Firewall Rule Impact Analysis - Rule Management Reports


    The Rule Impact Analysis functionality of Firewall Analyzer helps you to analyze the impact of a new rule over the existing rules in the firewall device. The new rule before pushing in to the firewall devices is analyzed for security threats, risky ports & IP addresses, complexity and anomalies with the existing rules.

    This section can be accessed from the Rule Impact link of Compliance > Rule Management tab.

    The table in this page displays the new rules, created for the specific firewall device selected on top right corner of the page, analyzed for impact. The table contains the following columns:

    Column name
    Description
    Policy Name The name of the new policy for which the rule impact report is generated.
    Report Click View Reports link to view the report on the impact of the new rule.
    Created on The date and time, the rule was created.
    Export You can export the report in PDF and HTML format. Use the PDF and HTML icons for the same.
    Action You can edit or delete the proposed new rule. Use the Edit and Delete icons for the same.

     

    How to analyze the impact of the draft new rule?

    On the top right corner choose the firewall device for which you want to create a new rule.

    To create the new rule and analyze the impact over existing rules, follow the procedure given below:

    1. In the Rule Name field, enter a name for the new rule.
    2. Select the Policy Name from the drop down list or click Add icon to enter a new policy name and click Delete icon to delete the new policy name.
    3. For the Position field, select the position of the rule, Default or Custom. If you select Default, the rule will be appended at the end and will be analyzed for the impact. If you choose Custom, you can enter the position of the new rule in which it will be inserted and analyzed for impact.
    4. For the Source field, select the source of the rule, Any or Select. If you select Any, all the hosts in the network will be taken for impact analysis. If you choose Select, you can choose the IP Network, IP Range or hosts grouped in to a zone. For IP Network, enter the IP address of the network and Netmask. For IP Range, enter start IP address and end IP address. You can choose more than one IP Network or IP Range using Add icon. For source available in a zone, select the zones from the Available Source list to Selected Source list using left/right arrows.
    5. For the Destination field, select the destination of the rule, Any or Select. If you select Any, all the hosts in the network will be taken for impact analysis. If you choose Select, you can choose the IP Network, IP Range or hosts grouped in to a zone. For IP Network, enter the IP address of the network and Netmask. For IP Range, enter start IP address and end IP address. You can more than one IP Network or IP Range using Add icon. For destination available in a zone, select the zones from the Available Destination list to Selected Destination list using left/right arrows.
    6. For the Source Interface field, select the source interface of the rule, Any or Select. If you select Any, all the interfaces in the network will be taken for impact analysis. If you choose Select, you can choose zones where a set of interfaces are grouped. Choose the zones available in the drop down list.
    7. For the Destination Interface field, select the destination interface of the rule, Any or Select. If you select Any, all the interfaces in the network will be taken for impact analysis. If you choose Select, you can choose zones where a set of interfaces are grouped. Choose the zones available in the drop down list.
    8. For the Service field, select the service of the rule, Any or Select. If you select Any, all the services will be taken for impact analysis. If you choose Select, you can choose the services. To select specific services, select the services from the Available Services list to Selected Services list using left/right arrows.
    9. In the Action field, select the action of the rule, Allow or Deny.
    10. On the report generation
      • Upload the blacklisted IP addresses file in .txt or .csv format and select the Consider my blacklisted IP file checkbox.
      • Select the Object repetitiveness drop down option, to examine and show the object repetitiveness only for first examined N number of rules.
    1. Click Generate Report, to generate the rule impact analysis report for draft rule you have created.

    The new draft rule with details and impact report will be listed in the table.

    Click View Report link in the table to view the impact analysis for the new draft rule. The details in the report are:

    <Firewall Name> Impact Policy Analysis Report

    Rule Details Given for Impact Analysis comprises of Rule Name, Position, Source, Destination, Source Interface, Destination Interface, Service, and Action.

    Sections:

    1. Anomaly Details.
    2. Rule Reorder Suggestions.
    3. Overly Permissive Rule Details.
    4. Security Threats in Services/Applications.
    5. Blacklisted IP Analysis.
    6. Risky Port Analysis.
    7. Object repetitiveness in Rules.

     Refer the Rule Management Report Support page, for the list of firewall devices.