What is firewall change management?

In any organization, frequent firewall changes are a necessity when it comes to network security. Putting into place a streamlined firewall change management policy template reduces management time and also the chance of introducing new security or compliance issues with each change. A typical firewall change management process would include the following steps:

Firewall change monitoring process

  1. A user raises a request for a particular change.
  2. The request is approved by the firewall or network security team, and all the details on who approves the request are recorded for future reference.
  3. After approval, the configuration is tested to confirm whether changes in the firewall will have the desired effect without causing any threat to the existing setup.
  4. Once the changes are tested, the new rule is deployed into production.
  5. A validation process is performed to ensure that the new firewall settings are operating as intended.
  6. All changes, reasons for changes, time stamps, and personnel involved are recorded.

Firewall change management should be used before making changes to firewall or IDPS rules that affect users. A concrete firewall change management process helps ensure complete cohesion in managing changes in your network.

How does Firewall Analyzer act as a firewall configuration management tool?

1. Firewall configuration change monitoring

Firewall Analyzer fetches the firewall configuration using CLI or API from your firewall devices and enables you to keep an eye on the changes being made to the network security infrastructure. Administrators may commit an unintentional error or carry out an improper change while acting on a firewall configuration change request giving room for breaches. This feature ensures that all the configurations and subsequent changes made in the Firewall device are captured periodically and stored in the database. Firewall Analyzer's configuration change management reports precisely helps find out 'who' made 'what' changes, 'when' and 'why' to the firewall configuration.

Firewall Configuration Changes Report

 

The following are the reports generated by this firewall configuration analysis tool.

Configuration change reports

  • Running Configuration Changes Report - Report on difference between any two running configuration changes
  • Startup Configuration Changes Report - Changes between running (current) configuration and startup (default) configuration
  • Current Startup-Running Conflict Report - Conflict in configurations between startup and running

The Change Management reports can be scheduled and distributed via Email and can be exported to different formats. Not only that, you can also filter the firewall configuration change management report for known and recurring changes which clutters the report. Firewall Analyzer will exclude the lines in the report, matching the specified criteria (Exclude Criteria) for all or selected devices.

To know more about configuration change management, get a personalized demo.
Request Demo

2. Firewall configuration change alerts

Firewall Analyzer generates alerts for the Firewall device configuration changes in real-time and it notifies via Email, SMS. Hence any change made to the firewall configuration is notified to the security admin and this beneficial in effective firewall change monitoring.

Firewall Analyzer supports configuration change management feature for the following major firewall vendors.

  • Cisco ASA
  • Check Point
  • Palo Alto
  • Fortinet

To get a complete list of supported vendors, click here. Firewall Analyzer also uses the firewall configuration to generate security audit and compliance standards reports.

 

A single platter for comprehensive Network Security Device Management