Reviewing firewall rules
I need to review firewall rules of a CheckPoint firewall for a customer (with 200+ rules).
I have used FWDoc in the past to extract the rules and convert them to other formats but there was some errors with exclusions. I then analyze them manually to produce an improved version of the rules (usually in OOo Calc) with comments.
I know there are several visualization techniques but they all go down to analyzing the traffic and I want static analysis.
So I was wondering, what process do you follow to analyze firewall rules? What tools do you use (not only for Checkpoint)?
Solution 1:
Recently, the guys at matasano have released Flint, a firewall rules checker. It's GPL and runs on sinatra.
(source: runplaybook.com)
Looks very promising. Although I haven't tried it yet. There's only support for PIX/ASA firewalls, but they will be adding others in the future.
EDIT:
I have installed it and tested it. Installation is very simple. As for the analysis, I fed it with a complex firewall configuration and it took a long time to analyze. Results were mostly correct, but there were parsing errors.
Overall, this is an initial release of a promising tool. And it was what I was looking for with this question in the first place.
Solution 2:
Playbook might be what you're looking for. I haven't run it, but it looks interesting.