AlgoSec platform upgrade paints bigger firewall picture

Firewall Analyzer simulates the effects of multiple firewalls on traffic

AlgoSec is releasing new software that enables its Firewall Analyzer to simulate the effect multiple firewalls have on traffic, making simpler to determine the net effect of the firewalls and to streamline their rule sets.

With AFA 5.0 software, customers can model the firewalls based on analyzing their rules, not by sending test packets or scanning the network.

Algorithms in the software creates a global view of network firewalls and can determine whether if a perimeter firewall is lax about allowing in certain risky traffic, another firewall behind it will block it. The analysis involves all the firewalls and their routing as a whole protection scheme, not as separate, individual firewalls, AlgoSec says.

AFA 5.0 draws how firewalls are connected to each other based on current configurations. If one firewall seems to be allowing risky traffic into what is supposed to be a protected zone, the analyzer will find whether another firewall is or is not already protecting the zone from that traffic, the company says.

AFA platforms can analyze homogeneous or heterogeneous networks made of Check Point, Cisco and Juniper firewalls.

The software can simulate what traffic paths will be allowed to take if routing changes are made in corporate firewalls so network security executives can see the impact of proposed changes before they are implemented. With corporate firewall administrators receiving multiple change requests per week, the software can help sort which rules are needed and whether they accomplish the business goals being sought, the company says.

The feature can be used to troubleshoot complaints that legitimate traffic is being blocked and pinpoint which firewall is at fault.

It can also be used to find redundant rules. If an overarching rule in one firewall effectively does the same thing that a more specific rule does at a subsequent firewall, there is no need for the more specific rule. AFA 5.0 can discover these redundant rules so they can be cleaned up, making each firewall run more efficiently.

AFA 5.0 is available now.

Join the newsletter!

Error: Please check your email address.

Tags firewallsAlgoSec

More about Check Point Software TechnologiesCiscoJuniper Networks

Show Comments