Athena FirePAC works to clean out conflicting rules and eliminate the security risks in firewall policies

It shows how multiple routing,

address translations, and filtering

rules are working together to affect

your firewall's behavior

details the firewall

behavior resulting

from inter-rule

interactions

Policy Analysis Rule Conflicts

identifies overlapping

and conflicting rules for

optimizing rule sets

Policy Comparison

shows added and

deleted policies resulting

from the changes to a

configuration

Policy Query

allows users to

generate customized

reports based on

detailed policy queries

Compliance management /

need for periodic auditsAvoid potential

risks to business continuity

Reduce efforts in firewall review

Need to optimize

configuration

Manage configurations

BUSINESS DRIVERS

Source: Frost and Sullivan

Designed for Network Engineers

EASY Downloadable software takes seconds to install

POWERFUL Cuts manual firewall analysis down by 85%

AFFORDABLE Lowest cost solution for comprehensive analysis

SAFE Injects no packets into the network

NON-INTRUSIVENo connections requiring passwords or permissions

FirePAC analyzes the interactions between• ACLs• Routing Tables• NATs

Risk Description

C27 H services allowed from external zone to internal zone Details

Entering/Exiting interfaces Rules

eth1c0 to eth-s1p2c0 28

antispoof settings

237

257

277

8

No Source Destination Service Translated Source

Translated Destination

Translated Service

Comment

237 any 198.246.171.58 any any h-wcsdevssl any Automatic NAT Rule

from Static

Destination Nat on

h-wcsdevssl

Policy Check

Drill-down to policy detail

Drill-down to rule detail

Requires only the configuration file and

the routing table to generate all reports

IMPORT

FIREWALL SUMMARYActs as a guide to navigate the detail level reports

Firewall statistics summarize the

firewalls primary structure

Findings show the total number of risks

categorized by severity level

Click on the hyperlinks to view:

• definition of the risk

• ruletrails that contributed to the risk

• original rule in the context of the

configuration

Rule conflicts show the exact inter rule

relationships and the number of each

type that were found

The firewall connectivity table provides

basic topology information

Policy Summary acts as a table of

contents for all policies that are:

• Passing through the firewall

• Originating from the firewall

• Terminating at the firewall

POLICY SUMMARYShows the services that are allowed from

each direction on every interface

Based on complex analysis, not

simple pattern matching

Calculates every possible packet

that could traverse the firewall

RULE CONFLICTSIdentifies the order dependencies and

inter-relationships between rules

No Source Destination Service VPN Action Anomaly Comment

25 Any Acmecorp-Cluster

Any Any drop Correlated to <8>, <12>, <13>, <16>, <17>, <18>, <20>

Generalization of <7>, <10>, <15>, <21>, <23>, <24>

27 net-ACC-192.168.50.2 h-accfta001

h-accfta001m

ssh Any accept Redundant to <68>

POLICY COMPARISONShows the impact of rule changes to the

overall behavior of the firewall

Greatly reduces the need for

testing to ensure the correct

policies have been implemented

Can be used to model the effect of

a change before it is deployed to

the network

SUPPORTED FIREWALLS

Athena FirePAC uses safe, offline analysis to:

• Reduce up to 85% of the manual effort to audit any Cisco,

Checkpoint or Netscreen firewall

• Verify the policies that are impacted by rule changes

Try FirePAC at no risk or buy it for only $1495!