Product review: AlgoSec's AlgoSec Firewall Analyzer 4.0

AFA's main role is to audit and evaluate firewall policies and configurations in the form of offline or exported configuration files, providing a complete audit without impacting the firewalls. You can import these configuration files directly through firewalls, the management interface or manually, by copying the configuration file. AFA supports Check Point Software Technologies, Cisco Systems and Juniper's Netscreen firewalls, as well as Cisco routers.

The audit engine is remarkable, using mathematical algorithms that calculate every possible packet that could traverse the firewall. This technique covers all external IP addresses, internal IP addresses, ports and protocols. All possible combinations are tested in every direction and on any interface.

Audits produce reports that contain data such as how a given rule or set of rules creates a risk. These risks are then rated, and can be investigated by drilling down to gain an in-depth understanding and suggested remediation. In our testing, for example, AFA detected a combination of rules that allowed UDP port 137 (NetBIOS) between our DMZ and internal network, and a recent change in a TFTP rule that

    Requires Free Membership to View

opened the DMZ to inbound and outbound connections.

Reporting is mature and flexible. The executive summary report provides a high-level view of the firewall(s) with findings listed by risk level. This is excellent for aggregating rules on multiple firewalls to determine collective risk. You can also see reports that detail each rule and why it creates a specific risk. The rules and layout are presented in the native firewall format, making interpretation easy.

The change history report simplifies change management, providing an ongoing view of all changes, mitigated risks and new risks. The compliance report gives a top-down view of firewalls analyzed as they apply to a given need.

AFA will greatly simplify firewall troubleshooting, management and compliance.

Testing methodology: Our lab included a single OpenSUSE 10.1 server with the AFA software installed. A number of sample configurations were used from various sources such as Cisco and Check Point firewalls. Configurations were analyzed individually and in groups to determine aggregate accuracy.

This was first published in February 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: