Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2316
Views
0
Helpful
3
Replies

Query and Reporting from Firewall rule base

duane.smith
Level 1
Level 1

‎02-05-2010 07:45 AM - edited ‎02-21-2020 03:52 AM

In large organizations where firewall policies develope over a long period of time, sometimes the result of merging rules from two or more firewall, organizational and contract chages etc; rules can get quite unmanageable. I am wondering if Cisco firewall management software has tools that would help in these situations.

Being able to answer simple questions like "To what IP addresses is TCP 1521 allowed" is one thing. Being able to do complex merge and union operations is another. Even the ability to export into Excel with group object members expanded would allow some of this type of management even if the software itself did not offer it.

So.... anybody know what Cisco has in this regard?

0 Helpful
3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-06-2010 04:22 AM 

In large organizations where
firewall policies develope over a long period of time, sometimes the
result of merging rules from two or more firewall, organizational and
contract chages etc; rules can get quite unmanageable. I am wondering
if Cisco firewall management software has tools that would help in
these situations.
Being
able to answer simple questions like "To what IP addresses is TCP 1521
allowed" is one thing. Being able to do complex merge and union
operations is another. Even the ability to export into Excel with group
object members expanded would allow some of this type of management
even if the software itself did not offer it.
So.... anybody know what Cisco has in this regard?

Hi ,

If you access the firewall via ASDM you can export the whole rule base to csv /html format for analysing and finding some rule with specific port.

When you connect a firewall using ASDM in the firewall tab in thr front page itself you can the export option for whole rule base in two format csv or html.

Hope to help

If helpful do rate the post

Ganesh.H

0 Helpful

gibrice
Level 1
Level 1

‎02-12-2010 10:56 AM

Hi Duane,

     While this isn't neccesarily a Cisco provided manangement tool, Tufin SecureTrack can do what you are asking for in a Cisco environment.  Analysis queries can find whether a device can get to a server on 1521, or whether 1521 is open to a certain network, or even if any port other than 1521 is open to a from one device to another.  The data can be queried in many forms.

     The compare funtion is a diff on steroids.  Objects are collected, tracked and can be viewed.

HTH

Gil Brice

0 Helpful

AndrewKalat
Level 1
Level 1

‎03-01-2010 12:08 PM

Good day Duane,

While at risk of jumping on the "me too" bandwagon, I also work for a company that provides a great tool that can do what you are asking as well as lot of great optimization, risk and compliance reporting, and clean up of Cisco ACL policies. Again, not a Cisco suppiled tool, but we work closely with them on it. You can check it out our Algosec Firewall Analyzer by following the link.

In the interest of full disclosure, I work as a Sales Engineer for Algosec.

Thanks,

Andrew Kalat

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card