Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
1
Helpful
3
Replies

Cleaning up Firepower Policies

Go to solution
saurav.khanna
Level 1
Level 1

‎03-03-2024 02:08 PM

Hi All,

I have recently started a new position in which I am facing a daunting task of cleaning up of ACP. What I would like to understand is what should be my approach to do it. There seems to be a lot of stale entries in there but I have no way of knowing at the moment of the6 would be utilised again or not.

Can you please suggest a good way of taking this up.

Saurav

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Pulkit Mittal
Spotlight
Spotlight

‎03-03-2024 03:28 PM

Hi Saurav,

This is the strategy that I follow:

1. Disable unused rules

2. Disable covered rules (Rules which are covered by another rule, redundant rules)

3. Clean up duplicate objects (Objects pointing to same IP, IP set)

4. Check for ANY rules, to optimise and cover only required ports

5. Look at reordering or placement of the remaining rules

I suggest looking at Algosec,  and see if your business would be willing to spend money on it! If not, simply, spin up a 30 days trial to understand the product and optimize your exisiting firewall, and conducting a PoC later to place it better to the board to see if they would be interested. This will definitely help you with the clean up work in future.

This is only a personal recommendation.

Please mark this helpful if you are happy with the response, and accept the solution.

View solution in original post

3 Replies 3

Go to solution
Pulkit Mittal
Spotlight
Spotlight

‎03-03-2024 03:28 PM

Hi Saurav,

This is the strategy that I follow:

1. Disable unused rules

2. Disable covered rules (Rules which are covered by another rule, redundant rules)

3. Clean up duplicate objects (Objects pointing to same IP, IP set)

4. Check for ANY rules, to optimise and cover only required ports

5. Look at reordering or placement of the remaining rules

I suggest looking at Algosec,  and see if your business would be willing to spend money on it! If not, simply, spin up a 30 days trial to understand the product and optimize your exisiting firewall, and conducting a PoC later to place it better to the board to see if they would be interested. This will definitely help you with the clean up work in future.

This is only a personal recommendation.

Please mark this helpful if you are happy with the response, and accept the solution.

Go to solution
Marius Gunnerud
VIP
VIP

‎03-03-2024 09:44 PM

We use AlgoSec Firewall Analyzer for this.  I would suggest setting this up and then send syslog to it.  Right away after running an analysis report you will be able to identify covered rules, duplicate objects, etc. and then after letting AlgoSec collect logs for a little while you will have an accurate idea of which rules are being hit and you can drill down into what ports and IPs are being used  on those rules to tighten up even more.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
saurav.khanna
Level 1
Level 1

‎03-03-2024 10:38 PM

Thank you guys.. I will look at Algosec for this...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card