RE: firewall rule lifecycle management

["Bruce Smith" <bruce_the_loon () tiscali co za>]

Hi

> From my PIX experience, clear rule counters every month. After a while, look
for the rules that have zero counts and then remove them. Can be scripted
and searched with grep.

Bruce 

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Michael Cox
Sent: Tuesday, August 30, 2005 5:25 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] firewall rule lifecycle management

Hi all.

Question: What do those of you in large environments do to manage your 
rulesets in terms of removing access that is no longer required? We get 
lots of requests to add access, but are almost never told when 
something can be removed. This is a large corporation with lots of 
subcontractors, B2B, etc., and we're looking for ideas on how others 
get a handle on this (or does anybody?).

Thanks in advance!
Michael
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards