Analyzing Firewall configuration/rules and Router ACLs - How are you doing this today?

chris.lapoint

We'd like to better understand what you are doing to analyze firewall rules and router access control lists (ACLs) and how you are doing it. 

Some questions for our community:

1) Do you currently analyze firewall configurations and rules?  If so, how do you do this (e.g. third-party tools, manually)?  

3) How do you analyze router ACLs today (e.g. third-party tools, manually)?  

3) How much time do you spend analyzing firewall configurations and rules?   Router ACLs?  

Thanks in advance for your responses!

-Chris  

FormerMember

1.  Yes.  It is a manual process because owners of the rules must be contacted to verify they are still needed.  There are a lot of procedures/processess that must be in place for things like PCI compliance, ISO 27001 etc.

 

2.  Same as #1.

 

3. Way too much.  Probably consumes 40+ man hours every quarter just for one Firewall Cluster.

 

I'll add that that we have other tools that baseline network traffic, traffic patterns, new traffic, et.  Tools from Mazu, Source Fire, etc.  Syslogs and SNMP traps also get normalized via TriGEO.  Suspicious activity can prompt us to look at the rule base in any needed devices.

 

The basics of course are covered in the Policy Reporter in NCM  for CISCO routers and switches.