Firewall Wizards mailing list archives
Re: Routine Maintenance Tasks
From: "Paul D. Robertson" <proberts () patriot net>
Date: Mon, 3 Feb 2003 09:00:39 -0500 (EST)
On Mon, 3 Feb 2003, Roland Venter wrote:
G'day List, Can anyone recommend some daily/monthly administrative tasks to perform to ensure the firewall is running OK. I check the logs daily and every thing is running fine, but what preventative task need to performed to keep it this way. I'm sure someone has some sort of check list... The firewall is FP3 running on Checkpoint Secure Platform.
Just like any other critical system, the more you know about its health, the better. Checking CPU, disk, and memory utilization is probably a good thing, as are things like sizes of state tables (concurrent connections.) Making sure backups complete and are stored off-site is probably more critical than anything- if you've got a system you can restore to, then you should test that, otherwise, you need to figure out a way to manually verify that the critical data is saved. Reviewing the ruleset once a quarter is one of the best things you can do, especially if you've put exceptions to a security policy in place (and I mean *really* reviewing it with an eye towards seeing if you can be less permissive in any of the rules.) It's a good thing to check occasionally (quarterly, bi-annually, whatever works best for you) that the rules are working, and that rejections are logged appropriately (checking the logs is good, making sure that the logs will tell you anything useful is better.) If Firewall-1 still gets grumpy about expired licenses, it'd be good to add a "will my license expire soon" thing to the list. If you have users in the configuration, then it's good to periodically ensure that none of them have migrated elsewhere. That's what I can think of off the top of my head... Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Routine Maintenance Tasks Roland Venter (Feb 03)
- Re: Routine Maintenance Tasks Paul D. Robertson (Feb 03)