Testing firewall rules before you deploy them helps ensure the changes you make will have the actual impact you intended, and prevent unexpected consequences. For example, if you write a rule, you should test to make sure the traffic you expect to be able to pass will actually be allowed through, and that current traffic isn’t impacted unexpectedly. Since testing changes in a lab environment is not always possible, and changes made to the firewall have an immediate impact on network traffic, you need to have complete confidence in changes before you make them.
Even if you believe it shouldn’t be allowed since there is not an explicit allow statement, it’s possible there is a broad rule that is already allowing traffic in. To test a rule with Firewall Security Manager, start with the Change Modeling feature. A packet trace will be run against the configuration to test whether the rules allow or block the specified traffic. If you are working in a team environment, you can make this session available to other team members to validate various scenarios. Once you are happy with the change, a change script can be generated and uploaded to your production environment.
Firewall Security Manager goes beyond logical evaluation of rules by running a copy of the device in a special environment to simulate rules. Think of this as a virtual lab for testing your firewall configurations. In some environments there will be multiple firewalls involved in a service change. The Change Modeling feature allows you to test firewall changes over several devices to ensure the traffic can traverse your entire infrastructure successfully. After the change is made, impact monitor reports allow you to keep track of those changes in production and help track changes that may have slipped through the formal change process.
Call us at 866.530.8100
Email us at Sales@SolarWinds.com