|
Simplicity equals efficiency – for firewall policies and for security administrators.
FireMon offers policy optimization features that identify where policies can be
shortened, simplified and reorganized. After updating the rule base, keeping the
policy optimized is simple: stay informed with regularly scheduled automatic usage
reports. With shorter, simpler firewall policies, you will improve firewall performance
and significantly ease your administrative burden.
These features are currently available for Check Point firewalls, and Cisco PIX/ASA
and Juniper Network NetScreen firewalls.
Remove unused objects and rules
More than 30% of the rules in your firewall policy are probably unused.1 FireMon’s
Policy Usage Analysis identifies which rules and objects are used, unused or unlogged,
as well as the number of rule and object “hits.” You can view simple rule and object
hit counts in the visual context of the policy. Or you can view object and rule
usage by category (most-used rules, unused NAT rules, unused Services, etc.), and then
share your findings by emailing Usage Reports with PDF and HTML output.
Reorder rules
FireMon identifies the usage frequency as well as the dates and times of each rule
and object hit. Use this information to reorder rules in the rule base for improved
device performance.
Identify performance issues
Analyze the security policy for the use of performance-degrading options such as
domain objects, nested objects and recessive group objects.
1According to statistics provided by actual FireMon users.
|