Home
Friday, October 20, 2017
11:27:58 PM
Users online: 0   You are here >> Home > Security

Forums | Security Forums search
Forum FAQ
   
  1  
Firewall rule visualisation
iamthemaxx 
13/5/08 10:48:59 AM
Mod
SuperHero

Immortal


I have a pix firewall here and I need to understand the rules so I can try to fix a problem and allow some VPN traffic through.

Given that I am still new to this side of networking does anyone know of any tools that can help me visualise the current ACLs and rest of the settings?

-----

iamthemaxx 
15/5/08 3:25:34 PM
Mod
SuperHero

Immortal


BAM!
http://www.fwbuilder.org/

Not entirely what I want but it's a start.

-----

bnew 
15/5/08 6:22:23 PM
Guru

I'll check at work tomorrow what we are using, I have a feeling it is specific to the linux firewall distro we are using though.

EDIT: My mistake, I was thinking of the graphing that IPCop does.


Edited by bnew: 16/5/2008 09:22:01 AM

-----
Hardware: the parts of a computer that can be kicked. ~Jeff Pesis

sponger 
17/5/08 10:23:47 PM
Immortal

Quote by iamthemaxx
BAM!
http://www.fwbuilder.org/

Not entirely what I want but it's a start.



That is fricken cool. Didn't know such software existed.

-----

robzy 
24/5/08 12:14:53 AM
Hero
Immortal


That looks awesome.

Rob.

-----
עם ישראל חי

Linux_Inside V2 
28/5/08 11:41:33 AM
Immortal

Oooh that looks cool, and works with IPFW on BSD/OSX...

I wonder how it goes with the traffic shaping rules I've got though.

-----

Mister_T 
28/5/08 8:15:57 PM
Hero
Titan


Draw two rows of 65535 boxes and label them 'tcp' and 'udp'. Colour in the ones that correspond to open ports (or conversely, closed ports).

Voila! Firewall visualisation!

t

-----
http://frase.id.au/

 
--- http://folding.stanford.edu ---
MozillaZine Folding Team
http://weblogs.mozillazine.org/folding/
--- Team 39340 - JOIN US!! ---

Placenta Boy 
12/6/08 5:02:43 PM
Master

use Cisco SDM (security device manager). Or is it ASDM for PIX now? Either way, it's a gui for your firewall. Easier to understand the ACLs then looking at command line.

-----

iamthemaxx 
12/6/08 5:13:37 PM
Mod
SuperHero

Immortal


It's the ADSM now.

Only problem is it doesn't really provide much in the way of visualisation. It just provides a nice gui for the ACL's, but nothing major.

-----

Placenta Boy 
13/6/08 10:33:36 AM
Master

Hmmm it's pretty basic though. The ACLs are applied in order from top to bottom. You just read down to see what is allowed before the default DENY rule. So i can't see how you can get anything easier to understand than that.

What is is exactly you are trying to do? If you want to paste your ACLs (obviously change any sensitive info) and we can help you out.

Other than that though, i recommend you get used to working with those ACLs if you have found yourself in a position to have to manage them. No shortcuts i'm afraid!

-----

iamthemaxx 
13/6/08 12:37:24 PM
Mod
SuperHero

Immortal


I want an overall picture.
While the ADSM is nice to use it will only show you one specific area that you are working on.

I want to see the interaction between rules, hosts, VPNs and so forth. I think FW Builder can provide that.

-----

  1  
Forums | Security