Firewall Analyzer is a tool that provides visibility and management of firewall policies. It allows users to import firewall configurations, view and analyze existing rules, detect anomalies, optimize policies, and track configuration changes. The tool also helps with compliance auditing and provides reports. Some key capabilities mentioned include finding unused rules, reordering rules for performance, continuous monitoring of rule changes, and roll back of configurations. It supports various firewall brands including Checkpoint. The document discusses use cases such as onboarding new admins, detecting unauthorized changes, and ensuring compliance.

1. Understanding firewall
policies and their
effectiveness in defending
against network threats
Free Firewall Analyzer training: Part II

2. Trainer

3. Can you hear me?
Can you see the presentation?
Please confirm by commenting in the chat panel

4. • Device Rule
• Firewall rule management
• Optimizing firewall policies
• Configuration change management
• Standard and compliance management
Agenda

5. Device Rule
Initial setup
Credentials and
credential profile
Add device in
Device Rule

6. Protocols:
• SSH
• SCP
• TFTP
• TELNET
Prerequisites
Ports:
• 69 > TFTP
• 22 > SSH/SCP
• 1514 > Syslogs
• Telnet>23

7. Establish a connection
Device Rule: Device Addition
Firewall Analyzer
TELNET
TELNET-TFTP
SSH
SSH-TFTP
SCP
Firewall

8. From the device:
• Select the required protocol and enter the firewall login
credentials.
• Use a credential profile for convenience.
• Test the given credential and establish the connection.
How to fetch rules and configurations

9. Device Rule: Add Device Info

10. From a file:
• Export the configuration from the firewall
in a human-readable format
• Create a rule file
• Import configuration file
How to Import rules and configurations

11. • Visibility to the rules, policies, and ACL usage
• Fine tune the firewall rules for optimal performance
• Rectify anomalies in the firewall policies
• Arrange the firewall policies for optimum performance
Rule management
Policy overview Policy optimization Unused Rule reorder

12. • Shadow
• Redundancy
• Generalization
• Correlation
Classification of anomalies

13. • Rectify anomalies in the
firewall policies
• Optimize policies and plug
all security holes
Rule management: Policy optimization

14. • Complete policy details
• Allowed/denied rules
• Inbound/outbound rules
• Inactive rules
• Logging disabled rules
• Any-to-any overly permissive rules
Rule management: Policy overview

15. Use case #1

16. Recently a few of our network admins left the company and new network
admins have joined. They want to write new rules on the firewall but don't know
if any similar rules already exist.
Can Firewall Analyzer give us better visibility of our existing rules and help point
out any unnecessary rules?
Case 1: When new network admins join

17. Fine-tune firewall rules for optimal performance
> Unused rules
> Unused objects
> Unused interfaces
Unused: Rule management

18. Use case #2

19. We have over 5000 rules in our firewall. After deploying Firewall Analyzer we
were able to see which rules are the "Top Used Rules" in our environment from
the "Firewall Rules Report." However, we can't see our unused rules. Can you
help?
Case 2: Finding which rules are unused

20. Arrange the firewall policies for optimum performance
• Rule hit count (rule usage) and individual rule complexity
• Suggested changes
• Complete list (position prior to reordering)
Rule management: Rule reorder

21. Real-time change detection and notification.
Configuration change management
Firewall
Analyzer
Firewall

22. Track and receive alerts for:
• Who did the change
• When it was done
• What was changed
Compare configurations side-by-side
Continued:

23. • Receive notification for every change
• Schedule a historical Change Report
Continued:

24. Use case #3

25. Recently, one of our peers from the network admin team left the company. We
suspect he did some damage to the firewall's configuration but the other
admins appear to not be able to log in to the firewall to check what's wrong.
What can we do to avoid scenarios such as this in future?
Case 3: An unhappy admin quits

26. • Assess your firewall security
posture with in-depth configuration
audits and recommendation reports
• Continuously monitor your firewall
rule changes and report instantly on
any rule misconfiguration
• Meet statutory compliance
requirements with out-of-the-box
reports for PCI DSS, NERC, ISO,
etc.*
Standard & Compliance Management

27. Contd..

28. Use case #4

29. • Recently our organization has started following the PCI standard. We need
to ensure that our network is 100% compliant every time PCI does an audit.
Can your solution inform me where I am failing so that I can be well
prepared prior to an audit?
Case 4: Industry standard compliance

30. Firewall Analyzer makes it easy

31. > Auditing is an integral part of IT security and Firewall Analyzer
aids in flawless auditing
> Safeguard your network from security breaches
> Conduct forensic analyses, root cause analyses, and IT audits
> Stay compliant with statutory requirements
Summary

32. Need more help?
https://www.manageengine.com/products/firewall/help/index.html
https://pitstop.manageengine.com/portal/community/netflow-and-deviceexpert-
and-firewall-support
fwanalyzer-support@manageengine.com

33. Q&A

34. Can I get a specific version Start-UP or Running configuration from the
application?
Question 1

35. I need to know what kind of command executed in device over a period of
time. So can I get that information?
Question 2

36. While adding a device rule, test credential got failed what should I do?
Question 3

37. I have a firewall with VDOMS, Will Firewall Analyzer fetch and Analyze
their configuration too?
Question 4

38. Is it possible to ignore a line/configuration, so that it wont appear as a
configuration change in Change Management Report?
Question 5

39. How to get immediate notification for configuration change if anyone
performed those changes anonymously?
Question 6

40. Can I roll-back any specific configuration using Firewall Analyzer?
Question 7

41. Is there a report to verify who changed the configuration?
Question 8

42. Can we update rule re-order position change automatically in Firewall?
Question 9

43. Does your application support configuration analysis for Checkpoint
devices?
Question 10

44. Thank You