Re: Firewall review tool for Junipers

[Victor Williams <vbwilliams () gmail com>]

Having gone through this already, there is no silver bullet for ruleset 
auditing...it takes human eyes and an explanation on why rulesets are 
the way they are.

For automated configuration collection and archive, as well as 
comparison, Kiwi Cattools will handle configurations with select Juniper 
devices.

The only way you're going to be able to audit configurations that a QSA 
would be fine with is to manually audit them and comment the 
rulesets--explain why they're needed.  Cisco, Secure Computing 
Sidewinder (now owned by McAfee and going by a different name), etc all 
allow commenting of access lists.  The last gap analysis we had with a 
QSA who audited our rulesets indicated that our rulesets and 
justifications would pass an audit because of the completeness of the 
comments.

Hope this helps.

On 4/22/2010 10:00 AM, Wilson wrote:
> Hi there,
>
> Just wanted to get some advice from the forum. What tools do you use
> to perform firewall policies review on Junipers firewall? One of the
> driver is to comply with PCIDSS. Due to the number of firewalls I hope
> there is some proven tools out there that can help with things like
> gathering configs, identify diff in rulesets etc. I am prepared for
> manual analysis but want to automate as much as possible, especially
> this will be a recurring tasks. Anyway welcome any open source or
> commercial suggestions. Thanks heaps for your help.
>
> Cheers,
>
> Wil
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>    

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards