Firewall rulebase audit
- From: jctx09@xxxxxxxxx
- Date: 19 Sep 2007 20:59:45 -0000
I have a pair of PIX firewalls that I need to audit. I was hoping to get some guidelines for doing this. Antyhing specific to PIX would be even better.
1) What is the best/easiest way to document a current policy? Spreadsheet?? I would like to know what ports (services) are open and to where? Also duplicates, etc.? Would it be best just to put it in a spreadsheet? Is there a tool for this?
2)Is there standard Analysis checklist to go by when reviewing a (PIX) firewall policy?
Any help is highly appreciated.