keep track of firewall rule change

Unanswered Question

Is there a cheap(or free) solution/software out there that can keep track of the firewall fule changes people make to the ASA/PIX? I want to know what changes have been made, who made the change and what time it happened. I believe the Cisco Security Manager can do that. Are there any other solutions out there?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Tue, 11/11/2008 - 05:32

That can be easily done with either Cisco

Secure ACS (cost money) or freeware tacacs


There is a vendor out there called Firemon.

It can keep track of changes on the firewall

and compared the differences. It works quite

well on Checkpoint firewalls, Nokia appliances

and Cisco IOS routers. I have not tried it

with ASA. This is a comercial software so it

costs money. The alternative is to use RANCID

which can do the same thing.

my 2c.


This Discussion