Re: Auditing Firewalls

[Javier Reyna Padilla <jreyna () onlinet com mx>]

NGX-R60 is not from Fortinet but from Checkpoint. Do you have a
Fortigate? or do you have a Checkpoint?

¡Saludos!

________________

Javier Reyna 
CCSA CCSE WCSE NSA NSP
Consultor en Seguridad
jreyna () onlinet com mx
www.onlinet.com.mx



ahgaber_rehan () yahoo com wrote:
> Hi, 
> I just shifted to IT Audit field. 
> I was wondering If there is any audit program can help me auditing my 2 Firewalls 
> Fortigate NGX-R60 and  Sidewinder.
> I am not sure where to start from , and I wanted your advice especially those  who conducted Auditing for FWs. 
> Our firewalls are in production, am I supposed to test them from different subnets ? such as plugging my laptop to 
> the DMZ and run my tools ?
> Of course you know testing FW’s in productions moght not take effect if idid my test from the LAN or the internet  
> since there will be IPS which will reset my Scanner.
>
> Also I want to know , As an IT Auditor, am i  supposed to have access to the FW ( eg. Read only access to check the 
> rules /ACLs ) or shall I ask for a copy of these rules ?
>  I mean is there a standard being followed and what can help me get good observations.
>
> regards.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>   

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------