AFA reports

This section explains how to understand and use AFA device, group, and matrix reports.

For more details, see Device report pages, Group report pages, and Matrix report pages.

Comparison reports

AFA enables you to compare reports from the same device from different dates, or compare reports from different devices. Comparing reports not only detects differences in objects, but also provides an analysis of the differences' effects.

For example, it reveals which traffic is allowed by one device and not by the other, and vice-versa. This can be used to determine what has changed in a device over a long period of time, or to determine whether a vendor conversion project was performed correctly.

Tip: You may want to compare reports from different vendors if you are considering migrating your devices to a new vendor.

For details, see:

Note: For full traffic comparison, enable Comprehensive Mode in the AFA Administration area General options.

This ensures that AFA analyzes all services defined on the device, and not only the ones relevant for risks. For details, see General.

Compare reports from the same device

Comparing reports from the same device from different dates lists the differences in traffic, service definitions, hostgroup definitions, topology, risks, and rules.

Do the following:

  1. In AFA, navigate to the device you want to compare reports for. For details, see View a specific device.

    View the desired device as described in , then click the Reports tab.

    The relevant page appears with a list of reports.

  2. On the device details page, click Reports to display a list of available reports.
  3. Select the reports you want to compare, and then click .
  4. In the Compare reports dialog, click Compare, and watch while AFA compares the selected reports.

    To stop report comparison, click Stop Comparison.

When complete, the comparison report opens in a new window. The comparison report is also attached to the more recent of the device reports you compared.

Compare reports from different devices

Comparing reports from different devices provides differences in provides differences in traffic, service definitions, hostgroup definitions, topology, and risks. When comparing reports for two Check Point devices with different policies, differences in rules are also included by default.

Do the following:

  1. Either select both devices from the ALL_FIREWALLS group, or select each device one at a time.

    For details, see Viewing the ALL_FIREWALLS Group and View a specific device.

    • If selecting from the ALL_FIREWALLS group, click the All Reports tab, and select the reports you want to compare.

    • If selecting from a specific device, browse to your device and click the Reports tab. Then select a report to compare and click .

      At the prompt, select your second device and report, and click again.

    Tip: When selecting devices to compare, you may see light & dark-colored device report entries.

    • Dark entries mean that you have the appropriate permissions to perform all actions on the device (i.e., customizing the topology, trusted traffic, refreshing, and deleting report).
    • A light-colored entry means you have read-only permission.
  2. In the Compare reports dialog, click Compare, and watch while AFA compares the selected reports.

    To stop report comparison, click Stop Comparison.

When complete, the comparison report opens in a new window. The comparison report is also attached to the more recent of the device reports you compared.

View comparison reports

This procedure describes how to view a comparison report between two devices.

Comparison reports are attached to the more recent of two reports compared. For more details, see Comparison reports.

Do the following:

  1. View a device report to which a comparison is attached. For details, see View device reports.

  2. Click the Policy tab. In the Comparisons area, select the comparison report you want to view.

    The two reports are displayed side by side, with a summary table at the top.

    For example:

  3. To drill down to more details, click the Traffic link in the summary table.

    Traffic details are displayed, with green bullets indicating added traffic and red bullets indicating removed traffic.

    Each traffic direction is listed separately, with hyperlinks to each section at the top of the page. In each table, rows represent services and contain details about the traffic changes that occurred.

    For example, added traffic might include details about what was blocked before and is allowed now. Removed traffic might include what was allowed before and is blocked now.

    In each row, click details to drill down even further.

Note: The comparison report does not cover traffic of services that are defined in only one report, or are configured differently in each report.

Back to top

Export reports to PDF

This procedure describes how to export entire AFA reports or individual report pages to PDF.

Do the following:

  1. In the top-right corner of the report, click Export/Print PDF.

    If you started from the HOME tab of the report, a dialog appears where you can select specific pages to export.

    For example:

    Select the pages you want to export, and click Export PDF.

    If you started from any other page in the report, the print preview opens with an optimized version for saving to PDF.

Note: Depending on your web browser, there may be adjustments in the print preview dialog for optimal output.

For details, see Export AFA screens to PDF.

Back to top

Delete reports

This procedure describes how to delete reports from AFA.

Do the following:

  1. Navigate to the report you want to delete, and then click the Reports tab.

    For more details, see:

    If you are deleting reports for multiple devices, view the ALL_FIREWALLS group, and then click the All Reports tab. For details, see Viewing the ALL_FIREWALLS Group.

  2. In the list of reports, select the checkboxes for the report or reports you want to delete.
  3. Click Delete. In the confirmation message, click OK.

The reports are deleted, and are no longer accessible from AFA.

Back to top

Manually generated reports

Run a manual analysis to create an unscheduled report, including the following types:

Scheduled analysis and manual analysis requests

AFA administrators can also schedule recurring analysis. Scheduled analysis supports multiple reports running in parallel, with maximums depending on your AFA system configuration and power. For details, see For more details, see Schedule analysis.

  • If a manual report is already running when AFA is otherwise scheduled to run a scheduled monitoring process, the scheduled monitoring for that device is skipped. AFA attempts the next monitoring cycle as scheduled.
  • If a monitoring cycle is already running on a specific device when a manual report is requested, AFA waits for the monitoring process to complete before generating the report.

Back to top