FAQs - Firewall Risk Report

1. Why do we need risk analysis report feature?

Firewalls are the keystone of your organizations network security and ensure the traffic flow that is needed for your business. Nowadays, networks are highly complex and dynamic and have accumulated thousands of rules across multi-vendor firewalls. So to ensure your network security, it is always essential to do a risk review of your network firewall policies.

2. How to find the risks that are associated with a specific rule?

Go to Rule management > Risk > Choose the device > Switch to 'Rules' tab > In the Show by rules view > Search for the specific rule and click on the Risk Count column to view the associated risks of that specific rule.

3. How to whitelist the rules that are listed under a specific risk Information?

Go to Rule management > Risk > Choose the device > Switch to rules tab > In the Show by risk view > Search for the specific risk information > click on it. Then, select the rules that need to be whitelisted and click on Mark False Positive button. The selected rules will be whitelisted from the specific risk information.

4. Where do I find the whitelisted risky rules details?

Go to Rule management > Risk > choose the device > Click on Exclude Rules icon, you can view the whitelisted risky rules, risk information details along with marked user details.

5. How to create a custom risk profile and apply it to a device?

Go to Rule Management > Risk > Custom Risk Profiles > Actions > Add Risk Profile. Then add risks from the Predefined/Custom Risks List and select the devices to associate with it. If you wish to set this profile as default for the selected devices, tick the check box"Set this profile as default for all selected devices." and proceed to save. Now users can view the associated risk profile for each device in the Summary andRules pages under the Risk Profiles dropdown.

6. How to add custom risk sections and evaluate the same in Risk report?

Go to Rule Management > Risk > Custom Risk Profiles > Actions > Add Custom Risk. Then add the risk name, severity of risk, description, and other required fields. Under Risk Criteria, add different criteria and define the pattern for risk evaluation, then save it. The newly created Custom Risk will now be listed under the Risk List.

Users can then add it to a Custom Profile, associate it with devices, and generate the risk report.

7. How can I quickly mark a profile as the default on devices?

Go to Rule Management > Risk > Custom Risk Profiles > Actions > Set Default Risk Profile. Users can mark a profile as default for devices under either the Profile-based orDevice-based view and save the changes.

8. Is the risk report automatically generated?

Yes, the risk report is automatically generated for devices based on the applied default profile.

9. Which profiles are applied in the case of a device group?

For device groups, the risk report displays data based on the default profile applied to each individual device.