Re: [fw-wiz] secure firewall rule management program

Hi Morty,
have you had a look at Tufin SecureTrack and SecureChange Workflow?
It's not free, but quite good and I think your requirements are fulfilled.

It runs on Linux and is written by security professionals.
SecureTrack is connected to Check Point SmartCenter or MDS/CMA via
OPSEC, other vendors are supported too (e.g. Juniper, Cisco,
Each 'save' gives a new revision, no 'install' necessary. So reports,
and above all, alerts are generated before installing the new version on
the firewalls.
Expired rules can be found, rule usage is based on logging - also the
use of objects within rules is documented, so not only unused rules but
also unused objects can be found. I found out that esp. finding these
objects is important and not so easy without a tool.
Based on logging an automatic policy generation is possible, offering
many parameters for the suggested rulebase. Further on, many different
types of reports and audits (also PCI-DSS) can be configured and run.
Users can be defined as admin or as simple user with different roles and
therefore rights.
Tufin SecureChange Workflow offers a very open and individually
configrable system. Many different workflows can be defined. These
workflows need to be followed. Many different roles can be defined, e.g.
admin, end user (requestor), approver, implementer, dispatcher etc. You
are very free in defining users and workflows.
The request can be checked agains compliance alerts and rules for
business continuity from Tufin SecureTrack. So when a user requests a
'forbidden connection', an alert is generated. For sure, existing rules
as well as objects can be considered.

We work with this software since a longer time now, it's good. Have a
look at

Best regars,
AERAsec Network Services and Security GmbH HRB: 133265 München
Wagenberger Strasse 1 UStID: DE-209125001
D-85662 Hohenbrunn, Germany
Tel. +49 8102 895 190 Fax. +49 8102 895 199
Sitz der Ges.: D-85662 Hohenbrunn, Geschäftsführer: Dr. Matthias Leu
PGP Public Key:
firewall-wizards mailing list