topic Re: Firewall analizer for Policy Optimization and Cleanup in Network Security

Firewall analizer for Policy Optimization and Cleanup

Maria Schiaffino — Mon, 11 Mar 2019 22:11:03 GMT

Hi there,

I am looking for a firewall analizer which includes a feature for Policy Optimization and Cleanup. If available, I would prefer an open source one, but I can look for another one. I was wondering if you have any recommendations.

Thanks in advance for your help.

Regards,

Paula

Firewall analizer for Policy Optimization and Cleanup

Marvin Rhoads — Fri, 06 Jan 2012 15:59:30 GMT

Several companies make such products:

http://www.firemon.com/products/securitymanager/

http://algosec.com/en/products/firewall_analyzer

I've not used them myself.

Firewall analizer for Policy Optimization and Cleanup

Christopher Hayre — Fri, 06 Jan 2012 23:16:40 GMT

Paula,

If you are a CSM customer, it currently has a couple of embedded tools for firewall policy analysis and rule consolidation. I've found them to be incredibly handy in the past, particularly when performing routine audits/reviews. Within the access policies section, you can perform the following:

1)Analysis - Analyzes the policy for duplicate/overlapping rules

2)Combine - Finds duplicate access control entries and presents you with the option of combining

3)Hit Count - Examine the usage of one or more rules

See the following doc for more information on these features:

http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.2/user/guide/fwaccess.html

Thanks,

Christopher

Firewall analizer for Policy Optimization and Cleanup

david.tran — Sun, 08 Jan 2012 15:29:21 GMT

I think the original poster asked for recommendations from folks with actual experiences using the products.

Yes, I've used both Firemon, Algosec and Tufin products for firewall optimization and clean up. All of the products rely heavily on the firewall logs. The more archive log you have, the better the product is at optimizing and cleanup your rule base.

Ranking based on my opinion:

Tufin: Excellent with checkpoint firewall, just OK for Cisco ASA firewall. Tufin is an appliance

Firemon: Really good with Cisco Pix firewalls. Firemon is an appliance (a bundle of CentOS and Firemon Application)

Algosec: OK with Cisco Pix IOS firewalls. Algosec runs on Redhat Enterprise Linux

Re: Firewall analizer for Policy Optimization and Cleanup

DanielleITCS — Mon, 04 Jun 2018 12:30:54 GMT

You might find real user reviews for all the major firewall analyzers already mentioned on IT Central Station to be helpful.

Users interested in these solutions also read reviews for Skybox Security Suite. In his review, this Information Security Architect writes that the most valuable feature of Skybox is "the firewall change audit every week. Also, being able to track firewall ACL usage, so that we can produce semiannual reports on ACL usage and on shadowed and redundant rules on the firewall." You can read the rest of his review here.

Good luck with your search.

Re: Firewall analizer for Policy Optimization and Cleanup

Marvin Rhoads — Mon, 04 Jun 2018 14:13:51 GMT

It's bad form trolling a 6 year old post with links to your company's site.

Re: Firewall analizer for Policy Optimization and Cleanup

DanielleITCS — Mon, 04 Jun 2018 14:23:51 GMT

So weird. When this came up on Google, it said that this thread was from 2017. I must have not been looking at the dates on the individual responses when I commented.

I sincerely apologize, that was my bad. Please feel free to delete if you're a moderator.