Firewall Wizards mailing list archives
RE: Firewall-1 diff?
From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Thu, 22 Mar 2001 12:53:13 -0500
Gang, Not sure if you're interested in a commercial product or not, but I recently came across a product that does versioning control and other interesting things with the FW Policies. I've not used it, or even evaluated it, I just know it exists. Check out www.firemon.com. I'm not associated with them in any way, so don't blame me if it does bad things. ;) However, if anyone does play with it, or has, I'd love to hear feedback as we are considering doing an eval on it... --------------------------------------------------------- Andrew J. Kalat, | Direct:(404)236-2713 IT Infrastructure Manager | Main: (404)236-2600 Internet Security Systems, Inc. | E-Mail: akalat () iss net 6303 Barfield Road | http://www.iss.net/ Atlanta, GA 30328 | PGP key available. Note: The views are my own, not my employers, yadda, yadda... -----Original Message----- From: mike [mailto:michael.seeger () mchh siemens de] Sent: Thursday, March 22, 2001 5:02 AM To: firewall-wizards () nfr com Subject: Re: [fw-wiz] Firewall-1 diff? Hi,
I am working on writing a Firewall-1 "diff" script, that will be able to highlight changes from one snapshot to the next.
..
Has anybody done something like this before, or am I the only person who sees a need for a tool that does this?
i wrote a small program that runs in the background on the managment station and checks the gui-logfile ($FWDIR/log/cpmgmt.aud for fw1 v4.1) for policy changes. If such an event is detected the approriate files are checked in by cvs. This works nice and reliable only backdraw is it requires some expertise to interpret the output of the 'cvs diff' Next step is to modify this to use cvs over the net (non anonymous) tunneled for example by stunnel. If anyone is interested drop me a mail Regards Michael -- '"" (o o) ----------------o00--(_)--00o---------------------------- Michael Seeger Internet: michael.seeger () mchh siemens de SBS ITS EBO 12 Opinions are my own, not necessarily those of my employer ---- The best defense against logic is ignorance -------- --------------------------------------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Firewall-1 diff? Dawes, Rogan (ZA - Johannesburg) (Mar 21)
- Re: Firewall-1 diff? mike (Mar 22)
- <Possible follow-ups>
- RE: Firewall-1 diff? Vargas Miguel (Mar 22)
- RE: Firewall-1 diff? Kalat, Andrew (ISS Atlanta) (Mar 23)