Re: [fw-wiz] Firewall policy generator, capture based - Any idea?

Why on earth would you want that: you're making the assumption that all traffic on your net is wanted traffic.

NOT a good assumption: especially if one of the boxes inside your perimeter is Trojaned or otherwise Owned.. I know, you said  "Data Center".  If it's running an OS or an app, it can be compromised.  Even if it's in a  Data Center. . .

A tool to analyze your traffic is one thing, and fairly useful, but using that tool to generate a ruleset is a risk **I** wouldn't want to take. . .

On Tue Jan 29 6:09 , Ruggero D sent:

Dear Firewall Wizards,
I would like to find out if you know any tool that can help me with this:
I want to capture my Data Center traffic, with a NAM or Sniffer.
Taken the capture I would like to have a tool that can interpret the traffic flows and automatically generate firewall rules to allow those flows.
I really don't want to waste time inspecting each single PCAP packet!
For example if there are multiple flows from the same subnet, create a permit rule for that subnet matching the destination range.
Basically a packetflow capture based firewall rules generator.
Best Regards
Ruggero Delcuratolo

firewall-wizards mailing list