Firewall Auditor analyzes a firewall configuration by mapping security rules to the zones in which they control access and the services that they allow. All of this analysis is done offline using input that you provide: a firewall configuration, a definition of zones, and a list of services that should be allowed.

Get a configuration

Get a configuration

Check Point

Check Point policies are retrieved from the CMA or SmartCenter management server. To retrieve a policy using Firewall Auditor, simply enter read-only credentials and provide GUI client access from the computer doing the retrieval. During retrieval, you can select from a list of available policies on the management server.

Cisco ASA and PIX

To assess a Cisco firewall, load a text file of running-config into Firewall Auditor.

Juniper NetScreen

To assess a NetScreen firewall, load a local copy of a text file of the configuration into Firewall Auditor.

Define the zones of Your PCI network

Many of the requirements that Firewall Auditor assesses determine whether the services allowed between two zones of the network are appropriate. Firewall Auditor provides a simple mechanism for defining the interesting zones of the network, including the PCI Zone where cardholder data is stored, the DMZ, and the wireless networks. If you have multiple PCI segments, you can assess different firewalls with different configurations by easily creating a second definition.

Specify which services are allowed

Most of the PCI DSS requirements pertaining to firewall configurations require that the services being allowed are justified and limited to only those services necessary for business purposes. Firewall Auditor allows for a simple definition of those services. The service sets that need to be justified are those services allowed in and out of the PCI network zone, DMZ, and wireless zones.