Make correct, effective changes

In a complex enterprise environment, a single firewall access change requires careful analysis of even the most efficiently ordered rule base.

The Rule Recommendation feature in FireMon automates this analysis and provides you with a plan to implement the change request. Based on the access that you need to provide, FireMon suggests precisely how you can modify the rule base to meet the access change.

Move beyond simple workflow

Any change management tool can guide administrators through a change process. The Policy Planner feature in FireMon helps ensure that each change is correctly designed, implemented and verified. Integration with Rule Recommender, Audit Log and Change Reports help administrators manage change from the initial access request, through design, implementation and verification.

Document the rules

Rule justification isn’t just good security, it is required by most security regulations, including the PCI DSS. But after a rule is created, the knowledge of why it was created is lost -- either in the memory of an employee or in a system unrelated to the firewall. Using FireMon’s Rule Documentation feature, you can explain the rule as you implement it.

• FireMon's Rule Documentation feature is both an interface and a repository for rule justification enabling you to explain the rule as you implement it.
• Instead of vendor-supplied comment fields that are too small, or spreadsheets that grow unmanageable, you can justify the rule within the visual context of the rule base — in FireMon or in your device management console.
• Define the critical meta data about the rule, including business justification, business owner, and expiration date. This meta data is immediately, automatically and permanently associated with the rule, so even if the rule changes, the relationship with its justification remains intact.
• Display and disseminate rule documentation as stand-alone reports or as supporting detail in other reports.

Create a rule history

You can’t understand a rule completely without complete understanding of the rule’s evolution. New access requests and ongoing policy evaluations require changes to rules. Over time, your rule documentation, while still valid, won’t explain why a rule changed.

In the FireMon Audit Log you can document rule changes in detail. A single firewall change event can encompass several rule- or object-level changes, each one meeting a different access request or purpose. Within the Audit Log or your device management console, you can document these changes individually using meta data like change control number or change requestor. FireMon collects the change detail and documentation during policy retrieval. This change documentation is immediately associated with the change element and with the rule itself, and it creates a reportable rule history.

Report on the rule and its history

The main benefit of providing rule or change documentation is in the meaningful information you can gather in your policy auditing, change auditing, technical trouble shooting and justification reporting. FireMon provides several reports that assist these tasks including:

• Policy Report – a printable representation of the firewall policy, including rule documentation.
• Rule History Report – a time-bound biography of the rule, including its justification, a list of changes and change documentation.
• Expired Rules Report – a list of rules that should expire before a specific date.
• Change Control Report – the rule and change documentation associated with a change control number in Policy Planner or third-party change management system.