We had a recent firewall failure that resulted in a few hours of downtime, but fortunately we had a backup device...
we could swap in. However, to manage any future incidents properly, do you have a checklist or set of firewall best practices for managing a firewall failure?
Ask the Expert
Perplexed about network security? Send your network security-related questions today! (All questions are anonymous.)
Redundancy: This involves more than simply having a spare lying around to install in the event of a firewall failure. Rather, you must ensure that some sort of automatic failover is in place.
For example, in a Cisco PIX environment, you should have one PIX device configured as the active device and another configured as the standby device. The only additional infrastructure needed in most cases is the failover cable, which is nothing more than a modified serial link cable that connects both PIX devices. In this configuration, the communication between the two devices is conducted via ACK messages sent every three seconds. If a message is not acknowledged, a retransmission is sent. If after five retransmissions there is no accompanying ACK, a failover condition is assumed and the standby device will take over as the active device.
Monitoring: It is desirable to accompany your firewall infrastructure with some sort of inline monitoring device to ensure that your firewall is blocking what it is configured to block. This process can be completely passive so long as some sort of alerting mechanism is in place in the event that your monitoring device detects an anomaly.
For example, if your organization is under a serious budget constraint and you can't afford to purchase a monitoring device, you could configure a monitor port on or behind your firewall and conduct a Wireshark capture of all traffic that traverses your firewall. While this is not a firewall failure management mechanism, it will help you determine whether or not certain aspects of your firewall are failing.
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ... Continue Reading