

- Added Icon Tool Tips.

- Added Status to License Manager to show if license is Active/Expired.

- Change main screen layout including colour Table Build Process & Sessions count.

- Move File -> Profile Manager to Connections -> Connection Manager.

- Added Fortigate-3951B, Fortigate-5001A.

Bug Fix:

- Unknown firewall worked initially as C3 but the 60 seconds lic expire check failed- fixed.


November 2010 - FirePlotter 2.21 b101103 released.

Bug fix:


- Implemented wodSSH 2.9.5.146 (SSH/telnet module in FirePlotter) as wodSSH fixed the bug with wodSSH.dll 2.9.4.141 giving 'Recv1: Not enough memory.' in fireplotterdebug.txt with all releases after wodSSH.dll v2.7.4.114. A small number of customers have reported this causing FirePlotter to crash.

- FirePlotter now better handles FortiGates that have multiple lines of data appear after login (not banners) which previosuly confused user $ prompt.

Improvements:

- Increase pulldown fields in Profile Manager so scroll bar isn't needed.


October 2010 - FirePlotter 2.21 b100930 released.

Bug fix:

- 60 second check to see if license expired didn't cope with C0 unknown firewall even if C3 lic.

Improvements:

- Added support for Fortigate-200B-POE and freeGuard100.


August 2010 - FirePlotter 2.21 b100825 released.

Bug Fix:

- Fix bug introduced in Build 100812, where in SSH1 protocol Blowfish encryption was always being selected. Affected Cisco firewalls.


August 2010 - FirePlotter 2.21 b100812 released.

Improvements:

- New Option to select a Default Profile (that is loaded automatically when FirePlotter starts). See File -> Global Settings -> Default Profile.

- Change to V3 licensing format and added new License Manager Interface in Help -> License Manager.

- Updates Help -> About now reflects new Licence Manager presentation.

- Moved File -> Help options to File -> Help -> FAQ.

- Licensing rules as follows (class specific):

1) FirePlotter only permits a new license to be installed when no license is present or less than 90 days on an existing license remains.

2) When installing a new license, FirePlotter backdates to date of expired license or startdate of new license (whichever gives most days).

3) If no license is installed then FirePlotter starts new license at date of purchase.

4) A new license start date can only be extended up to 90 days. So if two licenses are purchased at the same time, if the 2nd license is applied when the first one has expired, then it will only give 90 additional days.

- License file default source location set to 'My Documents'.

- Further optimised back-end data processing engine to improve overall processing performance.

Bug Fix:

- Add support for FortiGate access banner with Global Settings switch under FortiGate Settings (previously stopped connection to firewall).

- Add FortiWiFi-60C to firewall model list.



April 2010 - FirePlotter 2.20 b100416 released.


Improvements:

- Added support for FortiOS 4.2.

- Allow for multiple lines in the FortiNet FortiGate session filter by replacing | with CR (see Download Filters in Managing Profiles here).

-Add extra debugging to LogLevel=255 for connection debug.


Bug Fix


- Changed code to prevent conflict/crashing when clicking lots of different focus (sort, filter etc) options in Session Table.

- Added more activity indication in Table Progress above Session Table when processing many thousands of sessions.

- FortiGate Telnet prompt wasn't being picked up correctly in some specific situations.

- Manage profile switching protocol wasn't updating default port (22/23).



March 2010 - FirePlotter 2.20 b100325 released.


Improvements:

- Add sequence numbers to FilePlotterDebug.txt.

- Performance improvements.


Bug Fix


- PIX last session wasn't being processed as code incorrectly expecting 2nd line.

- Summarise code might crash if only one session in table and that session was hidden (our SSH) before summarising - thus no data to summarise.

- Table Build Progress status could crash due to multiple update messages.

- Profile password decryption.



March 2010 - FirePlotter 2.20 b100304 released.


Improvements:

- Change version to 2.20 as Connections Profiles added and beta is now released.

- Add [Connection] and ;LogLevel=255 to FirePlotter.INI.


Bug Fix


- QuickSave wasn't toggling MonitorHA between FGT and Cisco.


March 2010 - FirePlotter 2.01 b100226 released.


Improvements:

- New connection Profiles (File -> Manage Profiles) including encrypted passwords.

- New command line profile loading. Use "/Profile: "

- New moving parameters from FirePlotter.INI to the GUI interface (File -> Global Settings)

- Support for FortiGate Clusters/High Availability. Must be enabled in Manage Profiles

- New Download Filter to Connection Profiles:

- ASA filter e.g. 'address 192.168.68.0 netmask 255.255.255.0 port 25' for ASA 7+,

- FortiGate filter e.g.'diagnose system session filter policy 27' for 3.0 MR6+.

- Changes to main screen to show ‘Download Filter’ and more detail for ‘Table Build Progress’ for larger firewalls.

- Update session decoding to handle FortiOS 4.2 new format.

- Number of performance and stability bugs fixed.

- Add Manage Profiles option

- Add password encryption for SSH/Telnet and Enable.

- Add Quick Connect Save option. - Add Global Settings -> Cisco Direct Connects to control which direct connections are displayed in ASA 8+.

- Add Global Settings -> Monitoring Connection to control if FPs own monitor connect is displayed.

- Add Global settings - Do Not Show Messages.

- Add Global Settings -> Misc Automatically check for FirePlotter update.

- Add Monitor HA to profile which defaults to off.

- Add more details to the Table Build Progress with Loading, Filtering, Sorting & Summarising (only actually seen with large amounts of data).

- Add Download filter: to main screen.

- Add support for FortiOS 4.0 MR2 (4.2) as session table changed format.

- Add FGT-310B, FGT-620B, FGT-311B, FGT-1240B, FGT-60C, FGT-200B, Fortigate-3810A.

- When deleting unwanted rolling FPR files delete empty directories too.

- If FPRMaxFileCount=1 user will not be asked about deleting FPR files it will just be done.


Bug Fix


- Front End would scan disk until last file found and then take the next file in the list to be displayed.

- With FPR File Count set to 1 the last file may have already been deleted so couldn't be found.

- Routine now still uses last file name as starting point (date/hour etc) but locates next greater filename.

- If FPR loaded from non FPR directory structure then would get stuck in loop trying to find next file by walk tree that didn't exist.

- If Hostname was used for firewall connection only the first 15 characters were saved.

- Trailing space in Profile name caused problems - now delete leading and trailing spaces before save or rename.

- Starting to rename a Profile and cancelling at the last stage resulted in the new name still being created.

- Summarise by PolicyID wasn't '...' for Source Port.

- Loading another profile with new refresh time still kept old one.

- Password encryption into Registry had flaw

- Setup was insisting on .NET 3.5 changed to 2.0.50727 as VS08 SP1 insist on a version

- File -> Exit didn't offer user options to delete .fpr files.



September 2009 - FirePlotter 2.01 b090917 released.


Bug Fix:


- Firewall model licensing bug for FGT 80C 80CM & 82C caused licensing error (Class 0) - now fixed.



August 2009 - FirePlotter 2.01 b090818 released.


Improvements:

- Add FPRMaxFileCount to [Data] section of INI to limit the number of .FPR files stored, and so manage disk space usage. Default setting is 250, Max value is 20,000, 0 means keep all data (and user has to manage disk space themselves).

- When Exit, if FPRMaxFileCount > 0 then we give user option to keep or delete data.

- When FirePlotter first starts, popup window appears after 120 seconds telling user FPRMaxFileCount is active and offer example setting to store data for 1 hour or 24 hours based on sample data, and how much disk space that will take.


Bug Fix:

- Removed 'Use double click to Zoom into session details...' from table to make screen refresh yet more stable.

- Add ExcludeConnectionSession to INI in [Display] section.

- Watch only mode popup firewall class when Auto-reconnect, now has 10 seconds timeout otherwise it stops FirePlotter processing until user cleared window.



July 2009 - FirePlotter 2.01 b090721 released.


Improvements:


- Fireplotter now records all data to .fpr files (one file per "session list" snapshot - manage your diskspace carefully - this can be a lot of data!).

- Click on graph now permits replay of historical data.

- File, Open Recorded data permits replay of historical data.

- FirePlotter can set replay interval period (0 1,2 seconds).

- FirePlotter.ini [Data] FPRDataLocation= gives option on where to store FirePlotter data.

- FirePlotter when playing historical data now has "Reset to Real-time" button option.

- FirePlotter reports on estimated disk space consumption in 24 hour period, a few minutes after it connects to firewall.

- Basic and Advanced View mode options now on Right Mouse Click.

- Screen flicker no longer occurs on session table refresh.

- FirePlotterLog.txt now called FirePlotterDebug.txt

- Added support for FortiGate models: FGT-51B, FG-111C, FG-80C, FG-80CM, FW-80CM, FG-51B-LENC, FG-30B, FG-50B-HD, FG-82C & FW-30B.


Bug Fix:


- Update wodSSH library to 2.7.4.114 and change some code to fix the "Not enough memory" error and Telnet connection problem to some Cisco Firewalls.




June 2009 - FirePlotter 1.42 b090630 released.


Improvements:

- Support for FortiGate 111C, 80C,80CM and Wifi 80CM added.


Bug Fix:

- WODSSH.dll fixed "not enough memory" error that affected some Cisco ASA/PIX login sequences.

- Right Mouse Click TraceRT fixed.



June 2009 - FirePlotter 2.0 featuring historical logging (record & replay) - beta testing started.


Jan 2009 - FirePlotter 1.41 b090105 released.

Improvements:

- Auto-reconnect feature. Upon connection loss, FirePlotter will auto-reconnect to the firewall, incrementing time between attempts until successful (preparation for logging and replay).

- Add "Auto-Reconnect" (true/false) to fireplotter.INI under [Connection]. Default: True.

- New FirePlotter Data Directory (better suited for Vista) - Defaults: Vista: C:\Users\<user>\AppData\Roaming\FirePlotter, XP: C:\Documents and Settings\<user>\Application Data\FirePlotter

- New File Menu option to access this directory (for easy license file placement).

- Change version to 1.41 as change to data location.

- Change PIX configuration query to 'show running' rather than 'show config' to we get uncommitted changes too.

- Add undocumented 'UseShowConfig' to fireplotter.INI under [Connection]. Default: False.

- Now shows "Policy ID" from FortiOS (MR5 onwards). Cisco and previous versions of FortiOS will just have 0 in new column as feature unsupported by Cisco (Column sort, Filter and Summaries is supported).

- In App Help Menu added more links.

- Add slight delay to DNS conversion to keep CPU down.

- Add ports 636 = LDAPs, 993 = IMAPs. 873 = Rsync to INI.


Bug Fix:

- About showing license for Category 1 didn't have \n between it and Concurrent count.

- Add Fortigate-110C, Fortigate-620B, Fortigate-3016B, FortiWiFi-60B.

- If auto-reconnected when unlicensed don't pop-up message just switch modes if necessary.

- On manual n+ connect (to another fw or reconnect) connection routine wasn't fully initialised which could result in connection hang after 'Authenticated' status.

- Double click on ranged column ('...') wasn't using the same summary mode as the column clicked i.e. DblClick on SourceIP got a Direction Summary.

- Fix auto-reconnect when LAN interface disabled.

- Fix Telnet field name when switching from SSH to Telnet for Cisco.


August 2008 - FirePlotter 1.40 b080827 released.

Improvements:

- Save windows resize on exit and restore on load.

- Added Dialog to warn users not to use Telnet as SSH is much more secure and stable.

- Format table counter with comma separated thousands.

- Add additional FP application Help.

- Add Right mouse click (RMC) to query IP address on DNSstuff.com.

- Added new ports to INI - 111=SunRPC, 993=IMAPS, 563=NNTPS, 465=SMTPS, 8080=HTTP Alt, 5190=AOL, 3052=APC, 2049=NFS, 1935=Flash CS, 1023=Reserved, 57=Terminal, 158=PCMail Srv.

- If run into windows resize problem then delete HKEY_CURRENT_USER\Software\GISS-UK.com\FirePlotter\FP-WindowPosition.


Bug Fix:

- Ping counts jump due to negative calculation resulting is large positive value.

- Found n+ updates can have Byte count less than n for same session! Cisco problem seen in 7.2(2).

- Ping duplicate entries with Cisco 7.2(2), changed code to ignore second entry of ANY duplicate.

- Sessions for FWSM Firewall Version 3.1(7) weren't being decoded properly.

- FWSM firmware version wasn't being decoded properly.


July 2008 - FirePlotter 1.40 b080728 released.

Improvements:

- Add exit confirmation if Esc (Cancel) or Close [x] is pressed.


Bug Fix:

- If FTP doesn't have a bandwidth colour then don't bother checking for Fixup sessions.

- Fixed FP (b080630) crashing on start-up in W2K.


June 2008 - FirePlotter 1.40 b080630 released.

Improvements:

- Add checking routine so cope with invalid PIX configuration hostname cross reference.

- If name can't be resolved it is returned as 111.111.111.111.

- Change PIX configuration processing to cope with 8.0 Description in 'name' entry.

- Add Protocol=SSH to ready to use INI fields.

- Add two Dameware ports to INI list.


June 2008 - FirePlotter 1.40 b080610 released.

Improvements:

- Fixed issues with Cisco PIX/ASA 7.2(4) not displaying correctly.

- We can now display ICMP for PIX/ASA.


June 2008 - FirePlotter 1.40 b080603 released.

Improvements:

- Added FirePlotter.ini parameter in [Display] section to control IP address to name resolution: DNS=6 (default) where using BINARY logic: 1=NetBIOS and Internet reverse DNS, 2=Internet reverse DNS only, 4=firewall configuration (Cisco only). e.g. DNS=6 means 2 (Internet reverse DNS) + 4 (firewall configuration).


June 2008 - FirePlotter 1.40 b080602 released.

Bug Fix:

- Update code to interpret new 'dev=' interface direction introduced in FortiOS 3.0 MR6 Patch2 by FortiNet.


May 2008 - FirePlotter 1.40 b080529 released.

Improvements:

- Add Training video link to FP Help.

- Add user message if fp.ini isn't found and abort.

- Add abort option for download loop to allow graceful connect to new firewall.


May 2008 - FirePlotter 1.40 b080519 released.

Improvements:

- Added SSH support.

- Add to Right Mouse Click on table the option to Copy the IP address.

- Add following model: Fortigate-1000AFA2, Fortigate-5001FA2, Fortigate-60M.

- Add to ini Protocol = ssh or telnet. This is not the same as port.

- Add to ini Port = x. Used in conjunction with Protocol i.e. 22, 23 or other.

- Add option to open fireplotterlog.txt from File menu.

- Changing Protocol will revert Port to default.

- Changed INI Firewall= from PIX to ASA/PIX.

- SocketTimeout= in INI in now in seconds rather than 100th of seconds. Default 5 seconds.

- Indicate license type in log file Licensed or Unlicensed and Evaluation or Annual.


Bug Fixes:

- Change the socket timeout detection routines to make more robust.

- Add Sleep to DNS check loop as there can be nothing to do which took utilization high for several milliseconds.

- Cisco authentication if user prompt not found was reporting telnet prompt error now says users prompt error.

- Improved Cisco configuration file hostname processing and lookup threads using semaphores (Mutex) to reduce conflict possibilities.


Feb to May 2008 - SSH integration.


Mar 25th 2008 - FirePlotter Fortiverified.

FirePlotter has completed FortiNet's Fortiverified certification process. FirePlotter has been tested and certified in FortiNet's product development labs for interoperability with the FortiNet product range. It also means GISS (developers of FirePlotter) are now accredited as Technology Partners with FortiNet. More >>

FAP



Feb 2008 - FirePlotter 1.3 b080207 released.

Improvements:

- Add following model: Fortigate-3600.

- Added some more debugging information for LogLevel=255 in [Connections]that includes dumping the basic FortiGate session table each time it's processed. Note LogLevel=255 significantly reduces FirePlotter performance, so for debug only.

- Updated status bar when processing offline data to include a count of session processed so when handling large data 130,000 session you can see FP is processing.

- Setup change. Default to Everyone rather than Just me. If 1st copy is installed at Everyone and upgrade as Just me they will get two copies installed. It must always be the same.


Bug Fixes:

- PIX authentication code as expecting Telnet Password to be in first buffer received from PIX if it wasn't then assumption was that the device responding to Telnet
thought wasn't actually a supported firewall i.e. UNIX etc.

- Change code to use Recv timeout to know connection attempt has failed.


Jan 2008 - FirePlotter 1.3 b080121 released.

Improvements:

- Increase the default column width of Service/Destination Port and wasn't wide enough show Basic view friendly names.

- Set TCP default timeout to 5 seconds instead 2 seconds.

- Add following model: Fortigate-800F.


Bug Fixes:

- IP address field while processing PIX connection file was only 16 bytes but host 'name' from connection file can be 63.

Result was that 'name' in table wasn't complete and never showed actual IP address

- FGT interface lookup was failing if last interface in list was actually being used and could cause FP to crash.

- Column width save and restore were not aligned with correct columns.

- PIX connection would hang then crash if system prompt was split across multiple download buffers.


Jan 2008 - FirePlotter 1.3 b080104 released.

Improvements:

- Protect Interface variable overrun when reading from Interface file.

- Improved TCP error reporting.


Bug Fixes:

- FGT interface lookup was assuming interfaces were sequential - now we know they're not so lookup routine was changed.

- FGT 2.80 now reporting correct model, firmware, serial etc.


Nov 2007 - FirePlotter 1.3 b071130 released.

Improvements:

- Move Service/Dest Prt and Session next to Direction to ensure first glance at FP in intuitive.

- Add 'Port=' notes to INI. to allow non-standard telnet port usage. This has been in FP for ages though not documented.

- Change status bar session count to show x/y, so how many sessions in current display against total session.

- In INI move Telnet user field before Telnet password.

- Change main dialog text from 'Connection Port' to 'Connection Type'.

- Change main dialog text for firewall from PIX/ASA to ASA/PIX.

- In FP.ini enhance some of the explanations of parameters.

- Change status bar text from 'Next update in' to 'Refresh in:' and 'Sessions' to 'Sessions:'.


Bug Fixes:

- ProcessPIXSystem changed to cope with format changes on ASA Failover with 8.0(2).

- Enhance ProcessPIXSessions to do some more reliable validation of session data before processing.

- Enhance Cisco and FGT validation of parameters and prevent over run of string lengths.

- Change Class of firewalls to reflect the web site buying model (Move ASA 5510 -> C2, Move ASA 5530 -> C3).


Nov 2007 - Cisco reveals bug in PIX/ASA v7.01 to 7.22 relevant to FirePlotter. More >>


Aug 2007 - FirePlotter 1.2.0 b070822 released.

Improvements:

- Add FGT-50B, FGTWifi-50B, FGT-60B, FGTWifi-60B to C1 list.

- Add Basic and Advanced View Mode. Default Basic. 'BasicViewMode=true' added to FirePlotter.ini.

- Added 'Fortigate-5001' to C3 list.

- Change Watch only mode startup dialog to include 'Advanced View Mode '.

- Change from 'Active Filters' to 'Filters' in status bar.

Bug Fixes:

- PIX 8 wasn't reading in version information correctly as yet again CR LF at end of lines have changed.


July 2007 - FirePlotter 1.2.0 b070721 released.

Improvements:

- Change Default View to sort by Direction then Service/Dest Prt rather than In Bytes/s.

- Change commented out Auto-Connect parameter in INI to true.

Bug Fixes:

- Increase the buffer from 1024 to 4096 in the routine that handles the ASA/PIX login as large disclaimers banners were causing a connection failure.


March 2007 - FirePlotter 1.2.0 b070320 released.

Improvements:

- Add support for Cisco ASA-5505, ASA-5505-K8, ASA-5510, ASA-5510-K8, ASA-5520, ASA-5520-K8, ASA-5530, ASA-5530-K8, ASA-5540, ASA-5540-K8, ASA-5550, ASA-5550-K8.

- Add message if FP switches to Unlicensed mode if fw Class higher than license.

- Add 'Default view' button to main dialog.

- Add Right Mouse Click Options.

- Manage Firewall via HTTP or HTTPS.

- If PIX then allow to view the configuration.

- If on Source or Destination IP and not ... allow Ping, TraceRt and HTTP to IP.

- Move Block and Session % download into 'Next update' status bar panel.

- Force immediate Refresh after connection so Table counter show values ASAP.

Bug Fixes:

- If unlicensed ExternalInterface parameter was still read from fireplotter.ini.

- Fixed problem where Session could would count I extra line if last in list.

- 'Refresh' moved on screen resize.

- Table and graph are now cleared when connecting to another firewall and an error (user etc) occur.


Feb 2007 - New FirePlotter logo design completed


Nov 2006 - FirePlotter website active