10-01-2015 01:18 AM - edited 03-11-2019 11:40 PM
I am building a new network solution and at the perimeter I have an ASA firewall.
At the moment, as it is in a pre-production state, I have a completely open ACL. Obviously, I will need to harden this up, but to do that I wondered if there was a way to analyse existing flows and build ACL rules around them?
Trying to manually identify all the ports/protocols/IPs, etc is a very laborious task.
Are there any automated tools out there (Open Source please!) that do this?
Does anyone on here have any handy hints that could reduce the man hours I'll have to spend?
Any comments welcome :)
10-01-2015 04:35 AM
Hi there,
Configure netflow and send the collected data to a netflow processor.
My netflow collector of choice is nfdump/nfsen (http://nfsen.sourceforge.net/), it is simple to configure and of course open-source.
You could also enable threat-detection statistics on your ASA, but this take an additional hit on the CPU:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/firewall/asa-firewall-cli/protect-threat.html#pgfId-1316394
cheers,
Seb.
10-04-2015 02:27 AM
I am building a new network solution and at the perimeter I have an ASA firewall. At the moment, as it is in a pre-production state, I have a completely open ACL. Obviously, I will need to harden this up, but to do that I wondered if there was a way to analyse existing flows and build ACL rules around them? Trying to manually identify all the ports/protocols/IPs, etc is a very laborious task. Are there any automated tools out there (Open Source please!) that do this? Does anyone on here have any handy hints that could reduce the man hours I'll have to spend? Any comments welcome :)
Hi,
You can send the traffic logs to syslog server and from there you can create convertible excel format of all traffic pattern to create a ACE for ASA.
Hope That Help..
-GI
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide