Tool-assisted firewall management and fault repair

Network path analysis tools and power-assisted firewall management and fault repair is very important. Although network path analysis tools such as route tracking are effective at examining the impact of individual network devices on network packet transmission, they cannot help engineers understand the role of network security devices.





Athena Security Company's new Pathfinder Network path Analysis product provides such secure infrastructure visibility. Network engineers can upload configuration data from firewalls, switches, and routers to the tool so that an offline virtual network model can be generated. They can then simulate packet transfers in this network model, and Pathfinder can also predict how device configuration and firewall rules will affect packet flow.





Convenience chain store Kwik Trip after dividing the DMZ in the network, the LAN and WAN Administrator Chuck Serauskas found that certain types of traffic are hung up in the network fragment. Therefore, he used Pathfinder to fix the problem.





"We've been using it to fix the problem after we have pathfinder ... How the path is passed through our ASA [Cisco Adaptive Security Appliance], "he said. "For PCI, we've recently split our DMZ into 4 different DMZ." When we first created it, our route was not just passing through it, and our VMware staff experienced some problems using some of the servers in our DMZ. ”





through the Pathfinder Off-line Network path analysis feature, Serauskas can use his device configuration to create a network model and send analog packets through the DMZ. He found ASA would intercept some of the passed packets. He examined ASA's rules and found that some rules sent packets through an old path that had been deprecated before dividing.





"We just need to modify the path on the DMZ--make the right changes on the firewall--and once we have modified the configuration, we can run a new test on the pathfinder." "he said. "Once we know that the IP address that the VMware administrator is trying to get is already transmitting data correctly, we can apply the modifications to the production environment." ”





Network Path Analysis tool does not consider security





Network engineers have a number of tools to perform network traffic analysis, including simple tools like route tracking, and large system management products with network path analysis capabilities such as Opnet and Compuware. However, most of these tools are oriented to network devices and hosts-not network security devices.




It is not uncommon to
"firewall rule changes that eventually result in application performance problems." When looking for a performance problem, it's usually not checked, but it still has a significant impact, "says Jim Frey, director of network management research at Enterprise Management Associates.





Network path analysis tools and power-assisted firewall management and fault repair is very important. Although network path analysis tools such as route tracking are effective at examining the impact of individual network devices on network packet transmission, they cannot help engineers understand the role of network security devices.





Athena Security Company's new Pathfinder Network path Analysis product provides such secure infrastructure visibility. Network engineers can upload configuration data from firewalls, switches, and routers to the tool so that an offline virtual network model can be generated. They can then simulate packet transfers in this network model, and Pathfinder can also predict how device configuration and firewall rules will affect packet flow.





Convenience chain store Kwik Trip after dividing the DMZ in the network, the LAN and WAN Administrator Chuck Serauskas found that certain types of traffic are hung up in the network fragment. Therefore, he used Pathfinder to fix the problem.





"We've been using it to fix the problem after we have pathfinder ... How the path is passed through our ASA [Cisco Adaptive Security Appliance], "he said. "For PCI, we've recently split our DMZ into 4 different DMZ." When we first created it, our route was not just passing through it, and our VMware staff experienced some problems using some of the servers in our DMZ. ”





Through Pathfinder off-line network path analysis, Serauskas can use his device configuration to create a network model and send analog packets through the DMZ. He found ASA would intercept some of the passed packets. He examined ASA's rules and found that some rules sent packets through an old path that had been deprecated before dividing.





"We just need to modify the path on the DMZ--make the right changes on the firewall--and once we have modified the configuration, we can run a new test on the pathfinder." "he said. "Once we know that the IP address that the VMware administrator is trying to get is already transmitting data correctly, we can apply the modifications to the production environment." ”





Network Path Analysis tool does not consider security





Network engineers have a number of tools to perform network traffic analysis, including simple tools like route tracking, and large system management products with network path analysis capabilities such as Opnet and Compuware. However, most of these tools are oriented to network devices and hosts-not network security devices.




It is not uncommon to
"firewall rule changes that eventually result in application performance problems." When looking for a performance problem, it's usually not checked, but it still has a significant impact, "says Jim Frey, director of network management research at Enterprise Management Associates.