There are some pretty good tools to test firewalls, and they are free. You should run Nessus (www.nessus.org), a free open source vulnerability scanner, against your firewall to determine if there are any problems with it. Nessus also includes a whole category of vulnerability checks just for firewalls. Additionally, you should look at Firewalk (www.packetfactory.net), a tool for determining packet filter firewall rule sets. You should probably also look at how the firewall handles fragmented packets, using FragRoute (http://monkey.org/~dugsong/fragroute/). Finally, ICSA Labs, a division of TruSecure Corp., certifies firewalls. You can get more information about the tests they run their firewalls through.
For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: Performing firewall maintenance
Best Web Links: Firewalls
This was first published in August 2002