Firewall Wizards mailing list archives
Re: Firewall Rule Migration Utilities?
From: Chad Schieken <cschieken () lucent com>
Date: Mon, 10 Dec 2001 15:16:42 -0500
I would argue that you don't want a tool to perform this, for several reasons:1. This is the perfect time to review your ruleset and determine which rules are needed and which are not. Going through a process of evaluating the need for, and owner of, each rule should provide significant value to your organization. I'm going to bet that you find things are no longer needed, should have already been taken out, and possibly a mistake.
2. No two firewall products are alike. I would argue that a Gauntlet performs it's functions in a way that is unique enough that you wouldn't want to own a FW-1 with a rulebases converted from Gauntlet. Checkpoint for instance has the set of policy properties that affect the way rules are interpreted, that would be difficult to express using the Gauntlet GUI.
I have a colleague who is in the process of shoe-horning a FW-1 into a space where a Raptor was. He is trying to keep all functionality the same. You should see the mess of a NAT rulebase he is dealing with.
Thanks, Chad At 07:45 AM 12/10/2001, Johann van Duyn wrote:
Hi there... Is anyone here aware of any firewall rule migration utilities that could help one to migrate rules from, say, a Gauntlet firewall to a FW-1, or vice-versa? Something like that could save a person a heck of a lot of typing when changing firewalls... Thanks! ----------------------------------------- Johann van Duyn, CISSP IT Risk and Security Manager: British American Tobacco South Africa Stellenbosch, South Africa Tel. +27 (21) 8883765 Cel. +27 (82) 4588472 Fax. +27 (21) 8838692 E:mail: johann_van_duyn () bat com ----------------------------------------- "We see things as we are, not as they are." -- Leon Rosten Confidentiality Notice: The information in this document and attachments is confidential and may also be legally privileged. It is intended only for the use of the named recipient. Internet communications are not secure and therefore British American Tobacco does not accept legal responsibility for the contents of this message. If you are not the intended recipient,please notify us immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall Rule Migration Utilities? Johann van Duyn (Dec 10)
- Re: Firewall Rule Migration Utilities? Chad Schieken (Dec 11)
- Re: Firewall Rule Migration Utilities? Inno Eroraha (Dec 13)
- <Possible follow-ups>
- Re: Firewall Rule Migration Utilities? Johann van Duyn (Dec 11)
- Re: Firewall Rule Migration Utilities? Volker Tanger (Dec 13)
- Re: Firewall Rule Migration Utilities? Avishai Wool (Dec 13)