10-06-2019 04:15 AM - edited 02-21-2020 09:33 AM
Hi all, We have recently deployed some firewalls in a client's network which was initally an "open" network.
Based on the design of these new firewalls put in place to implement proper segmentation, I have been tasked with developing baseline firewalls rules.
Because the network was initially open, there is no way I could possily use any existing rules because there were no rules! Plus getting the expected traffic flow information between each zones from the relevant teams of the client is not possible for unknown reasons. They do not have that sort of visibility. So the responsibility is all upon me to somehow develop this baseline firewall rules based on just looking at the traffic logs. Without no surprise, this is a humongous task.
Hence, I am wondering if there is any better or more efficient and faster way to do this ? I dont want to go through the logs line by line to determine what firewall rule should I create ?
Does anyone know if there's any such feature or dashboard/report in FMC where I can get the visibility of the high traffic patterns from all zones, which can eventually help me build this firewall policy ?
For e.g a list of traffic flows which tells me there is high amount of traffic between zone A to zone B and so on.
Solved! Go to Solution.
10-23-2019 06:22 PM
Answering my own question here. I was finally able to figure out a way to do this after spending a lot of time studying the FMC features.
Hope this helps anyone who is working on similar thing
If anyone knows more efficient way of doing this, feel free to share!
10-06-2019 08:28 PM
10-10-2019 03:42 PM
That sounds like a great idea. Thanks!
I am currently exploring how I can do this via reports. Incase, if you already know, can you please advise if there's a place from where I can get a list of porys/protocols regularly accessed from a security zone and to destination zone, apart from logs?
10-10-2019 06:52 PM
10-07-2019 03:19 AM
They might be better off running a Stealthwatch POV with the FTD device as a source for the Netflow records.
Stealthwatch is much better at capturing and visualizing flows as it has a lot of built-in reporting and customizing the output is quite easy from the Stealthwatch Management Console (SMC).
10-23-2019 06:22 PM
Answering my own question here. I was finally able to figure out a way to do this after spending a lot of time studying the FMC features.
Hope this helps anyone who is working on similar thing
If anyone knows more efficient way of doing this, feel free to share!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: