Product Review: Fastvue Dashboard

Product: Fastvue Dashboard

Product Homepage:  www.fastvue.co

Introduction

Do you know what kind of traffic is going through your TMG firewall right now? For the majority of TMG firewall administrators today, the answer to that question is “no”. Are your users being productive? Is someone hogging bandwidth? Is there a virus or worm on your network attempting to phone home? Surprisingly few TMG administrators can accurately answer these questions. Because TMG reporting is based on summarized data, and log data is summarized on a daily basis, native TMG reports aren’t much help if you need to determine what’s happening on your network right at the moment. Using the TMG management console to query the log files is even less helpful, as assessing traffic patterns with this raw data is a bit like monitoring the Matrix. Perhaps some can pick out the blondes, brunettes, and redheads, but for most of us it is a stream of unrecognizable data.

That’s where Fastvue saves the day. Fastvue is a real-time dashboard that provides a nearly instantaneous view of your current and recent TMG firewall traffic. Using the intuitive graphical interface, administrators can determine what sites, users, or applications are consuming excessive bandwidth. You can determine who is using the Internet in an unproductive manner and assess which sites they are visiting. You can determine what protocols and ports the firewall is blocking and why. You can also identify what threats have been discovered, which computers were affected, and view how the firewall addressed these specific threats. In addition, Fastvue has extensive alerting capabilities for providing proactive notification for administrator defined events as they occur.

Product Overview

The Fastvue Dashboard is simple to install and has limited requirements. It uses an agent (called the arbiter) that is installed on the TMG firewall and is queried by the central Fastvue Dashboard server running on a server with IIS installed. The arbiter is lightweight with a small memory footprint, which reduces resource utilization on the firewall and minimizes the attack surface. The central Dashboard server can query multiple arbiters, which is a distinct advantage for large organizations that have multiple TMG arrays. Data transferred to the Dashboard server from the arbiter is encrypted or security.

Installation

Installing the Fastvue Dashboard is simple and straightforward. Begin by installing the arbiter on the TMG firewall. Select the option to Install Fastvue Arbiter.


Figure 1

Note:
The arbiter assumes that the TMG log files are in the default location (C:\Program Files\Microsoft Forefront Threat Management Gateway\Logs). If you have configured TMG to log to a different location, navigate toStart/Programs/Fastvue/Fastvue Arbiter Settings, click the Sources tab, and edit the log file location as necessary.

Once complete, create an access rule in TMG that allows traffic from the central Dashboard server to the local host on TCP port 49361.


Figure 2

Next, install the Fastvue Dashboard on a separate server. There is no need to configure any server components before installation, as the installer will add the necessary required roles and features.


Figure 3

Once the Fastvue Dashboard installation is complete, open a web browser and navigate to the Dashboard server. Enter the name or IP address of your TMG firewall and click Go!. This will begin the process of importing existing log data to the Dashboard server for analysis and reporting.


Figure 4

Click the Check Sources link to confirm that data is being imported successfully.


Figure 5

On the Sources page you’ll find information about the number of records processed and the connectivity status to the arbiter. If you need to add additional arbiters, click the Add Source button in the upper-right corner.


Figure 6

Dashboard Overview

Clicking the Dashboard link presents the main Fastvue Dashboard window. Here you will find a summary of bandwidth usage and productivity for the day and the past 15 minutes. By scrolling down the page you will find information regarding firewall activity as well. The administrator can quickly assess the overall health of their network activity from this single screen.


Figure 7

Additional detailed information from the charts and graphs can be obtained by holding your mouse over a specific event.


Figure 8

Clicking the Bandwidth button provides detailed information with regard to bandwidth consumption on your TMG firewall. Data on users, departments, applications, web sites, categories, and downloads is displayed here.


Figure 9

Selecting the Productivity button reveals in depth information about your user’s web browsing habits. It is broken down by productive and unproductive departments, users, categories, and sites.


Figure 10

Choosing the Firewall button provides in depth analysis on actions taking by the TMG firewall. Detailed information includes blocked IP addresses, applications, events, and rules. Information regarding malware and intrusion detection events is also provided.


Figure 11

Alerting

By far the most powerful feature of the Fastvue Dashboard is the alerting engine. Security engineers and administrators don’t have the time to sit and stare at a dashboard all day watching for anomalous events. A much better way to monitor the network is to be proactively notified when something occurs. The Fastvue Dashboard is configured by default to generate alerts for unproductive browsing, events detected by IPS or malware inspection, and large file downloads. Custom alerts can be created on just about any conceivable event generated by the TMG firewall by clicking the Add Alert button in the upper-right corner.


Figure 12

The definition of acceptable and productive sites can vary depending on your business and corporate security policy. The Fastvue Dashboard allows you to easily change the default classification of the TMG URL filtering categories. Click the Productivity button, then drag and drop categories to different classes as required. Click the Save Productivity Settings button in the upper-right corner to save and apply the changes.


Figure 13

You can also configure the Fastvue Dashboard to send an e-mail when alerts are triggered. Click on the System Options button on the left and enter the mail server information under the Mail Settings tab.


Figure 14

Additional Features

The Fastvue Dashboard supports integration with Active Directory, which allows the Dashboard to display full usernames and department information (if this field is populated for Active Directory accounts).


Figure 15


Figure 16

Active Directory integration is limited in this release, but look for more interaction between Fastvue Dashboard and Active Directory in future releases.

Summary

The Fastvue Dashboard is a unique and powerful tool that provides security administrators with insight in to current network activity with an intuitive graphical user interface and flexible, granular alerting capabilities. The information provided by Fastvue Dashboard can be used to create better access polices by highlighting productive and unproductive user activity. It can also be used to identify users sending large amounts of data, which might indicate potential data loss. Additionally it can provide valuable and nearly instant feedback as to how firewall rules are functioning. The Fastvue Dashboard is easy to install, configure, and use. For a v1 product it is surprisingly polished, but still lacks some essential features. In future releases I’d like to see the installer configure the IIS web site in a more secure fashion. By default, it uses HTTP and does not require authentication. Since this information is sensitive, it should be protected with SSL and have a login page. When installing the Fastvue Dashboard product today, these steps will have to be performed manually after installation. Fastvue have a comprehensive guide on how to secure the application using Windows Authentication, IIS Authorization Rules and SSL. The guide also shows how to publish the site to external networks using TMG’s Web Publishing feature. See: http://www.fastvue.co/blog/how-to-secure-and-publish-the-fastvue-tmg-reporter-web-site.

In spite of these minor drawbacks, however, the product overall is definitely worth taking a look at. I give the product 3.5 out of 5 points for the Silver Award.

Update:
Since this review, Fastvue has added reporting features such as the ability to easily run Company Overview and User Investigation reports. The application name has also changed to Fastvue TMG Reporter. You can take a tour of the new feature here: http://fastvue.co/takethetour

ISAserver.org Rating: 3.5/5

Get more information about Fastvue Dashboard

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top