Hi all, We have recently deployed some firewalls in a client's network which was initally an "open" network.
Based on the design of these new firewalls put in place to implement proper segmentation, I have been tasked with developing baseline firewalls rules.
Because the network was initially open, there is no way I could possily use any existing rules because there were no rules! Plus getting the expected traffic flow information between each zones from the relevant teams of the client is not possible for unknown reasons. They do not have that sort of visibility. So the responsibility is all upon me to somehow develop this baseline firewall rules based on just looking at the traffic logs. Without no surprise, this is a humongous task.
Hence, I am wondering if there is any better or more efficient and faster way to do this ? I dont want to go through the logs line by line to determine what firewall rule should I create ?
Does anyone know if there's any such feature or dashboard/report in FMC where I can get the visibility of the high traffic patterns from all zones, which can eventually help me build this firewall policy ?
For e.g a list of traffic flows which tells me there is high amount of traffic between zone A to zone B and so on.
That sounds like a great idea. Thanks!
I am currently exploring how I can do this via reports. Incase, if you already know, can you please advise if there's a place from where I can get a list of porys/protocols regularly accessed from a security zone and to destination zone, apart from logs?
They might be better off running a Stealthwatch POV with the FTD device as a source for the Netflow records.
Stealthwatch is much better at capturing and visualizing flows as it has a lot of built-in reporting and customizing the output is quite easy from the Stealthwatch Management Console (SMC).