This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Firewall rule optimization

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Firewall rule optimization

jdprovine
L4 Transporter

‎12-04-2015 06:40 AM

Anyone know of any good firewall optimization software for PA. One that can review the rules and make good suggestion to improve the rule order, removal etc?

2 people had this problem.
0 Likes Likes
6 REPLIES 6

googol
L3 Networker

‎12-04-2015 06:48 AM

Company called Firemon has a product that assists with this.

 

https://www.firemon.com/

jdprovine
L4 Transporter
In response to googol

‎12-04-2015 08:28 AM

I assume firemon has a price, anyone know of an open source version as well to look at?

0 Likes Likes

Kalemegdan
L3 Networker

‎12-07-2015 02:01 PM

I was in the same boat as you are; inherited about 850 lines of sec policies being migrated from other vendor's solution. My apporach to clean/optimize was to enable "Hightlight unused rules" and after a month i started disabling unused rules. Waited another month, documented disabled rules and scheduled rule removeal. And four more weekends like that. It took me about 2 months to reduce number of rules from 850 to 200. In the same time this excersise allowed me to get better understanding of the infrastructure. Out of all those disabled rules, i had 10 rules thate were required to put back; some legacy traffic users were not aware of.

You might be able to use PAN migration tool to upload firewall config and see if any duplication is showing. 

 

 

 

0 Likes Likes

jdprovine
L4 Transporter
In response to Kalemegdan

‎12-08-2015 07:40 AM

Well the migration was complete a couple of months ago and I have been using the method that you mentioned but I was also told there is software out there that would be able to do some of that work for me. So I just thought I would see waht people are using and how they like it. So far the only suggestion I have had is firemon, I am probably going to download a trial of that and see what it does, but would love more suggestions 

0 Likes Likes

Kalemegdan
L3 Networker
In response to jdprovine

‎12-08-2015 01:20 PM

If you dont mind, once you downlaod and test software could you post your findings? 

0 Likes Likes

jdprovine
L4 Transporter
In response to Kalemegdan

‎12-08-2015 02:08 PM

I can try it may not be something that can easlily be posted verbatim and it may take quite some time to complete the testing

  • 3193 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks