FAQs
Home » Resources ยป Rule Management - Rule Administration - How to

Firewall Analyzer - Rule Management - Rule Administration - How to

1. How to add 'Network Objects' or 'Service Objects' or 'Security Rules' using Firewall Analyzer?

  1. Go to Rule Management > Rule Administration tab,
  2. Select required tab, Network Objects or Service Objects or Device Rule.
  3. Click Add button and add the required objects,
  4. Added object will not affect firewall till the Push action is performed in the review tab. You need to review the object in Review tab and push the changes.

2. How to revert Add or Edit or Delete actions performed on objects or rules using Firewall Analyzer?

  1. Go to Rule Management > Rule Administration > Commit tab.
  2. Click the Revert icon in Action column,
  3. Reverted changes will not affect firewall till the Push action performed in the Review tab. You need to review the object in Review tab and push the changes.

3. How to edit 'Network Objects' or 'Service Objects' or 'Security Rules' using Firewall Analyzer?

  1. Go to Rule Management > Rule Administration > Network Objects or Service Objects or Device Rule tab > Firewall Objects tab.
  2. Click Edit icon in the Action column.
  3. Update the new changes.
  4. Updated changes will not affect firewall till the Push action performed in the Review tab. You need to review the object in Review tab and push the changes.

4. How to delete 'Network Objects' or 'Service Objects' or 'Security Rules' using Firewall Analyzer?

  1. Go to Rule Management > Rule Administration > Network Objects or Service Objects or Device Rule tab > Firewall Objects tab.
  2. Click Delete icon in the Action column.
  3. Delete changes will not affect firewall till the Push action performed in the Review tab. You need to review the object in Review tab and push the changes.

5. How to delete 'Local Objects'?

  1. Go to Rule Management > Rule Administration > Network Objects or Service Objects or Device Rule tab > Firewall Objects tab.
  2. Click Delete icon in the Action column.
  3. Local Objects will be deleted and will not affect the firewall. After clicking Push button in Review tab only, the local object changes are applied in to firewall.

6. How to configure 'Cleanup Settings'?

  1. Go to Rule Management > Rule Administration > Commit tab.
  2. Click Cleanup Settings button and configure the settings.
  3. Based on the set time criteria, Commit table will cleanup automatically.

7. What is Rule Administration?

  • Firewall Rule Administration functionality of Firewall Analyzer helps you to add, edit, delete Network Objects, Service Objects or Device Rules from Firewall Analyzer web console. Using this, you can review and push those changes into firewall. Firewall Analyzer will maintain historical object add, edit, delete changes in Commit tab. Using Revert option, you can revert edited, deleted changes in firewall.

8. What is 'Local Object'?

  1. You can access the Local Objects, through Rule Management > Rule Administration > Network Objects or Service Objects or Device Rule tab > Local Objects tab.
  2. In the Local Objects tab, newly added, edited, deleted objects are listed.
  3. The changes made to the Local Objects will not affect the firewall. Once the push action is performed in Review tab, then only Local Objects will be reflected into firewall.After the successful add, edit, delete command execution, Local Objects data will be cleaned up automatically.

9. What is 'Firewall Object'?

  1. You can access the Firewall Objects, through Rule Management > Rule Administration > Network Objects or Service Objects or Device Rule tab > Firewall Objects tab.
  2. In the Firewall Objects tab, objects currently available in the firewall are listed.

10. What is the purpose of 'Push' action?

  1. Go to Rule Management > Rule Administration > Commit tab. Click Push button.
  2. When you click this button, Firewall Analyzer performs the add, edit, or delete Local Objects commands in firewall.

11. What is listed under 'Local Rules'?

  1. You can access the Local Rules, through Rule Management > Rule Administration > Security Rules tab > Local Rules tab.
  2. In the Local Rules tab, newly added, edited, deleted rules are listed.
  3. The changes made to the Local Rules will not affect the firewall. Once the Push action is performed in Review tab, then only Local Rules will be reflected in the firewall. After the successful add, edit, delete command execution. Local Rules data will be cleaned up automatically. For the purpose of tracking and reverting purpose, Firewall Analyzer will maintain pushed objects, rules details in Changes History tab.

12. What is listed under 'Firewall Rules'?

  1. You can access the Firewall Rules, through Rule Management > Rule Administration > Security Rules tab > Firewall Rules tab.
  2. In the Firewall Rules tab, rules, objects currently available in the firewall are listed.

13. How to perform 'Revert' action?

  1. You can access the Revert action button, through Rule Management > Rule Administration > Commit tab.
  2. This option is supported only for objects, rules added, edited, deleted using Firewall Analyzer.
  3. After performing Revert action, that object will be listed in Local Objects or Local Rules tab.

14. What is the purpose of 'Cleanup Settings'?

  1. You can use this settings to auto cleanup Commit history table data.
  2. Go to Rule Management > Rule Administration > Commit tab. Click Cleanup button.

15. What is the purpose of 'Commit' action for Palo Alto firewalls?

  1. Go to Rule Management > Rule Administration > Commit tab. Click Commit button.
  2. After providing credentials, click Commit button, Firewall Analyzer performs the Palo Alto commit action.

16. What is the purpose of 'Install Policy' action for Check Point firewalls?

  1. Go to Rule Management > Rule Administration > Commit tab. Click Install Policy button.
  2. After providing credentials, click Install Policy button, Firewall Analyzer performs the Check Point Install policy action.

17. What is the purpose of 'Save' action for Vyatta firewalls?

  1. Go to Rule Management > Rule Administration > Commit tab. Click Save button.
  2. After providing credentials, click Save button, Firewall Analyzer performs the Vyatta Save action.

18. How to create rules/objects in the groups?

To push rules/objects in groups, follow these steps:

  1. Create a device group with the same vendor types in the 'Settings' page. Enable the Use this group in Rule Administration and Risk Analysis option.
  2. In the 'Rule Administration' feature, you will find the device groups listed.
  3. Select the desired device group.
  4. When creating objects/rules within the selected device group, they will be automatically created for all the firewalls within that group.
  5. If any of the configured objects are not available in the firewall devices, the missing object will be created along with the rule/objects.

19. How to push rules/objects in groups?

Once you have added the objects/rules for the device groups, follow these steps to push them:

  1. Navigate to the Review and Push page.
  2. On this page, you will find the listed objects/rules that are ready to be pushed.
  3. Select the objects and click the Push button.
  4. Provide the necessary credential values required for the push operation.
  5. Please note that the device IP or web server URL details will not be available on this page. This details will be collected from the 'Device Rule' page in the settings.

 

 

Rule Administration Limitations

  1. Check Point:

    1. Network Objects:
      • Below options are not supported:
        1. Gateways and Servers.
        2. Dynamic Objects.
        3. Security Zone.
        4. Interoperable Device.
        5. VoIP Domain.
        6. And advanced options.
    2. Service Objects:
      • Below options are not supported:
        1. RPC
        2. DCE-RPC
        3. ICMP
        4. GTP
        5. Compound TCP
        6. Citrix TCP
        7. Other Service
        8. SCTP
        9. And advanced options.

  2. Palo Alto:

    1. Network Objects:
      • Below options are not supported:
        1. IP Wildcard Mask.
        2. And advanced options.
    2. Service Objects:
      • Below options are not supported:
        1. SCTP.
        2. And advanced options.
    3. Security Rule:
      • Below options are not supported:
        1. User.
        2. And advanced options.

  3. Sophos XG:

    1. Network Objects:
      • Below options are not supported:
        1. MAC Host
        2. FQDN host group
        3. Country group
    2. Service Objects:
      • Below options are not supported:
        1. IP
        2. ICMP
        3. ICMP v6
    3. Security Rule:
      • Below options are not supported:
        1. Business application rule (add/edit - not supported)
        2. User/Network rule (edit - not supported)
        3. Advanced options are not supported.

  4. Sophos UTM:

    1. Network Objects:
      • Below options are not supported:
        1. DNS Group.
        2. Multicast Group
        3. Availability Group
        4. Advanced options are not supported.
    2. Service Objects:
      • Below options are not supported:
        1. ICMP
        2. ICMP v6
        3. IP
        4. ESP
        5. AH
    3. Security Rule:
      • Below options are not supported:
        1. Rule position is not supported. (Always we will add rule as last rule)
        2. Advanced options are not supported.

 

 

 

 

A single platter for comprehensive Network Security Device Management
Quick LinksNetwork Bandwidth ReportsNetwork Security & Device MgmtLog ManagementCompliance & MSSP Features