02-24-2022 11:35 AM
Firewalls need to be able to improve their own status automatically by adjusting rules, policies and objects automatically to be more secure by using usage date. An example, system a talks to system b on a selection of ports all configured on the firewall. All designed and planned on human logic. After a month some ports have no traffic between the systems. The firewall should detect this and remove the unused ports from the configuration so that the rule is more secure. The same for source and destination ip addresses. If ip's or ranges show no usage after an extended period, firewall should tighten access to used ip addresses. Obviously allow an override where it's needed. Imaging installing a firewall, that gets more secure over time by removing unused ports, rules and ip's.
02-24-2022 06:30 PM
I think you just described policy optimizer recommendations almost to a T, just that it's not automated 😀
Personally I don't think I would ever want my firewall automatically changing policies and removed "unused" app-ids or rulebase entries. There's plenty of rules and app-ids that I have across various clients that only get hit during quarterly or even yearly business practices. Policy Optimizer routinely tells me the rules are unused, even though the schedule assigned isn't active and I don't expect it to be hit for months to follow. I wouldn't want to suddenly find my firewall removed an app that was needed or a security rulebase entry that was needed.
03-08-2022 11:03 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!