Showing results for 
Search instead for 
Did you mean: 

Updating and Maintaining ACLs

Level 12

For those of us that maintain device configurations that include Access Control Lists (ACLs), we know what a huge chore this can be and how bad things can go if you make even one simple mistake. I myself have had to put someone on a plane to fly out to a router that I locked myself out of with a bad ACL and have many times had to call someone that was physically located at one of my remote sites to power cycle a router and restore it to the saved config. Not the best way to spend a Saturday night, I assure you...

Fortunately, there are some really cool tools available to make this a little easier. The Engineer's Toolset that we offer here at SolarWinds includes a tool called the "Cisco Config Viewer". With the Config Viewer you can download and view the config from a Cisco router, switch, or firewall; edit the config; and then push the updated config back to the device. Since it does the config uploads via a TFTP copy vs. CLI you don't have to take out the old ACL in order to make the changes. This is a huge advantage over doing it the old fashioned way and, as always, you can download a fully functional copy of the Engineer's Toolset from the SolarWinds.Com website.

Cisco also has a tool called ASDM or the "Adaptive Security Device Manager". This tool simplifies the configuration tasks required for configuring Cisco PIX firewalls and ASAs. If you're not familiar with how these devices are supposed to be configured then this is a good choice to help you get started. You can also download ASDM directly from that same page.

Athena Security also has a new application called "Athena FirePAC". FirePAC is cool because it evaluates the ACLs on your Cisco PIX and ASA, Juniper NetScreen, and Checkpoint firewalls and tells you where you've left holes or where you've duplicated functionality. I had the opporutnity to meet with one of their founders and one of their main developersa a few weeks ago and get a detailed walk thru of the product. Definitely something you should check out. You can download a free evaluation version directly from their website.

Check out these tools and ping me back if you know of any other good tools for managing ACLs.

Flame on...
Follow me on Twitter

Level 15

We just introduced a new product which covers this: FSM, Firewall Security Manager, more here

Level 15