I am about to build a new firewall'd infrastructure in which a significant amount of traffic will be running through it. I need to lock this firewall down as quickly as possible.
Since there are no rules in place I will enable a âpermit ip any any logâ until all the infrastructure is in place and logg all matches to syslog. As soon as the infrastructure is in place - deny ip any any log!
Now I know I can go through the syslog server and identify all the traffic building rule by rule, creating object groups where applicable but I am looking for a method of easily identifying the required traffic rather than going through log by log? Any recommendations? Looking forward to your responses.