Reviewing firewall rules

security firewall checkpoint

I need to review firewall rules of a CheckPoint firewall for a customer (with 200+ rules).

I have used FWDoc in the past to extract the rules and convert them to other formats but there was some errors with exclusions. I then analyze them manually to produce an improved version of the rules (usually in OOo Calc) with comments.

I know there are several visualization techniques but they all go down to analyzing the traffic and I want static analysis.

So I was wondering, what process do you follow to analyze firewall rules? What tools do you use (not only for Checkpoint)?


Solution 1:

Recently, the guys at matasano have released Flint, a firewall rules checker. It's GPL and runs on sinatra.

alt text
(source: runplaybook.com)

Looks very promising. Although I haven't tried it yet. There's only support for PIX/ASA firewalls, but they will be adding others in the future.

EDIT:

I have installed it and tested it. Installation is very simple. As for the analysis, I fed it with a complex firewall configuration and it took a long time to analyze. Results were mostly correct, but there were parsing errors.

Overall, this is an initial release of a promising tool. And it was what I was looking for with this question in the first place.

Solution 2:

Playbook might be what you're looking for. I haven't run it, but it looks interesting.

Related

Is there a point in using Prelink anymore?
What to filter when providing very limited open WiFi to a small conference or meeting?
Different ways to restart Apache?
Make apachebench(ab) send HTTP1.1 request?
Reverse proxy for a subdirectory in nginx
How do SAN Certs degrade performance?
Is it possible to change BIOS settings from Linux?
Linux; What is stripe_cache_size and what does it do?
Configuring Logstash when installed as a service [closed]
Jenkins on Docker - Free Swap Space 0
Running SQL from memory faster than SSD?
Add a custom certificate authority to Ubuntu