Re: Audit pix v7 access rules

yann.boulet · ‎11-22-2006

Hello,

i am in charge of auditing access rules on a PIX V7 with 11 interfaces including 5 logicals one, it seems that we have 570 rules with a lot of hosts/groups and we want to know better which traffic is allowed on the pix.

Can somebody suggest me a tool or software to audit my access rule to do that because with ASDM or CLI i can filter as i want

zubairjalal · ‎11-22-2006

The best tool for you is "Firewall Analyzer". You can get the software from

http://manageengine.adventnet.com/products/firewall/download.html. It is a free 30 day trial period.

On the pix you just have to add it like anyother syslog server.

logging host inside

You will get all kinds of reports like the rule that is more used, protocol graph etc.

--Pls rate if useful--

yann.boulet · ‎11-23-2006

Many thanks for your reply,

i think this software will help me day after day but what i really want is to know if rules aren't too old. I want to know what kind of rules are on my pix, who is allowed to do what. my real trouble is that some destinations are reachable by ip source that i want to deny and if my ip source is created in an asdm group i can't find it easily with rules displayed on asdm.

Thanks

yann.boulet · ‎11-28-2006

Anyone to reply ?

I try to use Cisco security manager v3 and it seems that it can be a good software for my job but i can't extract or filter any rules to purge it.

thx