Published: 01 Apr 2008
| FIREWALL MANAGEMENT
Enterprise firewall management is a headache. An ever-growing labyrinth of access control lists, complex change management over geographically distributed organizations, plus audit and compliance requirements make it tough to bring under control. SecureTrack 4.1, a comprehensive firewall operations management solution, helps cut the job down to size, especially for Check Point Software Technologies firewalls.
The Web-based GUI is intuitive, and where possible, the rules interface strives to give the look and feel of each type of firewall. For example, it mimics the Check Point interface when viewing and managing firewalls from a SmartCenter NG system, which is nice, but we'd like the ability to switch to a standardized view of rules across all platforms. You can use SecureTrack to manage Check Point, Cisco PIX and Juniper firewalls, but, in the current version, most of the key features are limited or nonexistent for the latter two.
A straightforward wizard is used to add a firewall to the system. SecureTrack passively pulls down the configuration and status of each firewall. You can view the rules and policy information side-by-side, so reviewing changes and other pertinent information is easy.
You'll spend most of your time in the Compare and Analysis interfaces. The Compare view allows you to see current rules, objects and global properties, offering a side-by-side comparison of current and previous versions. This is also where you can browse and drill down into firewall objects and properties, including any changes made. The revisions component is useful and allows you to view changes incrementally.
The Analyze tab allows you to make simple and effective queries, providing quick insight into any rule set. When you use the comparison and analysis tabs together, you can find conflicting and high-risk rules. Overlapping rules or gaps in rule sets between firewalls can lead to an unpredictable or insecure configuration. This risk assessment capability goes a long way toward helping you mitigate these issues.
These reports can be filtered by date, firewall, or nearly any other specific criteria. In addition to the canned reports, compliance and regulatory reports can be defined manually with custom policies that identify problem rules.
On the downside, the rule usage feature is currently not available for Cisco and Juniper firewalls.
Testing methodology: Our lab included a single instance of SecureTrack on Red Hat, two Check Point firewalls and one Cisco firewall. Rules were imported from production environments.