Standard Firewall and Network Change Testing Procedure

networking firewall best-practices testing

If you're looking for best practice for controlling change then you need to look at your service catalogue that ought to accompany such a thing.

You can then see what services are underpinned by the systems you're changing, and produce a standardised set of tests for each system, to ensure that they're both still working to your service level agreement.

Sorry to throw lots of ITIL jargon at you, but it sounds like someone's asked you about change management (and you yourself raise the ghost of 'best practice' for managing change) then this is what you need to do. Certainly a list of tests that I perform to determine that my network infrastructure and firewall are up to scratch won't help you much, because your priorities will not be the same as mine.

Whether you take any notice of the rest of this answer or not, the one thing I really do suggest to you is that "best practice" is to test functionality/availability from the perspective of the users trying to use a system; not to some narrowly defined test that might show a firewall as "up" because it responds to SNMP probes, while no one actually can use it due to a config error.

Once you've worked out what to test, it should be relatively simple, with most decent network monitoring software, to test, for example whether or not a URL on your website is available to the outside world, and flag an error if it fails or if it responds slower than you would like.


This is general advice (you asked a general question) but here is the best practices from a parent organization of a previous employer and I have yet to have "Best Practices" summed up so simply. This is pretty much my job in a nutshell.

  • Plan it before you do it.
  • Document everything.
  • Tell your users what you’re doing
  • If you have a choice always do it the Right Way not the Quick Way
  • Always have a contingency plan
  • Make security your number one concern
  • Make it reversible (and have procedures in place to reverse it)
  • Make it redundant
  • Make changes incrementally
  • Test, test, and test again before you unleash it on the world
  • Know how things really work.

Related

What type of SAS/SATA cables do Dell SAS6/iR and SAS5/iR controller cards use?
Unlock screen for ec2-user
Nginx + SSL server not responding
copying the contents of a binary file
What is the best way of installing new font to android emulator?
Using gcloud ml serving for large images
How to restore circular references (e.g. "$id") from Json.NET-serialized JSON?
Edit installed XML file according to user preferences in Inno Setup
How can I have a host and container read/write the same files with Docker?
How to convert a Spring-Boot web service into a Docker image?
Convert integer as "20160119" to different columns of "day" "year" "month"
How to convert dd/mm/yy to yyyy-mm-dd in R