This activity addresses the steps to create new L4 or L7 rules, modify rules, and delete rules based on SRC/DST IP/Zone, application, service. URL Categories, HIP will not be part of this doc.
A firewall security rulebase is a critical component of the overall security architecture. An effective security rulebase should fulfill two requirements:
Support an organization’s business requirements by allowing authorized access to requested resources, whenever needed.
Ensure that only authorized entities are allowed to access critical resources - based on the least privilege principle.
The security rulebase change is one of the most frequent tasks carried out by firewall administrators. It’s also one of the most error-prone tasks, especially when done in a hurry, under the pressure of the requesting business unit, by an overloaded operations team. Under these conditions, ensuring that the requirements of an effective security rulebase are met at all times is a challenge. Appropriate change management processes and procedures are essential for achieving this goal.
This activity presents sound practices, technical guidelines, and generic processes and procedures that should fit any organization to help in maintaining a rulebase in good health.