Dave,
>Date: Mon, 19 Mar 2001 10:42:48 -0500
>From: "Libershal, David M." <[EMAIL PROTECTED]>
>Subject: Rules Checker for PIX
>
>Can anybody recommend a tool for automating rules checking for PIX
>firewalls?
I don't know of a "rule checker" but CSPM (Cisco Secure Policy Manager) can
generate PIX configurations.
>Is the Cisco Secure Policy Manager able to do that? We have received
>feedback from Cisco that it is a useful tool for PIX management but that is
>convoluted and nobody from Cisco has yet been able to explain how we might
>use it for rules and syntax checking.
CSPM is a policy management tool. You can use it to model your Internet
access path (PIXen and routers) and then develop and apply security
policies to PIX and IOS routers. It assumes that the firewall and router
have a minimal configuration and would overwrite any (CLI entered) ACLs
when it writes out the policy. CSPM can not read an existng configuration
so it stores info about policy in its own database.
We have a new tool coming out shortly called PDM (PIX Device Manager). PDM
reads the existing configuration and does a simple consistency check in
order to populate it's GUI. If you use PDM to configure the PIX it writes
the commands out for you.
>We are looking for such a tool like Netsys and appreciate your feedback.
Netsys is a great tool but I'm not certain how well it supports PIX and I'm
pretty sure we are End of Life'ing it.
>Thank You,
>
>Dave Libershal
>Supvr., Systems Engineering Section
>Enterprise Communications Group
>JHU/APL
>Johns Hopkins Road, Laurel, MD 20723
>443-778-7196 FAX 443-778-5727
>- -
Regards,
Brian
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
