Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Routine Maintenance Tasks

From: "Paul D. Robertson" <proberts () patriot net>
Date: Mon, 3 Feb 2003 09:00:39 -0500 (EST)
On Mon, 3 Feb 2003, Roland Venter wrote:


G'day List,

Can anyone recommend some daily/monthly administrative tasks to
perform to ensure the firewall is running OK. I check the logs daily
and every thing is running fine, but what preventative task need to
performed to keep it this way. I'm sure someone has some sort of check
list... The firewall is FP3 running on Checkpoint Secure Platform.


Just like any other critical system, the more you know about its health, 
the better.  Checking CPU, disk, and memory utilization is probably a good 
thing, as are things like sizes of state tables (concurrent connections.)  
Making sure backups complete and are stored off-site is probably more 
critical than anything- if you've got a system you can restore to, then 
you should test that, otherwise, you need to figure out a way to manually 
verify that the critical data is saved.
  
Reviewing the ruleset once a quarter is one of the best things you 
can do, especially if you've put exceptions to a security policy in place 
(and I mean *really* reviewing it with an eye towards seeing if you can be 
less permissive in any of the rules.)  It's a good thing to check 
occasionally (quarterly, bi-annually, whatever works best for you) that 
the rules are working, and that rejections are logged appropriately 
(checking the logs is good, making sure that the logs will tell you 
anything useful is better.)

If Firewall-1 still gets grumpy about expired licenses, it'd be good to 
add a "will my license expire soon" thing to the list.  If you have users 
in the configuration, then it's good to periodically ensure that none of 
them have migrated elsewhere.

That's what I can think of off the top of my head...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: