What is the firewall policy overview report?

The firewall policy overview report provides a holistic view of all the firewall policies by fetching information from the rules, access control entries (ACEs), and the access control lists (ACLs) and provides insights on the total policies, added rules, deleted policies, modified policies, etc.

Why you should look out for policy modifications

Firewall policies are essentially the guiding principle for the firewall. The firewall works based on the policies that have been defined by the user. Regular monitoring of firewall policies and rules helps identify any changes that have been made without your knowledge. If a rule has been modified in the firewall, there could be a chance someone is trying to compromise your network.

For instance, an attacker might add a new rule to allow all the connections entering via a particular port, for example, port 80. The attacker can then use this port to enter into the network.

Firewall policy management reports in EventLog Analyzer

EventLog Analyzer, a comprehensive firewall monitoring tool, helps with efficiently managing firewall policies. The firewall policy management capability in EventLog Analyzer provides you with the:

• Firewall policy overview reports

  EventLog Analyzer gives you insights on the policy statuses, such as which policies are enabled or disabled in the form of intuitive reports.

• Firewall policy changes reports

  EventLog Analyzer notifies you about changes made to policies. Whenever, a firewall policy gets added, deleted, modified, or resorted, you can get information on who made the change, when was the change made, and from where. These details help you not only track the changes and optimize firewall policies, but also help you comply with the requirements of regulatory mandates.