Im probablly in the wrong place, but I dont use Orion. I am looking for a tool that will help manage ACL's on Cisco firewalls and routers. Does solarwinds have a product that can do that?
Hi dclick - we currently have some tools that will automate downloading and uploading configs (Toolset for Cisco only, NCM for a boatload of other devices types), but nothing that does ACL creation or analysis. Of course, you could use NCM's Policy Report to look for holes or ensure a certain ruleset was present.
We have ofter thought about adding some ACL functionality to the Toolset, what kinds of operations / interactions were you looking to do?
--Greg
simple management, error checking (you need an OUT for every IN, and visa versa), things like that.
I have some ACL's that have 200 entries - its gets to be a bear when using notepad or the toolset viewer, and there isnt an easy way to isolate just the ACL you want to work on.
Hi Greg:
I'm about to purchase NCM and would be very curious to know what your plans are for an ACL tool. Currently, we are developing some automation using HP Opsware for rolling ACLs. It would be nice if Solar Winds had a full fledged tool to create and implement ACLs. I'm happy to supply more details if needed.
-Matt
We are also interested in ACL management as a more modular component within NCM. The features we are interested in are;
1. Ability to manage routers, L3 switches, PIX firewalls and ASAs (which NCM does nicely)
2. Ability to modularize portions of rules - for instance, specific rules for say test networks or guest wireless.
A. Modular in that you can save the snippets for later use; as components independent of the overall config: As ACEs in a list.
B. Then combine your ACE lists in the order you want them evaluated with the capability of remarks in between each ACE section.
C. The new management tool/system needs to be integrated with the Configuation Management Product even if we need a client. We need to do everything from the Orion web interface.
3. Integration with our NCM system. We are critical infrastructure also. This is a requirement.
Thanks. I think you guys are uniquely positioned to accomplish this sort of capability.
I've been looking everywhere for an ACL manager and haven't had any luck. What I am looking for is something that would simplify mass editing of our access list. For example, let's say I have 100 locations with various access lists at each adding up to 1,000 lines of code. Each location is the same, but different.. Meaning it's access list name is different and it's subnets are different, but each rule is the same (ie allow "main server" to communicate to "mail server"). Today when we add/remove/ or modify rules we have to go out and edit every single access list in notepad. This is very time consuming as you might imagine. It would be wonderful to be able to edit one "template" and have it adjust the other access lists accordingly then deploy with NCM. I suppose if it was that simple, everyone would have this functionality, especially Cisco.
Why do you edit in notepad for routers? Is your IOS really old?
networkguy09,
This is definitely something we hear. We are considering addressing this use case in NCM or providing a tool in Toolset. As you are aware, we don't currently have any solution for this.
Just out of curiosity, when you make these changes, do all of your ACLs have the same name? If so, it may be possible to have NCM config templates help you with this.
Mav
I am interested to know what the better solution is.
Hello.
Did you ever get an answer/solution for this? I have NCM 7 and we currently manage our ACLS with snippets. However, we have to manually choose the devices every time we apply a change. I am trying to find a way to migrate the snippets into the web-based portion of NCM.
I second that question.
I would also be looking for a way to (easily) validate through Policies a Base ACL.
Thanks!
I have, since making this post a few years back, become a Solarwinds user. I would still be interested in any ACL manager that is out there.
We have an ACL Editor in Toolset, have you seen that or are you looking more for something like this
Firewall analyzer | Firewall optimization tool - AlgoSec
FireMon Products
Athena FirePAC - Firewall Profiler
I am having some issues getting the Workspace studio ACL manager to pull my config (either from a ASA Firewall, or Cataylst (ios) Switch..). Once I get that figured out, ill definatly look at the tool.
as I stated above, I am just looking for something to help manage the rules.
thanks.
I posted an idea for a feature request that I sincerely hope encapsulates everyones many enquiries over the last three or four years for a comprehensive solution. It is certainly in Solarwinds best interest to optomize their configuration management, log management, and policy features by providing an editing, ACL management module. Please check it out and volte in the NCM Ideas area.
Tks for your input and opening an Idea, Kittcarson, it seems to be doing pretty well, vote-wise
We just introduced a new product which covers this: FSM, Firewall Security Manager, more here.
