Re: [fw-wiz] Firewall policy generator, capture based - Any idea?



Why on earth would you want that: you're making the assumption that all traffic on your net is wanted traffic.

NOT a good assumption: especially if one of the boxes inside your perimeter is Trojaned or otherwise Owned.. I know, you said  "Data Center".  If it's running an OS or an app, it can be compromised.  Even if it's in a  Data Center. . .

A tool to analyze your traffic is one thing, and fairly useful, but using that tool to generate a ruleset is a risk **I** wouldn't want to take. . .



On Tue Jan 29 6:09 , Ruggero D sent:

Dear Firewall Wizards,
 
I would like to find out if you know any tool that can help me with this:
 
I want to capture my Data Center traffic, with a NAM or Sniffer.
Taken the capture I would like to have a tool that can interpret the traffic flows and automatically generate firewall rules to allow those flows.
I really don't want to waste time inspecting each single PCAP packet!
 
For example if there are multiple flows from the same subnet, create a permit rule for that subnet matching the destination range.
 
Basically a packetflow capture based firewall rules generator.
 
Thanks
 
Best Regards
 
Ruggero Delcuratolo

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • [fw-wiz] Firewall policy generator, capture based - Any idea?
    ... Taken the capture I would like to have a tool that can interpret the traffic flows and automatically generate firewall rules to allow those flows. ... For example if there are multiple flows from the same subnet, create a permit rule for that subnet matching the destination range. ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Firewall policy generator, capture based - Any idea?
    ... Taken the capture I would like to have a tool that can interpret the traffic flows and automatically generate firewall rules to allow those flows. ... For example if there are multiple flows from the same subnet, create a permit rule for that subnet matching the destination range. ...
    (Firewall-Wizards)
  • Re: Capture & Redirect Ports
    ... > Does anybody know if it is possible with RealBasic to capture and ... > redirect traffic that flows through a particular port? ... Prev by Date: ...
    (comp.lang.basic.realbasic)